-
Notifications
You must be signed in to change notification settings - Fork 192
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aztfy won't pick up token from new az login #288
Comments
It appears you are using an old version of the |
I upgraded to 0.8.0 and the error is now different - see below. If I -s followed by the subscription GUID or subscription friendly name, I just get the aztfy default list of commands and "error: flag provided but not defined: -s" I already re-ran az login to the subscription and az account set --subscription %subscriptionGUID% to point at the correct subscription. I am logged in as a user with Owner rights to all resources in the subscription. I don't see any interactive or non-interactive sign-ins in my Azure AD sign-in logs with the correlation ID.
|
From the error message:
Looks like
So would you please check both your command, env var, and the output of above az cli command to see where that |
And like I said, when I run aztfy with -s, I get an error that the flag is not defined.
I am not using any environment variables for subscription ID since I switch between subscriptions and tenants fairly frequently. Not to sound rude but it seems like the -s command line option you're asking me to run simply doesn't exist in aztfy; it's nowhere in the documentation and as you can see it isn't working when used. |
@MohnJadden This option is behind the subcommand, type |
No luck. Running |
@MohnJadden The error message: |
I literally specified the GUID of the subscription in question - |
Im having the same issue on a brand new deployed win 11, with aztfy, specifying subscription id and RG name. I am able to query the resources in this RG using az cli in the same console. The below error occurs right after listing azure resources. i have tried logging out and logging back in the az cli as well as rebooting the machine. I can list the resources in the cli without any issue `
|
interestingly enough I was able to do this on another machine (windows 10) without the login failure. On the suspect machine, there is nothing special other than its Windows11 and brand new. This machine is in Azure, not sure that would make a difference though. I am able to use az cli and terraform on the suspect machine without any issue. |
I'm also still running into the 400 error even when I try different permutations of quotation marks, subscription names, etc. I've also used az login --t to specify the tenant ID where my account lives - no help. Still shows NoValidSubscriptionsInQueryRequest, even though I've used az account set for both the friendly name and GUID. Seems like it's just fundamentally broken for this environment. Interestingly enough, I do not have the issue if I just use it against one resource. I get taken to the aztfy interface as normal. |
@chughesvf That is because the active subscription of azure cli is not the one you specified when running @MohnJadden I think the way how subscription is passed to |
Is the main branch equivalent to 0.9.0? If so, I upgraded to 0.9.0 and ran |
@MohnJadden No, you'll need to have Go toolchain installed and run |
I also get a 400 error as outlined above on ver 0.8.0 and 0.9.0, suggestion that there is nothing populated as a subscription ID...
command used : Also defined environment variables to test ( [$AZTFY_SUBSCRIPTION_ID, $ARM_SUBSCRIPTION_ID] ) I can see my subscription ID set as default in the command help but...
and when I issues the command with just a resource group name :
|
@MohnJadden and @jjtynan That probably indicates the default account set by az cli, hence the generated access token is not eligible to access the resource group you've specified. Please ensure the account has the correct permission to do so. |
aztfy version v0.10.0(397dc69) Where are we on this? im having the same issues on windows 11 running: aztfy resource-group --subscription-id subID rgName Also when i execute the command in PowerShell it doesn't look like its processed in the same ps scope.. wonder if thats the issue |
@Flightdeck73 Could you please provide the debug log via |
listing resource set: executing ARG query "Resources | where resourceGroup =~ "someRGname" | order by id desc": DefaultAzureCredential:
fyi we are using AzureUSGovernment |
@Flightdeck73 Thank you for providing the crucial fact that you are using usgov. Currently, to use a cloud other than public, you'll have to specify that via env var |
@magodo Thank you for the fix, Can you please update the document with this new option? I encountered the same issue and had to trace this chain to get the solution working |
When I run aztfy rg --append --name-pattern "*" RG1 I get a 401 Unauthorized error stating that my access token is for one of my other Azure tenants. If I run az login and log in to the tenant I want to use, then run az account set --subscription to the subscription within that tenant, the error persists. I have re-tried az login several times with the same issue recurring.
The full text:
The text was updated successfully, but these errors were encountered: