Describe the bug
"az network bastion rdp" fails for users who are a member of a large number of groups.
Looking at the debug logs, the token retrieved cannot be used to download the rDP file from bastion
Related command
az network bastion rdp `
--name "<BastionName>" `
--resource-group "<BastianResourceGroupName>" `
--target-resource-id "<VMResourceId>" `
--enable-mfa
Errors
File "C: \Users<User>.azure\cliextensions\bastion\azext_bastion\tunnel.py", line 112, in _get_auth_token
self. last_token = response_json["authToken"]
KeyError: "authToken'
Issue script & Debug output
Working Example (entra user with 20 groups):
cli.azext_bastion.custom: Response
urllib3.connectionpool: Starting new HTTPS connection (1): .bastion.azure.com:443
urllib3.connectionpool: https://.bastion.azure.com:443 "GET /api/rdpfile?resourceId=/subscriptions//resourceGroups//providers/Microsoft.Compute/virtualMachines/&format=rdp&rdpport=3389&enablerdsaad=True HTTP/1.1" 200 None
Failing example (entra user 135 groups):
cli.azext_bastion.custom: Response
urllib3.connectionpool: Starting new HTTPS connection (1): .bastion.azure.com:443
urllib3.connectionpool: https://.bastion.azure.com:443 "GET /api/rdpfile?resourceId=/subscriptions//resourceGroups//providers/Microsoft.Compute/virtualMachines/&format=rdp&rdpport=3389&enablerdsaad=True HTTP/1.1" 400 435
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 663, in execute
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 726, in _run_jobs_serially
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 697, in run_job
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 333, in call
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler
File "C:\Users<User>.azure\cliextensions\bastion\azext_bastion\custom.py", line 304, in rdp_bastion_host
errorMessage = json.loads(response.content).get('message', None)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "json_init.py", line 346, in loads
File "json\decoder.py", line 337, in decode
File "json\decoder.py", line 355, in raw_decode
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
Expected behavior
RDP file downloads and opens
Environment Summary
azure-cli 2.57.0
bastion extension 0.3.0
Windows 11
Additional context
No response
Describe the bug
"az network bastion rdp" fails for users who are a member of a large number of groups.
Looking at the debug logs, the token retrieved cannot be used to download the rDP file from bastion
Related command
Errors
File "C: \Users<User>.azure\cliextensions\bastion\azext_bastion\tunnel.py", line 112, in _get_auth_token
self. last_token = response_json["authToken"]
KeyError: "authToken'
Issue script & Debug output
Working Example (entra user with 20 groups):
cli.azext_bastion.custom: Response
urllib3.connectionpool: Starting new HTTPS connection (1): .bastion.azure.com:443
urllib3.connectionpool: https://.bastion.azure.com:443 "GET /api/rdpfile?resourceId=/subscriptions//resourceGroups//providers/Microsoft.Compute/virtualMachines/&format=rdp&rdpport=3389&enablerdsaad=True HTTP/1.1" 200 None
Failing example (entra user 135 groups):
cli.azext_bastion.custom: Response
urllib3.connectionpool: Starting new HTTPS connection (1): .bastion.azure.com:443
urllib3.connectionpool: https://.bastion.azure.com:443 "GET /api/rdpfile?resourceId=/subscriptions//resourceGroups//providers/Microsoft.Compute/virtualMachines/&format=rdp&rdpport=3389&enablerdsaad=True HTTP/1.1" 400 435
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 663, in execute
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 726, in _run_jobs_serially
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 697, in run_job
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 333, in call
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler
File "C:\Users<User>.azure\cliextensions\bastion\azext_bastion\custom.py", line 304, in rdp_bastion_host
errorMessage = json.loads(response.content).get('message', None)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "json_init.py", line 346, in loads
File "json\decoder.py", line 337, in decode
File "json\decoder.py", line 355, in raw_decode
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
Expected behavior
RDP file downloads and opens
Environment Summary
azure-cli 2.57.0
bastion extension 0.3.0
Windows 11
Additional context
No response