Bugfix/login to azure cli after setting requests ca bundle #4995
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 3 commits
January 31, 2025 15:37
…CA_BUNDLE in case they were previously logged in, and the addition of the bundle became a recent requirement. Signed-off-by: Thomas D. Spear <[email protected]>
Signed-off-by: Thomas D. Spear <[email protected]>
|
Learn Build status updates of commit 3a19129: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Follow-up to #4978, which was closed (I believe prematurely):
The Azure CLI may throw certificate verify failed errors after performing the instructions as currently published until the
az logincommand has been run even after the user properly adds the intercepting proxy CA certificate to the trust bundle and sets theREQUESTS_CA_BUNDLEvariable.This note makes it clear that after setting the variable, users should login again to ensure that all requests to Azure trust the intercepting proxy's certificate, which mitigates the errors.
I have updated the language to not mention caching, however I would like to point @jiasli to https://stackoverflow.com/questions/20198274/how-do-i-clear-cache-with-python-requests/55613686#comment124524023_55613686 which effectively means that unless the Azure CLI is sending the
Cache-Controlheader, the "server" may be caching something. "Server" is used here to loosely to mean anything in between the client running the Azure CLI, and the actual destination service in Azure which receives the requests from the CLI and sends the response.I don't have the ability to debug the issue in my environment due to corporate restrictions, and the fact that my system now properly trusts the intercepting proxy's CA certificate and I've already re-logged in to the Azure CLI since our intercepting proxy was added, so it is entirely possible that the issue is not "cache" related but there is something which caused certificate verify failed errors AFTER I followed the currently published instructions, and the only solution I found was to login again so I strongly feel that the docs should mention to login again regardless of whether this is a cache related issue or not.