You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When using Azure KeyVault as a backend, the sidecar failes with the following error:
Plugin sidecar failed. error generating manifests in cmp: rpc error: code = Unknown desc = error generating manifests: sh -c "kustomize build . | argocd-vault-plugin generate -" failed exit status 1: Error: Replace: could not replace all placeholders in Template:\nazure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://kv-<REDACTED>.vault.azure.net/secrets/<REDACTED>/?api-version=2016-10-01: StatusCode=400 -- Original Error: adal: Refresh request failed. Status Code = '400'. Response body: {\"error\":\"invalid_request\",\"error_description\":\"Identity not found\"} Endpoint http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&client_id=<REDACTED>&resource=https%3A%2F%2Fvault.azure.net
The text was updated successfully, but these errors were encountered:
Eneuman
changed the title
"Identity not found" when using Azure Backend (depecated token url)
"Identity not found" when using Azure Backend (deprecated token url)
Jan 16, 2024
Describe the bug
When using Azure KeyVault as a backend, the sidecar failes with the following error:
Plugin sidecar failed. error generating manifests in cmp: rpc error: code = Unknown desc = error generating manifests:
sh -c "kustomize build . | argocd-vault-plugin generate -"failed exit status 1: Error: Replace: could not replace all placeholders in Template:\nazure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://kv-<REDACTED>.vault.azure.net/secrets/<REDACTED>/?api-version=2016-10-01: StatusCode=400 -- Original Error: adal: Refresh request failed. Status Code = '400'. Response body: {\"error\":\"invalid_request\",\"error_description\":\"Identity not found\"} Endpoint http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&client_id=<REDACTED>&resource=https%3A%2F%2Fvault.azure.net
Looking at the error message it seems like the plugin is using a outdated azure go module that still uses the deprecated (Since June 30, 2023) ADAL Library.
The authentication url: http://169.254.169.254/metadata/identity/oauth2/token is deprecated.
It should have used http://169.254.169.254/metadata/identity/oauth2/v2.0/token
This error is happening in other products aswell: hashicorp/terraform-provider-azurerm#24172
The text was updated successfully, but these errors were encountered: