Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error publishing an encrypted (SSE+CMK) image into an Azure Compute Gallery (fka. SIG) with TrustedLaunch enabled #418

Open
j7lloyd opened this issue May 24, 2024 · 3 comments
Open

Error publishing an encrypted (SSE+CMK) image into an Azure Compute Gallery (fka. SIG) with TrustedLaunch enabled #418

j7lloyd opened this issue May 24, 2024 · 3 comments
Labels
stage/waiting-on-upstream This issue is waiting on an upstream change upstream-bug

Comments

@j7lloyd
Copy link

j7lloyd commented May 24, 2024

Overview of the Issue

Seemingly, this isn't the first time the error/bug has been reported. Almost a year ago, in issue #304, @oliverlabs shared an image that encapsulates and illustrates it perfectly, as follows:

image

Specifically, my Temp Packer VM represents the 2nd scenario. i.e. CMK using a Disk Encryption Set with Trusted Launch Security Type.

Reproduction Steps

Use of disk_encryption_set_id and security_type = "TrustedLaunch" together, as demonstrated in the below build file:

Plugin and Packer version

Packer version: 1.10.3
Plugin version: 2.1.4

Simplified Packer Buildfile

source "azure-arm" "windows-vm" {
  client_id       = var.client_id
  client_secret   = var.client_secret
  subscription_id = var.subscription_id
  tenant_id       = var.tenant_id

  build_resource_group_name = "packerbuildenvironment"
  disk_encryption_set_id    = var.des_resource_id
  boot_diag_storage_account = var.boot_diag_sa

  os_type = "Windows"
  vm_size = var.vm_size

  communicator   = "winrm"
  winrm_username = "packer"
  winrm_timeout  = "10m"
  winrm_use_ssl  = true
  winrm_insecure = true
  winrm_no_proxy = true
  winrm_use_ntlm = true

  # Security Type: Trusted Launch
  secure_boot_enabled = true
  vtpm_enabled        = true
  security_type       = "TrustedLaunch"

  virtual_network_resource_group_name = var.vnet_resource_group
  virtual_network_name                = var.vnet_name
  virtual_network_subnet_name         = var.vnet_subnet_name
  managed_image_storage_account_type  = "Premium_LRS"

  shared_image_gallery {
    subscription   = var.subscription_id
    resource_group = var.sig_resource_group
    gallery_name   = var.sig_gallery_name
    image_name     = var.sig_base_image_definition
  }

  shared_image_gallery_destination {
    subscription   = var.subscription_id
    resource_group = var.sig_resource_group
    gallery_name   = var.sig_gallery_name
    image_name     = var.sig_image_definition
    image_version  = var.sig_image_version
    specialized    = true
  }

  user_assigned_managed_identities = [var.uami_resource_id]
}

Operating system and Environment details

RHEL X64
ADOP SHA

Log Fragments and crash.log files

==> azure-arm.windows-apps-vm: Publishing to Shared Image Gallery ...
==> azure-arm.windows-apps-vm:  -> Source ID used for SIG publish        : '/subscriptions/{subscriptionId}/resourceGroups/packerbuildenvironment/providers/Microsoft.Compute/virtualMachines/pkrvm78tjysw78q'
==> azure-arm.windows-apps-vm:  -> SIG publish resource group            : '{resourceGroup}'
==> azure-arm.windows-apps-vm:  -> SIG gallery name                      : '{sigGalleryName}'
==> azure-arm.windows-apps-vm:  -> SIG image name                        : '{sigImageName}'
==> azure-arm.windows-apps-vm:  -> SIG image version                     : '1.0.0'
==> azure-arm.windows-apps-vm:  -> SIG target regions                    : '[{location}]'
==> azure-arm.windows-apps-vm:    -> Region 1 DES Id                     : '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/diskEncryptionSets/{diskEncryptionSet}'
==> azure-arm.windows-apps-vm:  -> SIG storage account type              : ''
==> azure-arm.windows-apps-vm:  -> SIG image version endoflife date      : ''
==> azure-arm.windows-apps-vm:  -> SIG image version exclude from latest : 'false'

==> azure-arm.windows-apps-vm: Call stack: 
==> azure-arm.windows-apps-vm: at Microsoft.Windows.Azure.GCM.Contract.Assert(Boolean condition, String userMessage) in X:\bt\1257000\repo\src\Shared\Lib\Common\Contracts.cs:line 82 
==> azure-arm.windows-apps-vm: at Microsoft.WindowsAzure.PlatformImageRepository.ArtifactService.GoalSeeking.ReplicationBlockBase`3.ValidateDiskRPEncryptionResult(Encryption dmEncryption, Encryption resultEncryption) in X:\bt\1253263\repo\src\CRP-PIR\ArtifactService\GoalSeeking\Blocks\ReplicationBlockBase.cs:line 357 
==> azure-arm.windows-apps-vm: at Microsoft.WindowsAzure.PlatformImageRepository.ArtifactService.GoalSeeking.AllocateSnapshotsBlock.ProcessSingleAllocateSnapshotResult(ReplicatedArtifact replicatedArtifact, VMImageSnapshotResult snapshotResult, Int32 maximumSourceDiskSizeInGb) in X:\bt\1253263\repo\src\CRP-PIR\ArtifactService\GoalSeeking\Blocks\AllocateSnapshotsBlock.cs:line 722 
==> azure-arm.windows-apps-vm: at Microsoft.WindowsAzure.PlatformImageRepository.ArtifactService.GoalSeeking.AllocateSnapshotsBlock.ProcessAllocateSnapshotResults(ReplicatedArtifact replicatedArtifact, VMImageAllocateSnapshotResults allocateSnapshotsResult, Int32 maximumSourceDiskSizeInGb) in X:\bt\1253263\repo\src\CRP-PIR\ArtifactService\GoalSeeking\Blocks\AllocateSnapshotsBlock.cs:line 639 
==> azure-arm.windows-apps-vm: at Microsoft.WindowsAzure.PlatformImageRepository.ArtifactService.GoalSeeking.AllocateSnapshotsBlock.<AllocateSnapshots>d__18.MoveNext() in X:\bt\1253263\repo\src\CRP-PIR\ArtifactService\GoalSeeking\Blocks\AllocateSnapshotsBlock.cs:line 618 
==> azure-arm.windows-apps-vm: at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) 
==> azure-arm.windows-apps-vm: at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) 
==> azure-arm.windows-apps-vm: at System.Runtime.CompilerServices.AsyncMethodBuilderCore.MoveNextRunner.Run() 
==> azure-arm.windows-apps-vm: at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(Action action, Boolean allowInlining, Task& currentTask) 
==> azure-arm.windows-apps-vm: at System.Threading.Tasks.Task.FinishContinuations() 

==> azure-arm.windows-apps-vm: ERROR: -> InternalOperationError : Replication failed in this region due to 'Contract.Assert failed: Data model DiskEncryptionSetId '' does not match DiskRP returned DiskEncryptionSetId '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/diskEncryptionSets/{diskEncryptionSet}' 

==> azure-arm.windows-apps-vm: Status: "InternalOperationError"
==> azure-arm.windows-apps-vm: Code: ""
==> azure-arm.windows-apps-vm: Message: "Replication failed in this region due to 'Contract.Assert failed: Data model DiskEncryptionSetId '' does not match DiskRP returned DiskEncryptionSetId '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/diskEncryptionSets/{diskEncryptionSet}' … "
==> azure-arm.windows-apps-vm: Activity Id: ""
@j7lloyd j7lloyd added the bug label May 24, 2024
@JenGoldstrich
Copy link
Contributor

So today I was able to reproduce this error without using Packer or the Azure plugin.

I created a Windows Virtual Machine using trusted launch with a DES key using SSE+CMK. Then using the Azure CLI i ran tried to create an ACG image version and I see the same failure.

When I try to re-create this through the Azure Portal the portal does not give me an option to set a disk encryption key, and so when I try to capture my encrypted VM through the portal, it just fails due to lack of encryption.

Since we're calling the same API that the Azure CLI is calling I'm not sure if there is a good way to bypass this, I can not find clear Azure documentation that communicates if trusted launch SSE+CMK is supported on ACG at all, and the API tells me that there is a long running bug that breaks it. I know @oliverlabs had been talking to some internal contacts at Microsoft, but I feel like an OS Snapshot is an elaborate way to get around something the API seems like it should support based on the exposed fields. The error we get is an Internal error with a stack trace referring to internal Microsoft error, this makes me believe that either.

A.) Azure does not support SSE+CMK Trusted Launch VMs being saved to ACG (I can find no documentation either way)

B.) There is a long standing bug in the Azure API preventing the creation of Azure ACG images from Trusted Launch SSE+CMK

Our next steps I think will be to try again to reach out to Azure support and get a clear answer on this error, whether it is expected, or even known about, I will follow up if I hear more from them on this

Full error stack below for future context.

$ az sig image-version create --resource-group jennatest \
        --gallery-name test --gallery-image-definition testt \            
        --gallery-image-version 1.0.5 \
        --virtual-machine {secret} \
        --target-regions westus  \
        --target-region-encryption {double-encrypted-key}  --location westus

Code: InternalOperationError
Message: Replication failed in this region due to 'Contract.Assert failed: Data model DiskEncryptionSetId '' does not match DiskRP returned DiskEncryptionSetId '/subscriptions/secret/resourceGroups/SHARED/providers/Microsoft.Compute/diskEncryptionSets/blah'

Call stack:
   at Microsoft.Windows.Azure.GCM.Contract.Assert(Boolean condition, String userMessage) in X:\bt\1257000\repo\src\Shared\Lib\Common\Contracts.cs:line 82
   at Microsoft.WindowsAzure.PlatformImageRepository.ArtifactService.GoalSeeking.ReplicationBlockBase`3.ValidateDiskRPEncryptionResult(Encryption dmEncryption, Encryption resultEncryption) in X:\bt\1253263\repo\src\CRP-PIR\ArtifactService\GoalSeeking\Blocks\ReplicationBlockBase.cs:line 357
   at Microsoft.WindowsAzure.PlatformImageRepository.ArtifactService.GoalSeeking.AllocateSnapshotsBlock.ProcessSingleAllocateSnapshotResult(ReplicatedArtifact replicatedArtifact, VMImageSnapshotResult snapshotResult, Int32 maximumSourceDiskSizeInGb) in X:\bt\1253263\repo\src\CRP-PIR\ArtifactService\GoalSeeking\Blocks\AllocateSnapshotsBlock.cs:line 722
   at Microsoft.WindowsAzure.PlatformImageRepository.ArtifactService.GoalSeeking.AllocateSnapshotsBlock.ProcessAllocateSnapshotResults(ReplicatedArtifact replicatedArtifact, VMImageAllocateSnapshotResults allocateSnapshotsResult, Int32 maximumSourceDiskSizeInGb) in X:\bt\1253263\repo\src\CRP-PIR\ArtifactService\GoalSeeking\Blocks\AllocateSnapshotsBlock.cs:line 639
   at Microsoft.WindowsAzure.PlatformImageRepository.ArtifactService.GoalSeeking.AllocateSnapshotsBlock.<AllocateSnapshots>d__18.MoveNext() in X:\bt\1253263\repo\src\CRP-PIR\ArtifactService\GoalSeeking\Blocks\AllocateSnapshotsBlock.cs:line 618
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.MoveNextRunner.Run()
   at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(Action action, Boolean allowInlining, Task& currentTask)
   at System.Threading.Tasks.Task.FinishContinuations()
   at System.Threading.Tasks.Task`1.TrySetResult(TResult result)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.SetResult(TResult result)
   at Microsoft.WindowsAzure.ResourceProvider.Common.RetryUtilities.<DoLinearRetry>d__2.MoveNext() in X:\bt\1257000\repo\src\Shared\Lib\ResourceProvider.PreCommon\RetryUtilities.cs:line 99
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.MoveNextRunner.Run()
   at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(Action action, Boolean allowInlining, Task& currentTask)
   at System.Threading.Tasks.Task.FinishContinuations()
   at System.Threading.Tasks.Task`1.TrySetResult(TResult result)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.SetResult(TResult result)
   at Microsoft.WindowsAzure.ResourceProvider.Common.RetryUtilities.<Retry>d__1.MoveNext() in X:\bt\1257000\repo\src\Shared\Lib\ResourceProvider.PreCommon\RetryUtilities.cs:line 89
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.MoveNextRunner.Run()
   at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(Action action, Boolean allowInlining, Task& currentTask)
   at System.Threading.Tasks.Task.FinishContinuations()
   at System.Threading.Tasks.Task`1.TrySetResult(TResult result)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.SetResult(TResult result)
   at Microsoft.WindowsAzure.PlatformImageRepository.ArtifactService.GoalSeeking.AllocateSnapshotsBlock.<>c__DisplayClass18_0.<<AllocateSnapshots>b__0>d.MoveNext() in X:\bt\1253263\repo\src\CRP-PIR\ArtifactService\GoalSeeking\Blocks\AllocateSnapshotsBlock.cs:line 612
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.MoveNextRunner.Run()
   at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(Action action, Boolean allowInlining, Task& currentTask)
   at System.Threading.Tasks.Task.FinishContinuations()
   at System.Threading.Tasks.Task`1.TrySetResult(TResult result)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.SetResult(TResult result)
   at Microsoft.WindowsAzure.PlatformImageRepository.ArtifactService.GoalSeeking.AllocateSnapshotsBlock.<CallDiskRPAllocateSnapshots>d__27.MoveNext() in X:\bt\1253263\repo\src\CRP-PIR\ArtifactService\GoalSeeking\Blocks\AllocateSnapshotsBlock.cs:line 951
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.MoveNextRunner.Run()
   at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(Action action, Boolean allowInlining, Task& currentTask)
   at System.Threading.Tasks.Task.FinishContinuations()
   at System.Threading.Tasks.Task`1.TrySetResult(TResult result)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.SetResult(TResult result)
   at Microsoft.Azure.AzureRT.DiskManagement.Shared.DiskRPClient.DiskRPClient.<AllocateSnapshots>d__50.MoveNext() in X:\bt\1257000\repo\src\Shared\Lib\AzureRT.DiskManagement.Shared\DiskRPClient\DiskRPClient.cs:line 1037
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.MoveNextRunner.Run()
   at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(Action action, Boolean allowInlining, Task& currentTask)
   at System.Threading.Tasks.Task.FinishContinuations()
   at System.Threading.Tasks.Task`1.TrySetResult(TResult result)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.SetResult(TResult result)
   at Microsoft.WindowsAzure.ResourceProvider.Common.ReliableHttpClient.<CallWithRetries>d__24`2.MoveNext() in X:\bt\1257000\repo\src\Shared\Lib\ResourceProvider.PreCommon\HTTP\ReliableHttpClient.cs:line 747
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.MoveNextRunner.Run()
   at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(Action action, Boolean allowInlining, Task& currentTask)
   at System.Threading.Tasks.Task.FinishContinuations()
   at System.Threading.Tasks.Task`1.TrySetResult(TResult result)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.SetResult(TResult result)
   at Microsoft.WindowsAzure.ResourceProvider.Common.ReliableHttpClient.<CallWithRetriesFullResponse>d__26`2.MoveNext() in X:\bt\1257000\repo\src\Shared\Lib\ResourceProvider.PreCommon\HTTP\ReliableHttpClient.cs:line 973
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.MoveNextRunner.Run()
   at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(Action action, Boolean allowInlining, Task& currentTask)
   at System.Threading.Tasks.Task.FinishContinuations()
   at System.Threading.Tasks.Task`1.TrySetResult(TResult result)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.SetResult(TResult result)
   at Microsoft.WindowsAzure.CallLogging.PartnerQosCallLogger.<InstrumentCallAsync>d__9`1.MoveNext() in X:\bt\1257000\repo\src\Shared\Lib\Common\CallLogging\PartnerQosCallLogger.cs:line 213
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.MoveNextRunner.Run()
   at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(Action action, Boolean allowInlining, Task& currentTask)
   at System.Threading.Tasks.Task.FinishContinuations()
   at System.Threading.Tasks.Task`1.TrySetResult(TResult result)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.SetResult(TResult result)
   at Microsoft.WindowsAzure.ResourceProvider.Common.ReliableHttpClient.<Poll>d__28`1.MoveNext() in X:\bt\1257000\repo\src\Shared\Lib\ResourceProvider.PreCommon\HTTP\ReliableHttpClient.cs:line 1222
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.MoveNextRunner.Run()
   at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(Action action, Boolean allowInlining, Task& currentTask)
   at System.Threading.Tasks.Task.FinishContinuations()
   at System.Threading.Tasks.Task`1.TrySetResult(TResult result)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.SetResult(TResult result)
   at Microsoft.WindowsAzure.ResourceProvider.Common.ReliableHttpClient.<MakeHttpCallWithExceptionHandling>d__29.MoveNext() in X:\bt\1257000\repo\src\Shared\Lib\ResourceProvider.PreCommon\HTTP\ReliableHttpClient.cs:line 1274
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.MoveNextRunner.Run()
   at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(Action action, Boolean allowInlining, Task& currentTask)
   at System.Threading.Tasks.Task.FinishContinuations()
   at System.Threading.Tasks.Task`1.TrySetResult(TResult result)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.SetResult(TResult result)
   at Microsoft.WindowsAzure.ResourceProvider.Common.ReliableHttpClient.<Call>d__34.MoveNext() in X:\bt\1257000\repo\src\Shared\Lib\ResourceProvider.PreCommon\HTTP\ReliableHttpClient.cs:line 1430
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.MoveNextRunner.Run()
   at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(Action action, Boolean allowInlining, Task& currentTask)
   at System.Threading.Tasks.Task.FinishContinuations()
   at System.Threading.Tasks.Task`1.TrySetResult(TResult result)
   at System.Threading.Tasks.TaskCompletionSource`1.TrySetResult(TResult result)
   at System.Net.Http.HttpClient.SetTaskCompleted(HttpRequestMessage request, CancellationTokenSource cancellationTokenSource, TaskCompletionSource`1 tcs, HttpResponseMessage response)
   at System.Net.Http.HttpClient.<>c__DisplayClass59_0.<StartContentBuffering>b__0(Task contentTask)
   at System.Threading.Tasks.Task.Execute()
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot)
   at System.Threading.Tasks.Task.ExecuteEntry(Boolean bPreventDoubleExecution)
   at System.Threading.Tasks.ThreadPoolTaskScheduler.TryExecuteTaskInline(Task task, Boolean taskWasPreviouslyQueued)
   at System.Threading.Tasks.TaskScheduler.TryRunInline(Task task, Boolean taskWasPreviouslyQueued)
   at System.Threading.Tasks.TaskContinuation.InlineIfPossibleOrElseQueue(Task task, Boolean needsProtection)
   at System.Threading.Tasks.Task.ContinueWithCore(Task continuationTask, TaskScheduler scheduler, CancellationToken cancellationToken, TaskContinuationOptions options)
   at System.Threading.Tasks.Task.ContinueWith(Action`1 continuationAction, TaskScheduler scheduler, CancellationToken cancellationToken, TaskContinuationOptions continuationOptions, StackCrawlMark& stackMark)
   at System.Threading.Tasks.Task.ContinueWith(Action`1 continuationAction, CancellationToken cancellationToken, TaskContinuationOptions continuationOptions, TaskScheduler scheduler)
   at System.Net.Http.HttpUtilities.ContinueWithStandard(Task task, Action`1 continuation)
   at System.Net.Http.HttpClient.<>c__DisplayClass55_0.<SendAsync>b__0(Task`1 task)
   at System.Threading.Tasks.Task.Execute()
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot)
   at System.Threading.Tasks.Task.ExecuteEntry(Boolean bPreventDoubleExecution)
   at System.Threading.Tasks.ThreadPoolTaskScheduler.TryExecuteTaskInline(Task task, Boolean taskWasPreviouslyQueued)
   at System.Threading.Tasks.TaskScheduler.TryRunInline(Task task, Boolean taskWasPreviouslyQueued)
   at System.Threading.Tasks.TaskContinuation.InlineIfPossibleOrElseQueue(Task task, Boolean needsProtection)
   at System.Threading.Tasks.Task.FinishContinuations()
   at System.Threading.Tasks.Task`1.TrySetResult(TResult result)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.SetResult(TResult result)
   at Microsoft.Azure.ResourceProvider.Common.DstsAuthenticationDelegatingHandler.<SendAsync>d__15.MoveNext() in X:\bt\1257000\repo\src\Shared\Lib\ResourceProvider.PreCommon\dSTS\DstsAuthenticationDelegatingHandler.cs:line 198
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.MoveNextRunner.Run()
   at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(Action action, Boolean allowInlining, Task& currentTask)
   at System.Threading.Tasks.Task.FinishContinuations()
   at System.Threading.Tasks.Task`1.TrySetResult(TResult result)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.SetResult(TResult result)
   at Microsoft.Azure.ResourceProvider.Common.DstsAuthenticationDelegatingHandler.<SendRequest>d__19.MoveNext() in X:\bt\1257000\repo\src\Shared\Lib\ResourceProvider.PreCommon\dSTS\DstsAuthenticationDelegatingHandler.cs:line 266
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.MoveNextRunner.Run()
   at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(Action action, Boolean allowInlining, Task& currentTask)
   at System.Threading.Tasks.Task.FinishContinuations()
   at System.Threading.Tasks.Task`1.TrySetResult(TResult result)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.SetResult(TResult result)
   at Microsoft.Azure.ResourceProvider.Common.W3CClientTraceContextHandler.<SendAsync>d__3.MoveNext() in X:\bt\1257000\repo\src\Shared\Lib\ResourceProvider.PreCommon\HTTP\W3CClientTraceContextHandler.cs:line 73
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.MoveNextRunner.Run()
   at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(Action action, Boolean allowInlining, Task& currentTask)
   at System.Threading.Tasks.Task.FinishContinuations()
   at System.Threading.Tasks.Task`1.TrySetResult(TResult result)
   at System.Threading.Tasks.TaskCompletionSource`1.TrySetResult(TResult result)
   at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
   at System.Net.LazyAsyncResult.Complete(IntPtr userToken)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Net.ContextAwareResult.Complete(IntPtr userToken)
   at System.Net.LazyAsyncResult.ProtectedInvokeCallback(Object result, IntPtr userToken)
   at System.Net.HttpWebRequest.ProcessResponse()
   at System.Net.HttpWebRequest.SetResponse(CoreResponseData coreResponseData)
   at System.Net.ConnectionReturnResult.SetResponses(ConnectionReturnResult returnResult)
   at System.Net.Connection.ReadComplete(Int32 bytesRead, WebExceptionStatus errorStatus)
   at System.Net.LazyAsyncResult.Complete(IntPtr userToken)
   at System.Net.LazyAsyncResult.ProtectedInvokeCallback(Object result, IntPtr userToken)
   at System.Net.Security._SslStream.ProcessFrameBody(Int32 readBytes, Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security._SslStream.ReadFrameCallback(AsyncProtocolRequest asyncRequest)
   at System.Net.AsyncProtocolRequest.CompleteRequest(Int32 result)
   at System.Net.FixedSizeReader.CheckCompletionBeforeNextRead(Int32 bytes)
   at System.Net.FixedSizeReader.ReadCallback(IAsyncResult transportResult)
   at System.Net.LazyAsyncResult.Complete(IntPtr userToken)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Net.ContextAwareResult.Complete(IntPtr userToken)
   at System.Net.LazyAsyncResult.ProtectedInvokeCallback(Object result, IntPtr userToken)
   at System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped)
   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)

@oliverlabs
Copy link
Contributor

Hi @JenGoldstrich,

I haven't looked into this since the time I reported the original issue. Last time I looked into it, SSE+CMK Trusted Launch VMs were not supported in ACG. The product group said there was not enough interest from Customers to implement this. It might have changed since (although I doubt it).

@JenGoldstrich
Copy link
Contributor

JenGoldstrich commented May 30, 2024
edited
Loading

Hey @oliverlabs I hope you're well and I appreciate your response, I see, not ideal but good to know that its not officially supported, I will see if I can poke around to get this officially documented because its rather confusing for Azure users. At the very least they could add an error to the API to make this more clear its not supported

So for now this is not able to be solved sadly, lets leave this issue open since the context for this is concise and useful for future maintainers/community members, thanks for opening the issue @j7lloyd

@JenGoldstrich JenGoldstrich mentioned this issue May 30, 2024
Open
@JenGoldstrich JenGoldstrich added the stage/waiting-on-upstream This issue is waiting on an upstream change label Sep 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stage/waiting-on-upstream This issue is waiting on an upstream change upstream-bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@JenGoldstrich @j7lloyd @oliverlabs