堆栈内存溢出
  简体   繁体   English

az 登录从 github 操作任务失败

[英]az login fails from github action task

 原文  2021-11-04 16:02:51       azure/ authentication/ github/ github-actions/ azure-cli

问题描述

I'm trying to create a GitHub action that deploys infra and my system to Azure.我正在尝试创建一个将基础设施和我的系统部署到 Azure 的 GitHub 操作。 To log in, I use an azure login action like so:要登录,我使用了一个 azure 登录操作,如下所示:

- name: Azure Login
  uses: azure/login@v1.4.0
  with:
    creds: ${{ secrets.AZURE_CREDENTIALS }}

To be able to do this, you must first create a service principal in Azure and store the secrets as a secret in your GitHub repo.为此,您必须首先在 Azure 中创建服务主体,并将机密作为机密存储在您的 GitHub 存储库中。 I neatly created an sp using the az ad sp create-for-rbac command and defined enough permissions and all (as described here ), however... I cannot use the --sdk-auth flag anymore because it's deprecated.我创建了整齐使用SP的az ad sp create-for-rbac命令和定义足够的权限和所有的(如描述在这里),但是...我不能使用--sdk-auth了,因为它是过时的标志。 I don't know if this flag makes a difference, but there is a difference in the JSON object the Azure CLI outputs compared to previous versions.我不知道这个标志是否有所不同,但与以前的版本相比,Azure CLI 输出的 JSON 对象有所不同。 The (JSON) object this commands outputs looks like so:此命令输出的 (JSON) 对象如下所示:

{
  "appId": "guid",
  "displayName": "Name I gave the app in the az ad sp create for RBAC command",
  "name": "guid",
  "password": "very-secret-string",
  "tenant": "guid"
}

This seems to be some sort of a new object because, in previous versions, the object looked slightly different.这似乎是某种新对象,因为在以前的版本中,该对象看起来略有不同。 The previous version of the AZ CLI outputs an object that looks like this:先前版本的 AZ CLI 输出的对象如下所示:

{
    "clientId": "guid",
    "clientSecret": "super-secret-string",
    "subscriptionId": "guid",
    "tenantId": "guid"
}

Now, as a result, the login action in my GH Actions workflow doesn't work anymore and I desperately need it ;)现在,结果是,我的 GH Actions 工作流程中的登录操作不再起作用,我非常需要它 ;)

I also tried to create a Federated Credential, but without a result.我还尝试创建联合凭据,但没有结果。 Now, I'm out of ideas to be honest and I could use some differenty insights.现在,老实说,我没有想法,我可以使用一些不同的见解。

1 个解决方案

解决方案1
 1 已采纳  2021-11-10 16:16:11

It looks like there was an issue with the Azure CLI versions installed on the workers.工作人员上安装的 Azure CLI 版本似乎存在问题。

According to the GH issue, this has been resolved now and shouldn't occur in the future anymore: https://github.com/Azure/cli/issues/56#issuecomment-965186851根据 GH 问题,现在已经解决了,以后不会再发生了: https : //github.com/Azure/cli/issues/56#issuecomment-965186851

Released a long term fix for any further mismatch issues.发布了针对任何进一步不匹配问题的长期修复程序。 Now the default value for azcliversion dynamically points to the version installed on agent.现在 azcliversion 的默认值动态指向安装在代理上的版本。 So there will be no mismatch again unless someone explicitly mentions latest.所以除非有人明确提到最新的,否则不会再次出现不匹配。 If for some reason there is no version of az cli on the agent then action fall backs to latest.如果由于某种原因代理上没有 az cli 版本,则操作将回退到最新版本。

Most of the hosted agents are also updated to 2.30.0.大多数托管代理也更新到 2.30.0。

Please test your scenarios and let us know if you face any more issues.请测试您的场景,如果您遇到更多问题,请告诉我们。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AZ CLI 使用服务主体登录从特定计算机失败 - AZ CLI login using Service Principal fails from specific computer az login 命令失败 - Azure cli - az login command fails - Azure cli Azure DevOps 管道导致 az 登录失败 - az login fails wih Azure DevOps Pipelines Azure CLI任务“ az SF群集创建”因托管代理而失败 - Azure CLI task “az sf cluster create” fails with hosted agent 无法从 az login 登录到 Azure 帐户 - 管理员启用了 MFA - Cannot login to Azure Account from az login - admin enabled MFA AZ 从 CLI 登录问题 - 自签名证书 - AZ Login from CLI issue - SELF SIGNED CERTIFICATE 如何从 DevOps 管道安全地登录 Az CLI - How to securely login in Az CLI from a DevOps Pipeline az login 命令失败 - az login command failure 从AzureRM升级到Az模块现在无法使用Runbook登录 - Upgraded to Az modules from AzureRM now cannot login with Runbook AZ 登录 Bat 文件 - AZ Login in Bat file
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM