Error when using "azure-powershell" credential type: "Azure PowerShell authentication timed out." #942
Description
I have configured an Azure DevOps pipeline to sign nuget packages using Azure Key Vault via ARM service connection.
I have the following two tasks:
- task: AzureCLI@2
displayName: 'Sign with Azure Key Vault (AzureCLI@2)'
inputs:
azureSubscription: 'AzKeyVaultConnection' # Azure Resource Manager service connection
addSpnToEnvironment: true
scriptType: ps
scriptLocation: inlineScript
inlineScript: |
$ErrorActionPreference = 'Stop'
Write-Host "Signing package with Azure Key Vault certificate..."
dotnet sign code azure-key-vault `
--azure-key-vault-url $(AzureKeyVaultUrl) `
--azure-key-vault-certificate $(AzureKeyVaultCertificate) `
--azure-credential-type azure-cli `
"$(Build.SourcesDirectory)\TestPackages\MyPackage.1.0.0.nupkg"
Write-Host "exit code: $LASTEXITCODE"
- task: AzurePowerShell@5
displayName: 'Sign with Azure Key Vault (AzurePowerShell@5)'
inputs:
azureSubscription: 'AzKeyVaultConnection' # Azure Resource Manager service connection
TargetAzurePs: 'LatestVersion'
ScriptType: 'InlineScript'
Inline: |
$ErrorActionPreference = 'Stop'
Write-Host "Signing package with Azure Key Vault certificate..."
dotnet sign code azure-key-vault `
--azure-key-vault-url $(AzureKeyVaultUrl) `
--azure-key-vault-certificate $(AzureKeyVaultCertificate) `
--azure-credential-type azure-powershell `
"$(Build.SourcesDirectory)\TestPackages\MyPackage.1.0.0.nupkg"
Write-Host "exit code: $LASTEXITCODE"
Normally both work fine and identical, but the second task regularly (3 times out of 5) fails with "Azure PowerShell authentication timed out." error.
Using sign v0.9.1-beta.25379.1.
Detailed error log:
fail: Sign.Core.ISigner[0]
Azure PowerShell authentication timed out.
Azure.Identity.AuthenticationFailedException: Azure PowerShell authentication timed out.
at Azure.Identity.AzurePowerShellCredential.RequestAzurePowerShellAccessTokenAsync(Boolean async, TokenRequestContext context, CancellationToken cancellationToken)
at Azure.Identity.AzurePowerShellCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex, String additionalMessage, Boolean isCredentialUnavailable)
at Azure.Identity.AzurePowerShellCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
at Azure.Identity.AzurePowerShellCredential.GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.SetResultOnTcsFromCredentialAsync(TokenRequestContext context, TaskCompletionSource`1 targetTcs, Boolean async, CancellationToken cancellationToken)
at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.GetAuthHeaderValueAsync(HttpMessage message, TokenRequestContext context, Boolean async)
at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.TokenRequestState.GetCurrentHeaderValue(Boolean async, Boolean checkForCompletion, CancellationToken cancellationToken)
at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.GetAuthHeaderValueAsync(HttpMessage message, TokenRequestContext context, Boolean async)
at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AuthenticateAndAuthorizeRequestAsync(HttpMessage message, TokenRequestContext context)
at Azure.Security.KeyVault.ChallengeBasedAuthenticationPolicy.AuthorizeRequestOnChallengeAsyncInternal(HttpMessage message, Boolean async)
at Azure.Security.KeyVault.ChallengeBasedAuthenticationPolicy.ProcessAsyncInternal(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
at Azure.Core.Pipeline.RedirectPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
at Azure.Core.Pipeline.HttpPipeline.SendRequestAsync(Request request, CancellationToken cancellationToken)
at Azure.Security.KeyVault.KeyVaultPipeline.SendRequestAsync(Request request, CancellationToken cancellationToken)
at Azure.Security.KeyVault.KeyVaultPipeline.SendRequestAsync[TResult](RequestMethod method, Func`1 resultFactory, CancellationToken cancellationToken, String[] path)
at Azure.Security.KeyVault.Certificates.CertificateClient.GetCertificateAsync(String certificateName, CancellationToken cancellationToken)
at Sign.SignatureProviders.KeyVault.KeyVaultService.GetCertificateAsync(CancellationToken cancellationToken) in /_/src/Sign.SignatureProviders.KeyVault/KeyVaultService.cs:line 66
at Sign.Core.Signer.SignAsync(IReadOnlyList`1 inputFiles, String outputFile, FileInfo fileList, Boolean recurseContainers, DirectoryInfo baseDirectory, String applicationName, String publisherName, String description, Uri descriptionUrl, Uri timestampUrl, Int32 maxConcurrency, HashAlgorithmName fileHashAlgorithm, HashAlgorithmName timestampHashAlgorithm) in /_/src/Sign.Core/Signer.cs:line 79
exit code: 2