search

Azure / apiops

APIOps applies the concepts of GitOps and DevOps to API deployment. By using practices from these two methodologies, APIOps can enable everyone involved in the lifecycle of API design, development, and deployment with self-service and automated tools to ensure the quality of the specifications and APIs that they’re building.
https://azure.github.io/apiops
MIT License
304 stars 178 forks source link

[BUG]EventHub logger with managed identity connection failing to publish #638

Open anotherRedbeard opened 3 weeks ago

anotherRedbeard commented 3 weeks ago

Release version

v6.0.1

Describe the bug

When you extract an event hub logger that has a managed identity connection, the JSON is slightly different than using a connection string. It appears that the actual Named Value name is saved with it instead of the Named Value display name as it is with the connection string. Here is an example of the difference in the credentials property:

EH MI:

  "credentials": {
      "endpointAddress": "<endpoint address>",
      "identityClientId": "{{XXXXXXXXXXXXXXXXXXXXXXXX}}",
      "name": "myeventhub"
    }

EH ConnectionString:

  "credentials": {
    "instrumentationKey": "{{Logger-Credentials--XXXXXXXXXXXXXXXXXXXXXXXX}}"
  }

Expected behavior

The publisher would lookup the Named Value name instead of the display name if the credentials property contains the identityClientId and use that when it creates/updates the resource.

Actual behavior

I get a 400 as a response code to the PUT request. Here is an example error:

Content: {"error":{"code":"ValidationError","message":"One or more fields contain incorrect values:","details":[{"code":"ValidationError","target":"One or more Properties ['{0}'] specified are missing.","message":"XXXXXXXXXXXXXXXXXXXXXXX"}]}}
crit: publisher[0]

Reproduction Steps

github-actions[bot] commented 3 weeks ago 
  Thank you for opening this issue! Please be patient while we will look into it and get back to you as this is an open source project. In the meantime make sure you take a look at the [closed issues](https://github.com/Azure/apiops/issues?q=is%3Aissue+is%3Aclosed) in case your question has already been answered. Don't forget to provide any additional information if needed (e.g. scrubbed logs, detailed feature requests,etc.).
  Whenever it's feasible, please don't hesitate to send a Pull Request (PR) our way. We'd greatly appreciate it, and we'll gladly assess and incorporate your changes.
anotherRedbeard commented 3 weeks ago

I have found that you can work around this issue by providing an over-ride in the configuration..yaml file that points the identityClientId to the display name of the Named Value instead of the actual id. Something like this should work:

loggers:
  - name: EventHubLogger1
    properties:
      credentials:
        identityClientId: "{{Logger-Credentials--XXXXXXXXXXXXXXXXXXXXXXXX}}"
waelkdouh commented 3 weeks ago

@anotherRedbeard ifnuiir issue is resolved please close the issue.

anotherRedbeard commented 2 weeks ago

@anotherRedbeard ifnuiir issue is resolved please close the issue.

Hi @waelkdouh, I don't think it's technically resolved as it should would without you having to add something in the configuration..yaml file. Based on the docs It's not clear to me what should be in the properties.credentials. From what I'm seeing it's using the named value name when you connect with a MI instead of display name like it does in all other cases. It's possible is a bug in the APIM API...again it's not clear from what I see.

guythetechie commented 2 weeks ago

@anotherRedbeard - here is the expected configuration for event hub credentials. It shows various options for connection strings, system-assigned managed identities, and user-assigned managed identities.

Also, as you've noted, the format xxx: "{{some-value}}" means that APIM will obtain the contents from a named value whose display name is some-value.