search

Azure / azure-cli

Azure Command-Line Interface
MIT License
4.01k stars 2.98k forks source link

[AzureStackHub] InvalidResourceType 'Microsoft.KeyVault' for api version '2016-10-01'. #27967

Open TheOnlyWei opened 10 months ago

TheOnlyWei commented 10 months ago

Describe the bug

UPDATE: It seems soft-delete is not supported in Azure Stack Hub, so the Microsoft Docs need to be updated.

Microsoft Docs indicate that this command is supported on all API profiles: https://learn.microsoft.com/en-us/cli/azure/keyvault?view=azure-cli-2020-09-01-hybrid#az-keyvault-show-deleted

Old post:

On Azure Stack Hub using the nightly build Azure CLI version 2.55.0 with the 2020-09-01-hybrid API profile, when I run the command:

az keyvault show-deleted -n $keyVaultName --debug

I get the error:

Code: InvalidResourceType
Message: The resource type could not be found in the namespace 'Microsoft.KeyVault' for api version '2016-10-01'.

Related command

az keyvault show-deleted

Errors

Code: InvalidResourceType
Message: The resource type could not be found in the namespace 'Microsoft.KeyVault' for api version '2016-10-01'.

Issue script & Debug output

[DBG]: PS C:\test\Workloads\DeveloperExperience\CLI>> az keyvault show-deleted -n $keyVaultName --debug
az : DEBUG: cli.knack.log: File logging enabled - writing logs to 'C:\CloudDeployment\BVTs\Output\AZSDKTOOLSCTQ\CLITestLogs'.
At line:1 char:1
+ az keyvault show-deleted -n $keyVaultName --debug
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (DEBUG: cli.knac...Q\CLITestLogs'.:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError

DEBUG: cli.knack.cli: Command arguments: ['keyvault', 'show-deleted', '-n', 'clicanurgkv', '--debug']
DEBUG: cli.knack.cli: __init__ debug log:
Cannot enable color.
DEBUG: cli.knack.cli: Event: Cli.PreExecute []
DEBUG: cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x01ADE7F8>, <function OutputProducer.on_global_arguments 
at 0x01C068E8>, <function CLIQuery.on_global_arguments at 0x01C296B8>]
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
DEBUG: cli.azure.cli.core: Modules found from index for 'keyvault': ['azure.cli.command_modules.keyvault']
DEBUG: cli.azure.cli.core: Loading command modules:
DEBUG: cli.azure.cli.core: Name                  Load Time    Groups  Commands
DEBUG: cli.azure.cli.core: keyvault                  0.009        11        69
DEBUG: cli.azure.cli.core: Total (1)                 0.009        11        69
DEBUG: cli.azure.cli.core: Loaded 11 groups, 69 commands.
DEBUG: cli.azure.cli.core: Found a match in the command table.
DEBUG: cli.azure.cli.core: Raw command  : keyvault show-deleted
DEBUG: cli.azure.cli.core: Command table: keyvault show
DEBUG: cli.azure.cli.core: remaining    :               deleted
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x03ECF028>]
DEBUG: cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 
'C:\Users\Administrator.RQ0401-DVM\.azure\commands\2023-12-05.02-26-32.keyvault_show-deleted.7076.log'.
INFO: az_command_data_logger: command args: keyvault show-deleted -n {} --debug
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument.<locals>.add_subscription_parameter at 0x03EFC1B8>]
DEBUG: cli.azure.cli.core.profiles._shared: Traceback (most recent call last):
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/profiles/_shared.py", line 655, in _get_attr
AttributeError: module 'azure.mgmt.keyvault.v2016_10_01.models' has no attribute 'NetworkRuleBypassOptions'

DEBUG: cli.azure.cli.core.profiles._shared: Traceback (most recent call last):
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/profiles/_shared.py", line 655, in _get_attr
AttributeError: module 'azure.mgmt.keyvault.v2016_10_01.models' has no attribute 'NetworkRuleAction'

DEBUG: cli.azure.cli.core.profiles._shared: Traceback (most recent call last):
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/profiles/_shared.py", line 655, in _get_attr
AttributeError: module 'azure.mgmt.keyvault.v2016_10_01.models' has no attribute 'PublicNetworkAccess'

DEBUG: cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument.<locals>.add_ids_arguments at 0x03F09528>, <function 
register_cache_arguments.<locals>.add_cache_arguments at 0x03F09578>]
DEBUG: cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x01C06938>, <function CLIQuery.handle_query_parameter at 
0x01C29708>, <function register_ids_argument.<locals>.parse_ids_arguments at 0x03F094D8>]
DEBUG: cli.azure.cli.core.commands.client_factory: Getting management service client client_type=KeyVaultManagementClient
DEBUG: cli.azure.cli.core.auth.persistence: build_persistence: location='C:\\Users\\Administrator.RQ0401-DVM\\.azure\\msal_token_cache.bin', encrypt=True
DEBUG: cli.azure.cli.core.auth.binary_cache: load: C:\Users\Administrator.RQ0401-DVM\.azure\msal_http_cache.bin
DEBUG: urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
DEBUG: msal.authority: openid_config = {'issuer': 'https://adfs.redmond.ext-rq0401.masd.stbtest.microsoft.com/adfs/e61eab95-e49f-42cb-ae05-ad7cb57669b7/', 
'authorization_endpoint': 'https://adfs.redmond.ext-rq0401.masd.stbtest.microsoft.com/adfs/oauth2/authorize/', 'token_endpoint': 
'https://adfs.redmond.ext-rq0401.masd.stbtest.microsoft.com/adfs/oauth2/token/', 'jwks_uri': 
'https://adfs.redmond.ext-rq0401.masd.stbtest.microsoft.com/adfs/discovery/keys', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'client_secret_basic', 
'private_key_jwt', 'windows_client_authentication'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token', 'code token', 'code id_token 
token'], 'response_modes_supported': ['query', 'fragment', 'form_post'], 'grant_types_supported': ['authorization_code', 'refresh_token', 'client_credentials', 
'urn:ietf:params:oauth:grant-type:jwt-bearer', 'implicit', 'password', 'srv_challenge', 'urn:ietf:params:oauth:grant-type:device_code', 'device_code'], 
'subject_types_supported': ['pairwise'], 'scopes_supported': ['vpn_cert', 'allatclaims', 'aza', 'user_impersonation', 'winhello_cert', '.default', 'profile', 'email', 
'logon_cert', 'openid'], 'id_token_signing_alg_values_supported': ['RS256'], 'token_endpoint_auth_signing_alg_values_supported': ['RS256'], 'access_token_issuer': 
'https://adfs.redmond.ext-rq0401.masd.stbtest.microsoft.com/adfs/e61eab95-e49f-42cb-ae05-ad7cb57669b7/', 'claims_supported': ['aud', 'iss', 'iat', 'exp', 'auth_time', 
'nonce', 'at_hash', 'c_hash', 'sub', 'upn', 'unique_name', 'pwd_url', 'pwd_exp', 'mfa_auth_time', 'sid', 'nbf'], 'microsoft_multi_refresh_token': True, 
'userinfo_endpoint': 'https://adfs.redmond.ext-rq0401.masd.stbtest.microsoft.com/adfs/userinfo', 'capabilities': ['kdf_ver2'], 'end_session_endpoint': 
'https://adfs.redmond.ext-rq0401.masd.stbtest.microsoft.com/adfs/oauth2/logout', 'as_access_token_token_binding_supported': False, 
'as_refresh_token_token_binding_supported': False, 'resource_access_token_token_binding_supported': False, 'op_id_token_token_binding_supported': False, 
'rp_id_token_token_binding_supported': False, 'frontchannel_logout_supported': True, 'frontchannel_logout_session_supported': True, 'device_authorization_endpoint': 
'https://adfs.redmond.ext-rq0401.masd.stbtest.microsoft.com/adfs/oauth2/devicecode'}
DEBUG: msal.application: Broker enabled? False
DEBUG: cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: 
scopes=('https://management.adfs.rq0401.masd.stbtest.microsoft.com/e61eab95-e49f-42cb-ae05-ad7cb57669b7/.default',), kwargs={}
DEBUG: cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: 
scopes=('https://management.adfs.rq0401.masd.stbtest.microsoft.com/e61eab95-e49f-42cb-ae05-ad7cb57669b7/.default',), claims=None, kwargs={}
DEBUG: msal.application: Cache hit an AT
DEBUG: msal.telemetry: Generate or reuse correlation_id: a2d8d8c7-83c7-48af-b708-33fc3d149cdc
DEBUG: cli.azure.cli.core.sdk.policies: Request URL: 'https://management.redmond.ext-rq0401.masd.stbtest.microsoft.com/subscriptions/1ae2874c-1e60-41c0-a4a1-91e62edf150d/
providers/Microsoft.KeyVault/deletedVaults?api-version=2016-10-01'
DEBUG: cli.azure.cli.core.sdk.policies: Request method: 'GET'
DEBUG: cli.azure.cli.core.sdk.policies: Request headers:
DEBUG: cli.azure.cli.core.sdk.policies:     'Accept': 'application/json'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-client-request-id': 'b45297e2-9315-11ee-bffb-00155d1d7e42'
DEBUG: cli.azure.cli.core.sdk.policies:     'CommandName': 'keyvault show-deleted'
DEBUG: cli.azure.cli.core.sdk.policies:     'ParameterSetName': '-n --debug'
DEBUG: cli.azure.cli.core.sdk.policies:     'User-Agent': 'AZURECLI/2.55.0 (MSI) azsdk-python-azure-mgmt-keyvault/10.3.0 Python/3.11.5 (Windows-10-10.0.20348-SP0)'
DEBUG: cli.azure.cli.core.sdk.policies:     'Authorization': '*****'
DEBUG: cli.azure.cli.core.sdk.policies: Request body:
DEBUG: cli.azure.cli.core.sdk.policies: This request has no body
DEBUG: urllib3.connectionpool: Starting new HTTPS connection (1): management.redmond.ext-rq0401.masd.stbtest.microsoft.com:443
DEBUG: urllib3.connectionpool: https://management.redmond.ext-rq0401.masd.stbtest.microsoft.com:443 "GET 
/subscriptions/1ae2874c-1e60-41c0-a4a1-91e62edf150d/providers/Microsoft.KeyVault/deletedVaults?api-version=2016-10-01 HTTP/1.1" 404 157
DEBUG: cli.azure.cli.core.sdk.policies: Response status: 404
DEBUG: cli.azure.cli.core.sdk.policies: Response headers:
DEBUG: cli.azure.cli.core.sdk.policies:     'Cache-Control': 'no-cache'
DEBUG: cli.azure.cli.core.sdk.policies:     'Pragma': 'no-cache'
DEBUG: cli.azure.cli.core.sdk.policies:     'Content-Type': 'application/json; charset=utf-8'
DEBUG: cli.azure.cli.core.sdk.policies:     'Expires': '-1'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-failure-cause': 'gateway'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-request-id': '65c04218-032d-4c26-aa7d-7b7be623cced'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-correlation-request-id': '65c04218-032d-4c26-aa7d-7b7be623cced'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-routing-request-id': 'REDMOND:20231205T022633Z:65c04218-032d-4c26-aa7d-7b7be623cced'
DEBUG: cli.azure.cli.core.sdk.policies:     'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
DEBUG: cli.azure.cli.core.sdk.policies:     'X-Content-Type-Options': 'nosniff'
DEBUG: cli.azure.cli.core.sdk.policies:     'Date': 'Tue, 05 Dec 2023 02:26:33 GMT'
DEBUG: cli.azure.cli.core.sdk.policies:     'Content-Length': '157'
DEBUG: cli.azure.cli.core.sdk.policies: Response content:
DEBUG: cli.azure.cli.core.sdk.policies: {"error":{"code":"InvalidResourceType","message":"The resource type could not be found in the namespace 'Microsoft.KeyVault' for 
api version '2016-10-01'."}}
DEBUG: cli.azure.cli.core.azclierror: Traceback (most recent call last):
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/invocation.py", line 113, in _validation
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 859, in _validate_arg_level
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/keyvault/_validators.py", line 432, in 
validate_deleted_vault_or_hsm_name
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/core/paging.py", line 128, in __next__
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/core/paging.py", line 76, in __next__
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/mgmt/keyvault/v2016_10_01/operations/_vaults_operations.py", line 1238, in get_next
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/core/exceptions.py", line 107, in map_error
azure.core.exceptions.ResourceNotFoundError: (InvalidResourceType) The resource type could not be found in the namespace 'Microsoft.KeyVault' for api version 
'2016-10-01'.
Code: InvalidResourceType
Message: The resource type could not be found in the namespace 'Microsoft.KeyVault' for api version '2016-10-01'.

ERROR: cli.azure.cli.core.azclierror: (InvalidResourceType) The resource type could not be found in the namespace 'Microsoft.KeyVault' for api version '2016-10-01'.
Code: InvalidResourceType
Message: The resource type could not be found in the namespace 'Microsoft.KeyVault' for api version '2016-10-01'.
ERROR: az_command_data_logger: (InvalidResourceType) The resource type could not be found in the namespace 'Microsoft.KeyVault' for api version '2016-10-01'.
Code: InvalidResourceType
Message: The resource type could not be found in the namespace 'Microsoft.KeyVault' for api version '2016-10-01'.
DEBUG: cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x03ECF168>]
INFO: az_command_data_logger: exit code: 2
INFO: cli.__main__: Command ran in 1.187 seconds (init: 0.428, invoke: 0.759)
INFO: telemetry.main: Begin splitting cli events and extra events, total events: 1
INFO: telemetry.client: Accumulated 0 events. Flush the clients.
INFO: telemetry.main: Finish splitting cli events and extra events, cli events: 1
INFO: telemetry.save: Save telemetry record of length 3680 in cache
INFO: telemetry.main: Begin creating telemetry upload process.
INFO: telemetry.process: Creating upload process: "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe C:\Program Files (x86)\Microsoft 
SDKs\Azure\CLI2\Lib\site-packages\azure\cli\telemetry\__init__.pyc C:\Users\Administrator.RQ0401-DVM\.azure"
INFO: telemetry.process: Return from creating process
INFO: telemetry.main: Finish creating telemetry upload process.

Expected behavior

Should not throw an error.

Environment Summary

azure-cli                         2.55.0

core                              2.55.0
telemetry                          1.1.0

Dependencies:
msal                            1.24.0b2
azure-mgmt-resource             23.1.0b2

Python location 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe'
Extensions directory 'C:\Users\Administrator.RQ0401-DVM\.azure\cliextensions'

Python (Windows) 3.11.5 (tags/v3.11.5:cce6ba9, Aug 24 2023, 14:21:31) [MSC v.1936 32 bit (Intel)]

Legal docs and information: aka.ms/AzureCliLegal

Additional context

No response

yonzhan commented 10 months ago

Thank you for opening this issue, we will look into it.

microsoft-github-policy-service[bot] commented 10 months ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @RandalliLama, @schaabs, @jlichwa.

evelyn-ys commented 10 months ago

Invalid API version for azure stack env:

https://management.redmond.ext-rq0401.masd.stbtest.microsoft.com/subscriptions/1ae2874c-1e60-41c0-a4a1-91e62edf150d/
providers/Microsoft.KeyVault/deletedVaults?api-version=2016-10-01

Need keyvault service to check

TheOnlyWei commented 10 months ago

@evelyn-ys I just realized that soft-delete is not supported on Azure Stack Hub (ASH), so just need to update the API profile Microsoft documentations if the older API profiles are used only by ASH customers: https://learn.microsoft.com/en-us/cli/azure/keyvault?view=azure-cli-2020-09-01-hybrid#az-keyvault-show-deleted Do you know if these older API profiles are only used by ASH customers? If not, and these API profiles are used by non-ASH customers, then you can close this issue.

domggarrity commented 9 months ago

Hi @evelyn-ys, I'm the PM who works with Wei on developer experience issues with Azure Stack. Just following up on this. :)

evelyn-ys commented 9 months ago

I'll contact service team and check if CLI needs to hide this command on azure stack

domggarrity commented 9 months ago

Thanks, @evelyn-ys! Please keep us updated.

domggarrity commented 9 months ago

Hi, @evelyn-ys, have you heard back from the CLI team?

domggarrity commented 8 months ago

Hi @evelyn-ys, just following up. :)

evelyn-ys commented 8 months ago

@domggarrity Thanks for tracking. I have talked with keyvault service team and confirmed show-deleted could be hidden in AzureStack. But I want to get a full list of all commands that need to be hidden, not only show-deleted. The discussion is still going on.

Does this block any of your scenario if we don't hide this command ASAP?

domggarrity commented 7 months ago

@evelyn-ys, thanks for the update! It's good to hear that we're getting the full list of commands that need to be hidden. This doesn't block any scenario at the moment, so it's not extremely urgent, but the incorrect docs may result in more issues like this one over time.

domggarrity commented 3 months ago

Hi @evelyn-ys, just following up on this. Do we have any updates?

evelyn-ys commented 3 months ago

busy on security wave work, this has been deprioritized