Azure-storage-azcopy: AzCopy 10.2.0 segfault on service principal login in Linux

Created on 3 Jul 2019 · 5Comments · Source: Azure/azure-storage-azcopy

Trying to login with service principal in linux using azcopy 10.2.0 results in a segfault. Running

env AZCOPY_SPA_CLIENT_SECRET=<secret> ./azcopy login --service-principal --application-id <id>

with the service principal secret and application-id the client id results in a segfault with the following trace:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x45bbe4]

goroutine 1 [running]:
github.com/Azure/azure-storage-azcopy/common.(*UserOAuthTokenManager).SecretLogin(...)
        /home/vsts/work/1/s/common/oauthTokenManager.go:210 +0xfd
github.com/Azure/azure-storage-azcopy/cmd.loginCmdArgs.process(...)
        /home/vsts/work/1/s/cmd/login.go:173 +0x214
github.com/Azure/azure-storage-azcopy/cmd.init.8.func2(...)
        /home/vsts/work/1/s/cmd/login.go:52 +0x293
github.com/spf13/cobra.(*Command).execute(...)
        /home/vsts/go/pkg/mod/github.com/spf13/[email protected]/command.go:762 +0x465
github.com/spf13/cobra.(*Command).ExecuteC(...)
        /home/vsts/go/pkg/mod/github.com/spf13/[email protected]/command.go:852 +0x2c0
github.com/spf13/cobra.(*Command).Execute(...)
        /home/vsts/go/pkg/mod/github.com/spf13/[email protected]/command.go:800
github.com/Azure/azure-storage-azcopy/cmd.Execute(...)
        /home/vsts/work/1/s/cmd/root.go:85 +0x88
main.main()
        /home/vsts/work/1/s/main.go:60 +0x211

I've tried this both from an Ubuntu 18.04 Azure VM and my local Gentoo laptop, with the same results.

Source

TiloWiklund

Most helpful comment

Perfect! In my case the real problem was forgetting to specify the tenant-id.

TiloWiklund on 3 Jul 2019

👍2

All 5 comments

Thanks @TiloWiklund I can reproduce the error. Looking for root cause now...

JohnRusk on 3 Jul 2019

@TiloWiklund My ability to reproduce this has vanished! The first time, it failed exactly as you show. But now it works successfuly. Did you try it more than once on the same machine? If not, it would be super-helpful if you could try it for a second time on one of the affected machines, and let me know what happens.

JohnRusk on 3 Jul 2019

OK, I've made progress here. The root cause is that, if the authentication fails, AzCopy isn't handling the failure properly. Specifically, it is falling over with the nil reference issue (aka segfault) instead of displaying a nice error message.

To make sure it doesn't fail:
(a) wait at least 5 minutes, after creating the client secret in Portal, before you use it in AzCopy. I think this is a propagation delay in ADD, but I'm just guessing there since the US-based team is asleep right now so I can't ask them.
(b) Be careful to avoid typos etc when putting the client secret into the environment variable. If you've waited at least 5 mins, and its still failing, then probably the issue is in the way the environment variable is set.

BTW, I used

 export AZCOPY_SPA_CLIENT_SECRET=Zpk-REDACTED-
 ./azcopy login --service-principal  --application-id 144-REDACTED

and I tested on Ubuntu 18.x Azure VMs.

The task now for us on the AzCopy team is to fix the error handling. But, in the meantime, as long as you follow (a) and (b) above, the current release is fine to use.

JohnRusk on 3 Jul 2019

👍1