yonzhan
commented
1 year ago Thank you for opening this issue, we will look into it.
Open wchristi0101 opened 1 year ago
yonzhan
commented
1 year ago Thank you for opening this issue, we will look into it.
Describe the bug
When you input secrets for cloudservice it splits by the : character, but it requires https://, so this does not work as intenteded (https://github.com/Azure/azure-cli-extensions/blob/main/src/cloudservice/azext_cloudservice/manual/custom.py)
Related command
az cloud-service create --secret vaultname:https://secret-url
Errors
(InvalidParameter) https is not a valid versioned Key Vault Secret URL. It should be in the format https:///secrets//.
Issue script & Debug output
cli.knack.cli: Command arguments: ['cloud-service', 'create', '--cloud-service-name', 'notifytesteastus', '--resource-group', 'notifytesteastus', '--configuration-url', 'https://notifytesteastusstore.blob.core.windows.net/notifyfileupload/ServiceConfiguration.Cloud.cscfg?st=2023-07-18T15%3A30%3A29Z&se=2023-07-18T18%3A00%3A29Z&sp=racwdxytmei&spr=https&sv=2022-11-02&sr=b&sig=h6vMcO5OJIVW3hbdZ%2BmffIkc489KYUzt0DzevhlfwEo%3D', '--package-url', 'https://notifytesteastusstore.blob.core.windows.net/notifyfileupload/NotificationService.Deployment.cspkg?st=2023-07-18T15%3A30%3A29Z&se=2023-07-18T18%3A00%3A29Z&sp=racwdxytmei&spr=https&sv=2022-11-02&sr=b&sig=WvEt%2BM0j7c%2BH6vnplLEHq5SNkqLDC56u%2BVyWYIu6DME%3D', '--secrets', 'notifyRDVault:https://notifyrdvault.vault.azure.net/secrets/AAD-RD/00e65733704647af8a0fe326ff66c214 notifyRDVault:https://notifyrdvault.vault.azure.net/secrets/ConnectStringsRdWebApp/b954c4c705ad4616b3715b57a7bdebb3 notifyRDVault:https://notifyrdvault.vault.azure.net/secrets/SSL-RD/563ad7d82aed4776b3f18aa467bed046', '--start-cloud-service', 'True', '--roles', 'NotificationService:Standard_A4_v2:1:Standard', 'NotificationServiceWorker:Standard_A4_v2:1:Standard', '--debug'] cli.knack.cli: init debug log: Enable color in terminal. cli.knack.cli: Event: Cli.PreExecute [] cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x01E6C850>, <function OutputProducer.on_global_arguments at 0x01F6FA90>, <function CLIQuery.on_global_arguments at 0x01F846E8>] cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate [] cli.azure.cli.core: Modules found from index for 'cloud-service': ['azext_cloudservice'] cli.azure.cli.core: Loading command modules: cli.azure.cli.core: Name Load Time Groups Commands cli.azure.cli.core: Total (0) 0.000 0 0 cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next'].add_subscription_parameter at 0x04171EC8>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x041740B8>, <function register_cache_arguments..add_cache_arguments at 0x04174148>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x01F6FAD8>, <function CLIQuery.handle_query_parameter at 0x01F84730>, <function register_ids_argument..parse_ids_arguments at 0x04174100>]
az_command_data_logger: extension name: cloud-service
az_command_data_logger: extension version: 0.2.0
Command group 'cloud-service' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
cli.azure.cli.core.commands.client_factory: Getting management service client client_type=ResourceManagementClient
cli.azure.cli.core.auth.persistence: build_persistence: location='C:\Users\wchristian\.azure\msal_token_cache.bin', encrypt=True
cli.azure.cli.core.auth.binary_cache: load: C:\Users\wchristian.azure\msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/kerberos', 'tenant_region_scope': 'WW', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 8a86c818-5489-4b32-94f0-2e02fe34bc08
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/87799112-91d8-484e-bc4f-3fb9d90d1630/resourcegroups/notifytesteastus?api-version=2022-09-01'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '6b0176c5-2588-11ee-99b1-8c882b052783'
cli.azure.cli.core.sdk.policies: 'CommandName': 'cloud-service create'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--cloud-service-name --resource-group --configuration-url --package-url --secrets --start-cloud-service --roles --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.50.0 (MSI) azsdk-python-azure-mgmt-resource/23.1.0b2 Python/3.10.10 (Windows-10-10.0.22621-SP0)'
cli.azure.cli.core.sdk.policies: 'Authorization': ''
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/87799112-91d8-484e-bc4f-3fb9d90d1630/resourcegroups/notifytesteastus?api-version=2022-09-01 HTTP/1.1" 200 312
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Content-Encoding': 'gzip'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'Vary': 'Accept-Encoding'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '11999'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '6f2f6961-53fb-4bce-b51b-c5c5f30d07ea'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '6f2f6961-53fb-4bce-b51b-c5c5f30d07ea'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'SOUTHCENTRALUS:20230718T163034Z:6f2f6961-53fb-4bce-b51b-c5c5f30d07ea'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'Date': 'Tue, 18 Jul 2023 16:30:33 GMT'
cli.azure.cli.core.sdk.policies: 'Content-Length': '312'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"id":"/subscriptions/87799112-91d8-484e-bc4f-3fb9d90d1630/resourceGroups/notifytesteastus","name":"notifytesteastus","type":"Microsoft.Resources/resourceGroups","location":"eastus","tags":{"Env":"NonProd","ringValue":"r51"},"properties":{"provisioningState":"Succeeded"}}
cli.azure.cli.core.commands.validators: using location 'eastus' from resource group 'notifytesteastus'
cli.azure.cli.core.commands.client_factory: Getting management service client client_type=ComputeManagementClient/secrets//."
}
}
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke/secrets//.
Code: InvalidParameter
Message: https is not a valid versioned Key Vault Secret URL. It should be in the format https:///secrets//.
cli.azure.cli.core: Loading extensions: cli.azure.cli.core: Name Load Time Groups Commands Directory cli.azure.cli.core: cloud-service 0.010 4 27 C:\Users\wchristian.azure\cliextensions\cloud-service cli.azure.cli.core: Total (1) 0.010 4 27 cli.azure.cli.core: Loaded 4 groups, 27 commands. cli.azure.cli.core: Found a match in the command table. cli.azure.cli.core: Raw command : cloud-service create cli.azure.cli.core: Command table: cloud-service create cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x04130928>] cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users\wchristian.azure\commands\2023-07-18.11-30-33.cloud-service_create.45548.log'. az_command_data_logger: command args: cloud-service create --cloud-service-name {} --resource-group {} --configuration-url {} --package-url {} --secrets {} --start-cloud-service {} --roles {} {} --debug cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument.
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None) msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/kerberos', 'tenant_region_scope': 'WW', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'} msal.application: Broker enabled? False cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={} cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={} msal.application: Cache hit an AT msal.telemetry: Generate or reuse correlation_id: 97ee8143-f8bc-46ce-a0cc-f97eca75f523 cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/87799112-91d8-484e-bc4f-3fb9d90d1630/resourceGroups/notifytesteastus/providers/Microsoft.Compute/cloudServices/notifytesteastus?api-version=2022-09-04' cli.azure.cli.core.sdk.policies: Request method: 'PUT' cli.azure.cli.core.sdk.policies: Request headers: cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json' cli.azure.cli.core.sdk.policies: 'Content-Length': '1538' cli.azure.cli.core.sdk.policies: 'Accept': 'application/json' cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '6b0176c5-2588-11ee-99b1-8c882b052783' cli.azure.cli.core.sdk.policies: 'CommandName': 'cloud-service create' cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--cloud-service-name --resource-group --configuration-url --package-url --secrets --start-cloud-service --roles --debug' cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.50.0 (MSI) azsdk-python-azure-mgmt-compute/29.1.0 Python/3.10.10 (Windows-10-10.0.22621-SP0)' cli.azure.cli.core.sdk.policies: 'Authorization': '' cli.azure.cli.core.sdk.policies: Request body: cli.azure.cli.core.sdk.policies: {"location": "eastus", "properties": {"packageUrl": "https://notifytesteastusstore.blob.core.windows.net/notifyfileupload/NotificationService.Deployment.cspkg?st=2023-07-18T15%3A30%3A29Z&se=2023-07-18T18%3A00%3A29Z&sp=racwdxytmei&spr=https&sv=2022-11-02&sr=b&sig=WvEt%2BM0j7c%2BH6vnplLEHq5SNkqLDC56u%2BVyWYIu6DME%3D", "configurationUrl": "https://notifytesteastusstore.blob.core.windows.net/notifyfileupload/ServiceConfiguration.Cloud.cscfg?st=2023-07-18T15%3A30%3A29Z&se=2023-07-18T18%3A00%3A29Z&sp=racwdxytmei&spr=https&sv=2022-11-02&sr=b&sig=h6vMcO5OJIVW3hbdZ%2BmffIkc489KYUzt0DzevhlfwEo%3D", "startCloudService": true, "roleProfile": {"roles": [{"name": "NotificationService", "sku": {"name": "Standard_A4_v2", "tier": "Standard", "capacity": 1}}, {"name": "NotificationServiceWorker", "sku": {"name": "Standard_A4_v2", "tier": "Standard", "capacity": 1}}]}, "osProfile": {"secrets": [{"sourceVault": {"id": "/subscriptions/87799112-91d8-484e-bc4f-3fb9d90d1630/resourceGroups/notifytesteastus/providers/Microsoft.KeyVault/vaults/notifyRDVault"}, "vaultCertificates": [{"certificateUrl": "https"}, {"certificateUrl": "//notifyrdvault.vault.azure.net/secrets/AAD-RD/00e65733704647af8a0fe326ff66c214 notifyRDVault"}, {"certificateUrl": "https"}, {"certificateUrl": "//notifyrdvault.vault.azure.net/secrets/ConnectStringsRdWebApp/b954c4c705ad4616b3715b57a7bdebb3 notifyRDVault"}, {"certificateUrl": "https"}, {"certificateUrl": "//notifyrdvault.vault.azure.net/secrets/SSL-RD/563ad7d82aed4776b3f18aa467bed046"}]}]}, "networkProfile": {}}} urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443 urllib3.connectionpool: https://management.azure.com:443 "PUT /subscriptions/87799112-91d8-484e-bc4f-3fb9d90d1630/resourceGroups/notifytesteastus/providers/Microsoft.Compute/cloudServices/notifytesteastus?api-version=2022-09-04 HTTP/1.1" 400 216 cli.azure.cli.core.sdk.policies: Response status: 400 cli.azure.cli.core.sdk.policies: Response headers: cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache' cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache' cli.azure.cli.core.sdk.policies: 'Content-Length': '216' cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8' cli.azure.cli.core.sdk.policies: 'Expires': '-1' cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains' cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '70d7d1a4-bb5f-4a51-a883-84054c9124e0' cli.azure.cli.core.sdk.policies: 'Server': 'Microsoft-HTTPAPI/2.0, Microsoft-HTTPAPI/2.0' cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-writes': '1199' cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '6c688f8c-daba-4b19-b860-344f17b467b6' cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'SOUTHCENTRALUS:20230718T163035Z:6c688f8c-daba-4b19-b860-344f17b467b6' cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff' cli.azure.cli.core.sdk.policies: 'Date': 'Tue, 18 Jul 2023 16:30:34 GMT' cli.azure.cli.core.sdk.policies: Response content: cli.azure.cli.core.sdk.policies: { "error": { "code": "InvalidParameter", "message": "https is not a valid versioned Key Vault Secret URL. It should be in the format https://
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 663, in execute File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 726, in _run_jobs_serially File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 697, in _run_job File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 333, in call File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler File "C:\Users\wchristian.azure\cliextensions\cloud-service\azext_cloudservice\manual\custom.py", line 60, in cloud_service_create return sdk_no_wait(no_wait, File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/util.py", line 716, in sdk_no_wait File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/core/tracing/decorator.py", line 78, in wrapper_use_tracer File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/mgmt/compute/v2022_09_04/operations/_cloud_services_operations.py", line 665, in begin_create_or_update File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/mgmt/compute/v2022_09_04/operations/_cloud_services_operations.py", line 532, in _create_or_update_initial azure.core.exceptions.HttpResponseError: (InvalidParameter) https is not a valid versioned Key Vault Secret URL. It should be in the format https://
cli.azure.cli.core.azclierror: (InvalidParameter) https is not a valid versioned Key Vault Secret URL. It should be in the format https:///secrets//.
Code: InvalidParameter
Message: https is not a valid versioned Key Vault Secret URL. It should be in the format https:///secrets//.
az_command_data_logger: (InvalidParameter) https is not a valid versioned Key Vault Secret URL. It should be in the format https:///secrets//.
Code: InvalidParameter
Message: https is not a valid versioned Key Vault Secret URL. It should be in the format https:///secrets//.
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x04130A48>]
az_command_data_logger: exit code: 1
cli.main: Command ran in 2.024 seconds (init: 0.360, invoke: 1.664)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 3892 in cache
telemetry.check: Negative: The C:\Users\wchristian.azure\telemetry.txt was modified at 2023-07-18 11:29:32.264163, which in less than 600.000000 s
Expected behavior
Expected to allow https. I would recommend changing the split to a different character like "," or requiring a json string
Environment Summary
{ "azure-cli": "2.50.0", "azure-cli-core": "2.50.0", "azure-cli-telemetry": "1.0.8", "extensions": { "cloud-service": "0.2.0" } }
Additional context
No response