azure-sdk-for-node
azure-sdk-for-node copied to clipboard
Published
20 hours ago •
Azure
Azure
Application Insights Continuous Export configuration intermittently throwing 'Unauthorized'
We are using “azure-arm-appinsights:2.1.0” for setting up continuous export config of App Insights. We do this configuration setup After ARM template deployment via node CLI – as part of the deployment we generate the Service SAS for the storage account.
We are seeing this issue intermittently (at least once every day) and our node-cli based deployment failing because of this error. Can you please help us here on priority.
ERROR D:\a\r1\a\farmbeats-installer-test\publish\deploymentmanager.js:412 { Error: Unauthorized
at client.pipeline (D:\a\r1\a\farmbeats-installer-test\node_modules\azure-arm-appinsights\lib\operations\exportConfigurations.js:114:19)
at retryCallback (D:\a\r1\a\farmbeats-installer-test\node_modules\ms-rest\lib\filters\systemErrorRetryPolicyFilter.js:89:9)
at retryCallback (D:\a\r1\a\farmbeats-installer-test\node_modules\ms-rest\lib\filters\exponentialRetryPolicyFilter.js:140:9)
at D:\a\r1\a\farmbeats-installer-test\node_modules\ms-rest\lib\filters\rpRegistrationFilter.js:59:14
at handleRedirect (D:\a\r1\a\farmbeats-installer-test\node_modules\ms-rest\lib\filters\redirectFilter.js:39:9)
at D:\a\r1\a\farmbeats-installer-test\node_modules\ms-rest\lib\filters\formDataFilter.js:23:14
at Request.defaultRequest [as _callback] (D:\a\r1\a\farmbeats-installer-test\node_modules\ms-rest\lib\requestPipeline.js:125:16)
at Request.self.callback (D:\a\r1\a\farmbeats-installer-test\node_modules\request\request.js:185:22)
at Request.emit (events.js:198:13)
at Request.<anonymous> (D:\a\r1\a\farmbeats-installer-test\node_modules\request\request.js:1161:10)
statusCode: 401,
request:
{ rawResponse: false,
queryString: {},
url:
'https://management.azure.com/subscriptions/da9091ec-d18f-456c-9c21-5783ee7f4645/resourceGroups/07-30-2019-10-dh/providers/Microsoft.Insights/components/AppInsights-d5dco/exportconfiguration?api-version=2015-05-01',
method: 'GET',
headers:
{ 'Content-Type': 'application/json; charset=utf-8',
'x-ms-client-request-id': '91071cb2-4616-4b1a-a87a-ad13f838c3c6',
'accept-language': 'en-US',
'user-agent':
'Node/v10.16.0 (x64-Windows_NT-10.0.14393) ms-rest/2.5.0 ms-rest-azure/2.6.0 azure-arm-appinsights/2.1.0 Azure-SDK-For-Node' },
body: null },
response:
{ body:
'{"code":"Unauthorized","message":"Unauthorized","innererror":{"diagnosticcontext":"91071cb2-4616-4b1a-a87a-ad13f838c3c6","time":"2019-07-29T23:49:40.7101216Z"}}',
headers:
{ 'cache-control': 'no-cache',
pragma: 'no-cache',
'content-length': '160',
'content-type': 'application/json; charset=utf-8',
expires: '-1',
'x-content-type-options': 'nosniff',
'request-context': 'appId=cid-v1:920e14b1-13f3-461a-a4bb-b4fe6f1a4525',
'access-control-expose-headers': 'Request-Context',
'strict-transport-security': 'max-age=31536000; includeSubDomains',
'x-ms-ratelimit-remaining-subscription-reads': '11965',
server: 'Microsoft-IIS/10.0',
'x-ms-request-id': 'e12d52ca-030a-4447-ac4c-55613b4aab26',
'x-ms-correlation-request-id': 'e12d52ca-030a-4447-ac4c-55613b4aab26',
'x-ms-routing-request-id':
'WESTUS2:20190729T234940Z:e12d52ca-030a-4447-ac4c-55613b4aab26',
date: 'Mon, 29 Jul 2019 23:49:40 GMT',
connection: 'close' },
statusCode: 401 },
code: 'Unauthorized',
body:
{ code: 'Unauthorized',
message: 'Unauthorized',
innererror:
{ diagnosticcontext: '91071cb2-4616-4b1a-a87a-ad13f838c3c6',
time: '2019-07-29T23:49:40.7101216Z' } } }
code for export configuration setup:
// Create a Continuous Export configuration of an Application Insights component.
protected createAppInsightsComponentExport(deploymentProperties: any): Promise<any> {
const client = new ApplicationInsightsManagementClient(this._credentials, this._subscriptionId);
const resourceGroup = deploymentProperties.outputs.resourceGroup.value;
const appInsightsName = deploymentProperties.outputs.appInsightsName.value;
const exportReq: ApplicationInsightsComponentExportRequest = {
destinationAccountId: deploymentProperties.outputs.logsStorageName.value,
destinationAddress: deploymentProperties.outputs.appInsightsLogsContainerServiceSASUrl.value,
destinationStorageLocationId: deploymentProperties.outputs.resourceGroupLocation.value,
destinationStorageSubscriptionId: deploymentProperties.outputs.subscriptionId.value,
destinationType: 'Blob',
isEnabled: 'true',
recordTypes: 'Requests, Event, Exceptions, Metrics, PageViews, PageViewPerformance, Rdd, PerformanceCounters, Availability, Messages',
};
// Get existing exportConfigurations - update or create accordingly
return client.exportConfigurations.list(resourceGroup, appInsightsName)
.then((exportConfigurations: any) => {
if (exportConfigurations.length > 0) {
// Update the existing exportConfiguration
return client.exportConfigurations.update(resourceGroup, appInsightsName, exportConfigurations[0].exportId, exportReq);
} else {
// exportConfiguration doesn't exist - create new one
return client.exportConfigurations.create(resourceGroup, appInsightsName, exportReq)
.then((configurations: any) => {
return Promise.resolve(configurations[0]);
});
}
})
.then((exportConfiguration: any) => {
if (exportConfiguration.exportStatus.toLowerCase() === 'failure') {
const errorMsg = 'Continuous Export configuration of an Application Insights setup failed: ' +
+ exportConfiguration.permanentErrorReason + '. ExportId:' + exportConfiguration.exportId;
fileLogger.error(errorMsg);
return Promise.reject(new Error(errorMsg));
} else {
return Promise.resolve(exportConfiguration.exportId);
}
})
.catch((error: any) => {
fileLogger.error(error);
return Promise.reject(new Error(
`Failed to setup Continuous Export configuration of an Application Insights: ${error.message || (error.body && error.body.message)}`));
});
}
}
// Service SAS token generation - ARM template
"listServiceSasApiVersion":"2019-04-01",
"listServiceSasRequestContent": {
"canonicalizedResource": "[concat('/blob/', parameters('logsStorageName'), '/', variables('appInsightsLogsContainerName'))]",
"signedResource": "c",
"signedPermission": "rwdl",
"signedExpiry": "2220-05-24T11:32:48.8457197Z",
"signedStart": "2019-05-24T11:32:48.8457197Z"
},
"appInsightsLogsContainerServiceSASUrl": {
"type": "string",
"value": "[concat(reference(concat('Microsoft.Storage/storageAccounts/', parameters('logsStorageName'))).primaryEndpoints.blob, variables('appInsightsLogsContainerName'), '?' , listServiceSas(parameters('logsStorageName'), variables('listServiceSasApiVersion'), variables('listServiceSasRequestContent')).serviceSasToken)]"
},
I came upon this issue after seeing the same issue in a PowerShell script, using the Get-AzApplicationInsightsContinuousExport cmdlet. The failure is apparently random. Most of the time it succeeds. If it is at all helpful, here is the stack trace
Exception:
Microsoft.Rest.Azure.CloudException: Unauthorized
at Microsoft.Azure.Management.ApplicationInsights.Management.ExportConfigurationsOperations.<ListWithHttpMessagesAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Azure.Commands.ApplicationInsights.GetApplicationInsightsContinuousExportCommand.ExecuteCmdlet()
at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
Unauthorized
SDK doesn't do much in the authentication. + "Service Attenion" label to include service team to check why 401 is returned randomly. thanks.
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @azmonapplicationinsights.
![msftbot[bot] avatar](https://avatars.githubusercontent.com/in/26612?v=4 "Published by a pub.dev verified publisher"){kind=small}