Describe the bug
Preface:
This may well be intended behaviour, so I apologise if so. However, I am currently unable to upgrade Azure CLI locally due to Homebrew/homebrew-core#138158 & #27047 so I did a bit of digging.
I'll also raise a sister issue on azure-sdk-for-python so they're aware of it too.
Description:
DefaultAzureCredential runs through a bunch of options, including AzureCliCredential.
When it reaches this line within AzureCliCredential, it will always fail the timeout with an outdated software version.
This is because the cli prompt returned by az account get-access-token --output json --resource <whatever> embedded within that file will always return the following, which requires a user response to complete.
New Azure CLI version available. Running 'az upgrade' to update automatically.
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Your current Azure CLI version is 2.50.0. Latest version available is 2.51.0.
Please check the release notes first: https://docs.microsoft.com/cli/azure/release-notes-azure-cli
Do you want to continue? (Y/n):
Steps to reproduce:
I have been able to confirm this on a minimal reproduction here. It will require the replacement of some env vars:
- Replace key_vault_url and secret_name within x/function_app.py with some legitimate values.
- Use
func start to start
- Optionally, attach a debugger of your choice to the process and watch the call to
return subprocess.check_output(args, **kwargs) venv/lib/python3.10/site-packages/azure/identity/_credentials/azure_cli.py - github link to specific line
- Run
curl http://localhost:7071/api/hello to trigger the http function
- Read your logs for the following string: AzureCliCredential: Failed to invoke the Azure CLI
Related command
All azure commands that trigger an update notification, but specifically az account get-access-token --output json --resource <whatever> in this instance
Errors
Executing 'Functions.AzureTrigger' (Reason='This function was programmatically called via the host APIs.', Id=df95b1b4-cdce-4775-abe4-71e6f6cab282)
DefaultAzureCredential failed to retrieve a token from the included credentials.
Attempted credentials:
EnvironmentCredential: EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
Visit https://aka.ms/azsdk/python/identity/environmentcredential/troubleshoot to troubleshoot this issue.
ManagedIdentityCredential: ManagedIdentityCredential authentication unavailable, no response from the IMDS endpoint.
SharedTokenCacheCredential: SharedTokenCacheCredential authentication unavailable. No accounts were found in the cache.
*AzureCliCredential: Failed to invoke the Azure CLI*
AzurePowerShellCredential: Az.Account module >= 2.2.0 is not installed
AzureDeveloperCliCredential: Azure Developer CLI could not be found. Please visit https://aka.ms/azure-dev for installation instructions and then, once installed, authenticate to your Azure account using 'azd auth login'.
To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/python/identity/defaultazurecredential/troubleshoot.
Executed 'Functions.AzureTrigger' (Failed, Id=df95b1b4-cdce-4775-abe4-71e6f6cab282, Duration=57068ms)
System.Private.CoreLib: Exception while executing function: Functions.AzureTrigger. System.Private.CoreLib: Result: Failure
Exception: ClientAuthenticationError: DefaultAzureCredential failed to retrieve a token from the included credentials.
Attempted credentials:
EnvironmentCredential: EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
Visit https://aka.ms/azsdk/python/identity/environmentcredential/troubleshoot to troubleshoot this issue.
ManagedIdentityCredential: ManagedIdentityCredential authentication unavailable, no response from the IMDS endpoint.
SharedTokenCacheCredential: SharedTokenCacheCredential authentication unavailable. No accounts were found in the cache.
AzureCliCredential: Failed to invoke the Azure CLI
AzurePowerShellCredential: Az.Account module >= 2.2.0 is not installed
AzureDeveloperCliCredential: Azure Developer CLI could not be found. Please visit https://aka.ms/azure-dev for installation instructions and then, once installed, authenticate to your Azure account using 'azd auth login'.
To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/python/identity/defaultazurecredential/troubleshoot.
Issue script & Debug output
N/A, description covers it.
Expected behavior
Auth token to be generated as standard.
Environment Summary
azure-cli 2.50.0 *
core 2.50.0 *
telemetry 1.0.8 *
Extensions:
ssh 2.0.0
Dependencies:
msal 1.22.0
azure-mgmt-resource 23.1.0b2
Python location '/usr/local/Cellar/azure-cli/2.50.0_1/libexec/bin/python'
Extensions directory '/Users/daniel.furnivall/.azure/cliextensions'
Python (Darwin) 3.10.12 (main, Jun 20 2023, 17:00:24) [Clang 14.0.3 (clang-1403.0.22.14.1)]
Legal docs and information: aka.ms/AzureCliLegal
You have 3 update(s) available. Consider updating your CLI installation with 'az upgrade'
New Azure CLI version available. Running 'az upgrade' to update automatically.
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Your current Azure CLI version is 2.50.0. Latest version available is 2.51.0.
Please check the release notes first: https://docs.microsoft.com/cli/azure/release-notes-azure-cli
Additional context
I am fairly certain this won't just be hitting the python sdk, and definitely not just function apps.
Describe the bug
Preface:
This may well be intended behaviour, so I apologise if so. However, I am currently unable to upgrade Azure CLI locally due to Homebrew/homebrew-core#138158 & #27047 so I did a bit of digging.
I'll also raise a sister issue on azure-sdk-for-python so they're aware of it too.
Description:
DefaultAzureCredential runs through a bunch of options, including AzureCliCredential.
When it reaches this line within AzureCliCredential, it will always fail the timeout with an outdated software version.
This is because the cli prompt returned by
az account get-access-token --output json --resource <whatever>embedded within that file will always return the following, which requires a user response to complete.Steps to reproduce:
I have been able to confirm this on a minimal reproduction here. It will require the replacement of some env vars:
func startto startreturn subprocess.check_output(args, **kwargs)venv/lib/python3.10/site-packages/azure/identity/_credentials/azure_cli.py- github link to specific linecurl http://localhost:7071/api/helloto trigger the http functionRelated command
All azure commands that trigger an update notification, but specifically
az account get-access-token --output json --resource <whatever>in this instanceErrors
Executing 'Functions.AzureTrigger' (Reason='This function was programmatically called via the host APIs.', Id=df95b1b4-cdce-4775-abe4-71e6f6cab282)
DefaultAzureCredential failed to retrieve a token from the included credentials.
Attempted credentials:
Issue script & Debug output
N/A, description covers it.
Expected behavior
Auth token to be generated as standard.
Environment Summary
Additional context
I am fairly certain this won't just be hitting the python sdk, and definitely not just function apps.