v1.5.1 breaks multi subscription login

Question

v1.5.1 breaks multi subscription login

matt-cote opened this issue 8 months ago · comments

We have a workflow which copies images between container registries in a dev tenant and a prod tenant which is now failing:
ERROR: Subscription '<dev-subscription-name>' not found. Check the spelling and casing and try again.

jobs:
  sync:
    runs-on: ubuntu-latest
    steps:
      - name: "Azure login dev"
        uses: azure/login@v1
        with:
          client-id: ${{ vars.DEV_CLIENT_ID }}
          tenant-id: ${{ vars.DEV_TENANT_ID }}
          subscription-id: ${{ vars.DEV_SUBSCRIPTION_ID }}

      - name: "Azure login prod"
        uses: azure/login@v1
        with:
          client-id: ${{ vars.PROD_CLIENT_ID }}
          tenant-id: ${{ vars.PROD_TENANT_ID }}
          subscription-id: ${{ vars.PROD_SUBSCRIPTION_ID }}

      - name: Sync
        shell: bash
        run: |
          USERNAME="00000000-0000-0000-0000-000000000000"
          ACCESS_TOKEN=$(az acr login --name <dev-container-registry> --expose-token --output tsv --query accessToken --subscription "<dev-subscription-name>")
          ...
          az acr import --name "$destination" --source "$source_image" --username "$USERNAME" --password "$ACCESS_TOKEN"

Appears to be caused by #377 as pinning to v1.5.0 works.

Yan Xu · Answer 1 · Thu Dec 07 2023 09:59:54 GMT+0800 (China Standard Time)

Hi @matt-cote , sorry for this. Please ping to 1.5.0 for a workaround.
You workflow file is clear and helpful. We need some time for your use case to find a better solution.

Matt Cote · Answer 2 · Thu Dec 07 2023 10:57:50 GMT+0800 (China Standard Time)

Thanks @YanaXu.

Perhaps consider adding this functionality behind a new input parameter such as clear-account. To implement it as a non-breaking change, it could default to false. Or if you feel that the default should indeed be true then at least we will have the option to disable it for our use case.

Yan Xu · Answer 3 · Thu Dec 07 2023 11:02:10 GMT+0800 (China Standard Time)

Hi @matt-cote, It's a good suggestion. We'll add it to our consideration. We have to go through all use cases and see what Azure CLI and Azure PowerShell should do for keeping or clearing the context. Thanks a lot!

Shiying Chen · Answer 4 · Tue Jan 09 2024 14:05:57 GMT+0800 (China Standard Time)

Hi @matt-cote,
The new version v1.6.0 of azure/login is aimed to fix your issue. Give azure/login@v1.6.0 a try to verify its effectiveness. Check out the pre-release announcement for v1.6.0 here. Any suggestions or feedback are welcome!

Shiying Chen · Answer 5 · Mon Jan 15 2024 17:00:07 GMT+0800 (China Standard Time)

@charlrvd, @Gibstick, @robcao, I saw you reacted thumbs up in this issue. Are you facing the same issue as @matt-cote? Could you kindly try azure/login@v1.6.0 to verify if it works to your issue?

Matt Cote · Answer 6 · Mon Jan 15 2024 23:58:13 GMT+0800 (China Standard Time)

Hi @MoChilia, apologies for the delay. I was able to verify that v1.6.0 works with our use case. Thanks for addressing this issue!

Charles · Answer 7 · Tue Jan 16 2024 00:08:20 GMT+0800 (China Standard Time)

It works for me too. Thanks

Shiying Chen · Answer 8 · Tue Jan 16 2024 16:23:43 GMT+0800 (China Standard Time)

Closing the issue, since this is fixed in v1.6.0 and v1 is pointed to v1.6.0.