Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix ExpiredAuthenticationToken errors when using Azure CLI credentials. Fixes #521 #544

Merged
merged 4 commits into from
Nov 10, 2022
Merged

Fix ExpiredAuthenticationToken errors when using Azure CLI credentials. Fixes #521 #544

merged 4 commits into from
Nov 10, 2022

Conversation

LalitLab
Copy link
Contributor

@LalitLab LalitLab commented Nov 9, 2022
edited
Loading

Example query results

Results image 
lalit@Lalits-MacBook-Pro:~/WORK/Turbot/steampipe/plugins/steampipe-plugin-azure|main⚡ ⇒  steampipe query
Welcome to Steampipe v0.18.0-dev.0
For more information, type .help
> select * from azure_compute_disk
+------+----+------+--------------------+------------+----------+----------+--------------+-----------+----------------+-----------------+--------------+------------+--------------------+---------------------+---->
| name | id | type | provisioning_state | managed_by | sku_name | sku_tier | time_created | unique_id | disk_access_id | disk_size_bytes | disk_size_gb | disk_state | hyper_v_generation | disk_iops_read_only | dis>
+------+----+------+--------------------+------------+----------+----------+--------------+-----------+----------------+-----------------+--------------+------------+--------------------+---------------------+---->
+------+----+------+--------------------+------------+----------+----------+--------------+-----------+----------------+-----------------+--------------+------------+--------------------+---------------------+---->
> select * from azure_old.azure_compute_disk
+------+----+------+--------------------+------------+----------+----------+--------------+-----------+----------------+-----------------+--------------+------------+--------------------+---------------------+---->
| name | id | type | provisioning_state | managed_by | sku_name | sku_tier | time_created | unique_id | disk_access_id | disk_size_bytes | disk_size_gb | disk_state | hyper_v_generation | disk_iops_read_only | dis>
+------+----+------+--------------------+------------+----------+----------+--------------+-----------+----------------+-----------------+--------------+------------+--------------------+---------------------+---->
+------+----+------+--------------------+------------+----------+----------+--------------+-----------+----------------+-----------------+--------------+------------+--------------------+---------------------+---->
> 
> 

-- After waiting for Token to Expire
> select * from azure_old.azure_compute_disk

Error: compute.DisksClient#List: Failure responding to request: StatusCode=401 -- Original Error: autorest/azure: Service returned an error. Status=401 Code="ExpiredAuthenticationToken" Message="The access token expiry UTC time '11/9/2022 11:39:38 AM' is earlier than current UTC time '11/9/2022 11:47:06 AM'." (SQLSTATE HV000)

+------+----+------+--------------------+------------+----------+----------+--------------+-----------+----------------+-----------------+--------------+------------+--------------------+---------------------+---->
| name | id | type | provisioning_state | managed_by | sku_name | sku_tier | time_created | unique_id | disk_access_id | disk_size_bytes | disk_size_gb | disk_state | hyper_v_generation | disk_iops_read_only | dis>
+------+----+------+--------------------+------------+----------+----------+--------------+-----------+----------------+-----------------+--------------+------------+--------------------+---------------------+---->
+------+----+------+--------------------+------------+----------+----------+--------------+-----------+----------------+-----------------+--------------+------------+--------------------+---------------------+---->
> select * from azure_compute_disk
+------+----+------+--------------------+------------+----------+----------+--------------+-----------+----------------+-----------------+--------------+------------+--------------------+---------------------+---->
| name | id | type | provisioning_state | managed_by | sku_name | sku_tier | time_created | unique_id | disk_access_id | disk_size_bytes | disk_size_gb | disk_state | hyper_v_generation | disk_iops_read_only | dis>
+------+----+------+--------------------+------------+----------+----------+--------------+-----------+----------------+-----------------+--------------+------------+--------------------+---------------------+---->
+------+----+------+--------------------+------------+----------+----------+--------------+-----------+----------------+-----------------+--------------+------------+--------------------+---------------------+---->
> select * from azure_old.azure_compute_disk

Error: compute.DisksClient#List: Failure responding to request: StatusCode=401 -- Original Error: autorest/azure: Service returned an error. Status=401 Code="ExpiredAuthenticationToken" Message="The access token expiry UTC time '11/9/2022 11:39:38 AM' is earlier than current UTC time '11/9/2022 11:47:32 AM'." (SQLSTATE HV000)

+------+----+------+--------------------+------------+----------+----------+--------------+-----------+----------------+-----------------+--------------+------------+--------------------+---------------------+---->
| name | id | type | provisioning_state | managed_by | sku_name | sku_tier | time_created | unique_id | disk_access_id | disk_size_bytes | disk_size_gb | disk_state | hyper_v_generation | disk_iops_read_only | dis>
+------+----+------+--------------------+------------+----------+----------+--------------+-----------+----------------+-----------------+--------------+------------+--------------------+---------------------+---->
+------+----+------+--------------------+------------+----------+----------+--------------+-----------+----------------+-----------------+--------------+------------+--------------------+---------------------+----

@LalitLab LalitLab self-assigned this Nov 9, 2022
@LalitLab LalitLab linked an issue Nov 9, 2022 that may be closed by this pull request
ExpiredAuthenticationToken errors when using Azure CLI credentials #521
Closed
@misraved misraved mentioned this pull request Nov 9, 2022
Closed
cbruno10
cbruno10 requested changes Nov 9, 2022
View reviewed changes
Copy link
Contributor

@cbruno10 cbruno10 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@LalitTurbot Please see suggestions, thanks!

azure/service.go Outdated
@@ -48,6 +48,7 @@ func GetNewSession(ctx context.Context, d *plugin.QueryData, tokenAudience strin
if cachedData, ok := d.ConnectionManager.Cache.Get(cacheKey); ok {
session = cachedData.(*Session)
if session.Expires != nil && WillExpireIn(*session.Expires, 0) {
logger.Info("GetNewSession", "cache expired", "delete cache and obtain new session token")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we still want this log message? If so, should this be Trace?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will convert this and others to the required levels.
Sorry, left over from testing

azure/service.go Outdated
}
default:
logger.Trace("Getting token for authorizer from Azure CLI")
logger.Warn("Getting token for authorizer from Azure CLI")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
logger.Warn("Getting token for authorizer from Azure CLI")
logger.Trace("Getting token for authorizer from Azure CLI")

azure/service.go Outdated
token, err := cli.GetTokenFromCLI(resource)
if err != nil {
plugin.Logger(ctx).Error("GetNewSession", "cli.GetTokenFromCLI error", err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
plugin.Logger(ctx).Error("GetNewSession", "cli.GetTokenFromCLI error", err)
plugin.Logger(ctx).Error("GetNewSession", "get_token_from_cli_error", err)

azure/service.go Outdated
return nil, err
}

adalToken, err := token.ToADALToken()
expiresOn = types.Time(adalToken.Expires())
logger.Warn("GetNewSession", "Getting token for authorizer from Azure CLI, expiresOn", expiresOn.Local())
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
logger.Warn("GetNewSession", "Getting token for authorizer from Azure CLI, expiresOn", expiresOn.Local())
logger.Trace("GetNewSession", "Getting token for authorizer from Azure CLI, expiresOn", expiresOn.Local())

Should this be Trace?

azure/service.go Outdated
}

// Get the subscription ID and tenant ID from CLI if not set in connection
// config or environment variables
if authMethod == "CLI" && (settings.Values[auth.SubscriptionID] == "" || settings.Values[auth.TenantID] == "") {
logger.Trace("Getting subscription ID and/or tenant ID from from Azure CLI")
logger.Debug("Getting subscription ID and/or tenant ID from from Azure CLI")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
logger.Debug("Getting subscription ID and/or tenant ID from from Azure CLI")
logger.Trace("Getting subscription ID and/or tenant ID from from Azure CLI")

Should this be Trace or Debug? It seems like we use both throughout this function, so I'm a bit confused.

azure/service.go Outdated
if strings.Contains(err.Error(), "invalid_grant") {
return nil, fmt.Errorf("ValidationError: The credential data used by the CLI has expired because you might have changed or reset the password. Please clear your browser's cookies and run 'az login'.")
}
return nil, err
}
authorizer = autorest.NewBearerAuthorizer(&adalToken)
default:
return nil, fmt.Errorf("GetNewSession. invalid authenticaion method, please check plugin configuration and restart plugin.")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return nil, fmt.Errorf("GetNewSession. invalid authenticaion method, please check plugin configuration and restart plugin.")
return nil, fmt.Errorf("invalid Azure authentication method: %w")

@cbruno10 cbruno10 merged commit 82568c1 into main Nov 10, 2022
@cbruno10 cbruno10 deleted the 521-expiredauthenticationtoken-errors-when-using-azure-cli-credentials branch November 10, 2022 12:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cbruno10 cbruno10 cbruno10 approved these changes

@misraved misraved Awaiting requested review from misraved

Assignees

@LalitLab LalitLab

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ExpiredAuthenticationToken errors when using Azure CLI credentials
2 participants
@LalitLab @cbruno10