Partial document update fails with managed identity

[mbhaskar]

fetchAll/upsert/create method are working fine. But .patch is throwing below error.

Trace:

97268cd7-4789-47fe-9dfe-2e8d42944e3f | ProductsCleaner | Error: Required Header authorization is missing. Ensure a valid Authorization token is passed. ActivityId: eff8dfcc-c5ee-43af-9f07-691cc6ecc66c, Microsoft.Azure.Documents.Common/2.14.0 at httpRequest (.../node_modules/@azure/cosmos/dist/index.js:7785:31) at runMicrotasks (anonymous) at processTicksAndRejections (internal/process/task_queues.js:95:5) at async execute ((.../node_modules/@azure/cosmos/dist/index.js:7620:26) at async ClientContext.patch (.../node_modules/@azure/cosmos/dist/index.js:8316:30) at async Item.patch (.../node_modules/@azure/cosmos/dist/index.js:4408:26) at async Promise.all (index 0) { code: 401, body: { code: 'Unauthorized', message: 'Required Header authorization is missing. Ensure a valid Authorization token is passed.\r\n' + 'ActivityId: eff8dfcc-c5ee-43af-9f07-691cc6ecc66c, Microsoft.Azure.Documents.Common/2.14.0' }, headers: { 'transfer-encoding': 'chunked', 'content-type': 'application/json', 'content-location': '/docs/', server: 'Microsoft-HTTPAPI/2.0', 'x-ms-activity-id': 'eff8dfcc-c5ee-43af-9f07-691cc6ecc66c', 'strict-transport-security': 'max-age=31536000', 'x-ms-gatewayversion': 'version=2.14.0', date: 'Wed, 02 Mar 2022 21:33:48 GMT', 'x-ms-throttle-retry-count': 0, 'x-ms-throttle-retry-wait-time-ms': 0 }, activityId: 'eff8dfcc-c5ee-43af-9f07-691cc6ecc66c' }

[maorleger]

Note: this could be related to https://github.com/Azure/azure-sdk-for-js/issues/20690

[wup-one]

I'm encountering the same thing. is it advised to try downgrading the @azure/core-http dependency?

EDIT: that didn't seem to help. My @azure/core-http was at 2.2.4 and I brought it down to 2.2.2. I'd hate to move away from managed identities to get patch to work.

[ghost]

We have encountered the same issue, is there any updates on this?

Having done some investigation, I suspect the issue is that https://github.com/Azure/azure-sdk-for-js/blob/4e39a2adcb41d74d42bb37b5836200a20ca3c554/sdk/cosmosdb/cosmos/src/ClientContext.ts#L322 does not pass in the pipeline as pipeline: this.pipeline.

My logic behind this root cause, is that the pipeline uses the aadCredentials has a policy that applies the Authorization header with its bearer token value.

[ghost]

We have verified the following fix works, using https://www.npmjs.com/package/patch-package:

diff --git a/node_modules/@azure/cosmos/dist/index.js b/node_modules/@azure/cosmos/dist/index.js
index d2b45fa..44f4e29 100644
--- a/node_modules/@azure/cosmos/dist/index.js
+++ b/node_modules/@azure/cosmos/dist/index.js
@@ -8302,6 +8302,7 @@ class ClientContext {
                 options,
                 plugins: this.cosmosClientOptions.plugins,
                 partitionKey,
+                pipeline: this.pipeline,
             };
             request$1.headers = await this.buildHeaders(request$1);
             this.applySessionToken(request$1);

[sajeetharan]

@asdaandrewhaigh Thanks for looking into this! We will investigate and make the changes!

[JameelKhan9]

@sajeetharan we have encountered the same issue, any update on the changes?

[ChuckJonas]

Is there an ETA on this fix? Seems like this should be an urgent priority bug...

[sajeetharan]

@ChuckJonas we have tagged it for the milestone-september 28th

[ChuckJonas]

Just checking in... did this go out? Struggling to find a changelog in this monorepo...

[sajeetharan]

hI @ChuckJonas Not yet, we are planning to release this with the next version 3.17.2 in couple of weeks time!

[sajeetharan]

@v1k1 tag the PR for the fix, we will be releasing this with the next release 3.17.2

[sajeetharan]

This is completed and released!