The command failed with an unexpected error. Here is the traceback:
argument of type 'NoneType' is not iterable
Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 663, in execute
raise ex
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 726, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 697, in _run_job
result = cmd_copy(params)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 333, in __call__
return self.handler(*args, **kwargs)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
return op(**command_args)
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/serviceconnector/custom.py", line 267, in connection_create
new_auth_info = enable_mi_for_db_linker(cmd, source_id, target_id, auth_info, client_type, connection_name)
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/serviceconnector/_credential_free.py", line 69, in enable_mi_for_db_linker
target_handler.set_user_admin(
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/serviceconnector/_credential_free.py", line 164, in set_user_admin
if (not mysql_umi) or mysql_identity_id not in mysql_umi.get("userAssignedIdentities"):
TypeError: argument of type 'NoneType' is not iterable
To Reproduce:
Create a mysql flex server and assign a managed identity. the managed identity doesn't have additional consents, so it doesn't have User.Read.All, GroupMember.Read.All, Application.Read.ALL.
Create a webapp premium tier
Create a webapp connection
Here the script:
RESOURCE_GROUP=rg-jboss-passwordless
MYSQL_HOST=mysql-jboss-passwordless
DATABASE_NAME=checklist
DATABASE_FQDN=${MYSQL_HOST}.mysql.database.azure.com
# Note that the connection url includes the password-free authentication plugin
MYSQL_CONNECTION_URL="jdbc:mysql://${DATABASE_FQDN}:3306/${DATABASE_NAME}?useSSL=true&requireSSL=true&defaultAuthenticationPlugin=com.azure.identity.extensions.jdbc.mysql.AzureMysqlAuthenticationPlugin&authenticationPlugins=com.azure.identity.extensions.jdbc.mysql.AzureMysqlAuthenticationPlugin"
APPSERVICE_NAME=jboss-passwordless
APPSERVICE_PLAN=asp-jboss-passwordless
APP_IDENTITY_NAME=identity-jboss-passwordless
LOCATION=eastus
MYSQL_ADMIN_USER=azureuser
# Generating a random password for the MySQL user as it is mandatory
# mysql admin won't be used as Azure AD authentication is leveraged also for administering the database
MYSQL_ADMIN_PASSWORD=$(pwgen -s 15 1)
# # Get current user logged in azure cli to make it mysql AAD admin
CURRENT_USER=$(az account show --query user.name -o tsv)
CURRENT_USER_OBJECTID=$(az ad user show --id $CURRENT_USER --query id -o tsv)
# CURRENT_USER_DOMAIN=$(cut -d '@' -f2 <<< $CURRENT_USER)
# # APPSERVICE_LOGIN_NAME=${APPSERVICE_NAME}'@'${CURRENT_USER_DOMAIN}
# APPSERVICE_LOGIN_NAME='checklistapp@'${CURRENT_USER_DOMAIN}
# create resource group
az group create --name $RESOURCE_GROUP --location $LOCATION
# create mysql flexible-server
az mysql flexible-server create \
--name $MYSQL_HOST \
--resource-group $RESOURCE_GROUP \
--location $LOCATION \
--admin-user $MYSQL_ADMIN_USER \
--admin-password $MYSQL_ADMIN_PASSWORD \
--public-access 0.0.0.0 \
--tier Burstable \
--sku-name Standard_B1ms \
--storage-size 32
# create mysql database
az mysql flexible-server db create -g $RESOURCE_GROUP -s $MYSQL_HOST -d $DATABASE_NAME
# Create app service plan (premium required for JBoss EAP)
az appservice plan create --name $APPSERVICE_PLAN --resource-group $RESOURCE_GROUP --location $LOCATION --sku P1V3 --is-linux
# Create application service
az webapp create --name $APPSERVICE_NAME --resource-group $RESOURCE_GROUP --plan $APPSERVICE_PLAN --runtime "JBOSSEAP:7-java8"
# create managed identity for mysql. By assigning the identity to the mysql server, it will enable Azure AD authentication
az identity create --name $APP_IDENTITY_NAME --resource-group $RESOURCE_GROUP --location $LOCATION
IDENTITY_ID=$(az identity show --name $APP_IDENTITY_NAME --resource-group $RESOURCE_GROUP --query id -o tsv)
# create service connection.
az webapp connection create mysql-flexible \
--resource-group $RESOURCE_GROUP \
--name $APPSERVICE_NAME \
--tg $RESOURCE_GROUP \
--server $MYSQL_HOST \
--database $DATABASE_NAME \
--client-type java \
--system-identity mysql-identity-id=$IDENTITY_ID
Expected Behavior
Assign current user as AD admin to MySQL
Configure system managed identity for the webapp
New user created in MySQL linked to managed identity
yonzhan
commented
1 year ago
This is autogenerated. Please review and update as needed.
Describe the bug
Command Name
az webapp connection create mysql-flexibleErrors:
To Reproduce:
Create a mysql flex server and assign a managed identity. the managed identity doesn't have additional consents, so it doesn't have User.Read.All, GroupMember.Read.All, Application.Read.ALL. Create a webapp premium tier Create a webapp connection
Here the script:
Expected Behavior
Environment Summary
Additional Context