Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Issue] azd provision with a postprovision script - how is az cli auth handled? #2975

Closed
dfberry opened this issue Nov 15, 2023 · 5 comments
Closed

[Issue] azd provision with a postprovision script - how is az cli auth handled? #2975

dfberry opened this issue Nov 15, 2023 · 5 comments
Labels
customer-reported identify a customer issue issue-addressed question

Comments

@dfberry
Copy link

dfberry commented Nov 15, 2023

Last week, I ran a postprovision script that called az cli without auth issues - the script ran fine. Now this week, the same postprovision script returns an auth error for the az cli command. How is auth passed from azd cli to az cli for postprovision scripts? Has something changed?

I'm in Codespaces, run azd auth login then run azd provision.
@dfberry dfberry mentioned this issue Nov 15, 2023
Closed
@sinedied sinedied mentioned this issue Nov 15, 2023
Closed
@vhvb1989
Copy link
Member

az and azd both have its own auth.
When working with both, you need to run log in on each, and make sure az uses the same account/sub that azd is using.

Some alternatives:

1 ) azd supports using az as auth. If you turn this mode ON for azd, you would only need to login to az and set the account/sub on az. Azd would call az for auth tokens, instead of doing it by its own. To enable this mode, you can run

azd config set auth.useAzCliAuth true

  1. If you use the cloud-shell terminal (from azure portal, or from VSCode extension), both az and azd gets automatically logged.

  2. If you are using az from azd hooks, you can consider calling azd auth token -o json from the hook-script to get a jwt token that you can use to call the Azure REST endpoints directly (instead of using az commands)

@ellismg
Copy link
Member

ellismg commented Nov 16, 2023

How is auth passed from azd cli to az cli for postprovision scripts? Has something changed?

As @vhvb1989 mentions, we don't flow authentication information from azd to az in anyway. We do allow azd to use az as an auth provider, but we have no support for going the other way.

@microsoft-github-policy-service Microsoft GitHub Policy Service
Copy link
Contributor

Hi @dfberry. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text “/unresolve” to remove the “issue-addressed” label and continue the conversation.

@diberry
Copy link

diberry commented Nov 17, 2023

Can the docs provide better design/conceptual guidance for auth in the e2e dev experience? If I know I'm using scripts that are used in Azd hooks, and also used in local development, there should be a pattern/system to set up auth so that both work. This should also include how those scripts get env variables from .azure or from default values or from key vault.

@microsoft-github-policy-service Microsoft GitHub Policy Service
Copy link
Contributor

Hi @dfberry, since you haven’t asked that we “/unresolve” the issue, we’ll close this out. If you believe further discussion is needed, please add a comment “/unresolve” to reopen the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
customer-reported identify a customer issue issue-addressed question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dfberry @ellismg @vhvb1989 @diberry