-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Manual image generation tries to create Service Principal #10071
Comments
@donk-msft We are looking into the issue, we will get back to you after investigating this issue, Thanks. |
@donk-msft ,Here are the some steps you can take to resolve or mitigate the issue:-
Log in interactively and set the correct tenant contextaz login Verify current context (optional)az account show Run the script with AzureTenantId parameterGenerateResourcesAndImage -AzureTenantId <tenant_id> ... So in above script, you can try to replace <subscription_id> and <tenant_id> with your actual subscription and tenant IDs. This approach ensures that both the correct subscription and tenant contexts are set before executing the
Also Kindly follow the below link step by step for better understanding and feel free to revert back for any further queries, thanks:) https://github.com/actions/runner-images/blob/main/docs/create-image-and-azure-resources.md |
@donk-msft , could you please comment on this resolution provided to you and whether your issue got resolved or not? |
Description
Documentation states:
The GenerateResourcesAndImage function is able to create a Service Principal to be used by Packer. It uses the Connect-AzAccount cmdlet that invokes an interactive authentication process by default. If you don't want to use interactive authentication, you should create a Service Principal with full read-write permissions for the selected Azure subscription on your own and provide proper values for the parameters AzureClientId, AzureClientSecret and AzureTenantId.
Platforms affected
Runner images affected
Image version and build link
Ubuntu 22.04
Is it regression?
No
Expected behavior
When running the 'GenerateResourcesAndImage' command with the -AzureTenantId parameter I expect to be authenticated against this tenant only and that packer uses interactive authentication instead of a Service principal.
Actual behavior
When running the 'GenerateResourcesAndImage' command with the -AzureTenantId parameter the script still tries retrieves all tenants and subscriptions for selection. I select the correct subscription. It then reports the tenant and subscription and shows a warning '[Warning] The login output has been updated. Please be aware that it no longer displays the full list of available subscriptions by default.'
Eventhough I'm logged in interactively, the script then proceeds to create a service principal for packer... (for which I don't have permissions and I don't want to happen).
Repro steps
On your local machine, follow the documented steps (clone git, import module) and run the 'GenerateResourcesAndImage' command.
The text was updated successfully, but these errors were encountered: