yonzhan
commented
5 days ago Thank you for opening this issue, we will look into it.
Open kdambekalns opened 5 days ago
yonzhan
commented
5 days ago Thank you for opening this issue, we will look into it.
microsoft-github-policy-service[bot]
commented
5 days ago Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @AzureAppServiceCLI, @antcp.
kdambekalns
commented
4 days ago FYI: I also tried using az rest to call the deployment API endpoit directly, as suggested in https://azure.github.io/AppService/2021/03/01/deploying-to-network-secured-sites-2.html - even though it seemed far-fetched, given that article is from March 2021. As expected it didn't make a difference.
kdambekalns
commented
3 days ago We did some further debugging… It fails with 400 Bad request for
az storage blob generate-sas --full-uri --permissions r --expiry '2024-07-03T09:09Z' --account-name acmecom -c artifacts -n release.zip --auth-mode login --as-useraz storage blob generate-sas --full-uri --permissions r --expiry '2024-07-03T09:09Z' --account-name acmecom -c artifacts -n release.zip (with account name & key)https://www.acme.com/release.zip that points to a non-existing ZIPWhen using a URL like https://www.acme.com/release.zip that points to an existing ZIP, it works – so it doesn't like the "fancy" SAS URL? For fun I passed a rawurlencoded URL of the SAS URL, and that failed with Invalid packageUrl in the JSON request.
So the SAS URL is the issue – either it is checked and access fails (even though I can use it just fine!) or some validation goes wrong!?
kdambekalns
commented
3 days ago Could it be the network blocks access to the storage container from the deployment service? We have "Public network access: Enabled from selected virtual networks and IP addresses" configured.
I'll try adding a private endpoint and see where that leads me.
kdambekalns
commented
3 days ago I'll try adding a private endpoint and see where that leads me.
The combination of a private endpoint and SAS URL does work fine, it was indeed the inaccessible ZIP that caused the 400 Bad request.
If there could be a better error message for such a case, that would have saved me some hours… 😬
Describe the bug
When running the
az webapp deploycommand below, all I get is a "Bad Request" response. Pretty hard to debug that…Related command
az webapp deploy --resource-group ACME-Dev-RG --name acmecom-dev --type zip --src-url 'https://acmecom.blob.core.windows.net/artifacts/release.zip?__SAS__'(Tried with an explicit
--async trueas well, to avoid any side effects of https://github.com/Azure/azure-cli/issues/27506)Errors
Issue script & Debug output
This has been redacted and shortened a bit (removed the successful informaton retrieval about the webapp, for example).
I hope the relevant bits are all there.
There seems to be no response body whatsoever, so all I have is
400 Bad requestExpected behavior
The deployment is triggered…
Environment Summary
azure-cli 2.61.0
core 2.61.0 telemetry 1.1.0
Extensions: webapp 0.4.0
Dependencies: msal 1.28.0 azure-mgmt-resource 23.1.1
Python location '/opt/homebrew/Cellar/azure-cli/2.61.0/libexec/bin/python' Extensions directory '/Users/karsten/.azure/cliextensions'
Python (Darwin) 3.11.9 (main, Apr 2 2024, 08:25:04) [Clang 15.0.0 (clang-1500.3.9.4)]
Legal docs and information: aka.ms/AzureCliLegal
Your CLI is up-to-date.
Additional context
The download URL given to the command is valid and works…