subprocess.CalledProcessError: Command '['cmd', '/c', 'az account get-access-token --output json --resource https://management.azure.com/']' returned non-zero exit status 1
LiliDeng opened this issue · 5 comments
LiliDeng commented
We use below task in pipeline file.
- task: AzureCLI@2
displayName: "Run One Sriov test"
inputs:
azureSubscription: 'name'
scriptType: ps
powerShellErrorActionPreference: 'silentlyContinue'
scriptLocation: inlineScript
inlineScript: |
And in the inlineScript we launch command to run python code, we always can see below error, I am sure the service connection has enough permission to operate the resources in the azure subscription. And it used default DefaultAzureCredential login successfully.
credential = DefaultAzureCredential(
authority=self.cloud.endpoints.active_directory,
)
2024-05-08 01:57:52.221[4124][ERROR] lisa.runner[0] case failed
Traceback (most recent call last):
File "C:\hostedtoolcache\windows\Python\3.10.11\x64\lib\site-packages\azure\identity\_credentials\azure_cli.py", line 141, in _run_command
return subprocess.check_output(args, **kwargs)
File "C:\hostedtoolcache\windows\Python\3.10.11\x64\lib\subprocess.py", line 421, in check_output
return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
File "C:\hostedtoolcache\windows\Python\3.10.11\x64\lib\subprocess.py", line 526, in run
raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['cmd', '/c', 'az account get-access-token --output json --resource https://management.azure.com/']' returned non-zero exit status 1.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "D:\a\_work\1\s\lisa\lisa\runners\lisa_runner.py", line 295, in _deploy_environment_task
self.platform.deploy_environment(environment)
File "D:\a\_work\1\s\lisa\lisa\platform_.py", line 184, in deploy_environment
self._deploy_environment(environment, log)
File "D:\a\_work\1\s\lisa\lisa\sut_orchestrator\azure\platform_.py", line 638, in _deploy_environment
raise identifier
File "D:\a\_work\1\s\lisa\lisa\sut_orchestrator\azure\platform_.py", line 609, in _deploy_environment
location, deployment_parameters = self._create_deployment_parameters(
File "D:\a\_work\1\s\lisa\lisa\sut_orchestrator\azure\platform_.py", line 1233, in _create_deployment_parameters
node_arm_parameters = self._create_node_arm_parameters(node.capability, log)
File "D:\a\_work\1\s\lisa\lisa\sut_orchestrator\azure\platform_.py", line 1488, in _create_node_arm_parameters
self._get_sig_os_disk_size(arm_parameters.shared_gallery),
File "D:\a\_work\1\s\lisa\lisa\sut_orchestrator\azure\platform_.py", line 2540, in _get_sig_os_disk_size
found_image = self._get_sig_version(shared_image)
File "D:\a\_work\1\s\lisa\lisa\sut_orchestrator\azure\platform_.py", line 2487, in _get_sig_version
sig_version = compute_client.gallery_image_versions.get(
File "C:\hostedtoolcache\windows\Python\3.10.11\x64\lib\site-packages\azure\core\tracing\decorator.py", line 78, in wrapper_use_tracer
return func(*args, **kwargs)
File "C:\hostedtoolcache\windows\Python\3.10.11\x64\lib\site-packages\azure\mgmt\compute\v2022_03_03\operations\_operations.py", line 3580, in get
pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access
xiangyan99 commented
Thanks for reaching out.
Could you share more details?
e.g. which cloud do you use?
github-actions commented
Hi @LiliDeng. Thank you for opening this issue and giving us the opportunity to assist. To help our team better understand your issue and the details of your scenario please provide a response to the question asked above or the information requested above. This will help us more accurately address your issue.
LiliDeng commented
Thanks for reaching out.
Could you share more details?
e.g. which cloud do you use?
azure-identity-1.9.0
I use global azure, which other details you want, please let know.
LiliDeng commented
After changing azure-identity-1.9.0 into azure-identity-1.16.0, I saw below error. But I used the MSI with federated tokens have higher time limit. https://aka.ms/azdo-rm-workload-identity-manual
File "C:\hostedtoolcache\windows\Python\3.10.11\x64\lib\site-packages\azure\core\pipeline\policies\_redirect.py", line 197, in send
response = self.next.send(request)
File "C:\hostedtoolcache\windows\Python\3.10.11\x64\lib\site-packages\azure\core\pipeline\policies\_retry.py", line 531, in send
response = self.next.send(request)
File "C:\hostedtoolcache\windows\Python\3.10.11\x64\lib\site-packages\azure\core\pipeline\policies\_authentication.py", line 124, in send
self.on_request(request)
File "C:\hostedtoolcache\windows\Python\3.10.11\x64\lib\site-packages\azure\core\pipeline\policies\_authentication.py", line 99, in on_request
self._token = self._credential.get_token(*self._scopes)
File "C:\hostedtoolcache\windows\Python\3.10.11\x64\lib\site-packages\azure\identity\_credentials\default.py", line 219, in get_token
token = self._successful_credential.get_token(*scopes, claims=claims, tenant_id=tenant_id, **kwargs)
File "C:\hostedtoolcache\windows\Python\3.10.11\x64\lib\site-packages\azure\identity\_internal\decorators.py", line 33, in wrapper
token = fn(*args, **kwargs)
File "C:\hostedtoolcache\windows\Python\3.10.11\x64\lib\site-packages\azure\identity\_credentials\azure_cli.py", line 112, in get_token
output = _run_command(command, self._process_timeout)
File "C:\hostedtoolcache\windows\Python\3.10.11\x64\lib\site-packages\azure\identity\_credentials\azure_cli.py", line 215, in _run_command
raise ClientAuthenticationError(message=message) from ex
azure.core.exceptions.ClientAuthenticationError: ERROR: AADSTS700024: Client assertion is not within its valid time range. Current time: 2024-05-09T02:10:40.3190445Z, assertion valid from 2024-05-09T01:55:09.0000000Z, expiry time of assertion 2024-05-09T02:05:09.0000000Z. Review the documentation at https://docs.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentials . Trace ID: 7ea7efe9-2c80-47d7-b82b-b51b5902be00 Correlation ID: 25cf5e33-3808-473b-9266-3748d846bedd Timestamp: 2024-05-09 02:10:40Z
Interactive authentication is needed. Please run:
az login
LiliDeng commented
seems it is azure cli bug. Azure/azure-cli#28915