Closed JvHd-vw closed 2 years ago
If a followup job routes request to the same region as level0 e.g WESTUS2 the workflow succeeds but when routed to a different region e.g EASTUS2 the keyvault used in login_as_launchpad is not present in the output of the az keyvault list command.
Hi, just curious as to why this would happen. My understanding is az cli requests are not region specific?
The request is not, but depending on where the response comes from it dit or dit not have the keyvault in the response. I ran az keyvault list --debug
and received a different 'Response content' depending on the x-ms-routing-request-id
. So depending on the region in the request-id I received different result.
That sounds really odd behavior, I would expect that if this happened consistently a lot of people would be having problems. Are you behind some form of proxy that may be caching responses? Why does it only happen when using a service principal?
The PR looks good to me, just feel like there's more to this puzzle, perhaps maintainers from MS can share more insight.
That sounds really odd behavior, I would expect that if this happened consistently a lot of people would be having problems. Are you behind some form of proxy that may be caching responses? Why does it only happen when using a service principal?
The PR looks good to me, just feel like there's more to this puzzle, perhaps maintainers from MS can share more insight.
I experienced it when running on github-actions, but also locally.
hi @brk3 @JvHd-vw working on a repro now, will keep you guys posted.
I have encountered a intermittent fault when running the rover on GitHub actions with a service principal. The error I get in the workflow is :
This error happens after the workflow already successfully deployed a
level0
landingzone and is trying to deploy a higher level lz. After some debugging I found out that it has to do with the fact that our workflow uses a matrix and hence has separate jobs for each landingzone. If a followup job routes request to the same region aslevel0
e.g WESTUS2 the workflow succeeds but when routed to a different region e.g EASTUS2 the keyvault used in login_as_launchpad is not present in the output of theaz keyvault list
command.I have created a Support Request (ID: 2110150050000485) on Azure to investigate/mitigate this issue. For now Azure Support suggested to replace
az keyvault list
withaz graph query
as the latter should not have the issue.I created a pull request to implement this.