Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New AzCore API Breaks Environment #3795

Closed
jahn-swob opened this issue Dec 16, 2024 · 7 comments · Fixed by #3799 or #3802
Closed

New AzCore API Breaks Environment #3795

jahn-swob opened this issue Dec 16, 2024 · 7 comments · Fixed by #3799 or #3802
Assignees
@thomas11
Labels
area/auth impact/regression Something that used to work, but is now broken kind/bug Some behavior is incorrect or out of spec resolution/fixed This issue was fixed

Comments

@jahn-swob
Copy link

jahn-swob commented Dec 16, 2024
edited
Loading

What happened?

Hello,

I was previously using v2.60.0 of the Azure Native plugin with Azure Government with success but recently decided decided to bump up to the latest v2.77.0 and noticed that all my CI builds were failing.
Image

I started investigating and found that in the v2.71.0 release notes there is mention of a new AzCore backend for the API that has been enabled by default and it notes instructions to disable it to fall back to the previous implementation.
After finding that and disabling the new AzCore backend, my builds are working again.

It appears that the new AzCore API changes are not respecting the ARM_ENVIRONMENT / azure-native:environment settings as it is clearly dialing the Azure Commercial endpoints instead of the Government ones.

Example

  1. Use an Azure Government environment
  2. Specify azure-native:environment in the Pulumi config for the stack
  3. pulumi up
    • explosions.

Output of pulumi about

Image

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
@jahn-swob jahn-swob added kind/bug Some behavior is incorrect or out of spec needs-triage Needs attention from the triage team labels Dec 16, 2024
@thomas11
Copy link
Contributor

thomas11 commented Dec 16, 2024
edited
Loading

Hi @jahn-swob, apologies for this issue. Which of the authentication methods of the provider are you using in CI?

Edit: nevermind, I see the issue and it's independent of the auth method.

@thomas11 thomas11 added awaiting-feedback Blocked on input from the author area/auth and removed needs-triage Needs attention from the triage team labels Dec 16, 2024
@jahn-swob
Copy link
Author

Hi @jahn-swob, apologies for this issue. Which of the authentication methods of the provider are you using in CI?

Edit: nevermind, I see the issue and it's independent of the auth method.

Correct.
For the record, when testing I typically authenticate with az login but in CI I use a service principal.

@pulumi-bot pulumi-bot added needs-triage Needs attention from the triage team and removed awaiting-feedback Blocked on input from the author labels Dec 16, 2024
@thomas11 thomas11 mentioned this issue Dec 17, 2024
Merged
@thomas11 thomas11 added impact/regression Something that used to work, but is now broken awaiting-feedback Blocked on input from the author and removed needs-triage Needs attention from the triage team awaiting-feedback Blocked on input from the author labels Dec 17, 2024
@pulumi-bot pulumi-bot added resolution/fixed This issue was fixed labels Dec 17, 2024
@pulumi-bot
Copy link
Contributor

This issue has been addressed in PR #3799 and shipped in release v2.78.0.

@jahn-swob
Copy link
Author

Thanks for the quick support, however there still appears to be an issue.
Image

Also using static names from the SDK may prove to be an issue, especially with the things like Azure Stack / Azure Local where the management API URL may be something other than the defined variables.

There has to be a way to grab these values from the instance manager or something similar to ensure the correct endpoint addresses are being used.

@jahn-swob
Copy link
Author

@thomas11 ^

@thomas11 thomas11 reopened this Dec 17, 2024
@thomas11 thomas11 removed the resolution/fixed This issue was fixed label Dec 17, 2024
@thomas11 thomas11 mentioned this issue Dec 17, 2024
Merged
@thomas11
Copy link
Contributor

#3802 is most likely the fix. Sorry for the extra breakage. Unfortunately, we don't have usgov (or china) test infrastructure at this point, so we're relying on unit tests here, but these SDK internals are sometimes hard to cover.

thomas11 added a commit that referenced this issue Dec 18, 2024
@thomas11
azcore fix: initialize request pipeline with configured cloud (#3802)
1285abd 
Fixes #3795, hopefully.

The way Azure's azcore and azidentity SDKs are designed makes it hard to
test this, but reading [the source
here](https://github.com/Azure/azure-sdk-for-go/blob/sdk/azcore/v1.16.0/sdk/azcore/arm/runtime/pipeline.go#L60)
it looks like this change should fix the issue.
@pulumi-bot pulumi-bot added the resolution/fixed This issue was fixed label Dec 18, 2024
@pulumi-bot
Copy link
Contributor

This issue has been addressed in PR #3802 and shipped in release v2.79.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@thomas11 thomas11

Labels
area/auth impact/regression Something that used to work, but is now broken kind/bug Some behavior is incorrect or out of spec resolution/fixed This issue was fixed
Projects
None yet
Milestone
No milestone
3 participants
@thomas11 @pulumi-bot @jahn-swob