search

Azure / azure-storage-azcopy

The new Azure Storage data transfer utility - AzCopy v10
MIT License
613 stars 222 forks source link

AzCopy 10.2.0 segfault on service principal login in Linux #481

Closed TiloWiklund closed 5 years ago

TiloWiklund commented 5 years ago

Trying to login with service principal in linux using azcopy 10.2.0 results in a segfault. Running

env AZCOPY_SPA_CLIENT_SECRET=<secret> ./azcopy login --service-principal --application-id <id>

with the service principal secret and application-id the client id results in a segfault with the following trace:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x45bbe4]

goroutine 1 [running]:
github.com/Azure/azure-storage-azcopy/common.(*UserOAuthTokenManager).SecretLogin(...)
        /home/vsts/work/1/s/common/oauthTokenManager.go:210 +0xfd
github.com/Azure/azure-storage-azcopy/cmd.loginCmdArgs.process(...)
        /home/vsts/work/1/s/cmd/login.go:173 +0x214
github.com/Azure/azure-storage-azcopy/cmd.init.8.func2(...)
        /home/vsts/work/1/s/cmd/login.go:52 +0x293
github.com/spf13/cobra.(*Command).execute(...)
        /home/vsts/go/pkg/mod/github.com/spf13/cobra@v0.0.3/command.go:762 +0x465
github.com/spf13/cobra.(*Command).ExecuteC(...)
        /home/vsts/go/pkg/mod/github.com/spf13/cobra@v0.0.3/command.go:852 +0x2c0
github.com/spf13/cobra.(*Command).Execute(...)
        /home/vsts/go/pkg/mod/github.com/spf13/cobra@v0.0.3/command.go:800
github.com/Azure/azure-storage-azcopy/cmd.Execute(...)
        /home/vsts/work/1/s/cmd/root.go:85 +0x88
main.main()
        /home/vsts/work/1/s/main.go:60 +0x211

I've tried this both from an Ubuntu 18.04 Azure VM and my local Gentoo laptop, with the same results.

JohnRusk commented 5 years ago

Thanks @TiloWiklund I can reproduce the error. Looking for root cause now...

JohnRusk commented 5 years ago

@TiloWiklund My ability to reproduce this has vanished! The first time, it failed exactly as you show. But now it works successfuly. Did you try it more than once on the same machine? If not, it would be super-helpful if you could try it for a second time on one of the affected machines, and let me know what happens.

JohnRusk commented 5 years ago

OK, I've made progress here. The root cause is that, if the authentication fails, AzCopy isn't handling the failure properly. Specifically, it is falling over with the nil reference issue (aka segfault) instead of displaying a nice error message.

To make sure it doesn't fail: (a) wait at least 5 minutes, after creating the client secret in Portal, before you use it in AzCopy. I think this is a propagation delay in ADD, but I'm just guessing there since the US-based team is asleep right now so I can't ask them. (b) Be careful to avoid typos etc when putting the client secret into the environment variable. If you've waited at least 5 mins, and its still failing, then probably the issue is in the way the environment variable is set.

BTW, I used

 export AZCOPY_SPA_CLIENT_SECRET=Zpk-REDACTED-
 ./azcopy login --service-principal  --application-id 144-REDACTED

and I tested on Ubuntu 18.x Azure VMs.

The task now for us on the AzCopy team is to fix the error handling. But, in the meantime, as long as you follow (a) and (b) above, the current release is fine to use.

adreed-msft commented 5 years ago

482 fixes this. Thanks for pointing the error out!

TiloWiklund commented 5 years ago

Perfect! In my case the real problem was forgetting to specify the tenant-id.