Describe the bug
I tried to create Service Connector in some Azure Spring App which is supposed to connect to Azure Database for PostgreSQL. But Azure CLI command raised error. the command said that can't connect to database by my account.
I investigated the reason why, and I found that the command tried to connect to database by my login id, not by UserPrincipalName. Before running the command, my account was created as Azure AD admin in Azure Database for PostgreSQL, but its login name is made by UserPrincipalName which is not equal to login Id, because my account is invited user by Azure AD B2B. So, the command failed to connect to database.
Related command
az extension add --name spring
az extension add --name serviceconnector-passwordless --upgrade
az spring connection create postgres-flexible --connection postgresql_03de1 --source-id /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-springapps/providers/Microsoft.AppPlatform/Spring/spa-enterprise/apps/springapp-postgresql/deployments/default --target-id /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-springapps/providers/Microsoft.DBforPostgreSQL/flexibleServers/psgr-msue/databases/testdb --client-type springBoot --system-identity
Errors
Extension 'spring' 1.14.0 is already installed.
Extension 'serviceconnector-passwordless' 0.3.8 is already installed.
Latest version of 'serviceconnector-passwordless' is already installed.
The behavior of this command has been altered by the following extension: serviceconnector-passwordless
Checking if Spring app enables System Identity...
Connecting to database...
Fail to connect to postgresql. connection to server at "xxxxxx.postgres.database.azure.com" (xxx.xxx.xxx.xxx), port 5432 failed: FATAL: password authentication failed for user "xxxx@xxxxxxxx.com"
Add firewall rule svc_hg4ia xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx...(it will be removed after connection is created)
Fail to connect to postgresql. connection to server at "xxxxxx.postgres.database.azure.com" (xxx.xxx.xxx.xxx), port 5432 failed: FATAL: password authentication failed for user "xxxx@xxxxxxx.com"
Do you want to enable access for all IPs to allow local environment connecting to database? (y/n): y
Add firewall rule svc_hg4ia 0.0.0.0 - 255.255.255.255...(it will be removed after connection is created)
Remove database server firewall rule svc_hg4ia to recover...
Fail to connect to postgresql. connection to server at "xxxxxx.postgres.database.azure.com" (xxx.xxx.xxx.xxx), port 5432 failed: FATAL: password authentication failed for user "xxxx@xxxxxxx.com"
Issue script & Debug output
Debug log is too long to write here. If you want to check up the debug log, feel free to mail me.
Expected behavior
Successfully create Service Connector
Environment Summary
azure-cli 2.50.0 *
core 2.50.0 *
telemetry 1.0.8 *
Extensions:
account 0.2.5
azure-devops 0.25.0
containerapp 0.3.10
interactive 0.4.5
serviceconnector-passwordless 0.3.8
spring 1.14.0
Dependencies:
msal 1.22.0
azure-mgmt-resource 23.1.0b2
Python location '/opt/homebrew/Cellar/azure-cli/2.50.0_1/libexec/bin/python'
Extensions directory '/Users/xxxxxxxx/.azure/cliextensions'
Python (Darwin) 3.10.13 (main, Aug 24 2023, 22:36:46) [Clang 14.0.3 (clang-1403.0.22.14.1)]
Legal docs and information: aka.ms/AzureCliLegal
Additional context
No response
Describe the bug
I tried to create Service Connector in some Azure Spring App which is supposed to connect to Azure Database for PostgreSQL. But Azure CLI command raised error. the command said that can't connect to database by my account.
I investigated the reason why, and I found that the command tried to connect to database by my login id, not by UserPrincipalName. Before running the command, my account was created as Azure AD admin in Azure Database for PostgreSQL, but its login name is made by UserPrincipalName which is not equal to login Id, because my account is invited user by Azure AD B2B. So, the command failed to connect to database.
Related command
az extension add --name spring
az extension add --name serviceconnector-passwordless --upgrade
az spring connection create postgres-flexible --connection postgresql_03de1 --source-id /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-springapps/providers/Microsoft.AppPlatform/Spring/spa-enterprise/apps/springapp-postgresql/deployments/default --target-id /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-springapps/providers/Microsoft.DBforPostgreSQL/flexibleServers/psgr-msue/databases/testdb --client-type springBoot --system-identity
Errors
Extension 'spring' 1.14.0 is already installed.
Extension 'serviceconnector-passwordless' 0.3.8 is already installed.
Latest version of 'serviceconnector-passwordless' is already installed.
The behavior of this command has been altered by the following extension: serviceconnector-passwordless
Checking if Spring app enables System Identity...
Connecting to database...
Fail to connect to postgresql. connection to server at "xxxxxx.postgres.database.azure.com" (xxx.xxx.xxx.xxx), port 5432 failed: FATAL: password authentication failed for user "xxxx@xxxxxxxx.com"
Add firewall rule svc_hg4ia xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx...(it will be removed after connection is created)
Fail to connect to postgresql. connection to server at "xxxxxx.postgres.database.azure.com" (xxx.xxx.xxx.xxx), port 5432 failed: FATAL: password authentication failed for user "xxxx@xxxxxxx.com"
Do you want to enable access for all IPs to allow local environment connecting to database? (y/n): y
Add firewall rule svc_hg4ia 0.0.0.0 - 255.255.255.255...(it will be removed after connection is created)
Remove database server firewall rule svc_hg4ia to recover...
Fail to connect to postgresql. connection to server at "xxxxxx.postgres.database.azure.com" (xxx.xxx.xxx.xxx), port 5432 failed: FATAL: password authentication failed for user "xxxx@xxxxxxx.com"
Issue script & Debug output
Debug log is too long to write here. If you want to check up the debug log, feel free to mail me.
Expected behavior
Successfully create Service Connector
Environment Summary
azure-cli 2.50.0 *
core 2.50.0 *
telemetry 1.0.8 *
Extensions:
account 0.2.5
azure-devops 0.25.0
containerapp 0.3.10
interactive 0.4.5
serviceconnector-passwordless 0.3.8
spring 1.14.0
Dependencies:
msal 1.22.0
azure-mgmt-resource 23.1.0b2
Python location '/opt/homebrew/Cellar/azure-cli/2.50.0_1/libexec/bin/python'
Extensions directory '/Users/xxxxxxxx/.azure/cliextensions'
Python (Darwin) 3.10.13 (main, Aug 24 2023, 22:36:46) [Clang 14.0.3 (clang-1403.0.22.14.1)]
Legal docs and information: aka.ms/AzureCliLegal
Additional context
No response