Skip to content

fix: use azcli login for azcopy in windows#8047

Merged
awesomenix merged 1 commit intomainfrom
nishp/fix/azcopy_scripts
Mar 9, 2026
Merged

fix: use azcli login for azcopy in windows#8047
awesomenix merged 1 commit intomainfrom
nishp/fix/azcopy_scripts

Conversation

@awesomenix
Copy link
Contributor

@awesomenix awesomenix commented Mar 9, 2026

Missed some spots with azcli login

Copilot AI review requested due to automatic review settings March 9, 2026 22:35
@awesomenix awesomenix merged commit 97d6e46 into main Mar 9, 2026
22 of 29 checks passed
@awesomenix awesomenix deleted the nishp/fix/azcopy_scripts branch March 9, 2026 22:37
Copilot AI reviewed Mar 9, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates Windows AzCopy usage to rely on Azure CLI-based authentication instead of MSI for both Windows VHD build-time downloads and Windows e2e log uploads.

Changes:

  • Switch AzCopy auth to AZCLI auto-login and adjust env vars for concurrency.
  • Remove explicit --login-type=MSI usage and add azcopy login calls in Windows scripts.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File Description
vhdbuilder/packer/windows/configure-windows-vhd.ps1 Updates VHD build-time AzCopy download flow to use AZCLI auto-login.
e2e/vmss.go Updates the Windows VM RunCommand log-upload script to use AZCLI auto-login and adds an azcopy login step.

e2e/vmss.go
Comment on lines +619 to +623
$env:AZCOPY_AUTO_LOGIN_TYPE = "AZCLI"
$env:AZCOPY_CONCURRENCY_VALUE = "AUTO"
C:\k\debug\collect-windows-logs.ps1
$CollectedLogs=(Get-ChildItem . -Filter "*_logs.zip" -File)[0].Name
.\azcopy.exe login
Copy link

Copilot AI Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Windows VM RunCommand log-upload script switches AzCopy auth from MSI to AZCLI, but it doesn't install Azure CLI or run az login. If Azure CLI isn't present on the node image (typical), azcopy login/copy will fail and you'll lose failure diagnostics. Either keep MSI-based AzCopy auth here, or add a non-interactive Azure CLI install + az login --identity flow as part of this script.

Suggested change
$env:AZCOPY_AUTO_LOGIN_TYPE = "AZCLI"
$env:AZCOPY_CONCURRENCY_VALUE = "AUTO"
C:\k\debug\collect-windows-logs.ps1
$CollectedLogs=(Get-ChildItem . -Filter "*_logs.zip" -File)[0].Name
.\azcopy.exe login
$env:AZCOPY_AUTO_LOGIN_TYPE = "MSI"
$env:AZCOPY_CONCURRENCY_VALUE = "AUTO"
C:\k\debug\collect-windows-logs.ps1
$CollectedLogs=(Get-ChildItem . -Filter "*_logs.zip" -File)[0].Name
.\azcopy.exe login --identity

Copilot uses AI. Check for mistakes.
e2e/vmss.go
Comment on lines +619 to +620
$env:AZCOPY_AUTO_LOGIN_TYPE = "AZCLI"
$env:AZCOPY_CONCURRENCY_VALUE = "AUTO"
Copy link

Copilot AI Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

uploadLogsPowershellScript still takes $arg3 (and the Go code still passes the VM identity resource ID), but after this change $arg3 is no longer used. Either remove the unused parameter/wiring, or keep MSI-based auth that consumes it, to avoid confusion about which identity AzCopy is using.

Suggested change
$env:AZCOPY_AUTO_LOGIN_TYPE = "AZCLI"
$env:AZCOPY_CONCURRENCY_VALUE = "AUTO"
$env:AZCOPY_AUTO_LOGIN_TYPE = "MSI"
$env:AZCOPY_CONCURRENCY_VALUE = "AUTO"
if (-not [string]::IsNullOrEmpty($arg3)) {
$env:AZCOPY_MSI_RESOURCE_ID = $arg3
}

Copilot uses AI. Check for mistakes.
vhdbuilder/packer/windows/configure-windows-vhd.ps1
Comment on lines 136 to 150
@@ -144,7 +146,7 @@ function Download-FileWithAzCopy

Write-Log "Logging in to AzCopy"
# user_assigned_managed_identities has been bound in vhdbuilder/packer/windows/windows-vhd-builder-sig.json
.\azcopy.exe login --login-type=MSI
.\azcopy.exe login

Copy link

Copilot AI Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AZCOPY_AUTO_LOGIN_TYPE is being switched to AZCLI, but the script never ensures Azure CLI is installed/logged in on the Windows build VM. On a default Windows Server image this typically means azcopy.exe login/copy will fail (or prompt for interactive device login), breaking VHD builds that rely on Download-FileWithAzCopy for private downloads. Consider either (a) explicitly performing a non-interactive az login --identity before running AzCopy (and avoid azcopy login entirely), or (b) keep using --login-type=MSI for headless builds.

Copilot uses AI. Check for mistakes.
vhdbuilder/packer/windows/configure-windows-vhd.ps1
Comment on lines 147 to 150
Write-Log "Logging in to AzCopy"
# user_assigned_managed_identities has been bound in vhdbuilder/packer/windows/windows-vhd-builder-sig.json
.\azcopy.exe login --login-type=MSI
.\azcopy.exe login

Copy link

Copilot AI Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

azcopy.exe login is now invoked with no --login-type, which can default to an interactive device-code flow in automation. Since AZCOPY_AUTO_LOGIN_TYPE is already set, you can usually remove the explicit login call and let AzCopy auto-auth, or force a non-interactive login type explicitly to avoid hanging the build.

Copilot uses AI. Check for mistakes.
awesomenix added a commit that referenced this pull request Mar 10, 2026
@awesomenix
Revert "fix: use azcli login for azcopy in windows (#8047)"
61395c7 
This reverts commit 97d6e46.
@awesomenix awesomenix mentioned this pull request Mar 10, 2026
Merged
awesomenix added a commit that referenced this pull request Mar 10, 2026
@awesomenix
Revert "fix: use azcli login for azcopy in windows (#8047)"
34a2bab 
This reverts commit 97d6e46.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@timmy-wright timmy-wright timmy-wright approved these changes

@juan-lee juan-lee Awaiting requested review from juan-lee juan-lee is a code owner

@cameronmeissner cameronmeissner Awaiting requested review from cameronmeissner cameronmeissner is a code owner

@ganeshkumarashok ganeshkumarashok Awaiting requested review from ganeshkumarashok ganeshkumarashok is a code owner

@Devinwong Devinwong Awaiting requested review from Devinwong Devinwong is a code owner

@lilypan26 lilypan26 Awaiting requested review from lilypan26 lilypan26 is a code owner

@AbelHu AbelHu Awaiting requested review from AbelHu AbelHu is a code owner

@junjiezhang1997 junjiezhang1997 Awaiting requested review from junjiezhang1997 junjiezhang1997 is a code owner

@djsly djsly Awaiting requested review from djsly djsly is a code owner

@phealy phealy Awaiting requested review from phealy phealy is a code owner

@r2k1 r2k1 Awaiting requested review from r2k1 r2k1 is a code owner

@zachary-bailey zachary-bailey Awaiting requested review from zachary-bailey zachary-bailey is a code owner

@mxj220 mxj220 Awaiting requested review from mxj220 mxj220 is a code owner

@pdamianov-dev pdamianov-dev Awaiting requested review from pdamianov-dev pdamianov-dev is a code owner

@calvin197 calvin197 Awaiting requested review from calvin197 calvin197 is a code owner

@sulixu sulixu Awaiting requested review from sulixu sulixu is a code owner

@surajssd surajssd Awaiting requested review from surajssd surajssd is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@awesomenix @timmy-wright