Closed ChristophHornung closed 3 years ago
@wyunchi-ms , please look into this issue.
Team @dingmeng-xue @wyunchi-ms I am facing exactly same issue that its still looking for json file though we specify the parameters for SP.
I found that there is bug in the code that the PowerShell wrapper doesn’t seem to be decoding the secure string – literally passing “System.Security.SecureString” as the password value. Checking the cmdlet source code
https://github.com/Azure/azure-powershell/blob/master/src/Aks/Aks/Commands/NewKubeBase.cs
var acsServicePrincipal = EnsureServicePrincipal(ServicePrincipalIdAndSecret?.UserName, ServicePrincipalIdAndSecret?.Password?.ToString());
var spProfile = new ManagedClusterServicePrincipalProfile(
acsServicePrincipal.SpId,
acsServicePrincipal.ClientSecret);
$password=ServicePrincipalIdAndSecret?.Password?.ToString()
$password
System.Security.SecureString
I Guess code shoud be updated something similar to below
$password = ConvertTo-SecureString 'P@ssw0rd' -AsPlainText -Force
$Ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($password)
$result = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($Ptr)
[System.Runtime.InteropServices.Marshal]::ZeroFreeCoTaskMemUnicode($Ptr)
$result
P@ssw0rd
Hi @DevOpsGeek1 and @ChristopHornung , thanks for your contribution! I have fixed this issue in https://github.com/Azure/azure-powershell/pull/13458. And build a engineer build at https://azposhpreview.blob.core.windows.net/public/Az.Aks.2.0.1.nupkg. You can download it and have a try. Thanks again!
Hi all, I'm closing this issue. Please feel free to reopen it if you want.
Description
The
New-AzAksCluster
cmd ignores the username from the-ServicePrincipalIdAndSecret
flag and instead tries to load the service principal from/home/<user>/.azure/acsServicePrincipal.json
and when not present creates a new one.This is also obvious in code when looking at
CreateOrUpdateKubeBase.EnsureServicePrincipal
thespId
argument is never actually used.Steps to reproduce
Running the following command without an
.azure/ServicePrincipal.json
present will fail if the user running the command does not have the permission to create a new service principal.Output:
Environment data
Module versions