search

Azure / iotedgedev

The Azure IoT Edge Dev Tool greatly simplifies your Azure IoT Edge development process. It has everything you need to get started and helps with your day-to-day Edge development.
https://aka.ms/iotedgedev
Other
160 stars 71 forks source link

Wrong permissons of azure cli config directory #531

Closed bqstony closed 2 years ago

bqstony commented 2 years ago

I use the iotedgedev container in a jenkins pipeline. Lucky for me the container contains already the azure CLI. When i start the container, the user iotedgedev. But the $HOME/.azure/ directory is partial owned by the root, insteed of the iotedgedev. This results in the error PermissionError: [Errno 13] Permission denied: '/home/iotedgedev/.azure/msal_http_cache.bin'

The Problem is also descriped in this issue: https://github.com/Azure/azure-cli/issues/14151

Steps to Reproduce:

  1. docker run --rm -ti -v /var/run/docker.sock:/var/run/docker.sock

  2. az login --service-principal --allow-no-subscriptions --username xxx --password xxx

  3. az acr check-health -n someregistry.azurecr.io --yes

  4. sudo az login --service-principal --allow-no-subscriptions --username xxx --password xxx

  5. az acr check-health -n someregistry.azurecr.io --yes

The result is:

iotedgedev@988bc802348e:/home/iotedge$ az acr check-health -n acriotmihe.azurecr.io --yes
The login server endpoint suffix '.azurecr.io' is automatically omitted.
Docker daemon status: available
Docker version: 'Docker version 20.10.13, build 906f57f, platform linux/amd64'
Docker pull of 'mcr.microsoft.com/mcr/hello-world:latest' : OK
Azure CLI version: 2.34.1
DNS lookup to acriotmihe.azurecr.io at IP 52.178.18.2 : OK
Challenge endpoint https://acriotmihe.azurecr.io/v2/ : OK
Fetch refresh token for registry 'acriotmihe.azurecr.io' : OK
Fetch access token for registry 'acriotmihe.azurecr.io' : OK
An error occurred: HELM_COMMAND_ERROR
Please verify if Helm is installed.

Please refer to https://aka.ms/acr/errors#helm_command_error for more information.
Error in atexit._run_exitfuncs:
Traceback (most recent call last):
  File "/opt/az/lib/python3.8/site-packages/azure/cli/core/auth/identity.py", line 123, in _dump_msal_http_cache
    with open(self._http_cache_file, 'wb') as f:
PermissionError: [Errno 13] Permission denied: '/home/iotedgedev/.azure/msal_http_cache.bin'

here are the permissons of the config folder: iotedgedev@988bc802348e:/home/iotedge$ ls -la $HOME/.azure/ total 92 drwxr-xr-x 1 iotedgedev iotedgedev 4096 Apr 1 12:49 . drwxr-xr-x 1 iotedgedev iotedgedev 4096 Mar 7 22:25 .. -rw-r--r-- 1 iotedgedev iotedgedev 5 Mar 7 22:25 az.json -rw-r--r-- 1 iotedgedev iotedgedev 5 Apr 1 12:49 az.sess -rw-r--r-- 1 iotedgedev iotedgedev 467 Apr 1 12:49 azureProfile.json drwxr-xr-x 3 iotedgedev iotedgedev 4096 Mar 7 22:25 cliextensions -rw-r--r-- 1 root root 66 Apr 1 12:49 clouds.config -rw-r--r-- 1 iotedgedev iotedgedev 5408 Apr 1 12:49 commandIndex.json drwxr-xr-x 1 iotedgedev iotedgedev 4096 Apr 1 12:49 commands -rw------- 1 iotedgedev iotedgedev 27 Mar 7 22:25 config drwxr-xr-x 1 iotedgedev iotedgedev 4096 Mar 7 22:25 logs -rw-r--r-- 1 root root 5505 Apr 1 12:49 msal_http_cache.bin -rw-r--r-- 1 root root 2281 Apr 1 12:49 msal_token_cache.json -rw-r--r-- 1 root root 196 Apr 1 12:49 service_principal_entries.json drwxr-xr-x 1 iotedgedev iotedgedev 4096 Mar 7 22:25 telemetry -rw-r--r-- 1 iotedgedev iotedgedev 16 Apr 1 12:49 telemetry.txt -rw-r--r-- 1 iotedgedev iotedgedev 211 Mar 7 22:25 versionCheck.json

Workaround My actual fix is to run the sudo chown -R iotedgedev .azure/ command,

marianan commented 2 years ago

@bqstony thanks for reporting this issue, it has been added to our backlog.

bqstony commented 2 years ago

I have see there is a new version. Now it looks beder 🥳

$ docker run --rm -ti -v /var/run/docker.sock:/var/run/docker.sock mcr.microsoft.com/iotedge/iotedgedev:3.3.4
iotedgedev@6fac17c8f394:/home/iotedge$ ls -la $HOME/.azure/
total 52
drwxr-xr-x 6 iotedgedev iotedgedev 4096 Mar 31 19:01 .
drwxr-xr-x 1 iotedgedev iotedgedev 4096 Mar 31 19:01 ..
-rw-r--r-- 1 iotedgedev iotedgedev    5 Mar 31 19:01 az.json
-rw-r--r-- 1 iotedgedev iotedgedev    5 Mar 31 19:01 az.sess
-rw-r--r-- 1 iotedgedev iotedgedev   61 Mar 31 19:01 azureProfile.json
drwxr-xr-x 3 iotedgedev iotedgedev 4096 Mar 31 19:01 cliextensions
-rw-r--r-- 1 iotedgedev iotedgedev   58 Mar 31 19:01 commandIndex.json
drwxr-xr-x 2 iotedgedev iotedgedev 4096 Mar 31 19:01 commands
-rw------- 1 iotedgedev iotedgedev   27 Mar 31 19:01 config
drwxr-xr-x 2 iotedgedev iotedgedev 4096 Mar 31 19:01 logs
drwxr-xr-x 2 iotedgedev iotedgedev 4096 Mar 31 19:01 telemetry
-rw-r--r-- 1 iotedgedev iotedgedev   16 Mar 31 19:01 telemetry.txt
-rw-r--r-- 1 iotedgedev iotedgedev  211 Mar 31 19:01 versionCheck.json
mhshami01 commented 2 years ago

Thank you @bqstony for your contributions.