allow-no-subscriptions no longer working #371
Comments
|
Hi @kevinbasoftcat , Sorry for the inconvenience. We have released a new version today. - name: Login
uses: azure/login@v1.4.6
with:
creds: ${{secrets.AZURE_CREDENTIALS}}
And could you please provide your workflow file and the content of |
|
Hi @YanaXu thanks for the quick response. I have switched to v1.4.6 and this is now working. In terms of my workflow I was using the below with the allow-no-subscriptions set to true. Will this option no longer be available in newer versions?
|
|
Hi @kevinbasoftcat , |
|
Hi @YanaXu, Apologies updated my comment I actually don't include the subscriptionID parameter at all I only include clientId, clientSecret and tenantId parameters in the creds section. |
|
Same error for us. We use: - uses: azure/login@v1
with:
creds: ${{ secrets.ARGO_AZ_DEV_SERVICE_ACCOUNT }}
allow-no-subscriptions: truewith Which leads to this error: Is it a non-legit use anymore? Or is it a regression that's going to be fixed? Just want to know if we should stay on v1.4.6 until this is solved, or if we should change our code. Thanks! |
|
Hi @lra , @kevinbasoftcat , sorry for your inconvenience. We'll provide a fix soon. Before that, please use On the other hand, we'd like to know why you have a configuration like this. Do you use a multi-tenant SP without any subscriptions at all? Could you explain more to help us understand? Because this leads to an insecure case which we do not want. |
We'll do, thanks. We inherited a complex setup of multiple AAD, subs and tenants, some with no subscription (pure AAD), and the same codebase needs to be usable from github action, locally, k8s, terraform, ... and from different actors (SP, humans). This is our constraint. To have the same codebase be usable on all our environments without lots of if/else cases to authenticate all those different clients, by only feeding 1 thing (in this case the Azure Service Account creds) and not changing any other parameter, we have to use the least constrained way to auth: without a subcription. @evanrappe feel free to add more context here or correct me if I'm wrong as I never truly understood how this whole az auth logic really works. |
|
Hi @YanaXu we are an MSP and we have specific workflows that need to authenticate first then pull the list of subscriptions the customer has given us access to. We will not necessarily know a subscription ID in this scenario so have to pull that information after first authenticating. |
|
@YanaXu would it be possible to point the v1 tag to v1.4.6 until a fix is delivered? That way users would have to explicitly upgrade to the breaking change. |
|
Hi @danelson and all, |
|
Hi @kevinbasoftcat , @johanols, @tomas-pajurek, @michal-zatloukal, @tokarchyn, @axelo, @evanrappe, @lra, @dimash-tr, and @syednaimamd, @danelson, we have released a new tag |
|
@YanaXu v1.5.1 looks good on our end. Thanks! |
|
@YanaXu v1.5.1 also looks good for me, thanks! |
|
@YanaXu v1.5.1 all working for me too thanks. |
YanaXu
added
bug
|
Hi all, we have moved tag |
* fix371 * set subId once it is given * modify test to logout first * update tests * update test
Have noticed today that the 'allow-no-subscriptions' parameter does not appear to be working. When running a workflow I am getting the below error even though the parameter is set to 'true.
Error: Login failed with Error: Not all parameters are provided in 'creds'. Double-check if all keys are defined in 'creds': 'clientId', 'clientSecret', 'subscriptionId', 'tenantId'.. Make sure 'az' is installed on the runner. If 'enable-AzPSSession' is true, make sure 'pwsh' is installed on the runner together with Azure PowerShell module. Double check if the 'auth-type' is correct. Refer to https://github.com/Azure/login#readme for more information.
The text was updated successfully, but these errors were encountered: