This repository was archived by the owner on Jan 8, 2024. It is now read-only.
Description
Describe the bug
Reported initially by https://discuss.hashicorp.com/t/azure-container-instance-deployment-is-failing/31064, waypoint reports the following error when using CLI auth:
» Deploying example-nodejs...
! Unable to create subscriptions client: MSI not available
From my reading of our authenticate function below, it looks like we try Environment auth, and if it times out, we try CLI auth.
|
func (d *Deployment) authenticate(ctx context.Context) (autorest.Authorizer, error) { |
|
// create an authorizer from env vars or Azure Managed Service Identity |
|
//authorizer, err := auth.NewAuthorizerFromCLI() |
|
|
|
// first try and create an environment |
|
authorizer, err := auth.NewAuthorizerFromEnvironment() |
|
if err != nil { |
|
return nil, fmt.Errorf("Unable to create subscriptions client: %s", err) |
|
} |
|
|
|
// we need to timeout this request as this request never fails when we have |
|
// invalid credentials |
|
timeoutContext, cf := context.WithTimeout(ctx, 15*time.Second) |
|
defer cf() |
|
|
|
_, err = d.getLocations(timeoutContext, authorizer) |
|
if err == nil { |
|
return authorizer, nil |
|
} |
|
|
|
timeoutContext, cf2 := context.WithTimeout(ctx, 15*time.Second) |
|
defer cf2() |
|
|
|
// the environment variable auth has failed fall back to CLI auth |
|
authorizer, err = auth.NewAuthorizerFromCLI() |
|
if err != nil { |
|
return authorizer, err |
|
} |
|
_, err = d.getLocations(timeoutContext, authorizer) |
|
if err == nil { |
|
return authorizer, nil |
|
} |
|
|
|
return nil, fmt.Errorf( |
|
"Unable to authenticate with the Azure API, ensure you have your credentials set as environment variables, " + |
|
"or you have logged in using the 'az' command line tool", |
|
) |
|
} |
It looks like we should be logging the Unable to create subscriptions client error rather than returning, and continue on to try CLI auth.
