Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

`az` requires a writable home, even when there's no reason for it

See original GitHub issue

Related command

az storage blob upload

Describe the bug

Traceback (most recent call last):
  File "/opt/az/lib/python3.8/runpy.py", line 194, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "/opt/az/lib/python3.8/runpy.py", line 87, in _run_code
    exec(code, run_globals)
  File "/opt/az/lib/python3.8/site-packages/azure/cli/__main__.py", line 38, in <module>
    az_cli = get_default_cli()
  File "/opt/az/lib/python3.8/site-packages/azure/cli/core/__init__.py", line 903, in get_default_cli
    from azure.cli.core.azlogging import AzCliLogging
  File "/opt/az/lib/python3.8/site-packages/azure/cli/core/azlogging.py", line 30, in <module>
    from azure.cli.core.commands.events import EVENT_INVOKER_PRE_CMD_TBL_TRUNCATE
  File "/opt/az/lib/python3.8/site-packages/azure/cli/core/commands/__init__.py", line 25, in <module>
    from azure.cli.core.extension import get_extension
  File "/opt/az/lib/python3.8/site-packages/azure/cli/core/extension/__init__.py", line 18, in <module>
    az_config = CLIConfig(config_dir=GLOBAL_CONFIG_DIR, config_env_var_prefix=ENV_VAR_PREFIX)
  File "/opt/az/lib/python3.8/site-packages/knack/config.py", line 40, in __init__
    ensure_dir(config_dir)
  File "/opt/az/lib/python3.8/site-packages/knack/util.py", line 115, in ensure_dir
    raise e
  File "/opt/az/lib/python3.8/site-packages/knack/util.py", line 112, in ensure_dir
    os.makedirs(d)
  File "/usr/bin/../../opt/az/lib/python3.8/os.py", line 223, in makedirs
    mkdir(name, mode)
PermissionError: [Errno 13] Permission denied: '/opt/proggy/.azure'

To Reproduce Run az with a non-writable home directory. E.g., in the above example, we are running az storage blob upload with our credentials coming from AZURE_STORAGE_KEY.

Expected behavior If the command can execute, then it should. (If a home dir is required, e.g., if I am asking az login to store an access token, then there’s no way around it and an error is appropriate.)

Environment summary Debian, apt-get.

I'd tell you what version of <tt>az</tt>, but… 
$ az --version
Traceback (most recent call last):
  File "/opt/az/lib/python3.8/runpy.py", line 194, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "/opt/az/lib/python3.8/runpy.py", line 87, in _run_code
    exec(code, run_globals)
  File "/opt/az/lib/python3.8/site-packages/azure/cli/__main__.py", line 38, in <module>
    az_cli = get_default_cli()
  File "/opt/az/lib/python3.8/site-packages/azure/cli/core/__init__.py", line 903, in get_default_cli
    from azure.cli.core.azlogging import AzCliLogging
  File "/opt/az/lib/python3.8/site-packages/azure/cli/core/azlogging.py", line 30, in <module>
    from azure.cli.core.commands.events import EVENT_INVOKER_PRE_CMD_TBL_TRUNCATE
  File "/opt/az/lib/python3.8/site-packages/azure/cli/core/commands/__init__.py", line 25, in <module>
    from azure.cli.core.extension import get_extension
  File "/opt/az/lib/python3.8/site-packages/azure/cli/core/extension/__init__.py", line 18, in <module>
    az_config = CLIConfig(config_dir=GLOBAL_CONFIG_DIR, config_env_var_prefix=ENV_VAR_PREFIX)
  File "/opt/az/lib/python3.8/site-packages/knack/config.py", line 40, in __init__
    ensure_dir(config_dir)
  File "/opt/az/lib/python3.8/site-packages/knack/util.py", line 115, in ensure_dir
    raise e
  File "/opt/az/lib/python3.8/site-packages/knack/util.py", line 112, in ensure_dir
    os.makedirs(d)
  File "/usr/bin/../../opt/az/lib/python3.8/os.py", line 223, in makedirs
    mkdir(name, mode)
PermissionError: [Errno 13] Permission denied: '/opt/proggy/.azure'

dpkg says it is 2.36.0-1~bullseye.

Additional context Security teams & audit reviews want containers to be non-writable these days, unless there is a business reason for them to be otherwise. It is for that reason that ~ is read-only here. Here, we have to explicitly make ~ writable for az, even though nothing about this particular invocation requires it. (In practice, I’m hoping that I can get away with just a writable ~/.azure.)

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:5 (1 by maintainers)

github_iconTop GitHub Comments

1reaction
evelyn-yscommented, Oct 26, 2022

To be simple, CLI may need to create a .azure folder to store some local info, eg, installationId, config, local cache, etc.

0reactions
msftbot[bot]commented, Nov 29, 2022

Hi @roy-work, since you haven’t asked that we “/unresolve” the issue, we’ll close this out. If you believe further discussion is needed, please add a comment “/unresolve” to reopen the issue.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Individual Income Tax Information
For tax years ending on or before December 31, 2019, Individuals with an adjusted gross income of at least $5,500 must file taxes,...
Read more >
Do I Need to Update My Estate Planning Documents if I Move ...
If you have a revocable living trust, it should still be valid in your new state, or in any state for that matter....
Read more >
2021 Publication 523 - IRS
the home, even if without you, to meet the ownership and residence requirements. Also, you may be able to increase your exclusion.
Read more >
President Biden Announces New Actions to Ease the Burden ...
The House-passed reconciliation bill provides funding to preserve over 10,000 HUD-assisted multifamily rental properties that are at risk of ...
Read more >
A Guide to Tax Deductions for Home-Based Business
For those entrepreneurs with a home-based business, there are tax deductions available that can save you money. Here's what you need to know ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

az aks lists fails for some subscriptions where 'ContainerServiceClientConfiguration' object has no attribute 'api_version'

Next page

az staticwebapp update Operation returned an invalid status 'Bad Request'