Prompt "not logged on" in pipeline log for ASA-Samples-Event-Driven-Application

[blow-hey]

Describe the issue: Execute alone command azd pipeline config --auth-type client-credentials failed in Github pipeline test.

The error message as follows:

Repro steps:

1. Run azd auth login
2. Run azd init -t ASA-Samples-Event-Driven-Application
3. Run azd pipeline config --auth-type client-credentials

Environment: OS: Windows desktop, MacOS desktop, Linux desktop, WSL, DevContainer in VS Code and CodeSpace. Template: ASA-Samples-Event-Driven-Application Branch: main Azd version: 0.9.0-beta.2-daily.2786873 (commit de89effa931a89e8125e520e5bc3ff473f014fb5)

Expected behavior: Run command azd pipeline config --auth-type client-credentials success.

@rajeshkamal5050 for notification.

[weikanglim]

@blow-hey Please to link a specific build run so we can triage faster.

From the screenshot above, none of the "Log in" tasks ran, thus azd was not logged in on CI, and the failure is expected. The question is:

1. Is the workflow definition incorrect?
2. Or did pipeline config not set the required variables?

We could probably consider updating the default workflow definition to force one auth or another, and not skip both if both types of credentials are unset for a better error-handling experience.

[rajeshkamal5050]

Nice catch @weikanglim

@yiliuTo @fangjian0423 Looks like it works fine with federated credentials. Needs change from vars to secrets to make client-credentials work - https://github.com/Azure-Samples/ASA-Samples-Event-Driven-Application/blob/main/.github/workflows/azure-dev.yml

Refer to https://github.com/Azure-Samples/todo-python-mongo/blob/main/.github/workflows/azure-dev.yml

[yiliuTo]

Hi @rajeshkamal5050 , thanks for helping find the cause and solution. Besides, since we changed the GitHub action config from secrets to vars given this issue: https://github.com/Azure/azure-dev/issues/2143#issuecomment-1540538438, then if I now change it back to secrets, will it break https://github.com/Azure/azure-dev/issues/2143 again?

[blow-hey]

@weikanglim, @rajeshkamal5050, @rajeshkamal5050 The workflow definition about AZURE_CREDENTIALS has some issue. We tried to update AZURE_CREDENTIALS from vars (vars.AZURE_CREDENTIALS) to secrets (secrets.AZURE_CREDENTIALS) in azure-dev.yml and the result of rerunning the pipeline test is pass. Do you think this solution is feasible?

[weikanglim]

@blow-hey secrets.AZURE_CREDENTIALS is the expected value. See the workflow definition we provide in templates here

[rajeshkamal5050]

Hi @rajeshkamal5050 , thanks for helping find the cause and solution. Besides, since we changed the GitHub action config from secrets to vars given this issue: #2143 (comment), then if I now change it back to secrets, will it break #2143 again?

No @yiliuTo it will not break.

Previously, we had all of them as secrets. The change should have been to convert secrets to vars excluding AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}. But everything was changed to vars which is a bug and will not work for the azd pipeline config --auth-type client-credentials.

You can try this azd pipeline config --auth-type client-credentials before and after fix.

[yiliuTo]

@rajeshkamal5050 , thanks for the detailed explanation. This will be fixed by PR: https://github.com/Azure-Samples/ASA-Samples-Event-Driven-Application/pull/8

[yiliuTo]

@rajeshkamal5050 I would like to close this issue since the fix has been merged, please reopen it if the issue still exists.