Closed AthanasiosPavlou closed 3 months ago
ClientAuthenticationError: DefaultAzureCredential failed to retrieve a token from the included credentials. Attempted credentials: EnvironmentCredential: EnvironmentCredential authentication unavailable. Environment variables are not fully configured. Visit https://aka.ms/azsdk/python/identity/environmentcredential/troubleshoot to troubleshoot this issue. ManagedIdentityCredential: ManagedIdentityCredential authentication unavailable, no response from the IMDS endpoint. AzureCliCredential: Azure CLI not found on path AzurePowerShellCredential: PowerShell is not installed AzureDeveloperCliCredential: Azure Developer CLI could not be found. Please visit https://aka.ms/azure-dev for installation instructions and then,once installed, authenticate to your Azure account using 'azd auth login'. To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/python/identity/defaultazurecredential/troubleshoot.
Traceback:
File "/usr/local/lib/python3.11/site-packages/streamlit/runtime/scriptrunner/script_runner.py", line 535, in _run_script
exec(code, module.dict)
File "/usr/local/src/myscripts/admin/pages/04_Configuration.py", line 25, in
Because of the docker image the codebase is automatically picking up the above updates, and thus the deployed application stopped working. Please revert so that current deployments can resume functioning:
"WebAppImageName": "DOCKER|fruoccopublic.azurecr.io/rag-webapp",
"AdminWebAppImageName": "DOCKER|fruoccopublic.azurecr.io/rag-adminwebapp",
"BackendImageName": "DOCKER|fruoccopublic.azurecr.io/rag-backend",
One more thing to add - due to environment restrictions/permissions not all of us have the option to turn on managed identity on Azure portal, assign rbac rules etc. So if you could please revert to the previous, the accelerator should resume operating
@AthanasiosPavlou Can you please check if your solution is working fine?
Hello - yep, it is now back up and running :)
I am having the same issue, and it is impacting a Stategic customer.... if they restart the web app, will it pick up the changes? How do we revert these changes? @komalg1 @AthanasiosPavlou
I am having the same issue, and it is impacting a Stategic customer.... if they restart the web app, will it pick up the changes? How do we revert these changes? @komalg1 @AthanasiosPavlou
@rmthurman It will pick up the changes. It should work as before now. Let us know if you see any issues.
@komalg1 their environment is still broken.... are you available to troubleshoot with us today? How do I contact you internally?
@rmthurman Heya, can you ask them to set the ‘AZURE_AUTH_TYPE’ env var to ‘keys’ for the backend application?
Hi @rmthurman and @komalg1. In my case, with no further changes from my end (apart from restarting both the admin and the chat webapps) the solution resumed working as usual.
Hi - what options are there if we want to continue using rbac rather than keys?
1) You will need to deploy your infrastructure using rbac
in the bicep deployment. The value you need to change is authType
. This will create the RolePermissions necessary
2) You will then need to configure each AppServices configuration AZURE_AUTH_TYPE
to rbac
@joshrenshaw12 For local deployment you will need to add roles for your principal id. It can be done manually & programmatically. Please refer to the docs - Manually Assign roles Programmatically assign roles
@AthanasiosPavlou - can we close this now?
This issue is for a: (mark with an
x
)Minimal steps to reproduce
Any log messages given by the failure
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/local/lib/python3.11/site-packages/streamlit/runtime/scriptrunner/script_runner.py", line 535, in _run_script exec(code, module.dict) File "/usr/local/src/myscripts/admin/pages/04_Configuration.py", line 25, in
config = ConfigHelper.get_active_config_or_default()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/src/myscripts/utilities/helpers/ConfigHelper.py", line 66, in get_active_config_or_default
config = ConfigHelper.get_default_config()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/src/myscripts/utilities/helpers/ConfigHelper.py", line 194, in get_default_config
return Config(default_config)
^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/src/myscripts/utilities/helpers/ConfigHelper.py", line 23, in init
self.env_helper = EnvHelper()
^^^^^^^^^^^
File "/usr/local/src/myscripts/utilities/helpers/EnvHelper.py", line 50, in init
self.OPENAI_API_KEY = DefaultAzureCredential(exclude_shared_token_cache_credential=True).get_token("https://cognitiveservices.azure.com/.default").token
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/azure/identity/_credentials/default.py", line 225, in get_token
token = super().get_token(*scopes, claims=claims, tenant_id=tenant_id, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/azure/identity/_credentials/chained.py", line 124, in get_token
Expected/desired behavior
No errors thrown before change: Authenticate using RBAC instead of API Keys for Azure Search & Azure Open AI resources (#186)
OS and Version?
All above
Versions
Mention any other details that might be useful