apiops
apiops copied to clipboard
Azure
[BUG]EventHub logger with managed identity connection failing to publish
Release version
v6.0.1
Describe the bug
When you extract an event hub logger that has a managed identity connection, the JSON is slightly different than using a connection string. It appears that the actual Named Value name is saved with it instead of the Named Value display name as it is with the connection string. Here is an example of the difference in the credentials property:
EH MI:
"credentials": {
"endpointAddress": "<endpoint address>",
"identityClientId": "{{XXXXXXXXXXXXXXXXXXXXXXXX}}",
"name": "myeventhub"
}
EH ConnectionString:
"credentials": {
"instrumentationKey": "{{Logger-Credentials--XXXXXXXXXXXXXXXXXXXXXXXX}}"
}
Expected behavior
The publisher would lookup the Named Value name instead of the display name if the credentials property contains the identityClientId and use that when it creates/updates the resource.
Actual behavior
I get a 400 as a response code to the PUT request. Here is an example error:
Content: {"error":{"code":"ValidationError","message":"One or more fields contain incorrect values:","details":[{"code":"ValidationError","target":"One or more Properties ['{0}'] specified are missing.","message":"XXXXXXXXXXXXXXXXXXXXXXX"}]}}
crit: publisher[0]
Reproduction Steps
- Create an event hub logger with a managed identity connection
- extract the configuration
- run the publisher
Thank you for opening this issue! Please be patient while we will look into it and get back to you as this is an open source project. In the meantime make sure you take a look at the [closed issues](https://github.com/Azure/apiops/issues?q=is%3Aissue+is%3Aclosed) in case your question has already been answered. Don't forget to provide any additional information if needed (e.g. scrubbed logs, detailed feature requests,etc.).
Whenever it's feasible, please don't hesitate to send a Pull Request (PR) our way. We'd greatly appreciate it, and we'll gladly assess and incorporate your changes.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
I have found that you can work around this issue by providing an over-ride in the configuration.identityClientId to the display name of the Named Value instead of the actual id. Something like this should work:
loggers:
- name: EventHubLogger1
properties:
credentials:
identityClientId: "{{Logger-Credentials--XXXXXXXXXXXXXXXXXXXXXXXX}}"
@anotherRedbeard ifnuiir issue is resolved please close the issue.
Hi @waelkdouh, I don't think it's technically resolved as it should would without you having to add something in the configuration.properties.credentials. From what I'm seeing it's using the named value name when you connect with a MI instead of display name like it does in all other cases. It's possible is a bug in the APIM API...again it's not clear from what I see.
@anotherRedbeard - here is the expected configuration for event hub credentials. It shows various options for connection strings, system-assigned managed identities, and user-assigned managed identities.
Also, as you've noted, the format xxx: "{{some-value}}" means that APIM will obtain the contents from a named value whose display name is some-value.
