Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to enable https on custom domain for a CDN endpoint after upgrading to az cli 2.0.81 #12152

Closed
feksai opened this issue Feb 12, 2020 · 18 comments · Fixed by #12648
Closed
Labels
Network - CDN az cdn Service Attention This issue is responsible by Azure service team.

Comments

@feksai
Copy link

feksai commented Feb 12, 2020

This is autogenerated. Please review and update as needed.

Describe the bug

When I try to enable https for custom domain on cdn endpoint I get error

Command Name
az cdn custom-domain enable-https

Errors:

InvalidResourceType - The resource type is invalid.

To Reproduce:

Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.

  • Put any pre-requisite steps here...
  • az cdn custom-domain enable-https --endpoint-name {} --name {} --profile-name {} --resource-group {} --debug

Expected Behavior

Environment Summary

Linux-4.4.0-18362-Microsoft-x86_64-with-debian-stretch-sid
Python 3.6.5
Shell: bash

azure-cli 2.0.81

Extensions:
image-copy-extension 0.2.1

Additional Context

@feksai
Copy link
Author

feksai commented Feb 12, 2020

Attaching debug information

username@DESKTOP-B9F0F6M:/mnt/c/Users/username$ az cdn custom-domain enable-https   --endpoint-name domainplayusfront/domainplayusfront --name front-play-domain-org --profile-name domainplayusfront --resource-group domain-playus --debug
Command arguments: ['cdn', 'custom-domain', 'enable-https', '--endpoint-name', 'domainplayusfront/domainplayusfront', '--name', 'front-play-domain-org', '--profile-name', 'domainplayusfront', '--resource-group', 'domain-playus', '--debug']
Event: Cli.PreExecute []
Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x7f359e951d08>, <function OutputProducer.on_global_arguments at 0x7f359e47aae8>, <function CLIQuery.on_global_arguments at 0x7f359e4a5b70>]
Event: CommandInvoker.OnPreCommandTableCreate []
Installed command modules ['acr', 'acs', 'advisor', 'ams', 'apim', 'appconfig', 'appservice', 'backup', 'batch', 'batchai', 'billing', 'botservice', 'cdn', 'cloud', 'cognitiveservices', 'configure', 'consumption', 'container', 'cosmosdb', 'deploymentmanager', 'dla', 'dls', 'dms', 'eventgrid', 'eventhubs', 'extension', 'feedback', 'find', 'hdinsight', 'interactive', 'iot', 'iotcentral', 'keyvault', 'kusto', 'lab', 'managedservices', 'maps', 'monitor', 'natgateway', 'netappfiles', 'network', 'policyinsights', 'privatedns', 'profile', 
'rdbms', 'redis', 'relay', 'reservations', 'resource', 'role', 'search', 'security', 'servicebus', 'servicefabric', 'signalr', 'sql', 'sqlvm', 'storage', 'vm']
Loaded module 'acr' in 0.007 seconds.
Loaded module 'acs' in 0.025 seconds.
Loaded module 'advisor' in 0.002 seconds.
Event: CommandLoader.OnLoadCommandTable []
Loaded module 'ams' in 0.007 seconds.
Loaded module 'apim' in 0.002 seconds.
Loaded module 'appconfig' in 0.003 seconds.
Loaded module 'appservice' in 0.010 seconds.
Loaded module 'backup' in 0.004 seconds.
Event: CommandLoader.OnLoadCommandTable []
Loaded module 'batch' in 0.009 seconds.
Loaded module 'batchai' in 0.003 seconds.
Loaded module 'billing' in 0.002 seconds.
Loaded module 'botservice' in 0.003 seconds.
Event: CommandLoader.OnLoadCommandTable []
Loaded module 'cdn' in 0.004 seconds.
Loaded module 'cloud' in 0.002 seconds.
Loaded module 'cognitiveservices' in 0.002 seconds.
Loaded module 'configure' in 0.001 seconds.
Loaded module 'consumption' in 0.003 seconds.
Loaded module 'container' in 0.002 seconds.
Loaded module 'cosmosdb' in 0.008 seconds.
Loaded module 'deploymentmanager' in 0.003 seconds.
Loaded module 'dla' in 0.004 seconds.
Loaded module 'dls' in 0.004 seconds.
Loaded module 'dms' in 0.003 seconds.
Loaded module 'eventgrid' in 0.002 seconds.
Loaded module 'eventhubs' in 0.003 seconds.
Loaded module 'extension' in 0.001 seconds.
Loaded module 'feedback' in 0.001 seconds.
Loaded module 'find' in 0.001 seconds.
Loaded module 'hdinsight' in 0.003 seconds.
Loaded module 'interactive' in 0.001 seconds.
Loaded module 'iot' in 0.005 seconds.
Loaded module 'iotcentral' in 0.002 seconds.
Loaded module 'keyvault' in 0.005 seconds.
Loaded module 'kusto' in 0.003 seconds.
Loaded module 'lab' in 0.004 seconds.
Loaded module 'managedservices' in 0.002 seconds.
Loaded module 'maps' in 0.002 seconds.
Loaded module 'monitor' in 0.008 seconds.
Loaded module 'natgateway' in 0.002 seconds.
Event: CommandLoader.OnLoadCommandTable []
Loaded module 'netappfiles' in 0.005 seconds.
Loaded module 'network' in 0.034 seconds.
Loaded module 'policyinsights' in 0.003 seconds.
Loaded module 'privatedns' in 0.004 seconds.
Loaded module 'profile' in 0.002 seconds.
Loaded module 'rdbms' in 0.005 seconds.
Loaded module 'redis' in 0.004 seconds.
Loaded module 'relay' in 0.003 seconds.
Loaded module 'reservations' in 0.002 seconds.
Loaded module 'resource' in 0.007 seconds.
Loaded module 'role' in 0.005 seconds.
Loaded module 'search' in 0.002 seconds.
Loaded module 'security' in 0.002 seconds.
Loaded module 'servicebus' in 0.005 seconds.
Loaded module 'servicefabric' in 0.005 seconds.
Loaded module 'signalr' in 0.002 seconds.
Loaded module 'sql' in 0.007 seconds.
Loaded module 'sqlvm' in 0.003 seconds.
Event: CommandLoader.OnLoadCommandTable []
Loaded module 'storage' in 0.029 seconds.
Loaded module 'vm' in 0.016 seconds.
Loaded all modules in 0.303 seconds. (note: there's always an overhead with the first module loaded)
Extensions directory: '/home/username/.azure/cliextensions'
Found 1 extensions: ['image-copy-extension']
Extensions directory: '/home/username/.azure/cliextensions'
Extension compatibility result: is_compatible=True cli_core_version=2.0.81 min_required=2.0.24 max_required=None
Extensions directory: '/home/username/.azure/cliextensions'
Loaded extension 'image-copy-extension' in 0.002 seconds.
Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x7f359dc83840>]
az_command_data_logger : command args: cdn custom-domain enable-https --endpoint-name {} --name {} --profile-name {} --resource-group {} --debug
metadata file logging enabled - writing logs to '/home/username/.azure/commands'.
Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument.<locals>.add_subscription_parameter at 0x7f359dc1e840>]
Event: CommandLoader.OnLoadArguments []
Event: CommandInvoker.OnPostArgumentLoad []
Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument.<locals>.add_ids_arguments at 0x7f359dbd8510>, <function register_cache_arguments.<locals>.add_cache_arguments at 0x7f359dbd86a8>]
Event: CommandInvoker.OnCommandTableLoaded []
Event: CommandInvoker.OnPreParseArgs [<function _documentdb_deprecate at 0x7f359bd52ae8>]
Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x7f359e47ab70>, <function CLIQuery.handle_query_parameter at 0x7f359e4a5bf8>, <function register_ids_argument.<locals>.parse_ids_arguments at 0x7f359dbd8598>, <function handler at 0x7f359bc21ae8>]
Getting management service client client_type=CdnManagementClient
msrest.universal_http.requests : Configuring retry: max_retries=4, backoff_factor=0.8, max_backoff=90
attempting to read file /home/username/.azure/accessTokens.json as utf-8-sig
adal-python : 4d374f8b-0fb9-4e56-b5cc-a7ea5167194a - Authority:Performing instance discovery: ...
adal-python : 4d374f8b-0fb9-4e56-b5cc-a7ea5167194a - Authority:Performing static instance discovery
adal-python : 4d374f8b-0fb9-4e56-b5cc-a7ea5167194a - Authority:Authority validated via static instance discovery
adal-python : 4d374f8b-0fb9-4e56-b5cc-a7ea5167194a - TokenRequest:Getting token from cache with refresh if necessary.
adal-python : 4d374f8b-0fb9-4e56-b5cc-a7ea5167194a - CacheDriver:finding with query keys: {'_clientId': '...', 'userId': '...'}
adal-python : 4d374f8b-0fb9-4e56-b5cc-a7ea5167194a - CacheDriver:Looking for potential cache entries: {'_clientId': '...', 'userId': '...'}
adal-python : 4d374f8b-0fb9-4e56-b5cc-a7ea5167194a - CacheDriver:Found 7 potential entries.
adal-python : 4d374f8b-0fb9-4e56-b5cc-a7ea5167194a - CacheDriver:Resource specific token found.
adal-python : 4d374f8b-0fb9-4e56-b5cc-a7ea5167194a - CacheDriver:Returning token from cache lookup, AccessTokenId: b'ILMjWxGoD8+CYNJKSmx9Z4nEv1oz/zdNbDCMMjZStkk=', RefreshTokenId: b'2+wmp7yJTNbPKDqE4QcEyabsCUDD/8a5Tw8hdkeFMWA='
msrest.http_logger : Request URL: 'https://management.azure.com/subscriptions/8e<<secure>>d4e/resourceGroups/domain-playus/providers/Microsoft.Cdn/profiles/domainplayusfront/endpoints/domainplayusfront%2Fdomainplayusfront/customDomains/front-play-domain-org/enableCustomHttps?api-version=2019-04-15'
msrest.http_logger : Request method: 'POST'
msrest.http_logger : Request headers:
msrest.http_logger :     'Accept': 'application/json'
msrest.http_logger :     'Content-Type': 'application/json; charset=utf-8'
msrest.http_logger :     'accept-language': 'en-US'
msrest.http_logger :     'User-Agent': 'python/3.6.5 (Linux-4.4.0-18362-Microsoft-x86_64-with-debian-stretch-sid) msrest/0.6.9 msrest_azure/0.6.2 azure-mgmt-cdn/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.81'
msrest.http_logger : Request body:
msrest.http_logger : None
msrest.universal_http : Configuring redirects: allow=True, max=30
msrest.universal_http : Configuring request: timeout=100, verify=True, cert=None
msrest.universal_http : Configuring proxies: ''
msrest.universal_http : Evaluate proxies against ENV settings: True
urllib3.connectionpool : Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool : https://management.azure.com:443 "POST /subscriptions/8e<<secure>>d4e/resourceGroups/domain-playus/providers/Microsoft.Cdn/profiles/domainplayusfront/endpoints/domainplayusfront%2Fdomainplayusfront/customDomains/front-play-domain-org/enableCustomHttps?api-version=2019-04-15 HTTP/1.1" 400 107
msrest.http_logger : Response status: 400
msrest.http_logger : Response headers:
msrest.http_logger :     'Cache-Control': 'private'
msrest.http_logger :     'Content-Length': '107'
msrest.http_logger :     'Content-Type': 'application/json; charset=utf-8'
msrest.http_logger :     'Content-Language': 'en-US'
msrest.http_logger :     'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
msrest.http_logger :     'Server': 'Microsoft-IIS/8.5'
msrest.http_logger :     'X-AspNet-Version': '4.0.30319'
msrest.http_logger :     'X-Powered-By': 'ASP.NET'
msrest.http_logger :     'x-ms-ratelimit-remaining-subscription-writes': '1198'
msrest.http_logger :     'x-ms-request-id': 'a0cd285a-2bd1-4de6-ad2a-ae9e025e16e7'
msrest.http_logger :     'x-ms-correlation-request-id': 'a0cd285a-2bd1-4de6-ad2a-ae9e025e16e7'
msrest.http_logger :     'x-ms-routing-request-id': 'WESTEUROPE:20200212T101444Z:a0cd285a-2bd1-4de6-ad2a-ae9e025e16e7'
msrest.http_logger :     'X-Content-Type-Options': 'nosniff'
msrest.http_logger :     'Date': 'Wed, 12 Feb 2020 10:14:43 GMT'
msrest.http_logger : Response content:
msrest.http_logger : {
  "error": {
    "code": "InvalidResourceType",
    "message": "The resource type is invalid."
  }
}
msrest.exceptions : Operation returned an invalid status code 'Bad Request'
cli.azure.cli.core.util : InvalidResourceType - The resource type is invalid.
InvalidResourceType - The resource type is invalid.
az_command_data_logger : exit code: 1
telemetry.save : Save telemetry record of length 2560 in cache
telemetry.check : Negative: The /home/username/.azure/telemetry.txt was modified at 2020-02-12 13:13:42.684391, which in less than 600.000000 s
command ran in 0.974 seconds.

@feksai
Copy link
Author

feksai commented Feb 12, 2020

I noticed in debug information that request budy is empty

msrest.http_logger : Request body:
msrest.http_logger : None

But when I enable https on custom domain on Azure Portal I see that browser sends request on

https://management.azure.com/subscriptions/8e<<secure>>d4e/resourcegroups/domain-PlayUS/providers/Microsoft.Cdn/profiles/domainplayusfront/endpoints/domainplayusfront/customdomains/front-play-domain-org/enableCustomHttps?api-version=2019-04-15

with body

{
  "certificateSource": "Cdn",
  "protocolType": "ServerNameIndication",
  "certificateSourceParameters": {
    "@odata.type": "#Microsoft.Azure.Cdn.Models.CdnCertificateSourceParameters",
    "certificateType": "Dedicated"
  }
}

@feksai
Copy link
Author

feksai commented Feb 12, 2020

One more fact: same request with api-version=2017-04-02 with empty body is allowed

@feksai
Copy link
Author

feksai commented Feb 12, 2020

Workaround solution is to replace this code

#! /bin/bash

set -e

az cdn custom-domain enable-https \
  --endpoint-name $(frontendStorageAccount) \
  --name customDomain \
  --profile-name $(frontendStorageAccount) \
  --resource-group $(resourceGroup)

by this

#!/bin/bash

subscriptionId=`az account show --output tsv --query id`
body="{\"certificateSource\":\"Cdn\",\"protocolType\":\"ServerNameIndication\",\"certificateSourceParameters\":{\"@odata.type\":\"#Microsoft.Azure.Cdn.Models.CdnCertificateSourceParameters\",\"certificateType\":\"Dedicated\"}}"
az rest --method post --uri /subscriptions/$subscriptionId/resourcegroups/$(resourceGroup)/providers/Microsoft.Cdn/profiles/$(frontendStorageAccount)/endpoints/$(frontendStorageAccount)/customdomains/customDomain/enableCustomHttps?api-version=2019-04-15 --body $body

Note that $(..) is tfs specific variables in my case

@arrownj arrownj added Network - CDN az cdn Service Attention This issue is responsible by Azure service team. labels Feb 12, 2020
@ghost
Copy link

ghost commented Feb 12, 2020

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc

1 similar comment
@ghost
Copy link

ghost commented Feb 12, 2020

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc

@arrownj
Copy link
Contributor

arrownj commented Feb 12, 2020

Hi @myronfanqiu , could you please help take a look at it ?

@arrownj arrownj assigned mmyyrroonn and unassigned Juliehzl Feb 12, 2020
@yonzhan yonzhan added this to the S166 milestone Feb 12, 2020
@yonzhan
Copy link
Collaborator

yonzhan commented Feb 12, 2020

add to S166.

@mmyyrroonn mmyyrroonn removed their assignment Feb 13, 2020
@mmyyrroonn
Copy link
Contributor

@lsmith130 hello. could you take a look at this issue?

@fore5fire
Copy link
Contributor

This will be fixed as part of my fix that's in progress for #9894.

@danvy
Copy link
Contributor

danvy commented May 5, 2020

I've got the exact same error on az 2.5.1

@vivekananth
Copy link

same error

haroldrandom pushed a commit that referenced this issue Jun 3, 2020
* Add CDN custom domain BYOC support. Fix CDN custom domain enable-https for Verizon and Microsoft SKUs.

* Fix CDN test file indentation
@feksai
Copy link
Author

feksai commented Jun 3, 2020

@haroldrandom this fix is not part of 2.7.0 release?

@haroldrandom
Copy link
Contributor

@feksai It's 2.7.0. Why said that? Next release will be at 06.17.

@feksai
Copy link
Author

feksai commented Jun 3, 2020

@haroldrandom I did not see anything related to CDN in 2.7.0 release notes https://docs.microsoft.com/en-us/cli/azure/release-notes-azure-cli?view=azure-cli-latest#june-02-2020 . That is why I'm asking.

@haroldrandom
Copy link
Contributor

haroldrandom commented Jun 3, 2020

@feksai Which feature (PR) do you mean? So, I can check the merged date
image

If you mean #12152, it would be at 2.8.0

@raicastino
Copy link

raicastino commented Jun 12, 2020

@haroldrandom When version 2.8.0 will be available? I'm using CLI v2.7.0 on Mac and this problem is still not fixed.

@haroldrandom
Copy link
Contributor

@raicastino It's expected at 06/23/2020

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Network - CDN az cdn Service Attention This issue is responsible by Azure service team.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

10 participants