login: Login fails when the service principal key starts with '-'

When the service principal secret starts with -, a known bug in the az cli is triggered, and the login action fails with:

Error: : argument --password/-p: expected one argument

The workaround is to use the -p=<the_secret> syntax instead of -p <the_secret>.

I see there’s actually already an open PR that would fix this.

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Reactions: 6
  • Comments: 21 (2 by maintainers)

Most upvoted comments

Hello Gayatri @BALAGA-GAYATRI

I was able to recreate this issue while going through an AKS learn module w/the github project mslearn-aks-deployment-pipeline-github-actions.

I ran into the issue in Unit 10 of the learn module when asked to create a secret.

az ad sp create-for-rbac --role Contributor --scopes /subscriptions/<SUBSCRIPTION-ID> --sdk-auth

After running the az cli, command, you should get a json payload similar to

{
  "clientId": "<guid/>",
  "clientSecret": "-x68Q~fJhoGVA35Vbo68K5m4TsLzoLR5kqzxido3",
  "subscriptionId": "<guid/>",
  "tenantId": "<guid/>",
  ...
}

If the “clientSecret” starts with a dash, then that service principal is an error condition. To work around the issue for the learn module, I deleted the service principal and created a new one. For you, Microsoft, you can try and recreate service principals until you get one with a “-” clientSecret.

To delete the service principal, you will need the id, to get the id, get the guid taht is the “clientId” and run the following command.

az ad sp list --filter "appId eq '<clientId/>'" -o table

You should get the “Id” as the 2nd column. Then you can delete the service principal and try again repeating the az ad sp create-for-rbac statement until you get a “bad” one.

az ad sp delete --id "<Id/>"

For those who need a work around, recreating a service principal and deleting the “bad” one might be the best alternative, with the az cli commands above can be helpful.

Reference links (note both are the same actual links, just different anchors/fragment) https://learn.microsoft.com/en-us/cli/azure/ad/sp?view=azure-cli-latest#az-ad-sp-list https://learn.microsoft.com/en-us/cli/azure/ad/sp?view=azure-cli-latest#az-ad-sp-delete

+3
ondrelogin on Nov 16, 2022

Is there any timeline for release? We ran into this issue today as well.

+1
joshft91 on Jun 2, 2023

We’re planning the release. Thank you for your patience.

+1
YanaXu on May 31, 2023

@BALAGA-GAYATRI the fix was merged, could you release it to Github Marketplace?

+1
tuskajozsef on Apr 12, 2023

Sorry for the delayed response. We shall take a look and let you know about the changes. Thanks!

+1
BALAGA-GAYATRI on Oct 10, 2022
Read more comments on GitHub
← login: Error: Az CLI Login failed. Please check the credentials and make sure az is installed on the runner.
login: v1 breaks with Error: Login failed →