Skip to content

az login fails with NativeCommandError in Powershell ISE #30651

New issue
New issue
Open
Open
az login fails with NativeCommandError in Powershell ISE#30651
Assignees
jiasli
Labels
AKSaz aks/acs/openshiftARMaz resource/group/lock/tag/deployment/policy/managementapp/account management-groupAccountaz login/accountAuto-AssignAuto assign by botAzure CLI TeamThe command of the issue is owned by Azure CLI teamRBACaz rolecustomer-reportedIssues that are reported by GitHub users external to the Azure organization.needs-team-triageThis issue needs the team to triage.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that
Milestone
 
Backlog
@jatin318

Description

@jatin318
jatin318
opened on Jan 14, 2025

Describe the bug

when i try to do az login through my command it is showing like this az : WARNING: Select the account you want to log in with. For more information on login with Azure CLI, see https://go.microsoft.com/fwlink/?linkid=2271136
At line:29 char:1

  • az login
  •   + CategoryInfo          : NotSpecified: (WARNING: Select...?linkid=2271136:String) [], RemoteException
  + FullyQualifiedErrorId : NativeCommandError

but when i do az login it is working i am using powershell ise

Related command

this is my powershell script #------------------------------------------------------------USER INPUT PART-------------------------------------------------------------------------------------------

$ErrorActionPreference = "Stop"

Taking necessary credentials from User

do {
$tenantId = Read-Host 'Enter the Tenant Id'
if (!$tenantId) {
Write-Verbose -Message "Tenant Id is Mandatory, Please input Tenant Id" -Verbose
}
} while (!$tenantId)

do {
$subscriptionId = Read-Host 'Enter the Subscription Id'
if (!$subscriptionId) {
Write-Verbose -Message "SubscriptionId is Mandatory, Please input Subscription Id" -Verbose
}
} while (!$subscriptionId)

do {
$resourceGroupName = Read-Host 'Enter the Managed Resource Group Name'
if (!$resourceGroupName) {
Write-Verbose -Message "Managed Resource Group Name is Mandatory, Please input Resource Group Name" -Verbose
}
} while (!$resourceGroupName)

echo 'Login to Azure with your azure login Id and password'

az login
Connect-AzAccount -Subscription $subscriptionId -Tenant $tenantId
az account set --subscription $subscriptionId

Fetch All AKS Clusters in the Resource Group

$clusters = Get-AzResource -ResourceGroupName $resourceGroupName -ResourceType "Microsoft.ContainerService/managedClusters"

if (!$clusters) {
Write-Error "No AKS clusters found in resource group $resourceGroupName"
exit
}

Loop Through Each Cluster and Apply Operations

foreach ($cluster in $clusters) {
$clusterName = $cluster.Name
Write-Host "Processing Cluster: $clusterName"

# Fetch necessary resource names
$mc_resourceGroupName = "MC_" + $resourceGroupName + "_" + $clusterName + "_" + $cluster.Location

# Get Managed Identities
$userManagedIdentityName = $clusterName + "managedidentity"
$mc_managedIdentityName = $clusterName + "_AksCluster-agentpool"

$managedIdentities = Get-AzUserAssignedIdentity -ResourceGroupName $resourceGroupName -SubscriptionId $subscriptionId
$userManagedIdentity = $managedIdentities | Where-Object { $_.Name -eq $userManagedIdentityName }
$userManagedIdentityClientId = $userManagedIdentity.ClientId

# Assign Contributor Role for Managed Identity in MC Resource Group
$mc_identity = Get-AzUserAssignedIdentity -ResourceGroupName $mc_resourceGroupName -Name $mc_managedIdentityName
$mc_objectId = $mc_identity.PrincipalId

az role assignment create --role "Contributor" --assignee-object-id $mc_objectId --assignee-principal-type "ServicePrincipal" --scope "/subscriptions/$subscriptionId/resourceGroups/$mc_resourceGroupName"

# Assign Contributor Role for Managed Identity in AKS Cluster
$userManagedIdentityObjectId = $userManagedIdentity.PrincipalId
az role assignment create --role "Contributor" --assignee-object-id $userManagedIdentityObjectId --assignee-principal-type "ServicePrincipal" --scope "/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.ContainerService/managedClusters/$clusterName"

# Assign Contributor Role for Service Principal in AKS Cluster
$appId = ($cluster.Properties | Where-Object { $_.Name -eq "clientId" }).Value
$servicePrincipal = Get-AzADServicePrincipal -ApplicationId $appId
$servicePrincipalObjectId = $servicePrincipal.Id

az role assignment create --role "Contributor" --assignee-object-id $servicePrincipalObjectId --assignee-principal-type "ServicePrincipal" --scope "/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.ContainerService/managedClusters/$clusterName"

# Update VMSS with User-Assigned Managed Identity
$vmss = Get-AzVmss -ResourceGroupName $mc_resourceGroupName
$vmssName = $vmss.Name

Update-AzVmss -ResourceGroupName $mc_resourceGroupName -Name $vmssName -IdentityType UserAssigned -IdentityID $userManagedIdentity.Id

# Kubernetes YAML Deployment for Each Cluster
az aks get-credentials --resource-group $resourceGroupName --name $clusterName

# Kubernetes Managed Identity Definition
$definitionYaml = @"

apiVersion: "aadpodidentity.k8s.io/v1"
kind: AzureIdentity
metadata:
name: $userManagedIdentityName
spec:
type: 0
resourceID: /subscriptions/$subscriptionId/resourcegroups/$resourceGroupName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$userManagedIdentityName
clientID: $userManagedIdentityClientId
"@

$bindingYaml = @"

apiVersion: "aadpodidentity.k8s.io/v1"
kind: AzureIdentityBinding
metadata:
name: ${userManagedIdentityName}-binding
spec:
azureIdentity: $userManagedIdentityName
selector: $userManagedIdentityName
"@

kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.14/deploy/infra/deployment-rbac.yaml
$definitionYaml | kubectl.exe apply -f -
$bindingYaml | kubectl.exe apply -f -

# Custom Deployment for Each Cluster
$deploymentYaml = @"

apiVersion: apps/v1
kind: Deployment
metadata:
name: plt-deployment-$clusterName
spec:
replicas: 1
selector:
matchLabels:
app: my-value
template:
metadata:
labels:
app: my-value
aadpodidbinding: $userManagedIdentityName
spec:
containers:
- name: my-app-container
image: powerbiload.azurecr.io/internaltestjob:latest
env:
- name: SQLSERVER
value: "${serverName}.database.windows.net"
- name: DATABASE
value: $databaseName
- name: MANAGEDIDENTITY
value: $userManagedIdentityName
- name: NODECOUNT
value: "$kubeNodeCount"
- name: SUBSCRIPTIONID
value: $subscriptionId
- name: RESOURCEGROUP
value: $resourceGroupName
- name: CLUSTERNAME
value: $clusterName
"@
$deploymentYaml | kubectl.exe apply -f -

Write-Host "Cluster $clusterName processing completed."

}

Write-Host "All clusters have been processed."

Errors

az : WARNING: Select the account you want to log in with. For more information on login with Azure CLI, see https://go.microsoft.com/fwlink/?linkid=2271136
At line:29 char:1

  • az login
  •   + CategoryInfo          : NotSpecified: (WARNING: Select...?linkid=2271136:String) [], RemoteException
  + FullyQualifiedErrorId : NativeCommandError

Issue script & Debug output

it should login my account

Expected behavior

it should login after selecting the account

Environment Summary

Image

Additional context

No response

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

Labels

AKSaz aks/acs/openshiftARMaz resource/group/lock/tag/deployment/policy/managementapp/account management-groupAccountaz login/accountAuto-AssignAuto assign by botAzure CLI TeamThe command of the issue is owned by Azure CLI teamRBACaz rolecustomer-reportedIssues that are reported by GitHub users external to the Azure organization.needs-team-triageThis issue needs the team to triage.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions