Support azcliversion

[jiasli]

Azure CLI Action supports azcliversion:

https://github.com/Azure/cli/blob/master/src/main.ts#L25

let azcliversion: string = core.getInput('azcliversion', { required: true }).trim().toLowerCase();

In case of Azure CLI compatibility issue or bug, it is possible to revert to old versions of Azure CLI.

But, Azure Login doesn't have azcliversion: https://github.com/Azure/login/blob/master/src/main.ts

In case of az login compatibility issue or bug, there is no way for Azure Login to recover.

Related issues:

• Could not retrieve credential from local cache for service principal #162
• Azure CLI GitHub Action fails with Azure CLI 2.30.0: Could not retrieve credential from local cache for service principal azure-cli#20154

[restfulhead]

Yes, I hope this request gets prioritized. I came here from Azure/cli#56 (comment) where builds started to fail one day without any changes on our end. We need to be able to pin the version to guarantee stable builds...

[Menci]

There's a workaround that invokes az login in azure/CLI action:

    - uses: azure/CLI@v1
      with:
        azcliversion: 2.28.0
        inlineScript: |
          AZ_PYTHON_PARSE_CODE='import sys, re; s = "".join(sys.stdin.readlines()); data = {a: b for a, b in [x.split(":") for x in re.sub("[\s\"]", "", s)[1:-1].split(",")]}'

          AZ_CLIENT_ID="$(python3 -c "$AZ_PYTHON_PARSE_CODE; print(data['clientId'])" <<< "$AZ_CRED")"
          AZ_CLIENT_SECRET="$(python3 -c "$AZ_PYTHON_PARSE_CODE; print(data['clientSecret'])" <<< "$AZ_CRED")"
          AZ_SUBSCRIPTION_ID="$(python3 -c "$AZ_PYTHON_PARSE_CODE; print(data['subscriptionId'])" <<< "$AZ_CRED")"
          AZ_TENANT_ID="$(python3 -c "$AZ_PYTHON_PARSE_CODE; print(data['tenantId'])" <<< "$AZ_CRED")"

          az login --service-principal -u "$AZ_CLIENT_ID" -p "$AZ_CLIENT_SECRET" --tenant "$AZ_TENANT_ID"
          az account set --subscription "$AZ_SUBSCRIPTION_ID"
      env:
        AZ_CRED: ${{ secrets.creds }}

You can also use it in a composite action like this.

Parsing creds with Python since passing it to a composite action will lose double quotes ({"a": "b"} turns to {a: b}) in the string.

[github-actions]

This issue is idle because it has been open for 14 days with no activity.

[cperfect]

Also would resolve microsoft/azure-container-apps#28

[github-actions]

This issue is idle because it has been open for 14 days with no activity.

[NissesSenap]

Ping

[github-actions]

This issue is idle because it has been open for 14 days with no activity.

[NissesSenap]

Pong

[BALAGA-GAYATRI]

Here the issue is when there is a compact issue that arises when a workflow uses both CLI and azure login actions. So if the cli latest is incompatible with the cli from the runner, workflows might fail. In order to avoid this issue, CLI action now implements a new strategy that checks for the runner CLI version and defaults to it unless an explicit version is provided in azcliversion. So that would solve the above concern.
More details - https://github.com/azure/cli#github-action-for-azure-cli

[NissesSenap]

@BALAGA-GAYATRI I'm going to be rather honest in this but i don't understand the solution.

Using the Azure CLI GitHub action is a know workaround and something that all of us had to apply when Microsoft did this breaking change without releasing a major version. See:
#164 (comment)

We don't want to use this workaround, the whole point of this GitHub action is to login.

I read though the docs in detail that you point to and I can't see any documentation about this magic that you are taking about.

If you have some magic in this GitHub action please document it in this action and don't point to the Azure CLI GitHub action. Also please provide a link to the PR where this was implemented. So we have a chance of understanding how this works.

[BALAGA-GAYATRI]

Hey @NissesSenap

Main reason for raising the issue:

So when az-cli came up with a new version using MSAL removing ADAL, it basically changed the way credentials are stored in the machine. So at that time users having both these actions (i.e, azure/login and azure/cli) in their workflows faced an issue because previously azcliversion variable defaulted to latest which is latest MSAL and our login action used the cli which is present in the runner. This caused the compat issue. Now azure/cli action's azcliversion defaults to the runner cli if not specified. This will prevent the compat issues in future. Coming to azure/login action , the current design doesn't include this azcliversion implementation and may be implemented in future but can't promise to have this any time soon. Hope this answered your question. Thanks.

[NissesSenap]

I know, i have spent allot of time working around this issue.
Isn't the whole point of this issue that we want support for azcliversion? So the next time Azure decide to do a breaking change without making major release we can work around it by defining the azcliversion so we don't have to use the ugly workaround and actually be able to use the login GitHub action.

To me it makes sense to keep this issue open until the issue is solved. How else will keep track of it?

[NissesSenap]

Another option could be that you say that it will never be implemented and then we know that at least :)