Open russelljftw opened 4 years ago
I think the this is failing because the ServicePrincipalCredentials method does not contain cloud_environment=azure_cloud.AZURE_US_GOV_CLOUD
@russelljftw This seems plausible to me. Would there be any way that you could verify this before we make the change? If you can verify the precise set of data values needed with a raw http request or python script that works, that would be helpful. Thank you!
I've confirmed that adding cloud_environment = cloud
inside the ServicePrincipalCredentials method does indeed allow for credential testing to succeed. This does not allow for populating a secret into a credential however as the secret is never stored into the field. The value of the credential remains empty after testing and selecting "ok"
Edit: this appears to be a UI bug as AzureUSGovernment is indeed usable after adding cloud_environment = cloud
I am getting this error when trying to validate Vault URL with SP credentials on Azure GovCloud : Max retries 3 times exceeded. Error Details: AADSTS900382 : Confidential Client is not supported in Cross Cloud request. Any idea, if this might be related to this issue?
@lovleshmalik where are you getting that error? Which UI page in AWX and following what procedures?
Bump, same issue. What log file are you seeing that error?
Bump, same issue. What log file are you seeing that error?
I'm the original posted of this issue, but lost access to that github account.
You can see a detailed error message if you try to use a credential that leverages the Azure Gov Keyvault credential in a job. The job will fail almost immediately.
ISSUE TYPE
SUMMARY
Azure Keyvault lookup plugin not working for Azure Government. Vague "Authentication Error" popup with no details or log.
The azure keyvault credentials plugin found here: awx/awx/main/credential_plugins/azure_kv.py
ENVIRONMENT
STEPS TO REPRODUCE
Create Microsoft Azure Key Vault credential type. Populate details with Azure Government Keyvault and Application registration Select Cloud Environment "AzureGovernment" Save credential Click Test, Enter Valid Secrete name
EXPECTED RESULTS
Microsoft Azure Keyvault:Test Passed!
ACTUAL RESULTS
Red Error message Microsoft Azure Keyvault: Authentication Error
ADDITIONAL INFORMATION
This issue is related to Feature Idea #5138 I had previously submitted. I was unable to validate functionality before that issues was closed.
I think the this is failing because the ServicePrincipalCredentials method does not contain cloud_environment=azure_cloud.AZURE_US_GOV_CLOUD
Or because the KeyVaultClient method is not given the base_url for the government API endpoint.
On https://docs.microsoft.com/en-us/azure/developer/python/azure-sdk-authenticate?tabs=cmd
there is a section on Azure Sovereign or national Cloud logons.