search

microsoft / OpenHack

This repository contains Microsoft OpenHack's open source code and documentation specific to (BYOS) Bring Your Own Azure Subscription. Aka.ms/OpenHackBYOS
Creative Commons Attribution 4.0 International
223 stars 230 forks source link

Issue running deploy-gh.sh #97

Closed chrisreddington closed 2 years ago

chrisreddington commented 2 years ago

Hi @DariuszPorowski

We are preparing for a multi-customer DevOps 3.0 OpenHack taking place next week. We've been running through the deploy-gh script, but are seeing issues running the script.

The issue is related to the creation of Azure Resources - 

\e[36m##[command] Checking az command ...
\e[0m
\e[36m##[command] Checking jq command ...
\e[0m
\e[36m##[command] Checking gh command ...
\e[0m
\e[36m##[command] Checking curl command ...
\e[0m
\e[36m##[command] Checking azure-cli varsion ...
\e[0m
\e[36m##[command] Getting unique name...
\e[0m
\e[36m##[command] Checking for azuresp.json file...
\e[0m
\e[36m##[command] Creating Azure resources...
\e[0m
Failed to resolve tenant ''.

Error detail: 
The subscription of '' doesn't exist in cloud 'AzureCloud'.
Installing Bicep CLI v0.4.1272...
Successfully installed Bicep CLI to "/Users/chrisredddington/.azure/bin/bicep".
WARNING: The underlying Active Directory Graph API will be replaced by Microsoft Graph API in a future version of Azure CLI. Please carefully review all breaking changes introduced during this migration: https://docs.microsoft.com/cli/azure/microsoft-graph-migration
ERROR: Unsupported or invalid query filter clause specified for property 'servicePrincipalNames' of resource 'ServicePrincipal'.
/Users/chrisredddington/Documents/code/OpenHack/byos/devops/deploy/azureStorageAccount.bicep(7,13) : Warning no-loc-expr-outside-params: Use a parameter here instead of 'resourceGroup().location'. 'resourceGroup().location' and 'deployment().location' should only be used as a default value for parameters. [https://aka.ms/bicep/linter/no-loc-expr-outside-params]

{"status":"Failed","error":{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Conflict","message":"{\r\n  \"status\": \"Failed\",\r\n  \"error\": {\r\n    \"code\": \"ResourceDeploymentFailure\",\r\n    \"message\": \"The resource operation completed with terminal provisioning state 'Failed'.\",\r\n    \"details\": [\r\n      {\r\n        \"code\": \"DeploymentFailed\",\r\n        \"message\": \"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.\",\r\n        \"details\": [\r\n          {\r\n            \"code\": \"BadRequest\",\r\n            \"message\": \"{\\r\\n  \\\"error\\\": {\\r\\n    \\\"code\\\": \\\"InvalidPrincipalId\\\",\\r\\n    \\\"message\\\": \\\"A valid principal ID must be provided for role assignment.\\\"\\r\\n  }\\r\\n}\"\r\n          }\r\n        ]\r\n      }\r\n    ]\r\n  }\r\n}"}]}}
\e[36m##[command] Creating organization repository...
\e[0m
\e[36m##[command] Creating GitHub team...
\e[0m
\e[36m##[command] Updating team repository permissions...
\e[0m
\e[36m##[command] Creating repository project...
\e[0m
\e[36m##[command] Creating repository secrets...

@fortunkam also encountered this issue. Is it possible to look into this ahead of next week, so that we can be sure the setup process will work for our customers? Will do some digging to see if we can identify the issue.

Thanks!

chrisreddington commented 2 years ago

Update: As far as I can see, i'm not seeing any details in the azuresp.json file. I've executed the command on line 3 in this file manually, and that created without any problems.

However, the manual output has a different json format from what the azure service principal JSON output used to be.

e.g. tenant rather than tenantId, password rather than clientSecret

{
  "appId": ".....",
  "displayName": ".....",
  "password": ".....",
  "tenant": "....."
}

I wonder if that could be interfering, and potentially (perhaps due to a new Azure CLI version?)

DariuszPorowski commented 2 years ago

@chrisreddington What version of az cli do you use? and what was for deployment env? WSL? Mac? Linux? Bash CloudShell?

DariuszPorowski commented 2 years ago

@chrisreddington PR merged, it looks like it was a new version of az cli issue.

ArtiomLK commented 1 year ago

Hi there, I ran into the same issue.

TLDR, you must deploy it from the Azure CloudShell.

Based on the instructions I assumed I could deploy it from my local machine since the instructions mentioned:

Login to your Azure Subscription (You can skip this step if you are using Cloud Shell for deployment).

In other words, I assumed I could also deploy it from my local machine. Nonetheless, even though I did login into Azure the script still failed as @chrisreddington mentioned above

Perhaps stating in the instructions that, we must deploy it from the az CloudShell or stating that, we highly suggest deploying it from the Azure CloudShell could help other save some time troubleshooting.

Thanks!