search

Azure / azure-cli

Azure Command-Line Interface
MIT License
4.02k stars 2.99k forks source link

POST call for getting authToken is not passing "secret" request header #20540

Open mahakjain314 opened 2 years ago

mahakjain314 commented 2 years ago

Is your feature request related to a problem? Please describe. The "az login --identity" always fails when running in Azure Automation Hybrid Worker with Bad Request.

While logging in through automation account identity when the script is running in Automation Hybrid Worker, it uses the automation data plane service to fetch the token which is controlled by Environment Variables - MSI_ENDPOINT and MSI_SECRET. The automation endpoint has both GET and POST call for the token implemented.

Root Cause: The "az login --identity" command is making a POST call for getting the token from Automation backend service when running as Hybrid Worker and the POST call is not passing the required secret header (either "secret"or "X-IDENTITY-HEADER") in the request which is resulting in Bad Request response.

Describe the solution you'd like POST call should pass the required secret header (either "secret"or "X-IDENTITY-HEADER") in the request.

Describe alternatives you've considered No alternative

Additional context

Repro Steps:

  1. Configure a Azure Machine as Hybrid Worker in Automation Account.
  2. Install AZ CLI 2.30.0 in the machine.
  3. Create and publish a PowerShell script with below content: az login --identity
  4. Run this runbook on the configured hybrid worker.
yonzhan commented 2 years ago

@jiasli for awareness