Open a01fe opened 1 year ago
@a01fe This error is a bit strange, can you check that your logged-in user can access these resources? Thanks!
@a01fe Please help to check the azure.azcollections version and the dependent file version "pip3 list". Thanks!
If it helps, I'm using poetry to manage dependencies. I've done poetry add
on the dependencies listed in requirements-azure.txt
.
I've tried both azure.azcollection 1.15 and the dev
branch with the same results. Here's what I get from pip3 list
:
(test-azure-py3.11) finchr@EAS-finchrMB test_azure (main) [colima]: pip3 list
Package Version Editable project location
--------------------------------- --------- ---------------------------------
adal 1.2.7
ansible 7.4.0
ansible-core 2.14.4
ansible-lint 6.14.6
applicationinsights 0.11.10
argcomplete 1.12.3
attrs 23.1.0
azure-cli-core 2.34.0
azure-cli-telemetry 1.0.8
azure-common 1.1.11
azure-containerregistry 1.0.0
azure-core 1.26.4
azure-graphrbac 0.61.1
azure-identity 1.7.0
azure-keyvault 1.1.0
azure-mgmt-apimanagement 3.0.0
azure-mgmt-authorization 2.0.0
azure-mgmt-automation 1.0.0
azure-mgmt-batch 5.0.1
azure-mgmt-cdn 11.0.0
azure-mgmt-compute 26.1.0
azure-mgmt-containerinstance 9.0.0
azure-mgmt-containerregistry 9.1.0
azure-mgmt-containerservice 20.0.0
azure-mgmt-core 1.3.0
azure-mgmt-cosmosdb 6.4.0
azure-mgmt-datafactory 2.0.0
azure-mgmt-datalake-store 1.0.0
azure-mgmt-devtestlabs 3.0.0
azure-mgmt-dns 8.0.0
azure-mgmt-eventhub 10.1.0
azure-mgmt-hdinsight 9.0.0
azure-mgmt-iothub 2.2.0
azure-mgmt-keyvault 10.0.0
azure-mgmt-loganalytics 12.0.0
azure-mgmt-managedservices 6.0.0
azure-mgmt-managementgroups 0.2.0
azure-mgmt-marketplaceordering 0.1.0
azure-mgmt-monitor 3.0.0
azure-mgmt-network 19.1.0
azure-mgmt-notificationhubs 7.0.0
azure-mgmt-nspkg 2.0.0
azure-mgmt-privatedns 1.0.0
azure-mgmt-rdbms 10.0.0
azure-mgmt-recoveryservices 2.0.0
azure-mgmt-recoveryservicesbackup 3.0.0
azure-mgmt-redis 13.0.0
azure-mgmt-resource 21.1.0
azure-mgmt-search 8.0.0
azure-mgmt-servicebus 7.1.0
azure-mgmt-sql 3.0.1
azure-mgmt-storage 19.0.0
azure-mgmt-trafficmanager 1.0.0b1
azure-mgmt-web 6.1.0
azure-nspkg 2.0.0
azure-storage-blob 12.11.0
bcrypt 4.0.1
black 22.12.0
bracex 2.3.post1
certifi 2022.12.7
cffi 1.15.1
charset-normalizer 3.1.0
click 8.1.3
cryptography 40.0.2
filelock 3.11.0
humanfriendly 10.0
idna 3.4
isodate 0.6.1
Jinja2 3.1.2
jmespath 1.0.1
jsonschema 4.17.3
knack 0.9.0
markdown-it-py 2.2.0
MarkupSafe 2.1.2
mdurl 0.1.2
msal 1.22.0
msal-extensions 0.3.1
msrest 0.7.1
msrestazure 0.6.4
mypy-extensions 1.0.0
oauthlib 3.2.2
packaging 21.3
paramiko 2.12.0
pathspec 0.11.1
pip 23.0.1
pkginfo 1.9.6
platformdirs 3.2.0
portalocker 2.7.0
psutil 5.9.5
pycparser 2.21
Pygments 2.15.0
PyJWT 2.6.0
PyNaCl 1.5.0
pyOpenSSL 23.1.1
pyparsing 3.0.9
pyrsistent 0.19.3
PySocks 1.7.1
python-dateutil 2.8.2
PyYAML 6.0
requests 2.28.2
requests-oauthlib 1.3.1
resolvelib 0.8.1
rich 13.3.4
ruamel.yaml 0.17.21
setuptools 67.6.1
six 1.16.0
subprocess-tee 0.4.1
tabulate 0.9.0
test-azure 0.1.0 /Users/finchr/Projects/test_azure
typing_extensions 4.5.0
urllib3 1.26.15
wcmatch 8.4.1
wheel 0.38.4
xmltodict 0.13.0
yamllint 1.30.0
[notice] A new release of pip is available: 23.0.1 -> 23.1
[notice] To update, run: pip install --upgrade pip
@Fred-sun Oops, forgot to include this:
finchr@EAS-finchrMB aks (master) [colima]: az group list -o table
Name Location Status
---------------------- ------------- ---------
eas-aks-scratch azurestackhub Succeeded
eas-aksengine azurestackhub Succeeded
eas-ash-infrastructure azurestackhub Succeeded
finchr@EAS-finchrMB aks (master) [colima]: az version
{
"azure-cli": "2.34.0",
"azure-cli-core": "2.34.0",
"azure-cli-telemetry": "1.0.6",
"extensions": {}
}
finchr@EAS-finchrMB aks (master) [colima]:
ty!
@a01fe Your problem is very strange. Judging from your error, it is the access problem of the account you are currently using. It should be the wrong account, or your account does not have permission to access the current resource! Thanks!
Your errors: AADSTS500011: The resource principal named https://management.azurestackhub.wwu.edu was not found in the tenant named Western Washington University. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
@a01fe Which credentials are you using? Environment variables, credentials files or 'az login', thank you!
I'm using az login
. As far as I know, there have been no changes to my account, and I can access resources via az cli commands just fine.
Did you manage to progress this out of curiosity? We have the same issue albeit with environment variables auth
No. I've put this aside working on other projects, but I need to get back to this. I tried updating to latest azure.azcollection with the same results.
@Fred-sun our AD team has created an sp, added ~/.azure/credentials
that looks like this:
[default]
subscription_id=xxxxxxxxxxxxx
client_id=xxxxxxxxxxxxx
cloud_environment=https://management.azurestackhub.wwu.edu
secret=xxxxxxx
tenant=xxxxxxxxxxx
api_profile=2020-09-01-hybrid
This playbook:
- name: Test azure collection
gather_facts: false
hosts: localhost
connection: local
tasks:
- name: Get info about all resource groups
azure.azcollection.azure_rm_resourcegroup_info:
auth_source: credential_file
register: resource_group_info
- name: Show resource group info
ansible.builtin.debug:
var: "resource_group_info"
returns this error:
test-azcollection-py3.11finchr@EAS-finchrMB test_azcollection (main) [colima]: ansible-playbook test.yaml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [Test azure collection] *************************************************************************************************************************************************************************
TASK [Get info about all resource groups] ************************************************************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: msrest.exceptions.AuthenticationError: , AdalError: Get Token request returned http error: 400 and server response: {"error":"invalid_resource","error_description":"AADSTS500011: The resource principal named https://management.azurestackhub.wwu.edu was not found in the tenant named Western Washington University. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant. Trace ID: 634cee84-2384-4f1c-a519-c0f016b3c500 Correlation ID: 2d703bc3-38c8-4de3-93ee-f1d9344eb0ec Timestamp: 2024-04-12 15:49:55Z","error_codes":[500011],"timestamp":"2024-04-12 15:49:55Z","trace_id":"634cee84-2384-4f1c-a519-c0f016b3c500","correlation_id":"2d703bc3-38c8-4de3-93ee-f1d9344eb0ec","error_uri":"https://login.microsoftonline.com/error?code=500011"}
fatal: [localhost]: FAILED! => changed=false
module_stderr: |-
Traceback (most recent call last):
File "/Users/finchr/foo/test_azcollection/.venv/lib/python3.11/site-packages/msrestazure/azure_active_directory.py", line 364, in set_token
token = self._context.acquire_token_with_client_credentials(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/finchr/foo/test_azcollection/.venv/lib/python3.11/site-packages/adal/authentication_context.py", line 179, in acquire_token_with_client_credentials
return self._acquire_token(token_func)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/finchr/foo/test_azcollection/.venv/lib/python3.11/site-packages/adal/authentication_context.py", line 128, in _acquire_token
return token_func(self)
^^^^^^^^^^^^^^^^
File "/Users/finchr/foo/test_azcollection/.venv/lib/python3.11/site-packages/adal/authentication_context.py", line 177, in token_func
return token_request.get_token_with_client_credentials(client_secret)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/finchr/foo/test_azcollection/.venv/lib/python3.11/site-packages/adal/token_request.py", line 312, in get_token_with_client_credentials
token = self._oauth_get_token(oauth_parameters)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/finchr/foo/test_azcollection/.venv/lib/python3.11/site-packages/adal/token_request.py", line 112, in _oauth_get_token
return client.get_token(oauth_parameters)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/finchr/foo/test_azcollection/.venv/lib/python3.11/site-packages/adal/oauth2_client.py", line 289, in get_token
raise AdalError(return_error_string, error_response)
adal.adal_error.AdalError: Get Token request returned http error: 400 and server response: {"error":"invalid_resource","error_description":"AADSTS500011: The resource principal named https://management.azurestackhub.wwu.edu was not found in the tenant named Western Washington University. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant. Trace ID: 634cee84-2384-4f1c-a519-c0f016b3c500 Correlation ID: 2d703bc3-38c8-4de3-93ee-f1d9344eb0ec Timestamp: 2024-04-12 15:49:55Z","error_codes":[500011],"timestamp":"2024-04-12 15:49:55Z","trace_id":"634cee84-2384-4f1c-a519-c0f016b3c500","correlation_id":"2d703bc3-38c8-4de3-93ee-f1d9344eb0ec","error_uri":"https://login.microsoftonline.com/error?code=500011"}
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Users/finchr/.ansible/tmp/ansible-tmp-1712936994.025056-92191-94466626150983/AnsiballZ_azure_rm_resourcegroup_info.py", line 107, in <module>
_ansiballz_main()
File "/Users/finchr/.ansible/tmp/ansible-tmp-1712936994.025056-92191-94466626150983/AnsiballZ_azure_rm_resourcegroup_info.py", line 99, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/Users/finchr/.ansible/tmp/ansible-tmp-1712936994.025056-92191-94466626150983/AnsiballZ_azure_rm_resourcegroup_info.py", line 47, in invoke_module
runpy.run_module(mod_name='ansible_collections.azure.azcollection.plugins.modules.azure_rm_resourcegroup_info', init_globals=dict(_module_fqn='ansible_collections.azure.azcollection.plugins.modules.azure_rm_resourcegroup_info', _modlib_path=modlib_path),
File "<frozen runpy>", line 226, in run_module
File "<frozen runpy>", line 98, in _run_module_code
File "<frozen runpy>", line 88, in _run_code
File "/var/folders/h4/rpkhyh2j63j7b1zwt3wyj3v00l2t_3/T/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload_rurld_41/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_resourcegroup_info.py", line 235, in <module>
File "/var/folders/h4/rpkhyh2j63j7b1zwt3wyj3v00l2t_3/T/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload_rurld_41/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_resourcegroup_info.py", line 231, in main
File "/var/folders/h4/rpkhyh2j63j7b1zwt3wyj3v00l2t_3/T/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload_rurld_41/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_resourcegroup_info.py", line 160, in __init__
File "/var/folders/h4/rpkhyh2j63j7b1zwt3wyj3v00l2t_3/T/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload_rurld_41/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload.zip/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py", line 465, in __init__
File "/var/folders/h4/rpkhyh2j63j7b1zwt3wyj3v00l2t_3/T/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload_rurld_41/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload.zip/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py", line 1575, in __init__
File "/Users/finchr/foo/test_azcollection/.venv/lib/python3.11/site-packages/msrestazure/azure_active_directory.py", line 355, in __init__
self.set_token()
File "/Users/finchr/foo/test_azcollection/.venv/lib/python3.11/site-packages/msrestazure/azure_active_directory.py", line 371, in set_token
raise_with_traceback(AuthenticationError, "", err)
File "/Users/finchr/foo/test_azcollection/.venv/lib/python3.11/site-packages/msrest/exceptions.py", line 51, in raise_with_traceback
raise error.with_traceback(exc_traceback)
File "/Users/finchr/foo/test_azcollection/.venv/lib/python3.11/site-packages/msrestazure/azure_active_directory.py", line 364, in set_token
token = self._context.acquire_token_with_client_credentials(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/finchr/foo/test_azcollection/.venv/lib/python3.11/site-packages/adal/authentication_context.py", line 179, in acquire_token_with_client_credentials
return self._acquire_token(token_func)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/finchr/foo/test_azcollection/.venv/lib/python3.11/site-packages/adal/authentication_context.py", line 128, in _acquire_token
return token_func(self)
^^^^^^^^^^^^^^^^
File "/Users/finchr/foo/test_azcollection/.venv/lib/python3.11/site-packages/adal/authentication_context.py", line 177, in token_func
return token_request.get_token_with_client_credentials(client_secret)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/finchr/foo/test_azcollection/.venv/lib/python3.11/site-packages/adal/token_request.py", line 312, in get_token_with_client_credentials
token = self._oauth_get_token(oauth_parameters)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/finchr/foo/test_azcollection/.venv/lib/python3.11/site-packages/adal/token_request.py", line 112, in _oauth_get_token
return client.get_token(oauth_parameters)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/finchr/foo/test_azcollection/.venv/lib/python3.11/site-packages/adal/oauth2_client.py", line 289, in get_token
raise AdalError(return_error_string, error_response)
msrest.exceptions.AuthenticationError: , AdalError: Get Token request returned http error: 400 and server response: {"error":"invalid_resource","error_description":"AADSTS500011: The resource principal named https://management.azurestackhub.wwu.edu was not found in the tenant named Western Washington University. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant. Trace ID: 634cee84-2384-4f1c-a519-c0f016b3c500 Correlation ID: 2d703bc3-38c8-4de3-93ee-f1d9344eb0ec Timestamp: 2024-04-12 15:49:55Z","error_codes":[500011],"timestamp":"2024-04-12 15:49:55Z","trace_id":"634cee84-2384-4f1c-a519-c0f016b3c500","correlation_id":"2d703bc3-38c8-4de3-93ee-f1d9344eb0ec","error_uri":"https://login.microsoftonline.com/error?code=500011"}
module_stdout: ''
msg: |-
MODULE FAILURE
See stdout/stderr for the exact error
rc: 1
PLAY RECAP *******************************************************************************************************************************************************************************************
localhost : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
This is running with current version of azcollection:
test-azcollection-py3.11finchr@EAS-finchrMB test_azcollection (main) [colima]: pip list
Package Version Editable project location
------------------------------------ ----------- -----------------------------------
adal 1.2.7
aiohttp 3.9.4
aiosignal 1.3.1
ansible 9.4.0
ansible-compat 4.1.11
ansible-core 2.16.5
ansible-lint 24.2.1
anyio 4.3.0
applicationinsights 0.11.10
argcomplete 1.12.3
attrs 23.2.0
azure-cli-core 2.34.0
azure-cli-telemetry 1.0.6
azure-common 1.1.11
azure-containerregistry 1.1.0
azure-core 1.28.0
azure-identity 1.14.0
azure-iot-hub 2.6.1
azure-keyvault 4.2.0
azure-keyvault-certificates 4.7.0
azure-keyvault-keys 4.8.0
azure-keyvault-secrets 4.7.0
azure-mgmt-apimanagement 3.0.0
azure-mgmt-authorization 2.0.0
azure-mgmt-automation 1.0.0
azure-mgmt-batch 16.2.0
azure-mgmt-cdn 11.0.0
azure-mgmt-compute 26.1.0
azure-mgmt-containerinstance 9.0.0
azure-mgmt-containerregistry 9.1.0
azure-mgmt-containerservice 20.0.0
azure-mgmt-core 1.3.0
azure-mgmt-cosmosdb 6.4.0
azure-mgmt-datafactory 2.0.0
azure-mgmt-datalake-store 1.0.0
azure-mgmt-devtestlabs 9.0.0
azure-mgmt-dns 8.0.0
azure-mgmt-eventhub 10.1.0
azure-mgmt-hdinsight 9.0.0
azure-mgmt-iothub 2.2.0
azure-mgmt-keyvault 10.0.0
azure-mgmt-loganalytics 12.0.0
azure-mgmt-managedservices 6.0.0
azure-mgmt-managementgroups 1.0.0
azure-mgmt-marketplaceordering 1.1.0
azure-mgmt-monitor 3.0.0
azure-mgmt-network 19.1.0
azure-mgmt-notificationhubs 7.0.0
azure-mgmt-nspkg 2.0.0
azure-mgmt-privatedns 1.0.0
azure-mgmt-rdbms 10.0.0
azure-mgmt-recoveryservices 2.0.0
azure-mgmt-recoveryservicesbackup 3.0.0
azure-mgmt-redis 13.0.0
azure-mgmt-resource 21.1.0
azure-mgmt-search 8.0.0
azure-mgmt-servicebus 7.1.0
azure-mgmt-sql 3.0.1
azure-mgmt-storage 19.0.0
azure-mgmt-trafficmanager 1.0.0b1
azure-mgmt-web 6.1.0
azure-nspkg 2.0.0
azure-storage-blob 12.11.0
bcrypt 4.1.2
black 22.12.0
bracex 2.4
certifi 2024.2.2
cffi 1.16.0
charset-normalizer 3.3.2
click 8.1.7
cryptography 42.0.5
Deprecated 1.2.14
filelock 3.13.4
frozenlist 1.4.1
h11 0.14.0
h2 4.1.0
hpack 4.0.0
httpcore 1.0.5
httpx 0.27.0
humanfriendly 10.0
hyperframe 6.0.1
idna 3.7
importlib-metadata 7.0.0
isodate 0.6.1
Jinja2 3.1.3
jmespath 1.0.1
jsonschema 4.21.1
jsonschema-specifications 2023.12.1
knack 0.9.0
markdown-it-py 3.0.0
MarkupSafe 2.1.5
mdurl 0.1.2
microsoft-kiota-abstractions 1.3.2
microsoft-kiota-authentication-azure 1.0.0
microsoft-kiota-http 1.3.1
microsoft-kiota-serialization-json 1.1.0
microsoft-kiota-serialization-text 1.0.0
msal 1.28.0
msal-extensions 0.3.1
msgraph-core 1.0.0
msgraph-sdk 1.0.0
msrest 0.7.1
msrestazure 0.6.4.post1
multidict 6.0.5
mypy-extensions 1.0.0
oauthlib 3.2.2
opentelemetry-api 1.24.0
opentelemetry-sdk 1.24.0
opentelemetry-semantic-conventions 0.45b0
packaging 21.3
paramiko 2.12.0
pathspec 0.12.1
pendulum 3.0.0
pip 23.2.1
pkginfo 1.10.0
platformdirs 4.2.0
portalocker 1.7.1
psutil 5.9.8
pycparser 2.22
Pygments 2.17.2
PyJWT 2.8.0
PyNaCl 1.5.0
pyOpenSSL 24.1.0
pyparsing 3.1.2
PySocks 1.7.1
python-dateutil 2.9.0.post0
PyYAML 6.0.1
referencing 0.34.0
requests 2.31.0
requests-oauthlib 2.0.0
resolvelib 1.0.1
rich 13.7.1
rpds-py 0.18.0
ruamel.yaml 0.18.6
ruamel.yaml.clib 0.2.8
setuptools 68.0.0
six 1.16.0
sniffio 1.3.1
std-uritemplate 0.0.56
subprocess-tee 0.4.1
tabulate 0.9.0
test-azcollection 0.1.0 /Users/finchr/foo/test_azcollection
typing_extensions 4.11.0
tzdata 2024.1
uamqp 1.6.9
urllib3 2.2.1
wcmatch 8.5.1
wheel 0.41.1
wrapt 1.16.0
xmltodict 0.13.0
yamllint 1.35.1
yarl 1.9.4
zipp 3.18.1
[notice] A new release of pip is available: 23.2.1 -> 24.0
[notice] To update, run: pip install --upgrade pip
SUMMARY
azure_rm_resourcegroup_info
task getserror when targeting Azure Stack Hub. This was working with
azure.azcollection
1.13.I'm using
cli
authentication viaaz login
.az version
returns:ISSUE TYPE
COMPONENT NAME
azure_rm_resourcegroup
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
STEPS TO REPRODUCE
Demo project at https://github.com/a01fe/test_azure. Run
ansible-playbook test.yaml
.EXPECTED RESULTS
Task runs succeessfully.
ACTUAL RESULTS
Task fails with the error below.