azure cli not supported for keyvault? #134
Comments
|
@rkno82 Thank you for your report, we will investigate and solve your problems as soon as possible. Thank you! |
Fred-sun
added
medium_priority
|
Hi. Any news on this ticket? I am also facing this issue on ansible 2.10.4.
Despite working, this takes around 30z-40s to run (comparing to <2s from azure-cli on same machine and same auth), but prob this is a separate ticket. |
|
I'm also trying to log in with azure-cli and getting this same error about the |
|
It seems the same behaviour occurs with the azure.azcollection.azure_rm_keyvaultsecret plugin. The azure cli is not supported. |
|
Are there any plans to get Azure CLI working with all modules i.e. the kv ones? |
|
Wasted a lot of time on this today. Looking at the documentation you expect that this would work but it does not. One year later still no fix in sight? At least remove it from the documentation. |
|
Hello, my azure cli version is 2.25.0 Below is an authentication with a service principal be sure to not add any extra parameter related to Active Directory or the connection will fail output shows empty secret list: |
|
Same problem. Can the priority be bumped? |
|
@rkno82 @saulobejo It should be your credential permissions problem, or account problem. This should have been fixed. Can you upgrade to the latest version of Azure collection? Thank you very much! |
|
@Fred-sun I've tried upgrading but I was already using version 1.7. My code: - name: Azure secrets - Get secret password
azure.azcollection.azure_rm_keyvaultsecret_info:
vault_uri: "{{ vault_uri }}"
name: "{{ secret_name_password }}"
subscription_id: "{{ subscription_id }}"
tenant: "{{ tenant }}"
auth_source: "cli"The error remains. |
|
@saulobejo I used a free account to do this operation and got the same mistake as yours, so I can confirm that it is your credentials permissions. Thank you very much! |
|
@Fred-sun |
|
|
@saulobejo Also, make sure you have logged in to the CLI correctly and set up the Subscription to be used. Thank you very much! |
|
I'm logged in and the azure_rm inventory works perfectly. The only problem is the keyvault. I'm also able to use the import os
import sys
import cmd
from azure.keyvault.secrets import SecretClient
from azure.identity import DefaultAzureCredential
credential = DefaultAzureCredential(
exclude_environment_credential=True,
exclude_managed_identity_credential=True,
exclude_powershell_credential=True,
exclude_visual_studio_code_credential=True,
exclude_shared_token_cache_credential=True,
exclude_interactive_browser_credential=True
)
client = SecretClient(vault_url=KVUri, credential=credential)
retrieved_secret = client.get_secret(secretName)and the
{
"environmentName": "AzureCloud",
"homeTenantId": "xxxxxxxxxx-xxxxxxxxxxx-xxxxxxxxxx",
"id": "yyyyyyyyyyyyyy-yyyyyyyyyyy-yyyyyyyyyy",
"isDefault": true,
"managedByTenants": [
{
"tenantId": "zzzzzzzzzzzz-zzzzzzzz-zzzzzzzz"
}
],
"name": "Subscription name",
"state": "Enabled",
"tenantId": "xxxxxxxxxx-xxxxxxxxxxx-xxxxxxxxxx",
"user": {
"name": "email@company",
"type": "user"
}
} |
|
Hello, |
|
|
@saulobejo I will recheck it! Thank you very much! |
|
It looks like KeyVault client library is a few years old and uses a slightly outdated mechanism for auth. One would want to modify the logic in e.g. |
|
@Fred-sun sorry I haven't submitted a patch - I'm not confident I understand Azure auth and the existing code well enough to actually write the fix. I hope the research helps though! |
|
would love to have a fix here. |
|
@jfreeland You are welcome to contribute PR to fix this issue! Thank you very much! |
|
If I had time, I might. I'd strongly prefer to have someone from Microsoft who is incentivized to have paying customers use their products fix it. |
|
Hello @Fred-sun is this issue likely to be fixed anytime soon? Trying to use azure_rm_keyvault_info.py as per https://docs.microsoft.com/en-us/azure/developer/ansible/key-vault-configure-secrets?tabs=ansible example to get keyvault secret with collection and getting same error as @saulobejo I login with az login successfully then run playbook. |
|
Any luck with having a look at this @Fred-sun ? |
|
@mashoodakram @saulobejo I have fixed the problem you encountered, please refer to PR#770. Thank you! |
|
I've made a poc that works with Azure CLI. If someone is interested to work on it, here is the working code: https://gist.github.com/fastlorenzo/8dffdcdee6a927c8ecf5989ddc9f2a3d |
fixes by #823 |
SUMMARY
Currently Azure CLI authentication is not working for atleast the modules around "azure_rm_keyvaultsecret_info".
ISSUE TYPE
COMPONENT NAME
azure_rm_keyvaultsecret_info & azure cli
ANSIBLE VERSION
CONFIGURATION
OS / ENVIRONMENT
Its neither working on a CentOS 7.6 (Python 2.7) nor on CentOS 8.1 (python 3.6).
STEPS TO REPRODUCE
EXPECTED RESULTS
The secret should be collected and can be used for other tasks.
ACTUAL RESULTS
Python exception with not finding client_id comes up.
The text was updated successfully, but these errors were encountered: