Closed sajithvasu closed 5 years ago
tjprescott
commented
5 years ago Please provide your environment summary:
az --version)
sajithvasu
commented
5 years ago @tjprescott - Please find the details below: 1) MSI installation on Windows 2) Tested this bug on az cli version 2.0.52, 2.057, 2.058 and it fails. Key vault update and add network rule command only works on az cli version 2.0.49 3) OS version : Microsoft Windows Server 2016 data center 4) Shell type: Tested - Bash on windows using Visual Studio code, also tested on Linux shell.
It is very simple to reproduce this problem on any version of az cli except version az cli 2.0.49 works fine. Create a key vault in resource group and run either of the command :
az keyvault update --resource-group
az keyvault network-rule add --resource-group
tjprescott
commented
5 years ago I am not able to reproduce this error for either of these commands. Please provide the complete output of az --version as well as az self-test
sajithvasu
commented
5 years ago Output from az --version
Windows PowerShell Copyright (C) 2016 Microsoft Corporation. All rights reserved.
PS C:\Users\xxxxxxxx\Documents\xxxx-xxxx> az --version azure-cli 2.0.58
acr 2.2.0 acs 2.3.17 advisor 2.0.0 ams 0.4.1 appservice 0.2.13 backup 1.2.1 batch 3.4.1 batchai 0.4.7 billing 0.2.0 botservice 0.1.6 cdn 0.2.0 cloud 2.1.0 cognitiveservices 0.2.4 command-modules-nspkg 2.0.2 configure 2.0.20 consumption 0.4.2 container 0.3.13 core 2.0.58 cosmosdb 0.2.7 dla 0.2.4 dls 0.1.8 dms 0.1.2 eventgrid 0.2.1 eventhubs 0.3.3 extension 0.2.3 feedback 2.1.4 find 0.2.13 hdinsight 0.3.0 interactive 0.4.1 iot 0.3.6 iotcentral 0.1.6 keyvault 2.2.11 kusto 0.1.0 lab 0.1.5 maps 0.3.3 monitor 0.2.10 network 2.3.2 nspkg 3.0.3 policyinsights 0.1.1 profile 2.1.3 rdbms 0.3.7 redis 0.4.0 relay 0.1.3 reservations 0.4.1 resource 2.1.10 role 2.4.0 search 0.1.1 security 0.1.0 servicebus 0.3.3 servicefabric 0.1.12 signalr 1.0.0 sql 2.1.9 sqlvm 0.1.0 storage 2.3.1 telemetry 1.0.1 vm 2.2.15
Python location 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe' Extensions directory 'C:\Users\xxxxxxxx.azure\cliextensions'
Python (Windows) 3.6.6 (v3.6.6:4cf1f54eb7, Jun 27 2018, 02:47:15) [MSC v.1900 32 bit (Intel)]
Legal docs and information: aka.ms/AzureCliLegal
Your CLI is up-to-date.
Output from az self-test PS C:\Users\xxxxxxx\Documents\xxx-xxx> az self-test This command has been deprecated and will be removed in a future release. Running CLI self-test.
Loading all commands and arguments... Commands loaded OK.
Retrieving all help... Help loaded OK.
CLI self-test completed: OK
**Output from update command
PS C:\Users\xxxxxxxx\Documents\xxxx-xxxx> az keyvault update --resource-group
tjprescott
commented
5 years ago If you run these commands on Cloud Shell you will find that they work fine. The problem is likely your CLI installation. From the error trace you post, it looks like you have some kind of stray pip install somewhere on your machine causing problems.
What is the output of where az?
sajithvasu
commented
5 years ago Use az -h to see available commands or go to https://aka.ms/cli.
The Azure CLI collects usage data in order to improve your experience. The data is anonymous and does not include commandline argument values. The data is collected by Microsoft.
You can change your telemetry settings with az configure.
/\
/ \ _____ _ _ ___ _/ /\ \ |_ / | | | \'/ \ / ____ \ / /| || | | | / // \\/|_,|| _|
Welcome to the cool new Azure CLI!
Use az --version to display the current version.
Here are the base commands:
account : Manage Azure subscription information.
acr : Manage private registries with Azure Container Registries.
acs : Manage Azure Container Services.
ad : Manage Azure Active Directory Graph entities needed for Role Based Access
Control.
advisor : Manage Azure Advisor.
aks : Manage Azure Kubernetes Services.
ams : Manage Azure Media Services resources.
appservice : Manage App Service plans.
backup : Manage Azure Backups.
batch : Manage Azure Batch.
batchai : Manage Batch AI resources.
billing : Manage Azure Billing.
bot : Manage Microsoft Bot Services.
cdn : Manage Azure Content Delivery Networks (CDNs).
cloud : Manage registered Azure clouds.
cognitiveservices : Manage Azure Cognitive Services accounts.
configure : Manage Azure CLI configuration. This command is interactive.
consumption : Manage consumption of Azure resources.
container : Manage Azure Container Instances.
cosmosdb : Manage Azure Cosmos DB database accounts.
deployment : Manage Azure Resource Manager deployments at subscription scope.
disk : Manage Azure Managed Disks.
dla : (PREVIEW) Manage Data Lake Analytics accounts, jobs, and catalogs.
dls : (PREVIEW) Manage Data Lake Store accounts and filesystems.
dms : Manage Azure Data Migration Service (DMS) instances.
eventgrid : Manage Azure Event Grid topics and subscriptions.
eventhubs : Manage Azure Event Hubs namespaces, eventhubs, consumergroups and geo
recovery configurations - Alias.
extension : Manage and update CLI extensions.
feature : Manage resource provider features.
feedback : Send feedback to the Azure CLI Team!
find : Find Azure CLI commands.
functionapp : Manage function apps.
group : Manage resource groups and template deployments.
hdinsight : Manage HDInsight resources.
identity : Managed Service Identities.
image : Manage custom virtual machine images.
interactive : Start interactive mode. Installs the Interactive extension if not installed
already.
iot : Manage Internet of Things (IoT) assets.
iotcentral : Manage IoT Central assets.
keyvault : Manage KeyVault keys, secrets, and certificates.
kusto : Manage Azure Kusto resources.
lab : Manage Azure DevTest Labs.
lock : Manage Azure locks.
login : Log in to Azure.
logout : Log out to remove access to Azure subscriptions.
managedapp : Manage template solutions provided and maintained by Independent Software
Vendors (ISVs).
maps : Manage Azure Maps.
mariadb : Manage Azure Database for MariaDB servers.
monitor : Manage the Azure Monitor Service.
mysql : Manage Azure Database for MySQL servers.
network : Manage Azure Network resources.
openshift : (PREVIEW) Manage Azure OpenShift Services.
policy : Manage resource policies.
postgres : Manage Azure Database for PostgreSQL servers.
provider : Manage resource providers.
redis : Manage dedicated Redis caches for your Azure applications.
relay : Manage Azure Relay Service namespaces, WCF relays, hybrid connections, and
rules.
reservations : Manage Azure Reservations.
resource : Manage Azure resources.
role : Manage user roles for access control with Azure Active Directory and service
principals.
search : Manage Azure Search services, admin keys and query keys.
security : Manage your security posture with Azure Security Center.
servicebus : Manage Azure Service Bus namespaces, queues, topics, subscriptions, rules
and geo-disaster recovery configuration alias.
sf : Manage and administer Azure Service Fabric clusters.
sig : Manage shared image gallery.
signalr : Manage Azure SignalR Service.
snapshot : Manage point-in-time copies of managed disks, native blobs, or other
snapshots.
sql : Manage Azure SQL Databases and Data Warehouses.
storage : Manage Azure Cloud Storage resources.
tag : Manage resource tags.
vm : Manage Linux or Windows virtual machines.
vmss : Manage groupings of virtual machines in an Azure Virtual Machine Scale Set
(VMSS).
webapp : Manage web apps.PS C:\Users\xxxxxx\Documents\xxxx-xxxx>
I tested on other windows VM machine.. Key vault update and network rule add command breaks. If i downgrade az cli to 2.0.49 it works fine on Windows VM. Cloud shell is working fine.
tjprescott
commented
5 years ago Not az but where az. It will say where your az executable is. So you are installing the Windows MSI on a Windows VM?
tjprescott
commented
5 years ago It seems this is an installation problem, not a KeyVault problem. Adjusting the labels accordingly.
tjprescott
commented
5 years ago Also, what is the output of pip list?
sajithvasu
commented
5 years ago C:\Users\xxxxxx>where az C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd
C:\Users\xxxxxx>pip list Package Version
pip 19.0.2 setuptools 28.8.0
Cloud shell uses Linux OS for az cli and it works fine on Linux VM. This problem is on Windows OS.
sajithvasu
commented
5 years ago I don't think it is an installation problem. If I change the selection from "All network" to "selected network" on Azure keyvault firewall from portal and then running network add rule and update commands works fine. I am assuming when "selected network" is enabled it adds network acl json section which allows you to update or add.
It does not work when "All network" is enabled. My best guess is that network acl json variable section is missing by default when using az cli that's why it is throwing error that "AttributeError: 'NoneType' object has no attribute 'azure_services'"
tjprescott
commented
5 years ago I tested the commands you provided on Windows OS and they worked fine. Could you please add the steps needed to enable "all network" to the repro. I will retag this for the KeyVault team to take a look at.
yugangw-msft
commented
5 years ago The relevant code is not quite right
NetworkRuleBypassOptions = get_sdk(cmd.cli_ctx,
ResourceType.MGMT_KEYVAULT,
'models.key_vault_management_client_enums#NetworkRuleBypassOptions')This will be broken under Windows installer which prunes some sdk code.
The right one should be:
NetworkRuleBypassOptions = self.get_models('NetworkRuleBypassOptions' )This is what we did on #7743
marstr
commented
5 years ago I've made the change to the KeyVault command module, and am testing it locally.
Hello, We have noticed that az cli breaks to add network rule or update keyvault with default-action to Deny with error shown below. It is very simple to recreate this problem.
Go to portal > subscription > resource-group > keyvault > Firewalls and virtual networks and ensure that allow action to "all networks" is enabled. This is a default settings.
Now from az cli, try to add selected IP and update default-action to Deny or any update operation. You will see error "'NoneType' object has no attribute 'azure_services'". If you manually enable selected Networks on keyvault and save them then it will allow you to run az cli command to update or add network rule.
This use to work fine only on az cli 2.0.49 version. All other version before and after 2.0.49 has problem.
az keyvault network-rule add --resource-group <rg_name> --name <keyvaultaname> --ip-address x.x.x.x/xx', OUTPUT: , ERROR: ERROR: 'NoneType' object has no attribute 'azure_services' Traceback (most recent call last): File "C:\Users\VSSADM~1\AppData\Local\Temp\pip-install-e5ce5s7r\knack\knack\cli.py", line 206, in invoke File "C:\Users\VSSADM~1\AppData\Local\Temp\pip-install-e5ce5s7r\azure-cli-core\azure\cli\core\commands__init.py", line 346, in execute File "C:\Users\VSSADM~1\AppData\Local\Temp\pip-install-e5ce5s7r\six\six.py", line 693, in reraise File "C:\Users\VSSADM~1\AppData\Local\Temp\pip-install-e5ce5s7r\azure-cli-core\azure\cli\core\commands\init.py", line 320, in execute File "C:\Users\VSSADM~1\AppData\Local\Temp\pip-install-e5ce5s7r\azure-cli-core\azure\cli\core\commands\init.py", line 169, in call File "C:\Users\VSSADM~1\AppData\Local\Temp\pip-install-e5ce5s7r\azure-cli-core\azure\cli\core\init__.py", line 440, in default_command_handler File "C:\Users\VSSADM~1\AppData\Local\Temp\pip-install-e5ce5s7r\azure-cli-keyvault\azure\cli\command_modules\keyvault\custom.py", line 491, in add_network_rule File "C:\Users\VSSADM~1\AppData\Local\Temp\pip-install-e5ce5s7r\azure-cli-keyvault\azure\cli\command_modules\keyvault\custom.py", line 226, in _create_network_rule_set AttributeError: 'NoneType' object has no attribute 'azure_services'
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.