Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to run from powershell #196

Closed
red-erik opened this issue Feb 16, 2024 · 9 comments · Fixed by #197
Closed

How to run from powershell #196

red-erik opened this issue Feb 16, 2024 · 9 comments · Fixed by #197
Assignees
@cmendible

Comments

@red-erik
Copy link

Hello,
I'm not able to run it after AZ login, receiving this:

FTL Failed to list Resource Groups error="DefaultAzureCredential: failed to acquire a token.\nAttempted credentials:\n\tEnvironmentCredential: missing environment variable AZURE_TENANT_ID\n\tWorkloadIdentityCredential: no client ID specified.

What am I missing ? Istructions for powershell execution are not so clear to me.

Regards,
Red.
@cmendible
Copy link
Member

Either you have the following env variables set to a non empty value:

  • AZURE_CLIENT_ID
  • AZURE_CLIENT_SECRET
  • AZURE_TENANT_ID

Or you are running azqr from a Virtual Machine with a Managed Identity.

Since version 0.50.0 you can force azqr to use de Azure CLI credentials by using the -f flag.

Hope it helps.

@red-erik
Copy link
Author

Hello,
I'm trying with powershell from my Desktop after using AZ login but I'm not able to have ir working any way.
The -f parameter does not give any different result.
Do I really need to set some system wide variables ? From documentation it seems to fully support Azure CLI

Regards,
Red.

P.S. I'm running it from a standard powershell without admin privileges (PowerShell-7.4.1-win-x64)

@cmendible
Copy link
Member

azqr uses DefaultAzureCredential and the way it works is outlined here: https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication?tabs=bash#2-authenticate-with-azure

Basically it attempts the following credentials in order:

Can you share the result of executing: azqr -v

With the -f flag azqr no longer uses DefaultAzureCredential and forces the use of AzureCLICredential so I would expect a different error message if any.

azqr/internal/scan.go

Line 110 in 5614b07

if !forceAzureCliCredential {

@red-erik
Copy link
Author

Hello,
this is what I see

image

Regards,
Red.

@cmendible
Copy link
Member

the f flag is for the scan command.

Please run: azqr scan -f

@red-erik
Copy link
Author

./azqr scan --mask=false -f -s xxxxxx-xxxxxx-xxxxxx-xxxxxxx
2024-02-16T12:58:36+01:00 FTL Failed to list Resource Groups error="DefaultAzureCredential: failed to acquire a token.\nAttempted credentials:\n\tEnvironmentCredential: missing environment variable AZURE_TENANT_ID\n\tWorkloadIdentityCredential: no client ID specified. Check pod configuration or set ClientID in the options\n\tManagedIdentityCredential: ManagedIdentityCredential: failed to retreive secret key from the identity endpoint: could not read file (C:\ProgramData\AzureConnectedMachineAgent\Tokens\

@cmendible
Copy link
Member

Sorry about that! Just found a bug when reading the value of the -f flag I'll release a new version shortly.

@cmendible cmendible mentioned this issue Feb 16, 2024
Merged
3 tasks
@cmendible cmendible self-assigned this Feb 16, 2024
@cmendible cmendible reopened this Feb 16, 2024
@cmendible
Copy link
Member

Please download version 0.52.0 from here: https://github.com/Azure/azqr/releases/tag/v.0.52.0 and run azqr scan with the -f flag.

@red-erik
Copy link
Author

Hello,
it seems to be working now.
I'll keep you posted.

Regards,
Red.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cmendible cmendible

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix flag name for Azure CLI credential Azure/azqr
2 participants
@cmendible @red-erik