yonzhan
commented
1 year ago Thank you for opening this issue, we will look into it.
Open Strobodov opened 1 year ago
yonzhan
commented
1 year ago Thank you for opening this issue, we will look into it.
Describe the bug
When providing the command
az network vpn-server-config create --name "vpn-config" --resource-group "myGroup" --auth-types "Certificate" --protocols "IkeV2" --vpn-client-root-certs "myRootCert"an unexpected error is thrown.
I've generated the VPN root certificate based on this tutorial: https://learn.microsoft.com/bs-latn-ba/azure/vpn-gateway/vpn-gateway-certificates-point-to-site-linux
I've uploaded / copy-pasted the exact certificate contents manually via Azure Portal and that worked fine. It seems that the Python code is not able to handle the Base64 decoding of the certificate.
Related command
az network vpn-server-config create --name "vpn-config" --resource-group "myGroup" --auth-types "Certificate" --protocols "IkeV2" --vpn-client-root-certs "myRootCert"
Errors
The command failed with an unexpected error. Here is the traceback: 'NoneType' object has no attribute 'decode' Traceback (most recent call last): File "/opt/az/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke cmd_result = self.invocation.execute(args) File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 663, in execute raise ex File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 726, in _run_jobs_serially results.append(self._run_job(expanded_arg, cmd_copy)) File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 697, in _run_job result = cmd_copy(params) File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 333, in call return self.handler(*args, kwargs) File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler return op(command_args) File "/home/strobodov/.azure/cliextensions/virtual-wan/azext_vwan/custom.py", line 851, in create_vpn_server_config vpn_client_root_certificates=_load_certificates_and_build_name_and_public_cert_data(VpnServerConfigVpnClientRootCertificate, File "/home/strobodov/.azure/cliextensions/virtual-wan/azext_vwan/custom.py", line 1091, in _load_certificates_and_build_name_and_public_cert_data pem_data.decode(), re.I) AttributeError: 'NoneType' object has no attribute 'decode'
Issue script & Debug output
cli.knack.cli: Command arguments: ['network', 'vpn-server-config', 'create', '--name', 'vpn-config', '--resource-group', 'rg_mkornegoor', '--auth-types', 'Certificate', '--protocols', 'IkeV2', '--vpn-client-root-certs', 'azureCert', '--debug'] cli.knack.cli: init debug log: Enable color in terminal. cli.knack.cli: Event: Cli.PreExecute [] cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x7fbd20899360>, <function OutputProducer.on_global_arguments at 0x7fbd2078ff40>, <function CLIQuery.on_global_arguments at 0x7fbd207dd1b0>] cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate [] cli.azure.cli.core: Modules found from index for 'network': ['azure.cli.command_modules.network', 'azure.cli.command_modules.privatedns', 'azext_vwan'] cli.azure.cli.core: Loading command modules: cli.azure.cli.core: Name Load Time Groups Commands cli.azure.cli.core: network 0.510 112 341 cli.azure.cli.core: privatedns 0.004 14 66 cli.azure.cli.core: Total (2) 0.515 126 407 cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next'] cli.azure.cli.core: Loading extensions: cli.azure.cli.core: Name Load Time Groups Commands Directory cli.azure.cli.core: virtual-wan 0.012 20 76 /home/strobodov/.azure/cliextensions/virtual-wan cli.azure.cli.core: Total (1) 0.012 20 76.add_subscription_parameter at 0x7fbd1f773760>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x7fbd1f7b96c0>, <function register_cache_arguments..add_cache_arguments at 0x7fbd1f7b97e0>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x7fbd207b0040>, <function CLIQuery.handle_query_parameter at 0x7fbd207dd240>, <function register_ids_argument..parse_ids_arguments at 0x7fbd1f7b9750>]
az_command_data_logger: extension name: virtual-wan
az_command_data_logger: extension version: 0.2.17
cli.azure.cli.core.commands.client_factory: Getting management service client client_type=ResourceManagementClient
cli.azure.cli.core.auth.persistence: build_persistence: location='/home/strobodov/.azure/msal_token_cache.json', encrypt=False
cli.azure.cli.core.auth.binary_cache: load: /home/strobodov/.azure/msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/dce8a5e3-785a-419b-ad59-e6d13eb2e922/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/dce8a5e3-785a-419b-ad59-e6d13eb2e922/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/dce8a5e3-785a-419b-ad59-e6d13eb2e922/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/dce8a5e3-785a-419b-ad59-e6d13eb2e922/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/dce8a5e3-785a-419b-ad59-e6d13eb2e922/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/dce8a5e3-785a-419b-ad59-e6d13eb2e922/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/dce8a5e3-785a-419b-ad59-e6d13eb2e922/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 4928f51d-99f3-465a-9a0a-f015d10830c6
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/0b32040e-ecfe-4a33-99eb-7d5e9ab4d7f3/resourcegroups/rg_mkornegoor?api-version=2022-09-01'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '80e88c2b-1341-11ee-a585-b9e3dbffb81c'
cli.azure.cli.core.sdk.policies: 'CommandName': 'network vpn-server-config create'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--name --resource-group --auth-types --protocols --vpn-client-root-certs --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.49.0 (DEB) azsdk-python-azure-mgmt-resource/22.0.0 Python/3.10.10 (Linux-6.1.0-0.deb11.7-cloud-amd64-x86_64-with-glibc2.31)'
cli.azure.cli.core.sdk.policies: 'Authorization': '**'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/0b32040e-ecfe-4a33-99eb-7d5e9ab4d7f3/resourcegroups/rg_mkornegoor?api-version=2022-09-01 HTTP/1.1" 200 285
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Content-Encoding': 'gzip'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'Vary': 'Accept-Encoding'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '11999'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': 'f45a4876-1121-4b7b-8cf9-dfe5d3cec88b'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': 'f45a4876-1121-4b7b-8cf9-dfe5d3cec88b'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'WESTEUROPE:20230625T101736Z:f45a4876-1121-4b7b-8cf9-dfe5d3cec88b'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'Date': 'Sun, 25 Jun 2023 10:17:35 GMT'
cli.azure.cli.core.sdk.policies: 'Content-Length': '285'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"id":"/subscriptions/0b32040e-ecfe-4a33-99eb-7d5e9ab4d7f3/resourceGroups/rg_mkornegoor","name":"rg_mkornegoor","type":"Microsoft.Resources/resourceGroups","location":"westeurope","properties":{"provisioningState":"Succeeded"}}
cli.azure.cli.core.commands.validators: using location 'westeurope' from resource group 'rg_mkornegoor'
cli.azure.cli.core.commands.client_factory: Getting management service client client_type=NetworkManagementClient
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/dce8a5e3-785a-419b-ad59-e6d13eb2e922/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/dce8a5e3-785a-419b-ad59-e6d13eb2e922/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/dce8a5e3-785a-419b-ad59-e6d13eb2e922/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/dce8a5e3-785a-419b-ad59-e6d13eb2e922/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/dce8a5e3-785a-419b-ad59-e6d13eb2e922/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/dce8a5e3-785a-419b-ad59-e6d13eb2e922/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/dce8a5e3-785a-419b-ad59-e6d13eb2e922/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 663, in execute
raise ex
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 726, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 697, in _run_job
result = cmd_copy(params)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 333, in call
return self.handler(args, kwargs)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
return op(**command_args)
File "/home/strobodov/.azure/cliextensions/virtual-wan/azext_vwan/custom.py", line 851, in create_vpn_server_config
vpn_client_root_certificates=_load_certificates_and_build_name_and_public_cert_data(VpnServerConfigVpnClientRootCertificate,
File "/home/strobodov/.azure/cliextensions/virtual-wan/azext_vwan/custom.py", line 1091, in _load_certificates_and_build_name_and_public_cert_data
pem_data.decode(), re.I)
AttributeError: 'NoneType' object has no attribute 'decode'
cli.azure.cli.core: Loaded 144 groups, 483 commands. cli.azure.cli.core: Found a match in the command table. cli.azure.cli.core: Raw command : network vpn-server-config create cli.azure.cli.core: Command table: network vpn-server-config create cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x7fbd1f752c20>] cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/home/strobodov/.azure/commands/2023-06-25.10-17-35.network_vpn-server-config_create.12901.log'. az_command_data_logger: command args: network vpn-server-config create --name {} --resource-group {} --auth-types {} --protocols {} --vpn-client-root-certs {} --debug cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument.
cli.azure.cli.core.azclierror: The command failed with an unexpected error. Here is the traceback: az_command_data_logger: The command failed with an unexpected error. Here is the traceback: cli.azure.cli.core.azclierror: 'NoneType' object has no attribute 'decode' Traceback (most recent call last): File "/opt/az/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke cmd_result = self.invocation.execute(args) File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 663, in execute raise ex File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 726, in _run_jobs_serially results.append(self._run_job(expanded_arg, cmd_copy)) File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 697, in _run_job result = cmd_copy(params) File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 333, in call return self.handler(args, kwargs) File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler return op(command_args) File "/home/strobodov/.azure/cliextensions/virtual-wan/azext_vwan/custom.py", line 851, in create_vpn_server_config vpn_client_root_certificates=_load_certificates_and_build_name_and_public_cert_data(VpnServerConfigVpnClientRootCertificate, File "/home/strobodov/.azure/cliextensions/virtual-wan/azext_vwan/custom.py", line 1091, in _load_certificates_and_build_name_and_public_cert_data pem_data.decode(), re.I) AttributeError: 'NoneType' object has no attribute 'decode' az_command_data_logger: 'NoneType' object has no attribute 'decode' Traceback (most recent call last): File "/opt/az/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke cmd_result = self.invocation.execute(args) File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 663, in execute raise ex File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 726, in _run_jobs_serially results.append(self._run_job(expanded_arg, cmd_copy)) File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 697, in _run_job result = cmd_copy(params) File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 333, in call return self.handler(args, kwargs) File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler return op(command_args) File "/home/strobodov/.azure/cliextensions/virtual-wan/azext_vwan/custom.py", line 851, in create_vpn_server_config vpn_client_root_certificates=_load_certificates_and_build_name_and_public_cert_data(VpnServerConfigVpnClientRootCertificate, File "/home/strobodov/.azure/cliextensions/virtual-wan/azext_vwan/custom.py", line 1091, in _load_certificates_and_build_name_and_public_cert_data pem_data.decode(), re.I) AttributeError: 'NoneType' object has no attribute 'decode'
Expected behavior
I would expect the command to except the base64 encoded input. The
--vpn-client-root-certsflag expects a filepath and the file contains the base64 encoded certificate.Environment Summary
azure-cli 2.49.0
core 2.49.0 telemetry 1.0.8
Extensions: virtual-wan 0.2.17
Dependencies: msal 1.20.0 azure-mgmt-resource 22.0.0
Python location '/opt/az/bin/python3' Extensions directory '/home/strobodov/.azure/cliextensions'
Python (Linux) 3.10.10 (main, May 19 2023, 08:20:28) [GCC 10.2.1 20210110]
Legal docs and information: aka.ms/AzureCliLegal
Your CLI is up-to-date.
Static hostname: hoppert Icon name: computer-vm Chassis: vm Machine ID: b81860115f824419b2e69f41961498ca Boot ID: a606f12c8d544dddaf08abb0374b6e21 Virtualization: microsoft Operating System: Debian GNU/Linux 11 (bullseye) Kernel: Linux 6.1.0-0.deb11.7-cloud-amd64 Architecture: x86-64
Additional context
No response