search

Particular / NServiceBus.Transport.AzureServiceBus

Azure Service Bus transport
Other
22 stars 19 forks source link

Managed Identity with asb.exe failed with exception (CredentialUnavailableException): DefaultAzureCredential #897

Closed mennolaan closed 1 year ago

mennolaan commented 1 year ago

Describe the bug

Description

We are trying to use managed identity in our pipeline.

We use windows-latest as agent

We added the service princial of our azure devops pipeline to the service bus Access Controll > Add Rolle Assignment > Role: [Azure Service Bus Data Owner] > User,group, service principal > App registration used as service connection from azure devops

as described here: https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-managed-service-identity

from powershell we run "asb-transport.exe endpoint create $endpointName -n $global:namespaceString" where namespaceString = "ournamespace.servicebus.windows.net"

This results in error: Command failed with exception (CredentialUnavailableException): DefaultAzureCredential failed to retrieve a token from the included credentials. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/defaultazurecredential/troubleshoot

Content: {"error":"invalid_request","error_description":"Identity not found"}

Headers: Server: IMDS/150.870.65.1103 Date: Tue, 24 Oct 2023 14:44:29 GMT Content-Type: application/json; charset=utf-8 Content-Length: 68

Expected behavior

It should run like using connection string sas token

Actual behavior

Fails

Versions

Please list the version of the relevant packages or applications in which the bug exists.

Steps to reproduce

We use windows-latest as agent

We added the service princial of our azure devops pipeline to the service bus Access Controll > Add Rolle Assignment > Role: [Azure Service Bus Data Owner] > User,group, service principal > App registration used as service connection from azure devops

as described here: https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-managed-service-identity

from powershell we run "asb-transport.exe endpoint create $endpointName -n $global:namespaceString" where namespaceString = "ournamespace.servicebus.windows.net"

Relevant log output

Command failed with exception (CredentialUnavailableException): DefaultAzureCredential failed to retrieve a token from the included credentials. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/defaultazurecredential/troubleshoot
- EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot
- ManagedIdentityCredential authentication unavailable. The requested identity has not been assigned to this resource.
Status: 400 (Bad Request)

Content:
{"error":"invalid_request","error_description":"Identity not found"}

Headers:
Server: IMDS/150.870.65.1103
Date: Tue, 24 Oct 2023 14:44:29 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 68

- Visual Studio Token provider can't be accessed at C:\Users\VssAdministrator\AppData\Local\.IdentityService\AzureServiceAuth\tokenprovider.json
- Please run 'az login' to set up account
- Az.Account module >= 2.2.0 is not installed.

Additional Information

Workarounds

Possible solutions

Additional information

mennolaan commented 1 year ago

I used this, now it works:

- task: AzureCLI@2
    displayName: Azure CLI
    inputs:
      azureSubscription: ${{ parameters.serviceConnection }}
      scriptType: pscore
      scriptLocation: 'scriptPath'
      scriptPath: './pipelines/scripts/nservicebus.ps1'
      addSpnToEnvironment: true
    env:
      namespaceString: ${{ parameters.namespaceString }}