Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Search-AzGraph "Your Azure credentials have not been set up or have expired" in GitHub Actions #21593

Closed
YanaXu opened this issue Apr 19, 2023 · 1 comment
Assignees
Labels
Azure PS Team bug This issue requires a change to an existing behavior in the product in order to be resolved. Tracking We will track status and follow internally

Comments

@YanaXu
Copy link
Contributor

YanaXu commented Apr 19, 2023

Description

It's the same issue as #20720 .
It's reported in Azure PowerShell Action Repo: Action Fails after Login via Az module.

I can always reproduce the issue with the GitHub workflow script below:

name: AzurePowerShellLoginSample
on: [push]

jobs:

  build:
    runs-on: ubuntu-latest
    steps:
    
    - name: Login via Az module
      uses: azure/login@v1
      with:
        creds: ${{secrets.AZURE_CREDENTIALS}}
        #allow-no-subscriptions: true
        enable-AzPSSession: true

    - name: Az PowerShell
      uses: azure/powershell@v1
      with:
        azPSVersion: "latest"
        inlineScript: |
          # $global:DebugPreference = "Continue"
          # Get-AzContext 
          # Get-AzResourceGroup
          if(-not (Get-Module Az.ResourceGraph -ListAvailable))
          {
            Install-Module Az.ResourceGraph -Scope CurrentUser -Force
          }
          $query = "resourcecontainers | where type == 'microsoft.resources/subscriptions' | project name, id | sort by name asc"
          $subscriptions = Search-AzGraph -Query $query -UseTenantScope
          $subscriptions

The error message is

DEBUG: 07:41:40 - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True].
Search-AzGraph: /home/runner/work/_temp/143d5d48-390a-463a-bd92-3150b2ff0b41.ps1:12
Line |
  12 |  $subscriptions = Search-AzGraph -Query $query -UseTenantScope
     |                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Your Azure credentials have not been set up or have expired, please run
     | Connect-AzAccount to set up your Azure credentials. No certificate
     | thumbprint or secret provided for the given service principal
     | '***'.

Error: Error: The process '/usr/bin/pwsh' failed with exit code 1

But if the Get-AzContext or Get-AzResourceGroup is added before Search-AzGraph, the script will be run successfully.

Issue script & Debug output

Get-Module -ListAvailable Az.Accounts,Az.Resources
$PSVersionTable

if(-not (Get-Module Az.ResourceGraph -ListAvailable))
{
  Install-Module Az.ResourceGraph -Scope CurrentUser -Force
}
$query = "resourcecontainers | where type == 'microsoft.resources/subscriptions' | project name, id | sort by name asc"
$subscriptions = Search-AzGraph -Query $query -UseTenantScope
$subscriptions

Environment data

Key   : PSVersion
Value : 7.2.10
Name  : PSVersion


Key   : PSEdition
Value : Core
Name  : PSEdition


Key   : GitCommitId
Value : 7.2.10
Name  : GitCommitId


Key   : OS
Value : Linux 5.15.0-1035-azure #42-Ubuntu SMP Tue Feb 28 19:41:23 UTC 2023
Name  : OS


Key   : Platform
Value : Unix
Name  : Platform


Key   : PSCompatibleVersions
Value : ***1.0, 2.0, 3.0, 4.0***
Name  : PSCompatibleVersions


Key   : PSRemotingProtocolVersion
Value : 2.3
Name  : PSRemotingProtocolVersion


Key   : SerializationVersion
Value : 1.1.0.1
Name  : SerializationVersion


Key   : WSManStackVersion
Value : 3.0
Name  : WSManStackVersion

Module versions

ModuleType Version    PreRelease Name                                PSEdition
---------- -------    ---------- ----                                ---------
Script     2.12.1                Az.Accounts                         Core,Desk
Script     6.5.1                 Az.Resources                        Core,Desk
Script     2.12.1                Az.Accounts                         Core,Desk
Script     6.5.1                 Az.Resources                        Core,Desk

Error output

Search-AzGraph: /home/runner/work/_temp/6bc8c5e9-8fbb-4e11-848e-4944911ada43.ps1:13
Line |
  13 |  $subscriptions = Search-AzGraph -Query $query -UseTenantScope
     |                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Your Azure credentials have not been set up or have expired, please run
     | Connect-AzAccount to set up your Azure credentials. No certificate
     | thumbprint or secret provided for the given service principal
     | '***'.

Error: Error: The process '/usr/bin/pwsh' failed with exit code 1
@YanaXu YanaXu added bug This issue requires a change to an existing behavior in the product in order to be resolved. needs-triage This is a new issue that needs to be triaged to the appropriate team. labels Apr 19, 2023
@ghost ghost removed the needs-triage This is a new issue that needs to be triaged to the appropriate team. label Apr 19, 2023
@wyunchi-ms wyunchi-ms added Azure PS Team Tracking We will track status and follow internally labels Apr 20, 2023
@msJinLei
Copy link
Contributor

msJinLei commented Oct 19, 2023

Refer to action logs https://github.com/msJinLei/GitHubActionTest/actions/runs/6572209416/job/17852899272

In Azure/Login action, Connect-AzAccount using Az.Accounts 2.13.1 while Azure/Powershell action imports Az.Accounts with version 2.9.1
Between these 2 versions, we change the location of Service Principal's secret. That is to say Az.Accounts 2.9.1 cannot find the Service Principal's secret which is stored by Az.Accounts 2.13.1. This is the root cause.

The Az.Accounts 2.9.1 is installed with Az.ResourceGraph latest version. The expected Az.Accounts installed should be the latest version but due to the known issue PowerShell/PowerShellGetv2#704, an old version is installed.
The Az.Accounts 2.9.1 is installed to a path with a higher priority so that it is be imported not the one originally in Azure/Powershell action.

The issue will be handled by Azure/Powershell action

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Azure PS Team bug This issue requires a change to an existing behavior in the product in order to be resolved. Tracking We will track status and follow internally
Projects
None yet
Development

No branches or pull requests

3 participants