fbomb111
commented
10 months ago Looks like the azure-saas scripts create an oidc credential in azure with the subject identifier of:
repo:git@github.com:fbomb111/parallel.git:ref:refs/heads/main
However, the format should be:
repo:fbomb111/parallel:ref:refs/heads/main
When I updated the credential in the portal with the correct format I did not receive the error above and was able to run the full GitHub action without errors.
Describe the bug
Run azure/login@v1 19 Using OIDC authentication... 20 Federated token details: 21 issuer - https://token.actions.githubusercontent.com/ 22 subject claim - repo:fbomb111/parallel:ref:refs/heads/main 23 /usr/bin/az cloud set -n azurecloud 24 Done setting cloud: "azurecloud" 25 Error: : AADSTS70021: No matching federated identity record found for presented assertion. Assertion Issuer: 'https://token.actions.githubusercontent.com/'. Assertion Subject: 'repo:fbomb111/parallel:ref:refs/heads/main'. Assertion Audience: 'api://AzureADTokenExchange'. https://docs.microsoft.com/en-us/azure/active-directory/develop/workload-identity-federation 26 Trace ID: 5495a11c-c510-44fd-8a12-136449eeb500 27 Correlation ID: efa78f32-75c0-4c33-992f-2a17d501d4d3 28 Timestamp: 2023-08-27 16:20:08Z 29
30 Error: Interactive authentication is needed. Please run: 31 az login 32
33 Error: Az CLI Login failed. Please check the credentials and make sure az is installed on the runner. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows
To Reproduce Steps to reproduce the behavior:
Expected behavior Expected no az login error
Desktop (please complete the following information):
Additional context I have not used the az login action before and am not sure where to start troubleshooting. Looks like the 3 GitHub secrets were set correctly from what I can tell.