Description
Authentication is not working with azure stack HUB using subscription_id, client_id and secret. There were are few issues encountered. First one was worked around.
First error message said:
Attempted credentials:
EnvironmentCredential: Authentication failed: invalid_instance: The authority you provided, https://management.<stack domain>/<tenant ID> is not whitelisted. If it is indeed your legit customized domain name, you can turn off this check by passing in instance_discovery=False```
That one was worked around by hardcoding `instance_discovery=False` setting in `extras-3.10/msal/authority.py` just to pass.
But after that passed another error showed:
```[ERROR ] An Azure Resource Manager Resource ResourceNotFoundError has occurred: DefaultAzureCredential failed to retrieve a token from the included credentials.
Attempted credentials:
EnvironmentCredential: Authentication failed: Unable to get authority configuration for https://management.<stack domain>/<tenant ID>. Authority would typically be in a format of https://login.microsoftonline.com/your_tenant or https://tenant_name.ciamlogin.com or https://tenant_name.b2clogin.com/tenant.onmicrosoft.com/policy. Also please double check your tenant name or GUID is correct.
To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/python/identity/defaultazurecredential/troubleshoot.
Setup
Installed with salt-pip install saltext-azurerm
Setting up cloud provider for salt-cloud:
Please be as specific as possible and give set-up details.
[ ] on-prem machine
[x] VM on vmware
[ ] VM running on a cloud service, please be explicit and add details
[ ] container (Kubernetes, Docker, containerd, etc. please specify)
[ ] or a combination, please be explicit
[ ] jails if it is FreeBSD
[ ] classic packaging
[x] onedir packaging
[ ] used bootstrap to install
Steps to Reproduce the behavior
Have Azure Stack HUB and authentication in Entra ready with client_id and secret created. The client is owner of the azure stack tenant and has admin rights on it. Login via browser to the azure stack console works and using that same credentials with terraform was tested and confirmed to work. But using salt-cloud with azurerm doesn't work.
Expected behavior
Supposed to authenticate without issuses.
Versions Report
Salt Version:
Salt: 3006.8
Python Version:
Python: 3.10.14 (main, Apr 3 2024, 21:30:09) [GCC 11.2.0]
Dependency Versions:
cffi: 1.14.6
cherrypy: unknown
dateutil: 2.8.1
docker-py: Not Installed
gitdb: Not Installed
gitpython: Not Installed
Jinja2: 3.1.3
libgit2: Not Installed
looseversion: 1.0.2
M2Crypto: Not Installed
Mako: Not Installed
msgpack: 1.0.2
msgpack-pure: Not Installed
mysql-python: Not Installed
packaging: 22.0
pycparser: 2.21
pycrypto: Not Installed
pycryptodome: 3.19.1
pygit2: Not Installed
python-gnupg: 0.4.8
PyYAML: 6.0.1
PyZMQ: 23.2.0
relenv: 0.16.0
smmap: Not Installed
timelib: 0.2.4
Tornado: 4.5.3
ZMQ: 4.3.4
Salt Extensions:
saltext.azurerm: 4.1.0
System Versions:
dist: centos 7.9.2009 Core
locale: utf-8
machine: x86_64
release: 4.4.169-1.el7.elrepo.x86_64
system: Linux
version: CentOS Linux 7.9.2009 Core
Description Authentication is not working with azure stack HUB using subscription_id, client_id and secret. There were are few issues encountered. First one was worked around. First error message said:
Setup Installed with
salt-pip install saltext-azurermSetting up cloud provider for salt-cloud:Please be as specific as possible and give set-up details.
Steps to Reproduce the behavior Have Azure Stack HUB and authentication in Entra ready with client_id and secret created. The client is owner of the azure stack tenant and has admin rights on it. Login via browser to the azure stack console works and using that same credentials with terraform was tested and confirmed to work. But using salt-cloud with azurerm doesn't work.
Expected behavior Supposed to authenticate without issuses.
Versions Report
Salt Version: Salt: 3006.8 Python Version: Python: 3.10.14 (main, Apr 3 2024, 21:30:09) [GCC 11.2.0] Dependency Versions: cffi: 1.14.6 cherrypy: unknown dateutil: 2.8.1 docker-py: Not Installed gitdb: Not Installed gitpython: Not Installed Jinja2: 3.1.3 libgit2: Not Installed looseversion: 1.0.2 M2Crypto: Not Installed Mako: Not Installed msgpack: 1.0.2 msgpack-pure: Not Installed mysql-python: Not Installed packaging: 22.0 pycparser: 2.21 pycrypto: Not Installed pycryptodome: 3.19.1 pygit2: Not Installed python-gnupg: 0.4.8 PyYAML: 6.0.1 PyZMQ: 23.2.0 relenv: 0.16.0 smmap: Not Installed timelib: 0.2.4 Tornado: 4.5.3 ZMQ: 4.3.4 Salt Extensions: saltext.azurerm: 4.1.0 System Versions: dist: centos 7.9.2009 Core locale: utf-8 machine: x86_64 release: 4.4.169-1.el7.elrepo.x86_64 system: Linux version: CentOS Linux 7.9.2009 Core