Trying to run Kubernetes on Azure, I'm stuck on ./azure-login.js -u <your_username>.
I'm getting the following:
[aii#localhost azure]$ ./azure-login.js -u aii#aii_domain.com
info: Executing command login
Password: ********
+ Authenticating...
error: Interactive login is required. Use 'azure login' to interactively login.
info: Error information has been recorded to /home/aii/.azure/azure.err
error: login command failed
More info:
[aii#localhost azure]$ azure --version
0.10.0 (node: 4.3.1)
BTW, my account is BizSpark Plus if it matter..
Add the following commands first:
azure account download
it will guide you to download .publishsettings file from browser which you should use for:
azure account import <downloaded file>
azure account set <"name of your subscription">
Azure login only works from a work or school id, which really means an AAD object (identity). If you have a Microsoft account, you can only "connect" with the azure account import command that takes a .publishsettings file that you have to download. (it's a cert file)
This is actually a feature of Azure, although I think we don't communicate well here. Turns out that everyone has a default Azure Active Directory domain that they get for free.
At a larger level, Azure has two management APIs:
1. Service management, which can be used with either work ids or Microsoft account ids, and
2. Resource management, which is the new stuff and can be used only with work or school ids, and that works only with the azure login functionality.
Related
I'm trying to use DefaultAzureCredentials to authenticate my Azure function against Azure Service Bus. In my azure function azure-func-service-bus, I call to Azure Service Bus
servicebus_client = ServiceBusClient(
fully_qualified_namespace=MY_SERVICE_BUS_NAMESPACE_NAME+".servicebus.windows.net",
credential=DefaultAzureCredential(additionally_allowed_tenants=['*'])
)
I created and pushed Docker container to ACR. When I run the container locally for testing outside of Azure, it does not know what permissions to use.
az acr login --name acr01
docker push acr01.azurecr.io/azure-func-service-bus:v1
docker pull acr01.azurecr.io/azure-func-service-bus:v1
docker run -it --rm -p 8080:80 acr01.azurecr.io/azure-func-service-bus:v1
but got the following error.
DefaultAzureCredential failed to retrieve a token from the included credentials.
Attempted credentials:
EnvironmentCredential: EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
Visit https://aka.ms/azsdk/python/identity/environmentcredential/troubleshoot to troubleshoot.this issue.
ManagedIdentityCredential: ManagedIdentityCredential authentication unavailable, no response from the IMDS endpoint.
SharedTokenCacheCredential: SharedTokenCacheCredential authentication unavailable. No accounts were found in the cache.
VisualStudioCodeCredential: Failed to get Azure user details from Visual Studio Code.
AzureCliCredential: Azure CLI not found on path
AzurePowerShellCredential: PowerShell is not installed
To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/python/identity/defaultazurecredential/troubleshoot.
Unexpected error occurred (ClientAuthenticationError('DefaultAzureCredential failed to retrieve a token from the included credentials.\nAttempted credentials:\n\tEnvironmentCredential: EnvironmentCredential authentication unavailable. Environment variables are not fully configured.\nVisit https://aka.ms/azsdk/python/identity/environmentcredential/troubleshoot to troubleshoot.this issue.\n\tManagedIdentityCredential: ManagedIdentityCredential authentication unavailable, no response from the IMDS endpoint.\n\tSharedTokenCacheCredential: SharedTokenCacheCredential authentication unavailable. No accounts were found in the cache.\n\tVisualStudioCodeCredential: Failed to get Azure user details from Visual Studio Code.\n\tAzureCliCredential: Azure CLI not found on path\n\tAzurePowerShellCredential: PowerShell is not installed\nTo mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/python/identity/defaultazurecredential/troubleshoot.')). Handler shutting down.
I'm missing a key piece of the puzzle. How can I handle this?
When the Azure Function runs in Azure, it's configured to support ManagedIdentityCredential. For your case I'd recommend trying to configure EnvironmentCredential to test locally.
You can find the details in the link, but the short version is:
Create a service principle (Docs) and give it the needed access
Run the container with extra Environment Variables:
AZURE_TENANT_ID: service principal's Tenant ID
AZURE_CLIENT_ID: service principal's AppId
AZURE_CLIENT_SECRET: service principle's password
I'd recommend using a .env file to make this easier, but be sure it doesn't get checked in anywhere.
FYI If your account doesn't use MFA, you can instead use the variables AZURE_USERNAME and AZURE_PASSWORD. But then you've put your username and password in a file or your terminal history which is concerning. Admittedly the service principal has the same problem, but you can more easily mitigate that with minimizing it's access and regularly rolling the secret.
P.S. If you're using Visual Studio for making your Azure Function you should be able to use something like: EnvironmentCredentialExample to automate setting up and using the needed .env file.
Good day I am new on web developing and want to ask on how to fix this error in the terminal of Azure webapp service, git push azure main this is the command I keep inserting inside the terminal but the response is always this Password for <webapp url> and I don't know what password I should enter
therefore I browse the internet and still stuck on this, the fixes I tried is removing some credentials on windows credential, changing the HTTPS to SSHS, configuring global password, and lastly installing the GCM from github thank you very much
In Azure Portal, first we need to create Azure App service with the required run time stack.
You will get this option, if we deploy our App using Local Git.
We need to provide Credentials while pushing the code from local GitHub.
You will get the Credentials from Azure Portal => App Service.
Navigate to Azure Portal => Your App Service (which you have created in first step) => Deployment Center => Local Git/ FTPS credentials.
We can use the existing Application scope Username and Password or can create new User scope and use them.
I have an existing paid Azure subscription. SOmehow, I failed to pay my bills and subscription got deactivated and then I paid and activated again
But after this incident, I am getting one strange error in Cloudshell as follows:
a) From my Win 10 machine, I opened Chrome/ Edge browser
b) Logged in to Azure Portal
c) Opened Cloud shell and Opened PWSH mode
d) Types in Connect-AZAccount
Getting following warning and then an error:
--> WARNING: Unable to acquire token for tenant 'organizations'
--> Connect-AzAccount: InteractiveBrowserCredential authentication failed: Unable to open a web page using xdg-open. See inner exception for details. Possible causes for this error are: xdg-open is not installed or it cannot find a way to open an url - make sure you can open a web page by invoking from a terminal: xdg-open https://www.bing.com
This never happened earlier and I always used before normally. Also I tried with some other Window systems. Same error. But when I tried to use installed Powershell it works as charm. Please advise what went wrong
If you use Cloud Shell, then you don't need to use this command to connect to Azure.Your Azure Cloud Shell session is already authenticated for the environment, subscription, and tenant that launched the Cloud Shell session.
Please see the documentation:
Sign in interactively with the Connect-AzAccount cmdlet. Skip this
step if you use Cloud Shell. Your Azure Cloud Shell session is already
authenticated for the environment, subscription, and tenant that
launched the Cloud Shell session.
We have a Key Vault in a resource group in an Azure instant.
We have a user in the US (ME) and a user in different country (FU).
Both of use have many things in common, namely:
Using same version of VS 2017.
Running the exact same code.
Our VS user account is the same (a user in our Azure AD instance).
We are using a Managed Identity
If I run the code in US (logged in in VS as the FU), I am able to read the secret and display on the screen.
If the FU(logged in in VS as the FU but in another country), when he runs the code it throws the following exception
Operation returned an invalid status code 'Unauthorized'
The line of code that throws the error is:
var secret = await keyVaultClient.GetSecretAsync("https://XXXXXXX.vault.azure.net/secrets/username")
.ConfigureAwait(false);
We have both installed Azure CLI 2.0.
However, I found these stipulations at this site.
Your on-premise active directory is synced with Azure AD.
You are running this code on a domain joined machine.
Neither of these are true in our case.
Possibly a good test of these would for our vendor to allow me to remote into his machine and put my identity on VS and then run the code.
If we still get the error, then it is very likely this is our problem.
The above link said we could "Run the application using a service principal in local development environment"
Would that fix the problem???
I am fairly new to Azure and C#. Any help would be greatly appreciated!
How to remove an orphaned Application in an Azure Directory?
I have a second (non-Default) directory that I was using to test the AD Connect app, and having finished with it, want to delete.
I have been able to remove the users both with the Management Portal and remove-msoluser, but am unable to delete the directory as it has one Application registered - "Office 365 Management APIs"
In the management console, this Application looks a little weird - there are no options to do anything on its dashboard and just checking, this Application is also installed in my Default Directory and looks the same - maybe it cannot be removed?
Have tried removing the App using the Remove-msolservice cmdlet, and tried the whole-hog approach as per Method 5 in https://support.microsoft.com/en-au/kb/2967860/en-us - seems to run through ok, but the Application is still listed, and when deleting the Directory I still get the error -
Directory has one or more applications that were added by a user or administrator
I had the same problem. When performed the steps below, I could delete the Azure Active Directory tenant:
Log in to Azure and create a new user with Global Admin permissions in the AAD you're trying to delete.
Open the Azure Active Directory Module for Windows PowerShell and execute the following:
Connect-MsolService (Log in with #onmicrosoft global admin account you created)
Get-MsolServicePrincipal | Remove-MsolServicePrincipal (This will generate errors but it's ok)
Log in to https://manage.windowsazure.com as the service admin
Delete already created #onmicrosoft.com Global Admin user
Delete the AAD now
You check the sites below as well:
http://blogs.msdn.com/b/dstfs/archive/2015/05/27/trouble-deleting-azure-active-directory-aad-due-to-quot-visual-studio-online-quot-item-in-aad-quot-applications-quot-list.aspx
or here:
https://www.opsgility.com/blog/deleting-azure-ad-applications
You must run the following cmdlets after running the remove cmdlets:
Get-MsolServicePrincipal | Set-MsolServicePrincipal -AccountEnabled $False
then delete the temporary global admin account (if any) and you should be able to delete the directory.
More information about this issue: https://support.microsoft.com/en-us/kb/3112170
This article helps me to delete Azure AD I created with old Windows Azure Portal (manage.windowsazure.com):
https://blogs.msdn.microsoft.com/ericgolpe/2015/04/30/walkthrough-of-deleting-an-azure-ad-tenant/
In a nutshell:
Create a new user under the AD you intend to delete.
User must have Global Admin role.
You will get temporary password for this user. Once login to Azure Portal with this user, you will need to create a permanent password.
Use this credential, you will remove Azure AD's applications using Azure AD PowerShell
Then, go back to Azure AD you intend to delete (using your credential, not the newly created user), delete the user you just created.
Only after doing all these will you be able to delete the Azure AD.