AzureAppServiceManage version 0.214 not working

[tasneemnaushad]

Note

Issues in this repo are for tracking bugs, feature requests and questions for the tasks in this repo

For a list:
https://github.com/Microsoft/azure-pipelines-tasks/tree/master/Tasks

If you have an issue or request for the Azure Pipelines service, use developer community instead:

https://developercommunity.visualstudio.com/spaces/21/index.html )

Required Information

Entering this information will route you directly to the right team and expedite traction.

Question, Bug, or Feature? Bug Type: Task

Enter Task Name: AzureAppServiceManage

list here (V# not needed):
https://github.com/Microsoft/azure-pipelines-tasks/tree/master/Tasks

Environment

• Server - Azure Pipelines or TFS on-premises? TFS on premises

  • If using TFS on-premises, provide the version: 2.210.1

  • If using Azure Pipelines, provide the account name, team project name, build definition name/build number:

• Agent - Hosted or Private: Private

  • If using Hosted agent, provide agent queue name:

  • If using private agent, provide the OS of the machine running the agent and the agent version:

  • OS : Linux

  • Agent version 2.210.1

Issue Description

[Include task name(s), screenshots and any other relevant details] [AzureAppServiceManage@0] ie the Swap Azure task

The version 0.210 used to work. The version 0.214 is causing issues. Since release pipeline is classic, we cant take an older version to temporary sort the issue. "Error: Failed to fetch App Service 'webapp-botcomposer-dev' publishing credentials. Error: Could not fetch access token for Azure. Status code: endpoints_resolution_error, status message: Error: could not resolve endpoints. Please check network and try again. Detail: ClientConfigurationError: untrusted_authority: The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter."

Note that the publish to Web app task works, but swapping of slots fail with the same service connection. So its definately not the service connection or authorization that is the issue.

Task logs

[Enable debug logging and please provide the zip file containing all the logs for a speedy resolution]

Troubleshooting

Checkout how to troubleshoot failures and collect debug logs: https://docs.microsoft.com/en-us/vsts/build-release/actions/troubleshooting

Error logs

2023-01-12T23:58:07.9646231Z ##[debug]MSAL - getEndpoint - useGraphActiveDirectoryResource=false 2023-01-12T23:58:07.9647193Z ##[debug]MSAL - getEndpoint - useMSAL=true 2023-01-12T23:58:07.9649662Z ##[debug]MSAL - getEndpoint - endpoint={"subscriptionID":"****----****","subscriptionName":"SubscriptionName","servicePrincipalClientID":"*","environmentAuthorityUrl":"https://login.microsoftonline.com/","tenantID":"*****----**","url":"https://management.azure.com/","environment":"AzureCloud","scheme":"ServicePrincipal","activeDirectoryResourceID":"https://management.core.windows.net/","azureKeyVaultServiceEndpointResourceId":"https://vault.azure.net","azureKeyVaultDnsSuffix":"vault.azure.net","scopeLevel":"Subscription"} 2023-01-12T23:58:07.9652176Z ##[debug]MSAL - getEndpoint - connectedServiceName=*connectedServiceName----**** 2023-01-12T23:58:07.9653460Z ##[debug]*connectedServiceName----**** auth param authenticationType = spnKey 2023-01-12T23:58:07.9654210Z ##[debug]credentials spn endpoint 2023-01-12T23:58:07.9655566Z ##[debug]*connectedServiceName----**** auth param serviceprincipalkey = 2023-01-12T23:58:07.9656487Z ##[debug]connectedServiceName-**---**** data EnableAdfsAuthentication = false 2023-01-12T23:58:07.9657376Z ##[debug]*connectedServiceName----**** auth param apitoken = undefined 2023-01-12T23:58:07.9660507Z ##[debug]{"subscriptionID":"****----****","subscriptionName":"SubscriptionName","servicePrincipalClientID":"*","environmentAuthorityUrl":"https://login.microsoftonline.com/","tenantID":"*****----**","url":"https://management.azure.com/","environment":"AzureCloud","scheme":"ServicePrincipal","activeDirectoryResourceID":"https://management.azure.com/","azureKeyVaultServiceEndpointResourceId":"https://vault.azure.net","azureKeyVaultDnsSuffix":"vault.azure.net","scopeLevel":"Subscription","authenticationType":"spnKey","servicePrincipalKey":***,"isADFSEnabled":false,"applicationTokenCredentials":{"clientId":"***","tenantId":"*******-****-****-****-**********","baseUrl":"https://management.azure.com/","authorityUrl":"https://login.microsoftonline.com/","activeDirectoryResourceId":"https://management.azure.com/","isAzureStackEnvironment":false,"authType":"spnKey","secret":***,"isADFSEnabled":false,"useMSAL":true}} 2023-01-12T23:58:07.9795576Z ##[debug]Processed: ##vso[telemetry.publish area=TaskEndpointId;feature=AzureAppServiceManage]{"endpointId":"*connectedServiceName----****"} 2023-01-12T23:58:07.9797554Z ##[debug]Resource Group: rg-name-dev 2023-01-12T23:58:07.9798382Z ##[debug]MSAL - getMSALToken called. force=undefined 2023-01-12T23:58:07.9799138Z ##[debug]MSAL - ServicePrincipal - clientSecret is used. 2023-01-12T23:58:07.9800070Z ##[debug][Thu, 12 Jan 2023 23:58:07 GMT] : @azure/msal-node@1.14.3 : Info - acquireTokenByClientCredential called 2023-01-12T23:58:09.9934018Z ##[debug]Completed action 2023-01-12T23:58:09.9935456Z ##[debug]task result: Failed 2023-01-12T23:58:09.9991606Z ##[error]Error: Failed to fetch App Service 'webapp-appname-dev' publishing credentials. Error: Could not fetch access token for Azure. Status code: endpoints_resolution_error, status message: Error: could not resolve endpoints. Please check network and try again. Detail: ClientConfigurationError: untrusted_authority: The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter. 2023-01-12T23:58:10.0011787Z ##[debug]Processed: ##vso[task.issue type=error;]Error: Failed to fetch App Service 'webapp-appname-dev' publishing credentials. Error: Could not fetch access token for Azure. Status code: endpoints_resolution_error, status message: Error: could not resolve endpoints. Please check network and try again. Detail: ClientConfigurationError: untrusted_authority: The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter. 2023-01-12T23:58:10.0017910Z ##[debug]Processed: ##vso[task.complete result=Failed;]Error: Failed to fetch App Service 'webapp-appname-dev' publishing credentials. Error: Could not fetch access token for Azure. Status code: endpoints_resolution_error, status message: Error: could not resolve endpoints. Please check network and try again. Detail: ClientConfigurationError: untrusted_authority: The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter. 2023-01-12T23:58:10.0025174Z ##[section]Finishing: Swap Slots: webapp-appname-dev

[kaito-ms]

This problem may have been caused by Tasks Updates - G1 - Common (npm) - MSAL by ozanovus · Pull Request #17225 · microsoft/azure-pipelines-tasks. The task is ignoring the proxy settings of the agent server. AzureKeyVault task also has the same problem AzureKeyVault fails with 'endpoints_resolution_error' · Issue #17485 · microsoft/azure-pipelines-tasks as AzureAppServiceManage and is Revert m214 changes to keyvaulttaskV1/2 by merlynomsft · Pull Request #17503 · microsoft/azure-pipelines-tasks.

[Vertex-btb]

@kaito-ms @tasneemnaushad My team and I are also observing the same issue. When does Microsoft plan to release a fix (or rollback) the extension so that the issue can be resolved?

[merlynomsft]

We applied a rollback to AzureAppServiceManage 0.210.0.

Related PRs / hotfixes:

17625 #17624

[tasneemnaushad]

I have verified and the revertion works. I believe this can be closed Thank you for the quick turn around.