Deployment of standard logic app using github actions
KiranKumarGowda opened this issue · comments
Not all parameters are provided in 'creds'. Double-check if all keys are defined in 'creds': 'clientId', 'clientSecret', 'tenantId'.. Make sure 'az' is installed on the runner. If 'enable-AzPSSession' is true, make sure 'pwsh' is installed on the runner together with Azure PowerShell module. Double check if the 'auth-type' is correct.
I'm facing this issue and i have checked all the secrets , no issue with the secrets but also i'm getting this error.
Can anyone please help me from this.
Not all parameters are provided in 'creds'. Double-check if all keys are defined in 'creds': 'clientId', 'clientSecret', 'tenantId'.. Make sure 'az' is installed on the runner. If 'enable-AzPSSession' is true, make sure 'pwsh' is installed on the runner together with Azure PowerShell module. Double check if the 'auth-type' is correct.
I'm facing this issue and i have checked all the secrets , no issue with the secrets but also i'm getting this error.
Can anyone please help me from this.
Hi @KiranKumarGowda please provide your workflow file, debug log, and the secret value for "creds". You can mask your values in "creds" secret.
Hi @KiranKumarGowda please provide your workflow file, debug log, and the secret value for "creds". You can mask your values in "creds" secret.
Can you contact to my mail , i will share over there ..because its restricted from my organization.
please let me know i will share my mail
@KiranKumarGowda , you can check my mail in my profile and find me in teams. But from the message you provide in the description, it seems you didn't configure the right "creds". Do you follow https://github.com/Azure/login?tab=readme-ov-file#login-with-a-service-principal-secret to configure it?
Please double-check if all the values are set:
{
"clientSecret": "******",
"subscriptionId": "******",
"tenantId": "******",
"clientId": "******"
}
@KiranKumarGowda , you can check my mail in my profile and find me in teams. But from the message you provide in the description, it seems you didn't configure the right "creds". Do you follow https://github.com/Azure/login?tab=readme-ov-file#login-with-a-service-principal-secret to configure it? Please double-check if all the values are set:
{ "clientSecret": "******", "subscriptionId": "******", "tenantId": "******", "clientId": "******" }
Can i schedule a meet with you , if u don't mind ..its much needed .
let me know ur availability.
@KiranKumarGowda I'm available now. You can ping me in teams.
@KiranKumarGowda I'm available now. You can ping me in teams.
Thanks for the availability, I have scheduled a meet at 12:30 pm please do join and we will discuss, and let me know did u receive the invite?
I can't ping you in my teams ..cz ur out of my organization.
I see your meeting schedule. I can join it now.
Hi @YanaXu , I have configured the secrets accordingly to the link which you had posted . but still i'm facing with the same error.
Can you please help me out.
Hi @KiranKumarGowda , since your debug log shows tenant id or client id is missing and you can't share the configuration of secrets due to security, I don't know how to help you there... It's obviously a config issue.
Maybe you can try OIDC login. You can refer to https://github.com/Azure/login?tab=readme-ov-file#login-with-openid-connect-oidc-recommended. It's quite easy to follow the guide to configure a SP for your login.
If you still want to use SP+Secret to login, and want to resolve the issue, please provide your workflow file, the secret value and debug log. (You can mask all confidential values.)
let us do one thing , i will share my workflows to you , and you try to run in your github flow with your secrets.
Can we connect again and try out , please if u don't mind.
let us do one thing , i will share my workflows to you , and you try to run in your github flow with your secrets. Can we connect again and try out , please if u don't mind.
let us do one thing , i will share my workflows to you , and you try to run in your github flow with your secrets. Can we connect again and try out , please if u don't mind.
Sorry, it would violate our policy. I'm not allowed to use secrets like that...
Okay i will just send the workflow , check weather the workflow code is proper and is without any error.
Is this ok to you?
Or else join the meet with the same link, i will be waiting in the lobby.
Will u join , please let me know.
Or else join the meet with the same link, i will be waiting in the lobby.
Will u join , please let me know.
Or else join the meet with the same link, i will be waiting in the lobby.
Will u join , please let me know.
Sorry, I'm not available now. Please send me your workflow file. I'll check it.
Or else join the meet with the same link, i will be waiting in the lobby.
Will u join , please let me know.Sorry, I'm not available now. Please send me your workflow file. I'll check it.
Or else join the meet with the same link, i will be waiting in the lobby.
Will u join , please let me know.Sorry, I'm not available now. Please send me your workflow file. I'll check it.
@YanaXu I have attached the file to your mail , please do check and let me know .
Thank you
Hi @KiranKumarGowda , I've prepared a debug release for your case.
Please create a new workflow file named test-for-kiran.yml under your .github/workflows. The content should be as below.
Submit the workflow file to a test branch and send me the log of its run.
The purpose of this test is check if secrets.AZURE_CREDENTIALS is configured correctly.
name: Test For Kiran
on: [push, workflow_dispatch]
jobs:
test-for-kiran:
runs-on: ubuntu-latest
steps:
- uses: YanaXu/loginFork@for_kiran_release
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
Hi @KiranKumarGowda , I've prepared a debug release for your case. Please create a new workflow file named
test-for-kiran.ymlunder your.github/workflows. The content should be as below.Submit the workflow file to a test branch and send me the log of its run. The purpose of this test is check if
secrets.AZURE_CREDENTIALSis configured correctly.name: Test For Kiran on: [push, workflow_dispatch] jobs: test-for-kiran: runs-on: ubuntu-latest steps: - uses: YanaXu/loginFork@for_kiran_release with: creds: ${{ secrets.AZURE_CREDENTIALS }}
@YanaXu Sorry i was not available , i will check and let u know .
Hi @YanaXu , I have tried still with the same error ..I'm attaching the log file.
logs_39.zip
Hi @YanaXu , I have tried still with the same error ..I'm attaching the log file. logs_39.zip
Please do check and let me know.
Hi @KiranKumarGowda ,
You can see from the log, no creds is provided.
The issue in your workflow is it can't read the value of creds. Maybe you can double-check if the secret is configured correctly.
It's your log:
2023-12-26T05:34:31.6471424Z ##[group]Run YanaXu/loginFork@for_kiran_release
2023-12-26T05:34:31.6471829Z with:
2023-12-26T05:34:31.6472064Z enable-AzPSSession: false
2023-12-26T05:34:31.6472304Z environment: azurecloud
2023-12-26T05:34:31.6472509Z allow-no-subscriptions: false
2023-12-26T05:34:31.6472807Z audience: api://AzureADTokenExchange
2023-12-26T05:34:31.6473055Z auth-type: SERVICE_PRINCIPAL
2023-12-26T05:34:31.6473293Z ##[endgroup]
2023-12-26T05:34:31.7413044Z creds is empty or null.
2023-12-26T05:34:31.7414964Z secrets is empty or null.
2023-12-26T05:34:31.7468500Z ##[error]Login failed with Error: Using auth-type: SERVICE_PRINCIPAL. Not all values are present. Ensure 'client-id' and 'tenant-id' are supplied.. Make sure 'az' is installed on the runner. If 'enable-AzPSSession' is true, make sure 'pwsh' is installed on the runner together with Azure PowerShell module. Double check if the 'auth-type' is correct. Refer to https://github.com/Azure/login#readme for more information.
If creds is set, the log should be:
Run YanaXu/loginFork@for_kiran_release
with:
creds: ***
enable-AzPSSession: false
environment: azurecloud
allow-no-subscriptions: false
audience: api://AzureADTokenExchange
auth-type: SERVICE_PRINCIPAL
creds is NOT empty or null.
secrets is NOT empty or null.
clientId is NOT empty or null.
clientSecret is NOT empty or null.
subscriptionId is NOT empty or null.
tenantId is NOT empty or null.
If I remove AZURE_CREDENTIALS from secrets, I can reproduce your issue and the log is same as yours.
Hi @KiranKumarGowda ,
You can see from the log, no
credsis provided. The issue in your workflow is it can't read the value ofcreds. Maybe you can double-check if the secret is configured correctly.It's your log:
2023-12-26T05:34:31.6471424Z ##[group]Run YanaXu/loginFork@for_kiran_release 2023-12-26T05:34:31.6471829Z with: 2023-12-26T05:34:31.6472064Z enable-AzPSSession: false 2023-12-26T05:34:31.6472304Z environment: azurecloud 2023-12-26T05:34:31.6472509Z allow-no-subscriptions: false 2023-12-26T05:34:31.6472807Z audience: api://AzureADTokenExchange 2023-12-26T05:34:31.6473055Z auth-type: SERVICE_PRINCIPAL 2023-12-26T05:34:31.6473293Z ##[endgroup] 2023-12-26T05:34:31.7413044Z creds is empty or null. 2023-12-26T05:34:31.7414964Z secrets is empty or null. 2023-12-26T05:34:31.7468500Z ##[error]Login failed with Error: Using auth-type: SERVICE_PRINCIPAL. Not all values are present. Ensure 'client-id' and 'tenant-id' are supplied.. Make sure 'az' is installed on the runner. If 'enable-AzPSSession' is true, make sure 'pwsh' is installed on the runner together with Azure PowerShell module. Double check if the 'auth-type' is correct. Refer to https://github.com/Azure/login#readme for more information.If
credsis set, the log should be:Run YanaXu/loginFork@for_kiran_release with: creds: *** enable-AzPSSession: false environment: azurecloud allow-no-subscriptions: false audience: api://AzureADTokenExchange auth-type: SERVICE_PRINCIPAL creds is NOT empty or null. secrets is NOT empty or null. clientId is NOT empty or null. clientSecret is NOT empty or null. subscriptionId is NOT empty or null. tenantId is NOT empty or null.
Okay but let me share my creds
I have created a secret with AZURE_CREDENTIALS
{
"clientSecret": "",
"subscriptionId": "",
"tenantId": "",
"clientId": ""
}
this is how i added secret , anything wrong ? @YanaXu
And @YanaXu should i need to give any permissions in service principle subscription , like
when service principle is created ->Access control (IAM) -> check Access -> Service principle
it should have "Contributor" access
Is this required ?
@KiranKumarGowda , it's not about the SP or the content of AZURE_CREDENTIALS. The thing is, your workflow file can't find a secret named as AZURE_CREDENTIALS. Last time we see this issue is when a user configure the secret in repoA and try to run the workflow file in repoB.
@KiranKumarGowda , it's not about the SP or the content of
AZURE_CREDENTIALS. The thing is, your workflow file can't find a secret named asAZURE_CREDENTIALS. Last time we see this issue is when a user configure the secret in repoA and try to run the workflow file in repoB.
@YanaXu Can we connect for a while to discuss , because i'm not getting wt ur trying to say.
@KiranKumarGowda I'm in the meeting room of last Friday.
@KiranKumarGowda I'm in the meeting room of last Friday.
Ok i'm joining
This issue is because Kiran configures the secrect under an environment and does not set the environment in the workflow file . It's sovled now.
This issue is because Kiran configures the secrect under an environment and does not set the environment in the workflow file . It's sovled now.
Hi @YanaXu I have raised a new issue , could you help me from that . please do check.
This issue is because Kiran configures the secrect under an environment and does not set the environment in the workflow file . It's sovled now.
Hi @YanaXu , Can we connect because i have some doubts regarding the github workflows.
please let me know