Error: Login failed with Error: Using auth-type: SERVICE_PRINCIPAL. Not all values are present.

Question

Error: Login failed with Error: Using auth-type: SERVICE_PRINCIPAL. Not all values are present.

Aholicknight opened this issue 6 months ago · comments

Hello. I am having a problem where I am not able to push to my Azure Web App. I do not know why this is happening, and I did not make any changes to the Workflow auto-generated by Azure. How can I fix this problem? Is it a problem with Azure? I never had this problem before.

Thank you!

Shiying Chen · Answer 1 · Thu Jan 18 2024 09:23:31 GMT+0800 (China Standard Time)

Hi @Aholicknight, based on the log you provided, it seems that client-id and tenant-id are missing when calling azure/login. Please provide these two parameters. And could you share your workflow here to help me better assist you with this issue?

Aholicknight · Answer 2 · Fri Jan 19 2024 00:03:14 GMT+0800 (China Standard Time)

Hi @Aholicknight, based on the log you provided, it seems that client-id and tenant-id are missing when calling azure/login. Please provide these two parameters. And could you share your workflow here to help me better assist you with this issue?

Hello @MoChilia yes I can provide you my workflow file. I will edit this message when I have it.

EDIT: The workflow generated by Azure is here:

# Docs for the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy

# More GitHub Actions for Azure: https://github.com/Azure/actions



name: Build and deploy Node.js app to Azure Web App - ictdatabaseapitwo



on:

  push:

    branches:

      - main

  workflow_dispatch:



jobs:

  build:

    runs-on: ubuntu-latest



    steps:

      - uses: actions/checkout@v4



      - name: Set up Node.js version

        uses: actions/setup-node@v3

        with:

          node-version: '18.x'



      - name: npm install, build, and test

        run: |

          npm install

          npm run build --if-present

          npm run test --if-present



      - name: Zip artifact for deployment

        run: zip release.zip ./* -r



      - name: Upload artifact for deployment job

        uses: actions/upload-artifact@v3

        with:

          name: node-app

          path: release.zip



  deploy:

    runs-on: ubuntu-latest

    needs: build

    environment:

      name: 'production'

      url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}

    permissions:
      id-token: write #This is required for requesting the JWT


    steps:

      - name: Download artifact from build job

        uses: actions/download-artifact@v3

        with:

          name: node-app



      - name: Unzip artifact for deployment

        run: unzip release.zip

      
      - name: Login to Azure
        uses: azure/login@v1
        with:
          client-id: ${{ secrets.__clientidsecretname__ }}
          tenant-id: ${{ secrets.__tenantidsecretname__ }}
          subscription-id: ${{ secrets.__subscriptionidsecretname__ }}


      - name: 'Deploy to Azure Web App'

        id: deploy-to-webapp

        uses: azure/webapps-deploy@v2

        with:

          app-name: 'ictdatabaseapitwo'

          slot-name: 'production'

          package: .

Shiying Chen · Answer 3 · Fri Jan 19 2024 09:04:09 GMT+0800 (China Standard Time)

@Aholicknight, please check if __clientidsecretname__ and .__tenantidsecretname__ are stored as secrets in your repository. See https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions for how to use secrets in GitHub Actions. I am wondering if these secrets are auto generated by azure web app?

Aholicknight · Answer 4 · Fri Jan 19 2024 11:31:47 GMT+0800 (China Standard Time)

@Aholicknight, please check if __clientidsecretname__ and .__tenantidsecretname__ are stored as secrets in your repository. See docs.github.com/en/actions/security-guides/using-secrets-in-github-actions for how to use secrets in GitHub Actions. I am wondering if these secrets are auto generated by azure web app?

@MoChilia these secrets are automatically generated by Azure web app. I do not have any secrets in my repository.

Shiying Chen · Answer 5 · Fri Jan 19 2024 13:54:03 GMT+0800 (China Standard Time)

I tried to reproduce your issue by setting CI/CD with GitHub Actions for an Azure web app in development center. It works well for me. I chose the Authentication type: User-assigned identity. Then the workflow was automatically generated in my GitHub repo with the corresponding secrets stored in my repo.

It seems that an error occurred when Azure Web app is creating the user-assigned identity or when they are writing the secrets to your repository. You can report this issue to Azure/webapps-deploy.

For a quick fix, I have some suggestions for you. I can find the managed identity created by Azure web app. If it was also created for you, you can copy its Client ID and Tenant ID to store them as secrets in your repository. If you cannot find such managed identity, you may refer to the guide on how to login with OIDC.

Aholicknight · Answer 6 · Sat Jan 20 2024 00:48:39 GMT+0800 (China Standard Time)

@MoChilia I will try adding the repository secrets manually and see if that fixes the problem.

Aholicknight · Answer 7 · Wed Jan 24 2024 12:28:52 GMT+0800 (China Standard Time)

I think I fixed it by setting the action setting in my organization "read and write" before it was set to "read only"