What happened?
When managing azure-cli and its extensions declaratively in devbox.json, the az command is unable to discover the extensions, even though the package files are correctly installed in the Nix profile.
This seems to be caused by the Nix wrapper for the az executable, which appears to create an isolated Python environment, ignoring the PYTHONPATH from the parent devbox shell. This prevents the Azure CLI's standard site-packages auto-discovery from working.
This contrasts with other ecosystems like helm, where setting a HELM_PLUGINS environment variable works as expected. The equivalent AZURE_EXTENSION_DIR does not work here because the Nix package for the extension installs it as a Python module (azext_*) rather than in a separate directory structure.
Steps to reproduce
-
Create a new directory and run devbox init.
-
Set the devbox.json to the following content:
{
"packages": [
"azure-cli@2.84.0",
"azure-cli-extensions.log-analytics-solution@1.0.1"
]
}
-
Start the shell with devbox shell.
-
Run the command to list extensions:
-
(Optional) Confirm the extension's files are present in the environment's site-packages:
# Path may vary slightly based on python version
ls .devbox/nix/profile/default/lib/python3.13/site-packages/
This will show azext_log_analytics_solution@ and other related files, proving the package was installed by Devbox.
Expected behavior
The az extension list command should discover and list the log-analytics-solution extension, similar to this output:
Name Version State Type
----------------------- --------- -------- ------
log-analytics-solution 1.0.1 Enabled whl
Actual behavior
The az extension list command returns an empty list, and commands provided by the extension (e.g., az log-analytics-solution) are not found.
Analysis of the Cause
Debug logs from az extension list --debug show that the CLI never attempts to load extensions from any directory (~/.azure/cliextensions, site-packages, or a path from AZURE_EXTENSION_DIR). It seems the Nix wrapper script for az sanitizes the PYTHONPATH, breaking the auto-discovery mechanism that relies on finding azext_* modules.
Workaround
The current pragmatic workaround is to abandon the declarative management of extensions and use the imperative approach:
-
Only include the core azure-cli in devbox.json.
{ "packages": ["azure-cli@2.84.0"] }
-
Inside the devbox shell, manually install the extension.
az extension add --name log-analytics-solution
This works because it installs the extension into ~/.azure/cliextensions, a path the az wrapper knows how to check.
Command
No response
devbox.json
Devbox version
0.17.1
Nix version
nix (Determinate Nix 3.17.3) 2.33.3
What system does this bug occur on?
macOS (Apple Silicon)
Debug logs
No response
What happened?
When managing
azure-cliand its extensions declaratively indevbox.json, theazcommand is unable to discover the extensions, even though the package files are correctly installed in the Nix profile.This seems to be caused by the Nix wrapper for the
azexecutable, which appears to create an isolated Python environment, ignoring thePYTHONPATHfrom the parentdevbox shell. This prevents the Azure CLI's standardsite-packagesauto-discovery from working.This contrasts with other ecosystems like
helm, where setting aHELM_PLUGINSenvironment variable works as expected. The equivalentAZURE_EXTENSION_DIRdoes not work here because the Nix package for the extension installs it as a Python module (azext_*) rather than in a separate directory structure.Steps to reproduce
Create a new directory and run
devbox init.Set the
devbox.jsonto the following content:{ "packages": [ "azure-cli@2.84.0", "azure-cli-extensions.log-analytics-solution@1.0.1" ] }Start the shell with
devbox shell.Run the command to list extensions:
(Optional) Confirm the extension's files are present in the environment's
site-packages:# Path may vary slightly based on python version ls .devbox/nix/profile/default/lib/python3.13/site-packages/This will show
azext_log_analytics_solution@and other related files, proving the package was installed by Devbox.Expected behavior
The
az extension listcommand should discover and list thelog-analytics-solutionextension, similar to this output:Actual behavior
The
az extension listcommand returns an empty list, and commands provided by the extension (e.g.,az log-analytics-solution) are not found.Analysis of the Cause
Debug logs from
az extension list --debugshow that the CLI never attempts to load extensions from any directory (~/.azure/cliextensions,site-packages, or a path fromAZURE_EXTENSION_DIR). It seems the Nix wrapper script forazsanitizes thePYTHONPATH, breaking the auto-discovery mechanism that relies on findingazext_*modules.Workaround
The current pragmatic workaround is to abandon the declarative management of extensions and use the imperative approach:
Only include the core
azure-cliindevbox.json.{ "packages": ["azure-cli@2.84.0"] }Inside the
devbox shell, manually install the extension.This works because it installs the extension into
~/.azure/cliextensions, a path theazwrapper knows how to check.Command
No response
devbox.json
{ "$schema": "https://raw.githubusercontent.com/jetify-com/devbox/0.17.1/.schema/devbox.schema.json", "packages": [ "sops@3.12.2", "age@1.3.1", "go-task@3.48.0", "azure-cli@2.84.0", "opentofu@1.11.6", "azure-cli-extensions.log-analytics-solution@1.0.1" ], "shell": { "init_hook": [ "export SOPS_AGE_KEY_FILE=$(pwd)/.age.agekey" ] } }Devbox version
0.17.1
Nix version
nix (Determinate Nix 3.17.3) 2.33.3
What system does this bug occur on?
macOS (Apple Silicon)
Debug logs
No response