AZ CLI问题 – GitHub Actions自托管运行器

huangapple go评论66阅读模式
英文:

AZ CLI Issue - Github Actions Self hosted runner

问题

I get the error shown in screenshot below while trying to fetch Azure key vault secrets using Azure CLI from github actions. The error says Please run 'az login' to setup account.

As one can see, the AZ login was successful in the previous step. Based on the suggestion here, I have installed Azure CLI - eventhough the output says Azure CLI is already up to date in the self hosted runner.

What can be done to overcome this issue?

yml snippet

  • name: Install Azure CLI
    run: |
    sudo apt-get install ca-certificates curl apt-transport-https lsb-release gnupg
    curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor |
    sudo tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null
    AZ_REPO=$(lsb_release -cs)
    echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO
    main" | sudo tee /etc/apt/sources.list.d/azure-cli.list
    sudo apt-get update
    sudo apt-get install azure-cli

    • name: Login to Azure
      uses: azure/login@v1
      with:
      client-id: ${{ secrets.AZURE_CLIENT_ID }}
      tenant-id: ${{ secrets.AZURE_TENANT_ID }}
      subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
    • uses: azure/CLI@v1
      with:
      inlineScript: |
      value1=$(az keyvault secret show --name $AZURE_SECRET_NAME --vault-name $AZURE_KEYVAULT_NAME --query value -o tsv)
      echo $value1
      value2=$(az keyvault secret show --name $AZURE_SECRET_NAME --vault-name $AZURE_KEYVAULT_NAME --query value)
      echo $value2
      #echo "::add-mask::$value"
      #printf "%s\n" $value >> GITHUB_OUTPUT
      echo "${value2//"}" >> GITHUB_OUTPUT

AZ CLI问题 – GitHub Actions自托管运行器

英文:

I get the error shown in screenshot below while trying to fetch Azure key vault secrets using Azure CLI from github actions. The error says Please run 'az login' to setup account.

As one can see, the AZ login was successful in the previous step. Based on the suggestion here, I have installed Azure CLI - eventhough the output says Azure CLI is already up to date in the self hosted runner.

What can be done to overcome this issue?

yml snippet

- name: Install Azure CLI
    run: |
      sudo apt-get install ca-certificates curl apt-transport-https lsb-release gnupg
      curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | 
      sudo tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null
      AZ_REPO=$(lsb_release -cs)
      echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO 
      main" | sudo tee /etc/apt/sources.list.d/azure-cli.list
      sudo apt-get update
      sudo apt-get install azure-cli
      
  - name: Login to Azure
    uses: azure/login@v1
    with:
       client-id: ${{ secrets.AZURE_CLIENT_ID }}
       tenant-id: ${{ secrets.AZURE_TENANT_ID }}
       subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
  - uses: azure/CLI@v1
    with: 
      inlineScript: |
        value1=$(az keyvault secret show --name $AZURE_SECRET_NAME --vault-name $AZURE_KEYVAULT_NAME --query value -o tsv)
        echo $value1
        value2=$(az keyvault secret show --name $AZURE_SECRET_NAME --vault-name $AZURE_KEYVAULT_NAME --query value)
        echo $value2
        #echo "::add-mask::$value"
        #printf "%s\n" $value >> GITHUB_OUTPUT
        echo "${value2//\"}" >> GITHUB_OUTPUT

AZ CLI问题 – GitHub Actions自托管运行器

答案1

得分: 1

我运行了以下的Github工作流程,并在成功安装Azure CLI后成功获取了Key Vault的密钥。具体步骤如下:

我的Github工作流程:

我的完整Github工作流程 链接

从这个MS文档中查看安装Azure CLI的命令,以及从这里查看az key vault secret show命令。

name: Azure Key Vault Secrets

on:
  push:
    branches:
      - main

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout code
      uses: actions/checkout@v2

    - name: Install Azure CLI
      run: |
        sudo apt-get update
        sudo apt-get install ca-certificates curl apt-transport-https lsb-release gnupg
        sudo mkdir -p /etc/apt/keyrings
        curl -sLS https://packages.microsoft.com/keys/microsoft.asc |
            gpg --dearmor |
            sudo tee /etc/apt/keyrings/microsoft.gpg > /dev/null
        sudo chmod go+r /etc/apt/keyrings/microsoft.gpg
        AZ_REPO=$(lsb_release -cs)
        echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" |
        sudo tee /etc/apt/sources.list.d/azure-cli.list
        sudo apt-get update
        sudo apt-get install azure-cli        

    - name: Login to Azure
      uses: azure/login@v1
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}

    - name: Authenticate Azure CLI
      run: az login

    - uses: azure/CLI@v1
      with: 
        inlineScript: |
          value1=$(az keyvault secret show --name keyvaultsecret --vault-name siliconkeyvault12 --query value -o tsv)
          echo $value1
          value2=$(az keyvault secret show --name keyvaultsecret --vault-name siliconkeyvault12 --query value)
          echo $value2
          #echo "::add-mask::$value"
          #printf "%s\n" $value >> GITHUB_OUTPUT
          echo "${value2//\"}" >> GITHUB_OUTPUT           

输出:

AZ CLI问题 – GitHub Actions自托管运行器

AZ CLI问题 – GitHub Actions自托管运行器

在"Authenticate Azure CLI"步骤中,它要求我使用URL进行身份验证,我使用了我的Azure帐户进行了身份验证,该帐户具有访问密钥保管库的适当角色,详情请参考下图:

AZ CLI问题 – GitHub Actions自托管运行器

AZ CLI问题 – GitHub Actions自托管运行器

成功打印了密钥保管库的密钥值,如下所示:

AZ CLI问题 – GitHub Actions自托管运行器

门户:

我的用户帐户的Key Vault IAM:

AZ CLI问题 – GitHub Actions自托管运行器

Key Vault密钥:

AZ CLI问题 – GitHub Actions自托管运行器

我的密钥保管库访问策略设置为IAM。

英文:

I ran the below Github workflow and got the Key vault secrets successfully after successful login by installing Azure CLI, Refer below:-

My github workflow:-

My complete github workflow Link

Referred Install Azure CLI commands from this MS Document
and az key vault secret show command from here

name: Azure Key Vault Secrets

on:
  push:
    branches:
      - main

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout code
      uses: actions/checkout@v2

    - name: Install Azure CLI
      run: |
        sudo apt-get update
        sudo apt-get install ca-certificates curl apt-transport-https lsb-release gnupg
        sudo mkdir -p /etc/apt/keyrings
        curl -sLS https://packages.microsoft.com/keys/microsoft.asc |
            gpg --dearmor |
            sudo tee /etc/apt/keyrings/microsoft.gpg > /dev/null
        sudo chmod go+r /etc/apt/keyrings/microsoft.gpg
        AZ_REPO=$(lsb_release -cs)
        echo "deb [arch=`dpkg --print-architecture` signed-by=/etc/apt/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" |
        sudo tee /etc/apt/sources.list.d/azure-cli.list
        sudo apt-get update
        sudo apt-get install azure-cli        

    - name: Login to Azure
      uses: azure/login@v1
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}

    - name: Authenticate Azure CLI
      run: az login

    - uses: azure/CLI@v1
      with: 
        inlineScript: |
          value1=$(az keyvault secret show --name keyvaultsecret --vault-name siliconkeyvault12 --query value -o tsv)
          echo $value1
          value2=$(az keyvault secret show --name keyvaultsecret --vault-name siliconkeyvault12 --query value)
          echo $value2
          #echo "::add-mask::$value"
          #printf "%s\n" $value >> GITHUB_OUTPUT
          echo "${value2//\"}" >> GITHUB_OUTPUT           

Output:-

AZ CLI问题 – GitHub Actions自托管运行器

AZ CLI问题 – GitHub Actions自托管运行器

In Authenticate Azure CLI step it asked me to authenticate with the URL which I authenticated with my Azure account having proper role assigned on Key vault to access secret refer below:-

AZ CLI问题 – GitHub Actions自托管运行器

AZ CLI问题 – GitHub Actions自托管运行器

Key vault secret value got printed successfully like below:-

AZ CLI问题 – GitHub Actions自托管运行器

Portal:-

Key vault IAM to my user account:-

AZ CLI问题 – GitHub Actions自托管运行器

Key vault Secret:-

AZ CLI问题 – GitHub Actions自托管运行器

My Access policy is set to IAM in my Key vault.

huangapple
  • 本文由 发表于 2023年5月23日 01:47:13
  • 转载请务必保留本文链接:https://go.coder-hub.com/76308739.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定