Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot download azure devops pipeline artifact in the private network #6263

Open
zhangtbj opened this issue May 4, 2023 · 3 comments
Open

Cannot download azure devops pipeline artifact in the private network #6263

zhangtbj opened this issue May 4, 2023 · 3 comments
Labels
Auto-Assign Auto assign by bot customer-reported Issues that are reported by GitHub users external to the Azure organization. DevOps Pipelines question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Service Attention This issue is responsible by Azure service team.
Milestone
Backlog

Comments

@zhangtbj
Copy link

zhangtbj commented May 4, 2023
edited
Loading

This is autogenerated. Please review and update as needed.

Describe the bug

Command Name
az pipelines runs artifact download Extension Name: azure-devops. Version: 0.26.0.

Errors:

...
cli.azext_devops.dev.common.services: received PAT from environment variable
cli.azext_devops.dev.common.services: Creating connection with personal access token.
cli.azext_devops.dev.common.external_tool: Running external command: /root/.azure/azuredevops/cli/tools/artifacttool/ArtifactTool_alpine-x64_0.2.267/artifacttool pipelineartifact download --service https://dev.azure.com/neste --patvar AZURE_DEVOPS_EXT_ARTIFACTTOOL_PATVAR --project Azure Cloud Foundation --pipeline-id 36312 --artifact-name drop --path /Users/jordan/Downloads
cli.azext_devops.dev.common.artifacttool: Getting artifact 'drop' from pipeline '36312' from project 'Azure Cloud Foundation' in organization 'https://dev.azure.com/neste'.
cli.azext_devops.dev.common.artifacttool: The manifest ID for artifact 'drop' is '50A3D1FD9711ACC74B393E5CF30735BF5D2763473309DA9611D86E47DE96F54801'.
cli.azext_devops.dev.common.artifacttool: Encountered an unexpected error.
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Security.SslStream.ThrowIfExceptional()
   at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
   at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__65_1(IAsyncResult iar)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at Microsoft.VisualStudio.Services.Common.VssHttpRetryMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
   at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync(HttpRequestMessage message, HttpCompletionOption completionOption, Object userState, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync[T](HttpRequestMessage message, Object userState, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.GetConnectionDataAsync(ConnectOptions connectOptions, Int64 lastChangeId, CancellationToken cancellationToken, Object userState)
   at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.GetConnectionDataAsync(ConnectOptions connectOptions, Int32 lastChangeId, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.ConnectAsync(ConnectOptions connectOptions, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.Location.LocationService.CreateDataProviderAsync(String location, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.Location.LocationService.ResolveLocationDataAsync(Guid locationAreaIdentifier, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.Location.LocationService.GetLocationDataAsync(Guid locationAreaIdentifier, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.VssConnection.GetClientInstanceAsync(Type managedType, Guid serviceIdentifier, CancellationToken cancellationToken, VssHttpRequestSettings settings, DelegatingHandler[] handlers)
   at Microsoft.VisualStudio.Services.WebApi.VssConnection.GetClientServiceImplAsync(Type requestedType, Guid serviceIdentifier, Func`4 getInstanceAsync, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.VssConnection.GetClientAsync[T](CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.Content.Common.AsyncHttpRetryHelper`1.InvokeAsync(CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.Content.Common.ExceptionExtensions.ReThrow(Exception ex)
   at Microsoft.VisualStudio.Services.Content.Common.AsyncHttpRetryHelper`1.InvokeAsync(CancellationToken cancellationToken)
   at ArtifactTool.DedupManifestArtifactClientProvider.GetDedupManifestArtifactClientAsync(String serviceUrl, String patVar, ILogger commandBaseLogger, IAppTraceSource tracer, String cacheDirectory, Boolean cacheWriteAllowed, CancellationToken cancellationToken) in D:\a\1\s\src\ArtifactTool\Providers\DedupManifestArtifactClient\DedupManifestArtifactClientProvider.cs:line 56
   at ArtifactTool.Commands.PipelineArtifactDownloadCommand.ExecuteAsync() in D:\a\1\s\src\ArtifactTool\Commands\PipelineArtifacts\PipelineArtifactDownloadCommand.cs:line 46
   at ArtifactTool.Commands.CommandBase.OnExecuteAsync() in D:\a\1\s\src\ArtifactTool\Commands\CommandBase.cs:line 105
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.InvokeAsync(MethodInfo method, Object instance, Object[] arguments) in C:\projects\commandlineutils\src\CommandLineUtils\Conventions\ExecuteMethodConvention.cs:line 77
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.OnExecute(ConventionContext context) in C:\projects\commandlineutils\src\CommandLineUtils\Conventions\ExecuteMethodConvention.cs:line 62
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.<>c__DisplayClass0_0.<<Apply>b__0>d.MoveNext() in C:\projects\commandlineutils\src\CommandLineUtils\Conventions\ExecuteMethodConvention.cs:line 25
--- End of stack trace from previous location where exception was thrown ---
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.<>c__DisplayClass126_0.<OnExecute>b__0() in C:\projects\commandlineutils\src\CommandLineUtils\CommandLineApplication.cs:line 505
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.Execute(String[] args) in C:\projects\commandlineutils\src\CommandLineUtils\CommandLineApplication.cs:line 611
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.Execute[TApp](CommandLineContext context) in C:\projects\commandlineutils\src\CommandLineUtils\CommandLineApplication.Execute.cs:line 57
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](CommandLineContext context) in C:\projects\commandlineutils\src\CommandLineUtils\CommandLineApplication.Execute.cs:line 145
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](IConsole console, String[] args) in C:\projects\commandlineutils\src\CommandLineUtils\CommandLineApplication.Execute.cs:line 130
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](String[] args) in C:\projects\commandlineutils\src\CommandLineUtils\CommandLineApplication.Execute.cs:line 112
...

To Reproduce:

Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.

  • Create an Azure private kube cluster and block all inbound and outbound traffics.
  • Open the related network access for url, such as dev.azure.com, 08wvsblobprodsu6weus73.vsblob.vsassets.io, etc ...
  • azure-pod:/# az pipelines runs artifact download --artifact-name drop --path "/Downloads" --run-id 36312 --project "xxx" --organization "https://dev.azure.com/xxx" --debug
  • It can download the artifact tool, az login, but failed after getting the manifest ID for the artifact, but from the debug and log, we cannot know which url is blocked (I also cannot find the source code of the artifact tool). :(
  • Please help introduce more info or let us know which url is used for this failure so that we can unblock it in our private cluster.
  • The command works fine on the public cluster/network, we can download the artifact successfully

Thanks a lot!

Expected Behavior

Environment Summary

Linux-5.4.0-1104-azure-x86_64-with, Alpine Linux v3.17
Python 3.10.9
Installer: DOCKER

azure-cli 2.45.0 *

Extensions:
azure-devops 0.26.0

Dependencies:
msal 1.20.0
azure-mgmt-resource 21.1.0b1

Additional Context
@ghost ghost added question The issue doesn't require a change to the product in order to be resolved. Most issues start as that customer-reported Issues that are reported by GitHub users external to the Azure organization. labels May 4, 2023
@yonzhan
Copy link
Collaborator

yonzhan commented May 4, 2023

Thank you for opening this issue, we will look into it.

@ghost ghost added Auto-Assign Auto assign by bot Pipelines DevOps CXP Attention This issue is handled by CXP team. Account labels May 4, 2023
@ghost ghost assigned jiasli May 4, 2023
@ghost ghost added this to the Backlog milestone May 4, 2023
@ghost ghost added the Azure CLI Team The command of the issue is owned by Azure CLI team label May 4, 2023
@zhangtbj
Copy link
Author

zhangtbj commented May 4, 2023

In our success result, I found the next step is:

{"@t":"2023-05-04T06:29:14.4033988Z","@m":"ApplicationInsightsTelemetrySender will correlate events with X-TFS-Session d121d6b1-bc24-4c48-b2cb-88c1794abd1e","@i":"44baf94a"
,"SourceContext":"ArtifactTool.Commands.PipelineArtifactDownloadCommand","UtcTimestamp":"2023-05-04 06:29:14.403Z"}

But we don't know what is it and which url is required for this ApplicationInsightsTelemetrySender

@yonzhan yonzhan removed the Account label May 4, 2023
@PramodValavala-MSFT PramodValavala-MSFT added Service Attention This issue is responsible by Azure service team. and removed CXP Attention This issue is handled by CXP team. Azure CLI Team The command of the issue is owned by Azure CLI team labels May 5, 2023
@ghost
Copy link

ghost commented May 5, 2023

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @v-anvashist, @V-hmusukula.

Issue Details

This is autogenerated. Please review and update as needed.

Describe the bug

Command Name
az pipelines runs artifact download Extension Name: azure-devops. Version: 0.26.0.

Errors:

...
cli.azext_devops.dev.common.services: received PAT from environment variable
cli.azext_devops.dev.common.services: Creating connection with personal access token.
cli.azext_devops.dev.common.external_tool: Running external command: /root/.azure/azuredevops/cli/tools/artifacttool/ArtifactTool_alpine-x64_0.2.267/artifacttool pipelineartifact download --service https://dev.azure.com/neste --patvar AZURE_DEVOPS_EXT_ARTIFACTTOOL_PATVAR --project Azure Cloud Foundation --pipeline-id 36312 --artifact-name drop --path /Users/jordan/Downloads
cli.azext_devops.dev.common.artifacttool: Getting artifact 'drop' from pipeline '36312' from project 'Azure Cloud Foundation' in organization 'https://dev.azure.com/neste'.
cli.azext_devops.dev.common.artifacttool: The manifest ID for artifact 'drop' is '50A3D1FD9711ACC74B393E5CF30735BF5D2763473309DA9611D86E47DE96F54801'.
cli.azext_devops.dev.common.artifacttool: Encountered an unexpected error.
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Security.SslStream.ThrowIfExceptional()
   at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
   at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__65_1(IAsyncResult iar)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at Microsoft.VisualStudio.Services.Common.VssHttpRetryMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
   at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync(HttpRequestMessage message, HttpCompletionOption completionOption, Object userState, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync[T](HttpRequestMessage message, Object userState, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.GetConnectionDataAsync(ConnectOptions connectOptions, Int64 lastChangeId, CancellationToken cancellationToken, Object userState)
   at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.GetConnectionDataAsync(ConnectOptions connectOptions, Int32 lastChangeId, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.ConnectAsync(ConnectOptions connectOptions, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.Location.LocationService.CreateDataProviderAsync(String location, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.Location.LocationService.ResolveLocationDataAsync(Guid locationAreaIdentifier, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.Location.LocationService.GetLocationDataAsync(Guid locationAreaIdentifier, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.VssConnection.GetClientInstanceAsync(Type managedType, Guid serviceIdentifier, CancellationToken cancellationToken, VssHttpRequestSettings settings, DelegatingHandler[] handlers)
   at Microsoft.VisualStudio.Services.WebApi.VssConnection.GetClientServiceImplAsync(Type requestedType, Guid serviceIdentifier, Func`4 getInstanceAsync, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.VssConnection.GetClientAsync[T](CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.Content.Common.AsyncHttpRetryHelper`1.InvokeAsync(CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.Content.Common.ExceptionExtensions.ReThrow(Exception ex)
   at Microsoft.VisualStudio.Services.Content.Common.AsyncHttpRetryHelper`1.InvokeAsync(CancellationToken cancellationToken)
   at ArtifactTool.DedupManifestArtifactClientProvider.GetDedupManifestArtifactClientAsync(String serviceUrl, String patVar, ILogger commandBaseLogger, IAppTraceSource tracer, String cacheDirectory, Boolean cacheWriteAllowed, CancellationToken cancellationToken) in D:\a\1\s\src\ArtifactTool\Providers\DedupManifestArtifactClient\DedupManifestArtifactClientProvider.cs:line 56
   at ArtifactTool.Commands.PipelineArtifactDownloadCommand.ExecuteAsync() in D:\a\1\s\src\ArtifactTool\Commands\PipelineArtifacts\PipelineArtifactDownloadCommand.cs:line 46
   at ArtifactTool.Commands.CommandBase.OnExecuteAsync() in D:\a\1\s\src\ArtifactTool\Commands\CommandBase.cs:line 105
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.InvokeAsync(MethodInfo method, Object instance, Object[] arguments) in C:\projects\commandlineutils\src\CommandLineUtils\Conventions\ExecuteMethodConvention.cs:line 77
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.OnExecute(ConventionContext context) in C:\projects\commandlineutils\src\CommandLineUtils\Conventions\ExecuteMethodConvention.cs:line 62
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.<>c__DisplayClass0_0.<<Apply>b__0>d.MoveNext() in C:\projects\commandlineutils\src\CommandLineUtils\Conventions\ExecuteMethodConvention.cs:line 25
--- End of stack trace from previous location where exception was thrown ---
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.<>c__DisplayClass126_0.<OnExecute>b__0() in C:\projects\commandlineutils\src\CommandLineUtils\CommandLineApplication.cs:line 505
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.Execute(String[] args) in C:\projects\commandlineutils\src\CommandLineUtils\CommandLineApplication.cs:line 611
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.Execute[TApp](CommandLineContext context) in C:\projects\commandlineutils\src\CommandLineUtils\CommandLineApplication.Execute.cs:line 57
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](CommandLineContext context) in C:\projects\commandlineutils\src\CommandLineUtils\CommandLineApplication.Execute.cs:line 145
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](IConsole console, String[] args) in C:\projects\commandlineutils\src\CommandLineUtils\CommandLineApplication.Execute.cs:line 130
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](String[] args) in C:\projects\commandlineutils\src\CommandLineUtils\CommandLineApplication.Execute.cs:line 112
...

To Reproduce:

Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.

  • Create an Azure private kube cluster and block all inbound and outbound traffics.
  • Open the related network access for url, such as dev.azure.com, 08wvsblobprodsu6weus73.vsblob.vsassets.io, etc ...
  • azure-pod:/# az pipelines runs artifact download --artifact-name drop --path "/Downloads" --run-id 36312 --project "xxx" --organization "https://dev.azure.com/xxx" --debug
  • It can download the artifact tool, az login, but failed after getting the manifest ID for the artifact, but from the debug and log, we cannot know which url is blocked (I also cannot find the source code of the artifact tool). :(
  • Please help introduce more info or let us know which url is used for this failure so that we can unblock it in our private cluster.
  • The command works fine on the public cluster/network, we can download the artifact successfully

Thanks a lot!

Expected Behavior

Environment Summary

Linux-5.4.0-1104-azure-x86_64-with, Alpine Linux v3.17
Python 3.10.9
Installer: DOCKER

azure-cli 2.45.0 *

Extensions:
azure-devops 0.26.0

Dependencies:
msal 1.20.0
azure-mgmt-resource 21.1.0b1

Additional Context

Author: zhangtbj
Assignees: -
Labels:

question, customer-reported, Service Attention, Pipelines, DevOps, Auto-Assign
Milestone: Backlog

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Auto-Assign Auto assign by bot customer-reported Issues that are reported by GitHub users external to the Azure organization. DevOps Pipelines question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Service Attention This issue is responsible by Azure service team.
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
4 participants
@jiasli @zhangtbj @PramodValavala-MSFT @yonzhan