{Core} az login: Add error handling when getting msi token and parsing PEM file by evelyn-ys · Pull Request #15574 · Azure/azure-cli

evelyn-ys · 2020-10-19T09:32:57Z

Description

This PR works as a part of fixing the none-actionable issues in #14981
Fix the most frequent errors with az login
error results

Testing Guide

ServicePrincipalAuth: az login --service-principle -u -p --tenant
Case before:

> az login --service-principle -u -p --tenant
CLIInternalError: The command failed with an unexpected error. Here is the traceback:
[(_PEM routines_, _get_name_, _no start line_)]
Traceback (most recent call last):
  File "D:\workspace\ysenv\lib\site-packages\knack\cli.py", line 215, in invoke
    cmd_result = self.invocation.execute(args)
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\commands\__init__.py", line 654, in execute
    raise ex
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\commands\__init__.py", line 718, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\commands\__init__.py", line 711, in _run_job
    six.reraise(*sys.exc_info())
  File "D:\workspace\ysenv\lib\site-packages\six.py", line 703, in reraise
    raise value
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\commands\__init__.py", line 688, in _run_job
    result = cmd_copy(params)
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\commands\__init__.py", line 325, in __call__
    return self.handler(*args, **kwargs)
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\__init__.py", line 784, in default_command_handler
    return op(**command_args)
  File "d:\workspace\azure-cli\src\azure-cli\azure\cli\command_modules\profile\custom.py", line 158, in login
    use_cert_sn_issuer=use_cert_sn_issuer)
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\_profile.py", line 208, in find_subscriptions_on_login
    sp_auth = ServicePrincipalAuth(password, use_cert_sn_issuer)
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\_profile.py", line 1149, in __init__
    cert = load_certificate(FILETYPE_PEM, self.cert_file_string)
  File "d:\workspace\ysenv\lib\site-packages\OpenSSL\crypto.py", line 1837, in load_certificate
    _raise_current_error()
  File "d:\workspace\ysenv\lib\site-packages\OpenSSL\util.py", line 54, in exception_from_error_queue
    raise exception_type(errors)

Case after

> az login --service-principle -u -p --tenant
CLIError: Invalid certificate, please use a valid PEM file.

MSIAuthentication: az login --identity
Case1 before: connection error

> az login --identity
CLIInternalError: The command failed with an unexpected error. Here is the traceback:
HTTPConnectionPool(host='169.254.169.254', port=80): Max retries exceeded with url: /metadata/identity/oauth2/token?resource=https%3A%2F%2Fmanagement.core.windows.net%2F&api-version=2018-02-01
Traceback (most recent call last):
  File "D:\workspace\ysenv\lib\site-packages\knack\cli.py", line 215, in invoke
    cmd_result = self.invocation.execute(args)
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\commands\__init__.py", line 654, in execute
    raise ex
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\commands\__init__.py", line 718, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\commands\__init__.py", line 711, in _run_job
    six.reraise(*sys.exc_info())
  File "D:\workspace\ysenv\lib\site-packages\six.py", line 703, in reraise
    raise value
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\commands\__init__.py", line 688, in _run_job
    result = cmd_copy(params)
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\commands\__init__.py", line 325, in __call__
    return self.handler(*args, **kwargs)
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\__init__.py", line 784, in default_command_handler
    return op(**command_args)
  File "d:\workspace\azure-cli\src\azure-cli\azure\cli\command_modules\profile\custom.py", line 136, in login
    return profile.find_subscriptions_in_vm_with_msi(username, allow_no_subscriptions)
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\_profile.py", line 346, in find_subscriptions_in_vm_with_msi
    msi_creds = MSIAuthenticationWrapper(resource=resource)
  File "D:\workspace\ysenv\lib\site-packages\msrestazure\azure_active_directory.py", line 592, in __init__
    self.set_token()
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\adal_authentication.py", line 100, in set_token
    super(MSIAuthenticationWrapper, self).set_token()
  File "D:\workspace\ysenv\lib\site-packages\msrestazure\azure_active_directory.py", line 600, in set_token
    token_entry = self._vm_msi.get_token(self.resource)
  File "D:\workspace\ysenv\lib\site-packages\msrestazure\azure_active_directory.py", line 649, in get_token
    token_entry = self._retrieve_token_from_imds_with_retry(resource)
  File "D:\workspace\ysenv\lib\site-packages\msrestazure\azure_active_directory.py", line 685, in _retrieve_token_from_imds_with_retry
    result = requests.get(request_uri, params=payload, headers={'Metadata': 'true', 'User-Agent':self._user_agent})
  File "D:\workspace\ysenv\lib\site-packages\requests\api.py", line 75, in get
    return request('get', url, params=params, **kwargs)
  File "D:\workspace\ysenv\lib\site-packages\requests\api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "D:\workspace\ysenv\lib\site-packages\requests\sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "D:\workspace\ysenv\lib\site-packages\requests\sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "D:\workspace\ysenv\lib\site-packages\requests\adapters.py", line 516, in send
    raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPConnectionPool(host='169.254.169.254', port=80): Max retries exceeded with url: /metadata/identity/oauth2/token?resource=https%3A%2F%2Fmanagement.core.windows.net%2F&api-version=2018-02-01

Case1 after: connection error

> az login --identity
AzureConnectionError: Failed to connect to MSI. Please make sure MSI is configured correctly and check the network connection.
Error detail: HTTPConnectionPool(host='169.254.169.254', port=80): Max retries exceeded with url: /metadata/identity/oauth2/token?resource=https%3A%2F%2Fmanagement.core.windows.net%2F&api-version=2018-02-01

Case2 before: HTTP error

> az login --identity
CLIInternalError: The command failed with an unexpected error. Here is the traceback:

Traceback (most recent call last):
  File "D:\workspace\ysenv\lib\site-packages\knack\cli.py", line 215, in invoke
    cmd_result = self.invocation.execute(args)
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\commands\__init__.py", line 654, in execute
    raise ex
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\commands\__init__.py", line 718, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\commands\__init__.py", line 711, in _run_job
    six.reraise(*sys.exc_info())
  File "D:\workspace\ysenv\lib\site-packages\six.py", line 703, in reraise
    raise value
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\commands\__init__.py", line 688, in _run_job
    result = cmd_copy(params)
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\commands\__init__.py", line 325, in __call__
    return self.handler(*args, **kwargs)
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\__init__.py", line 784, in default_command_handler
    return op(**command_args)
  File "d:\workspace\azure-cli\src\azure-cli\azure\cli\command_modules\profile\custom.py", line 136, in login
    return profile.find_subscriptions_in_vm_with_msi(username, allow_no_subscriptions)
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\_profile.py", line 346, in find_subscriptions_in_vm_with_msi
    msi_creds = MSIAuthenticationWrapper(resource=resource)
  File "D:\workspace\ysenv\lib\site-packages\msrestazure\azure_active_directory.py", line 592, in __init__
    self.set_token()
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\adal_authentication.py", line 100, in set_token
    super(MSIAuthenticationWrapper, self).set_token()
  File "D:\workspace\ysenv\lib\site-packages\msrestazure\azure_active_directory.py", line 600, in set_token
    token_entry = self._vm_msi.get_token(self.resource)
  File "D:\workspace\ysenv\lib\site-packages\msrestazure\azure_active_directory.py", line 649, in get_token
    token_entry = self._retrieve_token_from_imds_with_retry(resource)
  File "D:\workspace\ysenv\lib\site-packages\msrestazure\azure_active_directory.py", line 685, in _retrieve_token_from_imds_with_retry
    raise HTTPError(request=result.request, response=result.raw)
requests.exceptions.HTTPError

Case2 after: HTTP error

> az login --identity
AzureResponseError: Failed to connect to MSI. Please make sure MSI is configured correctly.
Get Token request returned http error: 400, reason: Bad request……

Case3 before: timeout

> az login --identity
CLIInternalError: The command failed with an unexpected error. Here is the traceback:
MSI: Failed to acquire tokens after 12 times
Traceback (most recent call last):
  File "D:\workspace\ysenv\lib\site-packages\knack\cli.py", line 215, in invoke
    cmd_result = self.invocation.execute(args)
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\commands\__init__.py", line 654, in execute
    raise ex
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\commands\__init__.py", line 718, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\commands\__init__.py", line 711, in _run_job
    six.reraise(*sys.exc_info())
  File "D:\workspace\ysenv\lib\site-packages\six.py", line 703, in reraise
    raise value
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\commands\__init__.py", line 688, in _run_job
    result = cmd_copy(params)
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\commands\__init__.py", line 325, in __call__
    return self.handler(*args, **kwargs)
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\__init__.py", line 784, in default_command_handler
    return op(**command_args)
  File "d:\workspace\azure-cli\src\azure-cli\azure\cli\command_modules\profile\custom.py", line 136, in login
    return profile.find_subscriptions_in_vm_with_msi(username, allow_no_subscriptions)
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\_profile.py", line 346, in find_subscriptions_in_vm_with_msi
    msi_creds = MSIAuthenticationWrapper(resource=resource)
  File "D:\workspace\ysenv\lib\site-packages\msrestazure\azure_active_directory.py", line 592, in __init__
    self.set_token()
  File "d:\workspace\azure-cli\src\azure-cli-core\azure\cli\core\adal_authentication.py", line 100, in set_token
    super(MSIAuthenticationWrapper, self).set_token()
  File "D:\workspace\ysenv\lib\site-packages\msrestazure\azure_active_directory.py", line 600, in set_token
    token_entry = self._vm_msi.get_token(self.resource)
  File "D:\workspace\ysenv\lib\site-packages\msrestazure\azure_active_directory.py", line 649, in get_token
    token_entry = self._retrieve_token_from_imds_with_retry(resource)
  File "D:\workspace\ysenv\lib\site-packages\msrestazure\azure_active_directory.py", line 684, in _retrieve_token_from_imds_with_retry
    raise MSIAuthenticationTimeoutError('MSI: Failed to acquire tokens after {} times'.format(max_retry))
msrestazure.azure_exceptions.MSIAuthenticationTimeoutError: MSI: Failed to acquire tokens after 12 times

Case3 after: timeout

> az login --identity
AzureConnectionError: MSI endpoint is not responding. Please make sure MSI is configured correctly.
Error detail: MSI: Failed to acquire tokens after 12 times

yonzhan · 2020-10-19T09:43:19Z

Core

src/azure-cli-core/azure/cli/core/tests/test_profile_v2016_06_01.py

src/azure-cli-core/azure/cli/core/_profile.py

yungezz · 2020-10-26T06:15:20Z

#14981

evelyn-ys added 4 commits October 19, 2020 14:45

Improvement for most frenquent errors in az login

1ff60b8

reformat

3ad2352

modify error msg

f8652b5

modify err msg

96b7fda

evelyn-ys requested a review from jiasli October 19, 2020 09:32

evelyn-ys requested review from Juliehzl, arrownj, fengzhou-msft, haroldrandom, jsntcy and mmyyrroonn as code owners October 19, 2020 09:32

evelyn-ys self-assigned this Oct 19, 2020

yonzhan added this to the S177 milestone Oct 19, 2020

evelyn-ys marked this pull request as draft October 20, 2020 07:50

add debug info

2638806

evelyn-ys marked this pull request as ready for review October 21, 2020 05:33

evelyn-ys added 4 commits October 21, 2020 14:42

pylint

5ec26b7

profile catch logic

baab056

fix tests

170d73e

remove unused import

45b1bee

jiasli reviewed Oct 22, 2020

View reviewed changes

src/azure-cli-core/azure/cli/core/tests/test_profile_v2016_06_01.py Outdated Show resolved Hide resolved

jiasli reviewed Oct 22, 2020

View reviewed changes

src/azure-cli-core/azure/cli/core/_profile.py Outdated Show resolved Hide resolved

evelyn-ys force-pushed the err_improvement branch from ea5f56d to 45b1bee Compare October 22, 2020 05:53

jiasli reviewed Oct 22, 2020

View reviewed changes

src/azure-cli-core/azure/cli/core/_profile.py Outdated Show resolved Hide resolved

evelyn-ys added 2 commits October 22, 2020 14:31

add test for Invalid PEM file

94a1be2

fix import

5712e3a

evelyn-ys requested a review from jiasli October 22, 2020 09:21

jiasli approved these changes Oct 23, 2020

View reviewed changes

evelyn-ys merged commit 3e30b53 into Azure:dev Oct 23, 2020

evelyn-ys added the Error Handling label Oct 27, 2020

evelyn-ys mentioned this pull request Nov 3, 2020

{Core} az login: Add error handling when finding subscriptions #15776

Merged

This was referenced Apr 19, 2021

command failed with an unexpected error #14036

Closed

[CloudShell] Capture HTTPError 400 in Cloud Shell #14455

Closed

Error: az login -i #17756

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

{Core} az login: Add error handling when getting msi token and parsing PEM file#15574

{Core} az login: Add error handling when getting msi token and parsing PEM file#15574
evelyn-ys merged 11 commits intoAzure:devfrom
evelyn-ys:err_improvement

evelyn-ys commented Oct 19, 2020 •

edited

Loading

Uh oh!

yonzhan commented Oct 19, 2020

Uh oh!

Uh oh!

Uh oh!

Uh oh!

yungezz commented Oct 26, 2020

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Comments

Conversation

evelyn-ys commented Oct 19, 2020 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

Testing Guide

Uh oh!

yonzhan commented Oct 19, 2020

Uh oh!

Uh oh!

Uh oh!

Uh oh!

yungezz commented Oct 26, 2020

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Comments

evelyn-ys commented Oct 19, 2020 •

edited

Loading