This is not a Pulumi issue, though Pulumi is invol...
# azure
This is not a Pulumi issue, though Pulumi is involved in one of the jobs in the github workflow I'm asking about. But I'm hoping someone here might be able to point me in the right direction. ISSUE: The
step is failing in one of my github action jobs. It's for what we call our UAT environment, and the equivalent azure/login is working for Dev and Test. In fact, if I put in the "Test" credentials for the UAT action, the login succeeds. We're using the old-school service principal credentials (vs. OIDC). The credentials are in the form of that chunk of json that the
az ad sp create-for-rbac...
command returns. And, importantly, the individual values from within that json are used for the Pulumi job (ARM_CLIENT_ID, ARM_CLIENT_SECRET, ARM_TENANT_ID, ARM_SUBSCRIPTION_ID). The immediate response would rightly be: well the UAT credentials must be wrong. And that would be my response. But I use the same credentials in the Pulumi job within the same workflow, and they work. Granted, for Pulumi, the client ID, client secret, subscription ID, and tenant ID are used as discrete values - whereas in the failing job they're part of that chunk of json. But the same approach works w/o issue for Dev and Test (discrete values for the Pulumi job, json for the azure/login). So I'm lost as to how to proceed. Seemed worth at least asking.
Seems like it might be related to: Reading further...
Absolutely crazy... I think it was some kind of encoding issue. The json from the
az ad sp...
command was sent to me via Outlook secure email. Visually the test and uat json look identical, save the values for client ID and client secret. So I pasted the uat client ID and secret into the test json and updated the github secret. That worked. Talk about inscrutable. Sorry to bother you all.
Glad you figured it out! Encoding can be a nightmare.