Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Permission denied on msal_token_cache.bin.lockfile
See original GitHub issueDescribe the bug
When running Terraform locally, I get an error originating from the Azure CLI. This happens on several versions, all relatively new, of the azurerm Terraform module. I am able to reproduce the error without going via Terraform, so I think that this issue ought to be filed in this repo.
Command Name
az account get-access-token
Errors:
ERROR: The command failed with an unexpected error. Here is the traceback:
ERROR: [Errno 13] Permission denied: 'C:\\Users\\Per Stolpe\\.azure\\msal_token_cache.bin.lockfile'
Traceback (most recent call last):
File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 231, in invoke
File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 657, in execute
File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 720, in _run_jobs_serially
File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 691, in _run_job
File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 328, in __call__
File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler
File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/profile/custom.py", line 74, in get_access_token
File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/_profile.py", line 381, in get_raw_token
File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/_profile.py", line 588, in _create_credential
File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/auth/identity.py", line 182, in get_user_credential
File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/auth/msal_authentication.py", line 41, in __init__
File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/application.py", line 872, in get_accounts
File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/application.py", line 910, in _find_msal_accounts
File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal_extensions/token_cache.py", line 53, in find
File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal_extensions/cache_lock.py", line 29, in __enter__
File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\portalocker/utils.py", line 199, in __enter__
File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\portalocker/utils.py", line 128, in acquire
File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\portalocker/utils.py", line 175, in _get_fh
PermissionError: [Errno 13] Permission denied: 'C:\\Users\\Per Stolpe\\.azure\\msal_token_cache.bin.lockfile'
To Reproduce:
The azurerm Terraform module fires off several commands in parallel, triggering this error. Since this resembles a race condition, I run below Powershell and wait until it says that something went wrong.
0..1000 | `
Foreach-Object -Parallel {
$subscriptionId = switch ($_ % 9) {
0 { 'subscription id guid'; break }
1 { 'subscription id guid'; break }
2 { 'subscription id guid'; break }
3 { 'subscription id guid'; break }
4 { 'subscription id guid'; break }
5 { 'subscription id guid'; break }
6 { 'subscription id guid'; break }
7 { 'subscription id guid'; break }
8 { 'subscription id guid'; break }
}
az account get-access-token --subscription $subscriptionId
}
Expected Behavior
Just the access token JSON printed a thousand times.
Environment Summary
Windows-10-10.0.19041-SP0
Python 3.8.9
Installer: MSI
azure-cli 2.30.0
Additional Context
When I first tried to recreate this issue using only four subscription ids, it never happened. Thus, it seems that an increasing amount of subscription ids increases the probability of triggering this issue. In my Terraform code, I call multiple Terraform modules, which themselves call other modules, so nine subscription ids is a realistic amount for me at least.
I should add that I have tried to reboot, uninstall and reinstall the CLI.
Issue Analytics
- State:
- Created 2 years ago
- Reactions:1
- Comments:23 (11 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I can confirm that the updated version of the Azure CLI works perfectly for my “real” use-case with Terraform, which caused me to create this issue. Thank you and good job!
@stolpe, @kensykora , @devbeard , thanks for your patience. The issue has been fixed in Azure CLI 2.30+ 's upstream module,
msal-extensions. Now, users of Azure CLI 2.30 and 2.31 can simply upgrade your environment like this:We expect upcoming Azure CLI 2.32 will include this module by default.
(@jiasli , feel free to convert this issue to a Q&A, and mark this message as the final answer.)