Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SaaS Permissions API deployment script run.sh fails with errors #257

Open
ScottStefanich opened this issue Jan 10, 2024 · 6 comments
Open

SaaS Permissions API deployment script run.sh fails with errors #257

ScottStefanich opened this issue Jan 10, 2024 · 6 comments
Labels
bug Something isn't working

Comments

@ScottStefanich
Copy link

ScottStefanich commented Jan 10, 2024
edited

I successfully deployed Identity Foundation Services and m attempting to run the SaaS Permissions API deployment script.

cd /mnt/.../azure-saas/src/Saas.Identity/SaaS.Permissions/deployment
./setup.sh
./run.sh

Running the script fails with the following results,

### SaaS Administration Service API ###
Provisioning the SaaS Administration Service API...
Deploying App Service: Downloading Identity Foundation outputs from Resource Group 'rg-asdk-test-****' deployment named 'IdentityFoundationDeployment'...
ERROR: User '****@****.com' does not exist in MSAL token cache. Run `az login`.

### Critical Error ###
Failed to get Identity Bicep deployment output parameters

I tried logging into the Azure CLI with az login --use-device-code and setting the subscription with az account set -s subscriptionId.

I'm using Windows 11, WSL 2, Azure CLI 2.56.0, and GitHub CLI 2.41.0.
@ScottStefanich ScottStefanich added the bug Something isn't working label Jan 10, 2024
@1iveowl
Copy link
Collaborator

1iveowl commented Jan 10, 2024

Thank you @ScottStefanich. Will try and see if we can repo this.

I did test the install a week ago w/o running in to this issue. Only change since then is Azure CLI 2.55 -> 2.56.

@1iveowl
Copy link
Collaborator

1iveowl commented Jan 10, 2024

Did you try and install the Amin Service API before installing the Permissions API? I looks like the error has to do with the script not being able to download the output deployment parameters from an earlier deployment.

@ScottStefanich
Copy link
Author

Running the SaaS.Admin deployment script results in the same two errors (MSAL token cache and Identity Bicep deployment output parameters).

@ScottStefanich
Copy link
Author

The deployment named 'IdentityFoundationDeployment' successfully completed.

The deployment Output has the following parameters,

version
location
environment
appConfigurationName
keyVaultName
keyVaultUri
appServicePlanName
userAssignedIdentityName
userAssignedIdentityId
sqlServerFQDN
sqlDbServerName
applicationInsightsName
logAnalyticsWorkspaceName
automationAccountName

@1iveowl, can you confirm the SaaS Administration Service API deployment script attempts to retrieve these parameters?

@appwebcaddy
Copy link

appwebcaddy commented Feb 19, 2024
edited

I want to report this other error. but first few observation notes:

  • It asked me for azureAdB2CInstanceURL which is not mentioned in here doc
    but I think is related to the one mentioned later on swagger:
  "deployment": {
	...
    "azureb2c": {
	  ...
      "tenantId": "***GUID***",
      "instance": "https://***.b2clogin.com"
    },
	...
  }
  • About the error, seems Azure is no longer accepting this parameter?
Please provide string value for 'azureAdB2CInstanceURL' (? for help): https://********.b2clogin.com
{"code": "InvalidTemplate", "message": "Deployment template validation failed: 'The template parameters 'azureAdInstance' in the parameters file are not valid; they are not present in the original template and can therefore not be provided at deployment time. The only supported parameters for this template are 'version, keyVaultName, keyVaultUri, azureB2CDomain, azureB2cTenantId, azureAdB2CInstanceURL, signedOutCallBackPath, signUpSignInPolicyId, baseUrl, clientId, userAssignedIdentityName, appConfigurationName, certificateKeyName'. Please see https://aka.ms/arm-pass-parameter-values for usage details.'.", "additionalInfo": [{"type": "TemplateViolation", "info": {"lineNumber": 0, "linePosition": 0, "path": ""}}]}

### Critical Error ###
Failed to deploy to permissions-api. This sometimes happens, please try again.

image

The solution for this, was replacing azureAdInstance for azureAdB2CInstanceURL in the parameter file src\Saas.Identity\Saas.Permissions\deployment\bicep\parameters\config-entries-parameters.json
and
src\Saas.Identity\Saas.Permissions\deployment\script

@appwebcaddy appwebcaddy mentioned this issue Feb 19, 2024
Merged
@ScottStefanich
Copy link
Author

I restarted the procedure with a new Entra ID tenant and updated the following,

  • WSL
  • Ubuntu 22.04 LTS
  • Docker Desktop
  • Azure CLI
  • GitHub CLI

The Identity Provider deployment script completed without errors on the first try.

The Permissions API deployment script encountered the same error,

### SaaS Administration Service API ###
Provisioning the SaaS Administration Service API...
Deploying App Service: Downloading Identity Foundation outputs from Resource Group 'rg-asdk-test-****' deployment named 'IdentityFoundationDeployment'...
ERROR: User '****@****.com' does not exist in MSAL token cache. Run `az login`.

### Critical Error ###
Failed to get Identity Bicep deployment output parameters

@GrzegorzHejman GrzegorzHejman mentioned this issue Apr 11, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ScottStefanich @1iveowl @appwebcaddy