Support for AzureChinaCloud

[octavia213]

Hi, I am currently trying to get this action to work with an AKS instance in AzureChinaCloud. This action fails with "ExpiredServicePrincipal", although I am able to login via AZ CLI and fetch the aks credentials with "az aks get-credentials", so I wonder if this ExpiredServicePrincipal error is actually because I didn't specify using AzureChinaCloud in this action, and it couldn't find my subscription or service principal in the global cloud.

with:
creds: ***
cluster-name: [cluster_group_name]
resource-group: [resource_group_name]
Error: ExpiredServicePrincipal

[OliverMKing]

Are you using the Azure/login action to authenticate? Azure/login takes a environment parameter that you should pass AzureChinaCloud into.

[octavia213]

Hi Oliver,
There is a login action that successfully runs before reaching the aks-set-context step, as follows:

- uses: azure/login@v1
  with:
    creds: ${{ secrets.AZURE_CREDENTIALS }}
    environment: AzureChinaCloud
- uses: azure/aks-set-context@v1
  with:
    creds: ${{ secrets.AZURE_CREDENTIALS }}
    cluster-name: ${{ env.CLUSTER_NAME }}
    resource-group: ${{ env.CLUSTER_RESOURCE_GROUP }}

Maybe the credentials from azure/login didn't carry over to azure/aks-set-context, or the service principal itself doesn't have enough privilege for this action?

[OliverMKing]

You should upgrade to v3 or v2 of aks-set-context. V1 used a completely different login strategy.

[octavia213]

It ran successfully after upgrading to v3; thank you Oliver