Skip to content

2.28 breaks az iot dps certificate generate-verification-code #20002

New issue
New issue
Open
Open
2.28 breaks az iot dps certificate generate-verification-code#20002

Description

@kensykora

kensykora
openedon Oct 22, 2021

Describe the bug

As of 2.28 (does not occur in 2.27 or earlier) the command to generate a verification code for a DPS certificate fails with this error.

Command Name
az iot dps certificate generate-verification-code

Errors:

ksykora@DESKTOP-LSEMUSR:~/ops-infrastructure-azure/v2/iothub$ ETAG=$(az iot dps certificate show -o json --query etag -n intermediate-cert --dps-name my-dps -g my-rg) && az iot dps certificate generate-verification-code --n intermediate-cert --dps-name my-dps -g my-rg -e $ETAG
The command failed with an unexpected error. Here is the traceback:
'utf-8' codec can't decode byte 0x82 in position 1: invalid start byte
Traceback (most recent call last):
  File "/opt/az/lib/python3.6/site-packages/knack/cli.py", line 231, in invoke
    cmd_result = self.invocation.execute(args)
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 657, in execute
    raise ex
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 720, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 691, in _run_job
    result = cmd_copy(params)
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 328, in __call__
    return self.handler(*args, **kwargs)
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
    return op(**command_args)
  File "/opt/az/lib/python3.6/site-packages/azure/cli/command_modules/iot/custom.py", line 324, in iot_dps_certificate_gen_code
    response.properties.certificate = response.properties.certificate.decode('utf-8')
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x82 in position 1: invalid start byte

To Reproduce:

Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.

  • Create a DPS instance (Portal or CLI, doesn't matter)
  • Upload a certificate to DPS (Portal or CLI, doesn't matter) -- make sure it's not verified
  • get the etag: ETAG=$(az iot dps certificate show -o json --query etag -n intermediate-cert --dps-name my-dps -g my-rg)
  • Get the verification code: az iot dps certificate generate-verification-code --n intermediate-cert --dps-name my-dps -g my-rg -e $ETAG

Expected Behavior

Verification code is returned

Environment Summary

Linux-5.10.16.3-microsoft-standard-WSL2-x86_64-with-debian-bullseye-sid, Ubuntu 20.04 LTS
Python 3.6.10
Installer: DEB

azure-cli 2.28.0 *

Workaround

Option 1: Downgrade to azure-cli 2.27 or earlier.

Option 2: Use az rest

ETAG=$(az iot dps certificate show -o json --query etag -n intermediate-cert --dps-name hv-dev-001-dps-01 -g hv-dev-iot) 
az rest --method post --url https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/my-rg/providers/Microsoft.Devices/provisioningServices/my-dps/certificates/intermediate-cert/generateVerificationCode?api-version=2020-03-01 --headers If-Match=$ETAG -o json`

Additional Context

The call to retrieve the certificate verification code is successful. However, the CLI tool fails to process it correctly. Here's the relevant debug output:

msrest.universal_http: Evaluate proxies against ENV settings: True
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "POST /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/my-rg/providers/Microsoft.Devices/provisioningServices/my-dps/certificates/intermediate-cert/generateVerificationCode?api-version=2020-03-01 HTTP/1.1" 200 None
msrest.http_logger: Response status: 200
msrest.http_logger: Response headers:
msrest.http_logger:     'Cache-Control': 'no-cache'
msrest.http_logger:     'Pragma': 'no-cache'
msrest.http_logger:     'Transfer-Encoding': 'chunked'
msrest.http_logger:     'Content-Type': 'application/json; charset=utf-8'
msrest.http_logger:     'Content-Encoding': 'gzip'
msrest.http_logger:     'Expires': '-1'
msrest.http_logger:     'Vary': 'Accept-Encoding'
msrest.http_logger:     'Server': 'Microsoft-HTTPAPI/2.0'
msrest.http_logger:     'x-ms-ratelimit-remaining-subscription-writes': '1199'
msrest.http_logger:     'x-ms-request-id': 'c5c6c34a-c60f-4f95-917a-499537d729a8'
msrest.http_logger:     'x-ms-correlation-request-id': 'c5c6c34a-c60f-4f95-917a-499537d729a8'
msrest.http_logger:     'x-ms-routing-request-id': 'NORTHCENTRALUS:20211022T192537Z:c5c6c34a-c60f-4f95-917a-499537d729a8'
msrest.http_logger:     'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
msrest.http_logger:     'X-Content-Type-Options': 'nosniff'
msrest.http_logger:     'Date': 'Fri, 22 Oct 2021 19:25:36 GMT'
msrest.http_logger: Response content:
msrest.http_logger: {"properties":{"verificationCode":"0EE0E67D454B44D2EB8F4E4F2B40FF0007CB6DF526285842","subject":"Tier 3 Intermediate CA 02 for DEV TESTING","expiry":"Fri, 07 Aug 2026 23:54:27 GMT","thumbprint":"2A4030970D9AD911093113E8ED2E05D5D83055B9","isVerified":false,"created":"Mon, 01 Jan 0001 00:00:00 GMT","updated":"Fri, 22 Oct 2021 19:25:37 GMT","certificate":"(CERT DATA REMOVED, CONTACT ME IF YOU NEED IT AS AN EXAMPLE)"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/my-rg/providers/Microsoft.Devices/provisioningServices/my-dps/certificates/intermediate-cert","name":"intermediate-cert","type":"Microsoft.Devices/provisioningServices/Certificates","etag":"IjJiMDE0MGExLTAwMDAtMDMwMC0wMDAwLTYxNzMxMDMxMDAwMCI="}
cli.azure.cli.core.util: azure.cli.core.util.handle_exception is called with an exception:
cli.azure.cli.core.util: Traceback (most recent call last):
  File "/opt/az/lib/python3.6/site-packages/knack/cli.py", line 231, in invoke
    cmd_result = self.invocation.execute(args)
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 657, in execute
    raise ex
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 720, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 691, in _run_job
    result = cmd_copy(params)
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 328, in __call__
    return self.handler(*args, **kwargs)
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
    return op(**command_args)
  File "/opt/az/lib/python3.6/site-packages/azure/cli/command_modules/iot/custom.py", line 324, in iot_dps_certificate_gen_code
    response.properties.certificate = response.properties.certificate.decode('utf-8')
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x82 in position 1: invalid start byte
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    IoTIoT/CLIIoTDPSLabel for the Device Provisioning ServiceService AttentionThis issue is responsible by Azure service team.customer-reportedIssues that are reported by GitHub users external to the Azure organization.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions