search

Azure / azure-cli

Azure Command-Line Interface
MIT License
3.93k stars 2.9k forks source link

Az cli in script asks raw.githubusercontent.com behind private firewall #29294

Open AndersRunningen opened 3 weeks ago

AndersRunningen commented 3 weeks ago

Describe the bug

We have a script that utilizes az cli for doing a job in AKS. The AKS cluster itself are behond a firewall for outgoing requests and when we run simple commands like az --version or az login ... it seems like requests towards raw.githubusercontent.com are done. This means that we need to open the firewall for raw.githubusercontent.com which again means that we open the firewall to all the public content on github which can include malware. Is this by design?

Github search on raw.githubusercontent.com in azure-cli github repository:

https://github.com/search?q=repo%3AAzure%2Fazure-cli%20raw.githubusercontent.com&type=code

There is also references to private repositories in the URLs used that seem to be archived and not updated anymore, for example: https://github.com/danielsollondon/azvmimagebuilder

Related command

az -h
az login
az account set --subscription xxxxxxxxxxxxx
az aks get-credentials --resource-group xxxxxxxxxx --name xxxxxxxx --overwrite-existing

Errors

No particular errors in place other than request we don't use that might fail in the background.

Issue script & Debug output

No direct error

Expected behavior

We expect the cli to have the information need in the Cli itself?

Environment Summary

 az version
{
  "azure-cli": "2.61.0",
  "azure-cli-core": "2.61.0",
  "azure-cli-telemetry": "1.1.0",
  "extensions": {
    "account": "0.2.5",
    "resource-graph": "2.1.0"
  }
}

Additional context

No response

yonzhan commented 3 weeks ago

Thank you for opening this issue, we will look into it.