Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azd pipeline config - device is required to be managed to access this resource #866

Closed
Tracked by #957
v-hongli1 opened this issue Oct 11, 2022 · 9 comments
Closed
Tracked by #957

azd pipeline config - device is required to be managed to access this resource #866

v-hongli1 opened this issue Oct 11, 2022 · 9 comments
Assignees
@vhvb1989
Labels
azdo Azure DevOps documentation Improvements or additions to documentation needs-triage For new issues
Milestone
Release 0.4

Comments

@v-hongli1
Copy link
Contributor

Describe the issue:
Failed when we try to run the command azd pipeline config and azd pipeline config --provider azdo

Besides, it is a similar error with #768.

Repro Steps:

  1. Run azd login
  2. Run bash ./test-templates.sh -t Azure-Sample/todo-nodejs-mongo-swa-func -b pr/551 -c false
  3. Run azd pipeline config or azd pipeline config --provider azdo

Error Message:
image

Environment:
OS: DevContainer in VS Code
Template:
https://github.com/Azure-Samples/todo-nodejs-mongo-swa-func
https://github.com/Azure-Samples/todo-python-mongo-swa-func

Expected behavior:
Run command: azd pipeline config and azd pipeline config --provider azdo can success

@jongio for notification.
@rajeshkamal5050 rajeshkamal5050 added the azdo Azure DevOps label Oct 11, 2022
@rajeshkamal5050 rajeshkamal5050 added this to the Release 0.4 milestone Oct 11, 2022
@rajeshkamal5050
Copy link
Contributor

rajeshkamal5050 commented Oct 11, 2022
edited
Loading

@vhvb1989 can you triage this? Seems like folks are running into this often?. Any fixes or improvements on docs we could make?

@vhvb1989
Copy link
Member

This is not really an azd issue.

Explanation:
Conditional Access policy can be set up for Azure subscriptions. When this policy is enabled for a tenant (Azure Subscription), there are specific rules which determine the min requirements for logging in to the Azure Subscription (or to specific operations/areas within the subscription)

In this case, @hongli750210, you are trying to log in to an Azure subscription and access the Active Directory operations (to create Service Principals) which requires that the device that is used to login to Azure is managed by the Tenant. An example of this is the Microsoft tenant. If you want to login with your Microsoft account to the Azure portal (requires Active directory), you first need to enroll/register your device/computer/browser-session with your tenant, so it becomes managed by the Organization.

In order to fix this, make sure that you can log in to Azure with the device you are using.
For example, if you are using DevContainer in VS Code, it means you might be running a Linux distribution with docker and connecting VSCode to it.
Run a browser from the container and try to access the Azure Portal with your account. That would validate the device and enroll/register it to Azure Tenant

I will try to see if we can do any changes to the container to support this.
If not, we should document that azd pipeline config is not supported from the devContainer

@rajeshkamal5050 rajeshkamal5050 mentioned this issue Oct 11, 2022
Closed
@rajeshkamal5050 rajeshkamal5050 changed the title Device is required to be managed to access this resource when pipeline config azd pipeline config - device is required to be managed to access this resource Oct 11, 2022
@rajeshkamal5050 rajeshkamal5050 changed the title azd pipeline config - device is required to be managed to access this resource azd pipeline config - device is required to be managed to access this resource Oct 11, 2022
This was referenced Oct 11, 2022
Closed
Closed
@zedy-wj
Copy link
Member

zedy-wj commented Oct 13, 2022

@vhvb1989

  1. After investigating, we found that azd detects it's in devcontainer and logs in with --use-device-code. About this issue, we can run a browser from the container through the az login method. After testing, the issue is no longer reproduced, do you think this way is feasible, or do you have the other way?

  2. Back to the way of logging in with the --use-device-code, there are currently two environments that use this way to log in.

  • Devcontainer: After failing to execute azd pipeline config, we can run az login --scope https://graph.microsoft.com//.default to re-authenticate, and tests can pass.
  • Codespace: When we run the command above, but it can not re-authenticate successfully.
  1. For the Linux Ubuntu 20.04 environment: At present, the two login methods of az login and az login --use-device-code will have the error message: device is required to be managed to access this resource when executing azd pipeline config.

Do you have any ideas to fix this issue in codespace and Linux environment?

@vhvb1989
Copy link
Member

Do you have any ideas to fix this issue in codespace and Linux environment?

Please skip this environments for now. We need to make azd to return an error and mention that pipeline config is not supported for those configurations.

Until that is done, please skip those scenarios from pipeline config tests to unblock

@jongio
Copy link
Member

jongio commented Oct 20, 2022

@puicchan or @savannahostrowski - We may want to publish known issue on this one until fixed.

@rajeshkamal5050 rajeshkamal5050 added the documentation Improvements or additions to documentation label Oct 28, 2022
@rajeshkamal5050
Copy link
Contributor

@puicchan @vhvb1989 can we also add this to the known issues?

@puicchan puicchan mentioned this issue Oct 31, 2022
Closed
5 tasks
@rajeshkamal5050
Copy link
Contributor

Removing blocker for this one. Since it is getting tracked under,

@ghost ghost added the needs-triage For new issues label Oct 31, 2022
@puicchan puicchan removed their assignment Nov 2, 2022
@puicchan
Copy link
Contributor

puicchan commented Nov 2, 2022

Hannah has added to Dev Hub.

@zedy-wj
Copy link
Member

zedy-wj commented Nov 3, 2022

If we use az login method, this issue is no longer reproduce in devcontainer and Linux desktop. Besides, we will skip the azd pipeline config test in codespace. If you have no other question, we will close this issue.

Notes: Using az login in codespace and Linux environments requires port forwarding. Please refer to #1006 (comment) for details.

@vhvb1989 vhvb1989 closed this as completed Nov 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vhvb1989 vhvb1989

Labels
azdo Azure DevOps documentation Improvements or additions to documentation needs-triage For new issues
Projects
None yet
Milestone
Release 0.4
Development

No branches or pull requests
6 participants
@jongio @puicchan @rajeshkamal5050 @vhvb1989 @v-hongli1 @zedy-wj