Bug 1403366 - [RFE] CloudForms 4.1 unable to add Azure Gov Cloud Provider
Summary: [RFE] CloudForms 4.1 unable to add Azure Gov Cloud Provider
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Providers
Version: 5.6.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: GA
: 5.8.0
Assignee: Daniel Berger
QA Contact: Jeff Teehan
Depends On:
Blocks: 1404827 1404829 1412355
TreeView+ depends on / blocked
Reported: 2016-12-09 20:06 UTC by myoder
Modified: 2020-04-15 14:57 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1404827 1404829 1412355 (view as bug list)
Last Closed: 2017-06-12 17:24:09 UTC
Category: Bug
Cloudforms Team: Azure
Target Upstream Version:

Attachments (Terms of Use)

Description myoder 2016-12-09 20:06:19 UTC
Description of problem: 
Attempting to configure CloudForms to add an Azure Cloud Provider, but it is not validating our subscription.  Error is "Credential validation was not successful:  Unexpected response returned from system, see log for details".

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:
[----] E, [2016-12-09T09:18:38.993407 #2911:a4c158] ERROR -- : MIQ(ManageIQ::Providers::Azure::CloudManager#verify_credentials) Error Class=ArgumentError, Message=No associated subscription found
[----] W, [2016-12-09T09:18:38.993728 #2911:a4c158]  WARN -- : MIQ(ManageIQ::Providers::Azure::CloudManager#authentication_check_no_validation) type: ["default"] for [] [FILTERED] Validation failed: invalid, Unexpected response returned from system, see log for details
[----] E, [2016-12-09T09:18:38.994108 #2911:a4c158] ERROR -- : MIQ(ems_cloud_controller-create): Credential validation was not successful: Unexpected response returned from system, see log for details
[----] I, [2016-12-09T09:43:55.562077 #2911:a4c158]  INFO -- : <AuditSuccess> MIQ(MiqAeClassController.create_instance) userid: [admin] - [] Record created (name:[azure_instance], description:[], display_name:[], ae_values:[[{"collect"=>nil, "display_name"=>nil, "on_entry"=>nil, "on_error"=>nil, "on_exit"=>nil, "max_retries"=>nil, "max_time"=>nil, "value"=>"azure_instance"}]], ae_fields:[[{"aetype"=>"method", "collect"=>nil, "datatype"=>"[FILTERED]", "default_value"=>nil, "display_name"=>nil, "name"=>"execute", "on_entry"=>nil, "on_error"=>nil, "on_exit"=>nil, "substitute"=>true}]])

Comment 4 Daniel Berger 2016-12-09 23:28:09 UTC
Are you explicitly passing a subscription ID within the UI? That error should only happen if you don't provide one, and it can't find one for your tenant.

Are you able to login with that service principal using the CLI?

    azure login -u <client_id> --service-principal --tenant_id <tenant_id>

Comment 5 Daniel Berger 2016-12-09 23:48:49 UTC
Quick followup, if you try the CLI command, paste in your client key when it asks for a password. Alternatively, just add: -p <client_key> to the previous command.

If you see an error that says something like "Could not remove account from keychain", make sure you do "azure logout -u <current_user>", and then assuming you're using bash:


Then try to login again.

Comment 11 CFME Bot 2016-12-14 16:26:18 UTC
New commit detected on ManageIQ/manageiq/master:

commit 52cc2b94fc0ea22f7c2c3cab91d44f5f59877a1b
Author:     Bronagh Sorota <bsorota>
AuthorDate: Tue Dec 13 15:50:42 2016 -0500
Commit:     Bronagh Sorota <bsorota>
CommitDate: Tue Dec 13 19:20:34 2016 -0500

    Add :disabled_regions setting for ems_azure

 config/settings.yml | 2 ++
 1 file changed, 2 insertions(+)

Comment 12 CFME Bot 2016-12-14 18:04:53 UTC
New commit detected on ManageIQ/manageiq-providers-azure/master:

commit 2a6a00954a39c714df7f0be0609600764888e1fb
Author:     Bronagh Sorota <bsorota>
AuthorDate: Tue Dec 13 16:01:48 2016 -0500
Commit:     Bronagh Sorota <bsorota>
CommitDate: Tue Dec 13 16:01:48 2016 -0500

    Disable/Enable support for specific regions.
    New gov regions added.

 app/models/manageiq/providers/azure/regions.rb | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

Comment 15 Greg Blomquist 2016-12-14 21:19:43 UTC
*** Bug 1404840 has been marked as a duplicate of this bug. ***

Comment 17 Daniel Berger 2017-01-25 21:26:26 UTC

This will at least allow US Gov regions to collect inventory. However, as Greg mentioned in a private comment, Azure does not support events and metrics for US Gov regions at this time.

I think the next step is to integrate either Bronagh's recent changes or Marcel's support Mixin (or both) to avoid making attempts to gather metrics for unsupported regions.

Comment 18 Jeff Teehan 2017-05-03 16:41:04 UTC
This works to the extent I can add the gov provider and manipulate power control and some functions.  It's been working for a while and I just tested it this week.

Moving to verified as of

Note You need to log in before you can comment on or make changes to this bug.