search

Azure / azure-cli

Azure Command-Line Interface
MIT License
3.91k stars 2.87k forks source link

az account get-access-token --resource https://cognitiveservices.azure.com <Response 400> from Cloud shell #29057

Open daisygithuba opened 1 month ago

daisygithuba commented 1 month ago

Describe the bug

when run "az account get-access-token --resource https://cognitiveservices.azure.com" to get access token will receive error: az_command_data_logger: Failed to connect to MSI. Please make sure MSI is configured correctly. Get Token request returned: <Response [400]>

command is executed from Azure portal - Cloud shell, user should be automatically signed in. az account get-access-token --resource https://management.azure.com would work without any issue.

Related command

az account get-access-token --resource https://cognitiveservices.azure.com

Errors

az_command_data_logger: Failed to connect to MSI. Please make sure MSI is configured correctly. Get Token request returned: <Response [400]>

Issue script & Debug output

cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x7f745c04fdc0>, <function CLIQuery.handle_query_parameter at 0x7f745bfe63a0>, <function register_ids_argument..parse_ids_arguments at 0x7f745b408280>] urllib3.connectionpool: Starting new HTTP connection (1): localhost:50342 urllib3.connectionpool: http://localhost:50342 "POST /oauth2/token HTTP/1.1" 400 133 msrestazure.azure_active_directory: MSI: Retrieving a token from http://localhost:50342/oauth2/token, with payload {'resource': 'https://cognitiveservices.azure.com'} msrestazure.azure_active_directory: MSI: Failed to retrieve a token from 'http://localhost:50342/oauth2/token' with an error of '400 Client Error: Bad Request for url: http://localhost:50342/oauth2/token'. This could be caused by the MSI extension not yet fully provisioned. cli.azure.cli.core.auth.adal_authentication: throw requests.exceptions.HTTPError when doing MSIAuthentication: Traceback (most recent call last): File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/auth/adal_authentication.py", line 75, in set_token super().set_token() File "/usr/lib64/az/lib/python3.9/site-packages/msrestazure/azure_active_directory.py", line 598, in settoken self.scheme, , self.token = get_msi_token(self.resource, self.port, self.msi_conf) File "/usr/lib64/az/lib/python3.9/site-packages/msrestazure/azure_active_directory.py", line 486, in get_msi_token result.raise_for_status() File "/usr/lib64/az/lib/python3.9/site-packages/requests/models.py", line 1021, in raise_for_status raise HTTPError(http_error_msg, response=self) requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: http://localhost:50342/oauth2/token

cli.azure.cli.core.azclierror: Traceback (most recent call last): File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/auth/adal_authentication.py", line 75, in set_token super().set_token() File "/usr/lib64/az/lib/python3.9/site-packages/msrestazure/azure_active_directory.py", line 598, in settoken self.scheme, , self.token = get_msi_token(self.resource, self.port, self.msi_conf) File "/usr/lib64/az/lib/python3.9/site-packages/msrestazure/azure_active_directory.py", line 486, in get_msi_token result.raise_for_status() File "/usr/lib64/az/lib/python3.9/site-packages/requests/models.py", line 1021, in raise_for_status raise HTTPError(http_error_msg, response=self) requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: http://localhost:50342/oauth2/token

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/auth/adal_authentication.py", line 87, in set_token .format(err.response.status, err.response.reason)) AttributeError: 'Response' object has no attribute 'status'

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/lib64/az/lib/python3.9/site-packages/knack/cli.py", line 233, in invoke cmd_result = self.invocation.execute(args) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 664, in execute raise ex File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 731, in _run_jobs_serially results.append(self._run_job(expanded_arg, cmd_copy)) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 701, in _run_job result = cmd_copy(params) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 334, in call return self.handler(*args, kwargs) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler return op(command_args) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/command_modules/profile/custom.py", line 78, in get_access_token creds, subscription, tenant = profile.get_raw_token(subscription=subscription, resource=resource, scopes=scopes, File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/_profile.py", line 401, in get_raw_token msi_creds = MsiAccountTypes.msi_auth_factory(MsiAccountTypes.system_assigned, identity_id, File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/_profile.py", line 734, in msi_auth_factory return MSIAuthenticationWrapper(resource=resource) File "/usr/lib64/az/lib/python3.9/site-packages/msrestazure/azure_active_directory.py", line 592, in init self.set_token() File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/auth/adal_authentication.py", line 89, in set_token raise AzureResponseError('Failed to connect to MSI. Please make sure MSI is configured correctly.\n' azure.cli.core.azclierror.AzureResponseError: Failed to connect to MSI. Please make sure MSI is configured correctly. Get Token request returned: <Response [400]>

cli.azure.cli.core.azclierror: Failed to connect to MSI. Please make sure MSI is configured correctly. Get Token request returned: <Response [400]> az_command_data_logger: Failed to connect to MSI. Please make sure MSI is configured correctly. Get Token request returned: <Response [400]> cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x7f745b496a60>]

Expected behavior

return token without the need of login again

Environment Summary

azure-cli 2.61.0

core 2.61.0 telemetry 1.1.0

Extensions: ai-examples 0.2.5 ml 2.26.0 ssh 2.0.3

Dependencies: msal 1.28.0 azure-mgmt-resource 23.1.1

Additional context

No response

yonzhan commented 1 month ago

Thank you for opening this issue, we will look into it.

microsoft-github-policy-service[bot] commented 1 month ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @josephkwchan, @jennyhunter-msft.

daisygithuba commented 3 weeks ago

hi team, is there any update on this? thanks.