search

Azure / azure-powershell

Microsoft Azure PowerShell
Other
4.23k stars 3.83k forks source link

Publish-AzWebApp fails when getting called via azure function from an azure app service #19383

Closed michvllni closed 1 year ago

michvllni commented 2 years ago

Description

We have a function app (1) that has a system assigned managed identity. This managed identity has the website contributor RBAC role on an app service (2).

1 has an HTTP Trigger that, after receiving information on what to publish, uses Publish-AzWebApp to publish a zip to an azure app service (in this case 2, but for testing I've also created a test function app that only calls 1, same effect).

When calling 1 and telling it via HTTP request to publish an app to 2, it works perfectly well. However, as soon as the HTTP of 1 trigger gets called not from a local machine but from an azure machine, for example 2, (the HTTP Request is exactly the same), the Publish-AzWebApp command fails with the error "The client '[system assigned managed identity of 1]' with object id '[xxx]' does not have authorization to perform action 'Microsoft.Web/sites/config/list/action' over scope '/subscriptions/[xxx]/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2].azurewebsites.net/config/publishingcredentials' or the scope is invalid."

Very simplified the HTTP trigger of 1 looks like this:

using namespace System.Net
param($Request, $TriggerMetadata)
$ResourceGroupName = $Request.Body.ResourceGroupName
$AppServiceName = $Request.Body.AppServiceName
$versionZipPath = "path/to/ziparchive.zip"
Publish-AzWebApp -ArchivePath "$versionZipPath" -ResourceGroupName $ResourceGroupName -Name $AppServiceName -Force

Issue script & Debug output

`Publish-AzWebApp -ArchivePath "$versionZipPath" -ResourceGroupName $ResourceGroupName -Name $AppServiceName -Force`

# OUTPUT WHEN SENT LOCALLY
2022-09-02T10:19:32Z   [Verbose]   DEBUG: 10:19:31 AM - PublishAzureWebAppCmdlet begin processing with ParameterSet 'FromResourceName'.
2022-09-02T10:19:32Z   [Verbose]   DEBUG: 10:19:31 AM - using account id 'MSI@XXX'...
2022-09-02T10:19:32Z   [Verbose]   DEBUG: 10:19:31 AM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
2022-09-02T10:19:46Z   [Verbose]   DEBUG: [Common.Authentication]: Authenticating using Account: 'MSI@XXX', environment: 'AzureCloud', tenant: 'XXX'
2022-09-02T10:19:46Z   [Verbose]   DEBUG: 10:19:31 AM - [ManagedServiceIdentityAuthenticator] Calling ManagedIdentityCredential.GetTokenAsync - TenantId:'XXX', Scopes:'https://management.core.windows.net/', UserId:''
2022-09-02T10:19:46Z   [Verbose]   DEBUG: ManagedIdentityCredential.GetToken invoked. Scopes: [ https://management.core.windows.net/ ] ParentRequestId: 
2022-09-02T10:19:46Z   [Verbose]   DEBUG: Request [59e99dd6-b482-42ff-a54e-8fbc5a9d6600] GET http://127.0.0.1:41443/msi/token/?api-version=2019-08-01&resource=REDACTED
X-IDENTITY-HEADER:REDACTED
x-ms-client-request-id:59e99dd6-b482-42ff-a54e-8fbc5a9d6600
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.6.0,(.NET Core 3.1.27; Microsoft Windows 10.0.14393)
client assembly: Azure.Identity
2022-09-02T10:19:46Z   [Verbose]   DEBUG: Response [59e99dd6-b482-42ff-a54e-8fbc5a9d6600] 200 OK (00.0s)
Date:Fri, 02 Sep 2022 10:19:31 GMT
Server:Kestrel
Transfer-Encoding:chunked
X-CORRELATION-ID:REDACTED
Content-Type:application/json; charset=utf-8
2022-09-02T10:19:46Z   [Verbose]   DEBUG: ManagedIdentityCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net/ ] ParentRequestId:  ExpiresOn: 2022-09-03T10:09:31.0000000+00:00
2022-09-02T10:19:46Z   [Verbose]   DEBUG: [Common.Authentication]: Received token with LoginType 'User', Tenant: 'XXX', UserId: 'MSI@XXX'
2022-09-02T10:19:46Z   [Verbose]   DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
POST

Absolute Uri:
https://management.azure.com/subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2]/config/publishingcredentials/list?api-version=2021-01-15

Headers:
x-ms-client-request-id        : 08d3db28-6fd7-49e3-a54f-87555263a0bb
Accept-Language               : en-US

Body:

2022-09-02T10:19:46Z   [Verbose]   DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
Strict-Transport-Security     : max-age=31536000; includeSubDomains
x-ms-request-id               : fe799dd7-458b-42f3-b1a4-e58f60e49e2c
Server                        : Microsoft-IIS/10.0
X-AspNet-Version              : 4.0.30319
X-Powered-By                  : ASP.NET
x-ms-ratelimit-remaining-subscription-resource-requests: 11999
x-ms-correlation-request-id   : 554b60c2-a82e-43e8-a1d8-4883fcca584a
x-ms-routing-request-id       : GERMANYWESTCENTRAL:20220902T101932Z:554b60c2-a82e-43e8-a1d8-4883fcca584a
X-Content-Type-Options        : nosniff
Date                          : Fri, 02 Sep 2022 10:19:31 GMT

Body:
{
  "id": "/subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2]/publishingcredentials/$[name of 2]",
  "name": "[name of 2]",
  "type": "Microsoft.Web/sites/publishingcredentials",
  "location": "Germany West Central",
  "tags": {},
  "properties": {
    "name": null,
    "publishingUserName": "$[name of 2]",
    "publishingPassword": "PASSWORD",
    "publishingPasswordHash": null,
    "publishingPasswordHashSalt": null,
    "metadata": null,
    "isDeleted": false,
    "scmUri": "https://$[name of 2]:PASSWORD@[name of 2].scm.azurewebsites.net"
  }
}

2022-09-02T10:19:46Z   [Verbose]   DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://management.azure.com/subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2]?api-version=2021-01-15

Headers:
x-ms-client-request-id        : 08d3db28-6fd7-49e3-a54f-87555263a0bb
Accept-Language               : en-US

Body:

2022-09-02T10:19:46Z   [Verbose]   DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
ETag                          : "1D8BE19D6A1068B"
Strict-Transport-Security     : max-age=31536000; includeSubDomains
x-ms-request-id               : d08da382-f232-4f50-ad0c-8dd32c4c7dd3
Server                        : Microsoft-IIS/10.0
X-AspNet-Version              : 4.0.30319
X-Powered-By                  : ASP.NET
x-ms-ratelimit-remaining-subscription-reads: 11999
x-ms-correlation-request-id   : c61b06cd-90aa-461a-a539-40274c18479f
x-ms-routing-request-id       : GERMANYWESTCENTRAL:20220902T101942Z:c61b06cd-90aa-461a-a539-40274c18479f
X-Content-Type-Options        : nosniff
Date                          : Fri, 02 Sep 2022 10:19:41 GMT

Body:
{
  "id": "/subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2]",
  "name": "[name of 2]",
  "type": "Microsoft.Web/sites",
  "kind": "app",
  "location": "Germany West Central",
  "tags": {},
  "properties": {
    "name": "[name of 2]",
    "state": "Running",
    "hostNames": [
      "axinftest.dev.infoma-rwf.app",
      "[name of 2].azurewebsites.net"
    ],
    "webSpace": "rg-rwf-dev-global-GermanyWestCentralwebspace",
    "selfLink": "https://waws-prod-fra-011.api.azurewebsites.windows.net:454/subscriptions/XXX/webspaces/rg-rwf-dev-global-GermanyWestCentralwebspace/sites/[name of 2]",
    "repositorySiteName": "[name of 2]",
    "owner": null,
    "usageState": "Normal",
    "enabled": true,
    "adminEnabled": true,
    "enabledHostNames": [
      "axinftest.dev.infoma-rwf.app",
      "[name of 2].azurewebsites.net",
      "[name of 2].scm.azurewebsites.net"
    ],
    "siteProperties": {
      "metadata": null,
      "properties": [
        {
          "name": "LinuxFxVersion",
          "value": ""
        },
        {
          "name": "WindowsFxVersion",
          "value": null
        }
      ],
      "appSettings": null
    },
    "availabilityState": "Normal",
    "sslCertificates": null,
    "csrs": [],
    "cers": null,
    "siteMode": null,
    "hostNameSslStates": [
      {
        "name": "[name of 2].azurewebsites.net",
        "sslState": "Disabled",
        "ipBasedSslResult": null,
        "virtualIP": null,
        "thumbprint": null,
        "toUpdate": null,
        "toUpdateIpBasedSsl": null,
        "ipBasedSslState": "NotConfigured",
        "hostType": "Standard"
      },
      {
        "name": "axinftest.dev.infoma-rwf.app",
        "sslState": "SniEnabled",
        "ipBasedSslResult": null,
        "virtualIP": null,
        "thumbprint": "44BFA555E2D937FEFE5C9792EA99AD997D4EE2C6",
        "toUpdate": null,
        "toUpdateIpBasedSsl": null,
        "ipBasedSslState": "NotConfigured",
        "hostType": "Standard"
      },
      {
        "name": "[name of 2].scm.azurewebsites.net",
        "sslState": "Disabled",
        "ipBasedSslResult": null,
        "virtualIP": null,
        "thumbprint": null,
        "toUpdate": null,
        "toUpdateIpBasedSsl": null,
        "ipBasedSslState": "NotConfigured",
        "hostType": "Repository"
      }
    ],
    "computeMode": null,
    "serverFarm": null,
    "serverFarmId": "/subscriptions/XXX/resourceGroups/rg-rwf-dev-global/providers/Microsoft.Web/serverfarms/plan-rwf-dev-global",
    "reserved": false,
    "isXenon": false,
    "hyperV": false,
    "lastModifiedTimeUtc": "2022-09-01T15:45:19.1766667",
    "storageRecoveryDefaultState": "Running",
    "contentAvailabilityState": "Normal",
    "runtimeAvailabilityState": "Normal",
    "vnetRouteAllEnabled": false,
    "containerAllocationSubnet": null,
    "useContainerLocalhostBindings": null,
    "vnetImagePullEnabled": false,
    "vnetContentShareEnabled": false,
    "siteConfig": {
      "numberOfWorkers": 1,
      "defaultDocuments": null,
      "netFrameworkVersion": null,
      "phpVersion": null,
      "pythonVersion": null,
      "nodeVersion": null,
      "powerShellVersion": null,
      "linuxFxVersion": "",
      "windowsFxVersion": null,
      "requestTracingEnabled": null,
      "remoteDebuggingEnabled": null,
      "remoteDebuggingVersion": null,
      "httpLoggingEnabled": null,
      "azureMonitorLogCategories": null,
      "acrUseManagedIdentityCreds": false,
      "acrUserManagedIdentityID": null,
      "logsDirectorySizeLimit": null,
      "detailedErrorLoggingEnabled": null,
      "publishingUsername": null,
      "publishingPassword": null,
      "appSettings": null,
      "metadata": null,
      "connectionStrings": null,
      "machineKey": null,
      "handlerMappings": null,
      "documentRoot": null,
      "scmType": null,
      "use32BitWorkerProcess": null,
      "webSocketsEnabled": null,
      "alwaysOn": true,
      "javaVersion": null,
      "javaContainer": null,
      "javaContainerVersion": null,
      "appCommandLine": null,
      "managedPipelineMode": null,
      "virtualApplications": null,
      "winAuthAdminState": null,
      "winAuthTenantState": null,
      "customAppPoolIdentityAdminState": null,
      "customAppPoolIdentityTenantState": null,
      "runtimeADUser": null,
      "runtimeADUserPassword": null,
      "loadBalancing": null,
      "routingRules": null,
      "experiments": null,
      "limits": null,
      "autoHealEnabled": null,
      "autoHealRules": null,
      "tracingOptions": null,
      "vnetName": null,
      "vnetRouteAllEnabled": null,
      "vnetPrivatePortsCount": null,
      "publicNetworkAccess": null,
      "cors": null,
      "push": null,
      "apiDefinition": null,
      "apiManagementConfig": null,
      "autoSwapSlotName": null,
      "localMySqlEnabled": null,
      "managedServiceIdentityId": null,
      "xManagedServiceIdentityId": null,
      "keyVaultReferenceIdentity": null,
      "ipSecurityRestrictions": null,
      "ipSecurityRestrictionsDefaultAction": null,
      "scmIpSecurityRestrictions": null,
      "scmIpSecurityRestrictionsDefaultAction": null,
      "scmIpSecurityRestrictionsUseMain": null,
      "http20Enabled": false,
      "minTlsVersion": null,
      "minTlsCipherSuite": null,
      "supportedTlsCipherSuites": null,
      "scmMinTlsVersion": null,
      "ftpsState": null,
      "preWarmedInstanceCount": null,
      "functionAppScaleLimit": 0,
      "elasticWebAppScaleLimit": null,
      "healthCheckPath": null,
      "fileChangeAuditEnabled": null,
      "functionsRuntimeScaleMonitoringEnabled": null,
      "websiteTimeZone": null,
      "minimumElasticInstanceCount": 0,
      "azureStorageAccounts": null,
      "http20ProxyFlag": null,
      "sitePort": null,
      "antivirusScanEnabled": null,
      "storageType": null
    },
    "deploymentId": "[name of 2]",
    "slotName": null,
    "trafficManagerHostNames": null,
    "sku": "PremiumV3",
    "scmSiteAlsoStopped": false,
    "targetSwapSlot": null,
    "hostingEnvironment": null,
    "hostingEnvironmentProfile": null,
    "clientAffinityEnabled": true,
    "clientCertEnabled": false,
    "clientCertMode": "Required",
    "clientCertExclusionPaths": null,
    "hostNamesDisabled": false,
    "domainVerificationIdentifiers": null,
    "customDomainVerificationId": "CB11D200C441EC55E66A84EBADFBB9987E621CEC5B5181ABD8EF098D647867C6",
    "kind": "app",
    "inboundIpAddress": "51.116.145.36",
    "possibleInboundIpAddresses": "51.116.145.36",
    "ftpUsername": "[name of 2]\\$[name of 2]",
    "ftpsHostName": "ftps://waws-prod-fra-011.ftp.azurewebsites.windows.net/site/wwwroot",
    "outboundIpAddresses": "20.79.96.17,20.79.96.18,20.79.96.19,20.79.96.20,20.79.96.21,20.79.96.22,51.116.145.36",
    "possibleOutboundIpAddresses": "20.79.96.48,20.79.96.0,20.79.96.1,20.79.96.2,20.79.78.140,20.79.96.4,20.79.96.6,20.79.96.10,20.79.96.11,20.79.96.12,20.79.96.13,20.79.96.16,20.79.96.17,20.79.96.18,20.79.96.19,20.79.96.20,20.79.96.21,20.79.96.22,20.79.96.23,20.79.96.25,20.79.96.28,20.79.96.30,20.79.96.31,20.79.96.64,20.79.96.66,20.79.77.246,20.79.96.67,20.79.80.18,20.79.80.20,20.79.80.22,51.116.145.36",
    "containerSize": 0,
    "dailyMemoryTimeQuota": 0,
    "suspendedTill": null,
    "siteDisabledReason": 0,
    "functionExecutionUnitsCache": null,
    "maxNumberOfWorkers": null,
    "homeStamp": "waws-prod-fra-011",
    "cloningInfo": null,
    "hostingEnvironmentId": null,
    "tags": {},
    "resourceGroup": "[resource group of 2]",
    "defaultHostName": "[name of 2].azurewebsites.net",
    "slotSwapStatus": null,
    "httpsOnly": true,
    "redundancyMode": "None",
    "inProgressOperationId": null,
    "geoDistributions": null,
    "privateEndpointConnections": [],
    "publicNetworkAccess": null,
    "buildVersion": null,
    "targetBuildVersion": null,
    "migrationState": null,
    "eligibleLogCategories": "AppServiceAppLogs,AppServiceAuditLogs,AppServiceConsoleLogs,AppServiceHTTPLogs,AppServiceIPSecAuditLogs,AppServicePlatformLogs,ScanLogs,AppServiceFileAuditLogs,AppServiceAntivirusScanAuditLogs",
    "storageAccountRequired": false,
    "virtualNetworkSubnetId": null,
    "keyVaultReferenceIdentity": "SystemAssigned",
    "privateLinkIdentifiers": null
  },
  "identity": {
    "type": "SystemAssigned",
    "tenantId": "XXX",
    "principalId": "2a85a408-68ed-4409-aa42-2c152b4422bc"
  }
}

2022-09-02T10:19:46Z   [Verbose]   DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://management.azure.com/subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2]/config/web?api-version=2021-01-15

Headers:
x-ms-client-request-id        : 08d3db28-6fd7-49e3-a54f-87555263a0bb
Accept-Language               : en-US

Body:

2022-09-02T10:19:46Z   [Verbose]   DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
Strict-Transport-Security     : max-age=31536000; includeSubDomains
x-ms-request-id               : d1ca7a4b-b1cf-43c3-93aa-7bfddd4faffa
Server                        : Microsoft-IIS/10.0
X-AspNet-Version              : 4.0.30319
X-Powered-By                  : ASP.NET
x-ms-ratelimit-remaining-subscription-reads: 11998
x-ms-correlation-request-id   : d72b43f3-c315-4d79-89a2-71cabd2ad1ff
x-ms-routing-request-id       : GERMANYWESTCENTRAL:20220902T101942Z:d72b43f3-c315-4d79-89a2-71cabd2ad1ff
X-Content-Type-Options        : nosniff
Date                          : Fri, 02 Sep 2022 10:19:42 GMT

Body:
{
  "id": "/subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2]/config/web",
  "name": "[name of 2]",
  "type": "Microsoft.Web/sites/config",
  "location": "Germany West Central",
  "tags": {},
  "properties": {
    "numberOfWorkers": 1,
    "defaultDocuments": [
      "Default.htm",
      "Default.html",
      "Default.asp",
      "index.htm",
      "index.html",
      "iisstart.htm",
      "default.aspx",
      "index.php",
      "hostingstart.html"
    ],
    "netFrameworkVersion": "v4.0",
    "phpVersion": "",
    "pythonVersion": "",
    "nodeVersion": "",
    "powerShellVersion": "",
    "linuxFxVersion": "",
    "windowsFxVersion": null,
    "requestTracingEnabled": false,
    "remoteDebuggingEnabled": false,
    "remoteDebuggingVersion": "VS2019",
    "httpLoggingEnabled": false,
    "azureMonitorLogCategories": null,
    "acrUseManagedIdentityCreds": false,
    "acrUserManagedIdentityID": null,
    "logsDirectorySizeLimit": 35,
    "detailedErrorLoggingEnabled": false,
    "publishingUsername": "$[name of 2]",
    "publishingPassword": null,
    "appSettings": null,
    "metadata": null,
    "connectionStrings": null,
    "machineKey": null,
    "handlerMappings": null,
    "documentRoot": null,
    "scmType": "None",
    "use32BitWorkerProcess": true,
    "webSocketsEnabled": false,
    "alwaysOn": true,
    "javaVersion": null,
    "javaContainer": null,
    "javaContainerVersion": null,
    "appCommandLine": "",
    "managedPipelineMode": "Integrated",
    "virtualApplications": [
      {
        "virtualPath": "/",
        "physicalPath": "site\\wwwroot",
        "preloadEnabled": true,
        "virtualDirectories": null
      }
    ],
    "winAuthAdminState": 0,
    "winAuthTenantState": 0,
    "customAppPoolIdentityAdminState": false,
    "customAppPoolIdentityTenantState": false,
    "runtimeADUser": null,
    "runtimeADUserPassword": null,
    "loadBalancing": "LeastRequests",
    "routingRules": [],
    "experiments": {
      "rampUpRules": []
    },
    "limits": null,
    "autoHealEnabled": false,
    "autoHealRules": null,
    "tracingOptions": null,
    "vnetName": "",
    "vnetRouteAllEnabled": false,
    "vnetPrivatePortsCount": 0,
    "publicNetworkAccess": null,
    "siteAuthEnabled": false,
    "siteAuthSettings": {
      "enabled": null,
      "unauthenticatedClientAction": null,
      "tokenStoreEnabled": null,
      "allowedExternalRedirectUrls": null,
      "defaultProvider": null,
      "clientId": null,
      "clientSecret": null,
      "clientSecretSettingName": null,
      "clientSecretCertificateThumbprint": null,
      "issuer": null,
      "allowedAudiences": null,
      "additionalLoginParams": null,
      "isAadAutoProvisioned": false,
      "aadClaimsAuthorization": null,
      "googleClientId": null,
      "googleClientSecret": null,
      "googleClientSecretSettingName": null,
      "googleOAuthScopes": null,
      "facebookAppId": null,
      "facebookAppSecret": null,
      "facebookAppSecretSettingName": null,
      "facebookOAuthScopes": null,
      "gitHubClientId": null,
      "gitHubClientSecret": null,
      "gitHubClientSecretSettingName": null,
      "gitHubOAuthScopes": null,
      "twitterConsumerKey": null,
      "twitterConsumerSecret": null,
      "twitterConsumerSecretSettingName": null,
      "microsoftAccountClientId": null,
      "microsoftAccountClientSecret": null,
      "microsoftAccountClientSecretSettingName": null,
      "microsoftAccountOAuthScopes": null,
      "configVersion": null
    },
    "cors": null,
    "push": null,
    "apiDefinition": null,
    "apiManagementConfig": null,
    "autoSwapSlotName": null,
    "localMySqlEnabled": false,
    "managedServiceIdentityId": 16365,
    "xManagedServiceIdentityId": null,
    "keyVaultReferenceIdentity": null,
    "ipSecurityRestrictions": [
      {
        "ipAddress": "Any",
        "action": "Allow",
        "priority": 2147483647,
        "name": "Allow all",
        "description": "Allow all access"
      }
    ],
    "ipSecurityRestrictionsDefaultAction": null,
    "scmIpSecurityRestrictions": [
      {
        "ipAddress": "Any",
        "action": "Allow",
        "priority": 2147483647,
        "name": "Allow all",
        "description": "Allow all access"
      }
    ],
    "scmIpSecurityRestrictionsDefaultAction": null,
    "scmIpSecurityRestrictionsUseMain": false,
    "http20Enabled": false,
    "minTlsVersion": "1.2",
    "minTlsCipherSuite": null,
    "supportedTlsCipherSuites": null,
    "scmMinTlsVersion": "1.2",
    "ftpsState": "FtpsOnly",
    "preWarmedInstanceCount": 0,
    "functionAppScaleLimit": null,
    "elasticWebAppScaleLimit": 0,
    "healthCheckPath": null,
    "fileChangeAuditEnabled": false,
    "functionsRuntimeScaleMonitoringEnabled": false,
    "websiteTimeZone": null,
    "minimumElasticInstanceCount": 0,
    "azureStorageAccounts": {
      "rwfdata": {
        "type": "AzureFiles",
        "accountName": "strwfdevaxinftest8327",
        "shareName": "rwfdata",
        "accessKey": null,
        "mountPath": "/mounts/rwfdata",
        "state": "Ok"
      }
    },
    "http20ProxyFlag": 0,
    "sitePort": null,
    "antivirusScanEnabled": false,
    "storageType": "StorageVolume"
  }
}

2022-09-02T10:19:46Z   [Verbose]   DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
POST

Absolute Uri:
https://management.azure.com/subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2]/config/appsettings/list?api-version=2021-01-15

Headers:
x-ms-client-request-id        : 08d3db28-6fd7-49e3-a54f-87555263a0bb
Accept-Language               : en-US

Body:

2022-09-02T10:19:46Z   [Verbose]   DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
Strict-Transport-Security     : max-age=31536000; includeSubDomains
x-ms-request-id               : 1aaef922-e540-451e-809d-c290f7e98eb3
Server                        : Microsoft-IIS/10.0
X-AspNet-Version              : 4.0.30319
X-Powered-By                  : ASP.NET
x-ms-ratelimit-remaining-subscription-resource-requests: 11998
x-ms-correlation-request-id   : 5f73f37d-8778-4590-95aa-072c2c1db74d
x-ms-routing-request-id       : GERMANYWESTCENTRAL:20220902T101943Z:5f73f37d-8778-4590-95aa-072c2c1db74d
X-Content-Type-Options        : nosniff
Date                          : Fri, 02 Sep 2022 10:19:42 GMT

Body:
{
  "id": "/subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2]/config/appsettings",
  "name": "appsettings",
  "type": "Microsoft.Web/sites/config",
  "location": "Germany West Central",
  "tags": {},
  "properties": {
    "NavAdministrators": "Manfred.steinacker@axinftest.onmicrosoft.com",
    "appdatapath": "\\mounts\\rwfdata",
    "basenavurl": "https://infoma.api.bc.dynamics.com/v2.0/9ff11aaa-cddc-4df5-97c9-b9e79db1ba1d/AxiansInfomaSandbox/WS",
    "infomaonline:KeyVaultName": "kv-rwf-dev-axinftest8327",
    "infomaonline:RedirectUri": "https://axinftest.dev.infoma-rwf.app/",
    "infomaonline:appservicename": "[name of 2]",
    "infomaonline:resourcegroupname": "[resource group of 2]",
    "infomaonline:updateHostName": "func-rwf-dev-update.azurewebsites.net"
  }
}

2022-09-02T10:19:46Z   [Verbose]   DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
POST

Absolute Uri:
https://management.azure.com/subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2]/config/connectionstrings/list?api-version=2021-01-15

Headers:
x-ms-client-request-id        : 08d3db28-6fd7-49e3-a54f-87555263a0bb
Accept-Language               : en-US

Body:

2022-09-02T10:19:46Z   [Verbose]   DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
Strict-Transport-Security     : max-age=31536000; includeSubDomains
x-ms-request-id               : 248ded56-56aa-4a6a-9ab9-b7b509d634cf
Server                        : Microsoft-IIS/10.0
X-AspNet-Version              : 4.0.30319
X-Powered-By                  : ASP.NET
x-ms-ratelimit-remaining-subscription-resource-requests: 11997
x-ms-correlation-request-id   : 7b8d502d-f0c7-428b-829c-082a13d936ee
x-ms-routing-request-id       : GERMANYWESTCENTRAL:20220902T101944Z:7b8d502d-f0c7-428b-829c-082a13d936ee
X-Content-Type-Options        : nosniff
Date                          : Fri, 02 Sep 2022 10:19:43 GMT

Body:
{
  "id": "/subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2]/config/connectionstrings",
  "name": "connectionstrings",
  "type": "Microsoft.Web/sites/config",
  "location": "Germany West Central",
  "tags": {},
  "properties": {}
}

2022-09-02T10:19:46Z   [Verbose]   DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
POST

Absolute Uri:
https://management.azure.com/subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2]/config/azurestorageaccounts/list?api-version=2021-01-15

Headers:
x-ms-client-request-id        : 08d3db28-6fd7-49e3-a54f-87555263a0bb
Accept-Language               : en-US

Body:

2022-09-02T10:19:46Z   [Verbose]   DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
Strict-Transport-Security     : max-age=31536000; includeSubDomains
x-ms-request-id               : 63ce2f8b-6314-4509-b506-90cdaa4d345c
Server                        : Microsoft-IIS/10.0
X-AspNet-Version              : 4.0.30319
X-Powered-By                  : ASP.NET
x-ms-ratelimit-remaining-subscription-resource-requests: 11996
x-ms-correlation-request-id   : 6cb98a8e-6148-43b7-8348-57da4d4edb96
x-ms-routing-request-id       : GERMANYWESTCENTRAL:20220902T101945Z:6cb98a8e-6148-43b7-8348-57da4d4edb96
X-Content-Type-Options        : nosniff
Date                          : Fri, 02 Sep 2022 10:19:44 GMT

Body:
{
  "id": "/subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2]/config/appsettings",
  "name": "azurestorageaccounts",
  "type": "Microsoft.Web/sites/config",
  "location": "Germany West Central",
  "tags": {},
  "properties": {
    "rwfdata": {
      "type": "AzureFiles",
      "accountName": "strwfdevaxinftest8327",
      "shareName": "rwfdata",
      "accessKey": "M2Gw1EiuBV5PQL4mjfn1BYM+8B17Suc+UQJymxesqZzGusI+cosFcIoaLEUMyXFWTLPFXc+F3K8C+AStluu4mA==",
      "mountPath": "/mounts/rwfdata",
      "state": "Ok"
    }
  }
}

2022-09-02T10:19:46Z   [Information]   OUTPUT: 
2022-09-02T10:19:46Z   [Information]   OUTPUT: AzureStoragePath            : {rwfdata}
2022-09-02T10:19:46Z   [Information]   OUTPUT: GitRemoteName               : 
2022-09-02T10:19:46Z   [Information]   OUTPUT: GitRemoteUri                : 
2022-09-02T10:19:46Z   [Information]   OUTPUT: GitRemoteUsername           : 
2022-09-02T10:19:46Z   [Information]   OUTPUT: GitRemotePassword           : 
2022-09-02T10:19:46Z   [Information]   OUTPUT: AzureStorageAccounts        : 
2022-09-02T10:19:46Z   [Information]   OUTPUT: State                       : Running
2022-09-02T10:19:46Z   [Information]   OUTPUT: HostNames                   : {axinftest.dev.infoma-rwf.app, [name of 2].azurewebsites.net}
2022-09-02T10:19:46Z   [Information]   OUTPUT: RepositorySiteName          : [name of 2]
2022-09-02T10:19:46Z   [Information]   OUTPUT: UsageState                  : Normal
2022-09-02T10:19:46Z   [Information]   OUTPUT: Enabled                     : True
2022-09-02T10:19:46Z   [Information]   OUTPUT: EnabledHostNames            : {axinftest.dev.infoma-rwf.app, [name of 2].azurewebsites.net, [name of 2].scm.azurewebsites.net}
2022-09-02T10:19:46Z   [Information]   OUTPUT: AvailabilityState           : Normal
2022-09-02T10:19:46Z   [Information]   OUTPUT: HostNameSslStates           : {[name of 2].azurewebsites.net, axinftest.dev.infoma-rwf.app, [name of 2].scm.azurewebsites.net}
2022-09-02T10:19:46Z   [Information]   OUTPUT: ServerFarmId                : /subscriptions/XXX/resourceGroups/rg-rwf-dev-global/providers/Microsoft.Web/serverfarms/plan-rwf-dev-global
2022-09-02T10:19:46Z   [Information]   OUTPUT: Reserved                    : False
2022-09-02T10:19:46Z   [Information]   OUTPUT: IsXenon                     : False
2022-09-02T10:19:46Z   [Information]   OUTPUT: HyperV                      : 
2022-09-02T10:19:46Z   [Information]   OUTPUT: LastModifiedTimeUtc         : 9/1/2022 3:45:19 PM
2022-09-02T10:19:46Z   [Information]   OUTPUT: SiteConfig                  : Microsoft.Azure.Management.WebSites.Models.SiteConfig
2022-09-02T10:19:46Z   [Information]   OUTPUT: TrafficManagerHostNames     : 
2022-09-02T10:19:46Z   [Information]   OUTPUT: ScmSiteAlsoStopped          : False
2022-09-02T10:19:46Z   [Information]   OUTPUT: TargetSwapSlot              : 
2022-09-02T10:19:46Z   [Information]   OUTPUT: HostingEnvironmentProfile   : 
2022-09-02T10:19:46Z   [Information]   OUTPUT: ClientAffinityEnabled       : True
2022-09-02T10:19:46Z   [Information]   OUTPUT: ClientCertEnabled           : False
2022-09-02T10:19:46Z   [Information]   OUTPUT: ClientCertMode              : 
2022-09-02T10:19:46Z   [Information]   OUTPUT: ClientCertExclusionPaths    : 
2022-09-02T10:19:46Z   [Information]   OUTPUT: HostNamesDisabled           : False
2022-09-02T10:19:46Z   [Information]   OUTPUT: CustomDomainVerificationId  : CB11D200C441EC55E66A84EBADFBB9987E621CEC5B5181ABD8EF098D647867C6
2022-09-02T10:19:46Z   [Information]   OUTPUT: OutboundIpAddresses         : 20.79.96.17,20.79.96.18,20.79.96.19,20.79.96.20,20.79.96.21,20.79.96.22,51.116.145.36
2022-09-02T10:19:46Z   [Information]   OUTPUT: PossibleOutboundIpAddresses : 20.79.96.48,20.79.96.0,20.79.96.1,20.79.96.2,20.79.78.140,20.79.96.4,20.79.96.6,20.79.96.10,20.79.96.11,20.79.96.12,20.79.96.13,20.79.96.16,20.79.96.17,20.79.96.18,20.79.96.19,20.79.96.20,20.79.96.21,20.79.96.22,20.79.96.23,20.79.96.25,20.79.96.28,20.79.96.30,20.79.96.31,20.79.96.64,20.79.96.66,20.79.77.246,20.79.96.67,20.79.80.18,20.79.80.20,20.79.80.22,51.116.145.36
2022-09-02T10:19:46Z   [Information]   OUTPUT: ContainerSize               : 0
2022-09-02T10:19:46Z   [Information]   OUTPUT: DailyMemoryTimeQuota        : 0
2022-09-02T10:19:46Z   [Information]   OUTPUT: SuspendedTill               : 
2022-09-02T10:19:46Z   [Information]   OUTPUT: MaxNumberOfWorkers          : 
2022-09-02T10:19:46Z   [Information]   OUTPUT: CloningInfo                 : 
2022-09-02T10:19:46Z   [Information]   OUTPUT: ResourceGroup               : [resource group of 2]
2022-09-02T10:19:46Z   [Information]   OUTPUT: IsDefaultContainer          : 
2022-09-02T10:19:46Z   [Information]   OUTPUT: DefaultHostName             : [name of 2].azurewebsites.net
2022-09-02T10:19:46Z   [Information]   OUTPUT: SlotSwapStatus              : 
2022-09-02T10:19:46Z   [Information]   OUTPUT: HttpsOnly                   : True
2022-09-02T10:19:46Z   [Information]   OUTPUT: RedundancyMode              : 
2022-09-02T10:19:46Z   [Information]   OUTPUT: InProgressOperationId       : 
2022-09-02T10:19:46Z   [Information]   OUTPUT: StorageAccountRequired      : 
2022-09-02T10:19:46Z   [Information]   OUTPUT: KeyVaultReferenceIdentity   : 
2022-09-02T10:19:46Z   [Information]   OUTPUT: VirtualNetworkSubnetId      : 
2022-09-02T10:19:46Z   [Information]   OUTPUT: Identity                    : Microsoft.Azure.Management.WebSites.Models.ManagedServiceIdentity
2022-09-02T10:19:46Z   [Information]   OUTPUT: ExtendedLocation            : 
2022-09-02T10:19:46Z   [Information]   OUTPUT: Id                          : /subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2]
2022-09-02T10:19:46Z   [Information]   OUTPUT: Name                        : [name of 2]
2022-09-02T10:19:46Z   [Information]   OUTPUT: Kind                        : app
2022-09-02T10:19:46Z   [Information]   OUTPUT: Location                    : Germany West Central
2022-09-02T10:19:46Z   [Information]   OUTPUT: Type                        : Microsoft.Web/sites
2022-09-02T10:19:46Z   [Information]   OUTPUT: Tags                        : {}
2022-09-02T10:19:46Z   [Information]   OUTPUT: 
2022-09-02T10:19:46Z   [Verbose]   DEBUG: 10:19:45 AM - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True].
2022-09-02T10:19:46Z   [Verbose]   DEBUG: AzureQoSEvent: Module: Az.Websites:2.11.3; CommandName: Publish-AzWebApp; PSVersion: 3.0.0.0; IsSuccess: True; Duration: 00:00:14.0867412
2022-09-02T10:19:46Z   [Verbose]   DEBUG: Finish sending metric.
2022-09-02T10:19:46Z   [Verbose]   DEBUG: 10:19:45 AM - PublishAzureWebAppCmdlet end processing.

# OUTPUT WHEN SENT FROM AN AZURE APP SERVICE
2022-09-02T10:09:48Z   [Verbose]   DEBUG: 10:09:47 AM - PublishAzureWebAppCmdlet begin processing with ParameterSet 'FromResourceName'.
2022-09-02T10:09:48Z   [Verbose]   DEBUG: 10:09:47 AM - using account id 'MSI@XXX'...
2022-09-02T10:09:48Z   [Verbose]   DEBUG: 10:09:47 AM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
2022-09-02T10:09:48Z   [Verbose]   DEBUG: [Common.Authentication]: Authenticating using Account: 'MSI@XXX', environment: 'AzureCloud', tenant: 'XXX'
2022-09-02T10:09:48Z   [Verbose]   DEBUG: 10:09:47 AM - [ManagedServiceIdentityAuthenticator] Calling ManagedIdentityCredential.GetTokenAsync - TenantId:'XXX', Scopes:'https://management.core.windows.net/', UserId:''
2022-09-02T10:09:48Z   [Verbose]   DEBUG: ManagedIdentityCredential.GetToken invoked. Scopes: [ https://management.core.windows.net/ ] ParentRequestId: 
2022-09-02T10:09:48Z   [Verbose]   DEBUG: Request [dab23a8a-d973-47d6-b167-5c003c1cdbeb] GET http://127.0.0.1:41443/msi/token/?api-version=2019-08-01&resource=REDACTED
X-IDENTITY-HEADER:REDACTED
x-ms-client-request-id:dab23a8a-d973-47d6-b167-5c003c1cdbeb
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.6.0,(.NET Core 3.1.27; Microsoft Windows 10.0.14393)
client assembly: Azure.Identity
2022-09-02T10:09:48Z   [Verbose]   DEBUG: Response [dab23a8a-d973-47d6-b167-5c003c1cdbeb] 200 OK (00.0s)
Date:Fri, 02 Sep 2022 10:09:47 GMT
Server:Kestrel
Transfer-Encoding:chunked
X-CORRELATION-ID:REDACTED
Content-Type:application/json; charset=utf-8
2022-09-02T10:09:48Z   [Verbose]   DEBUG: ManagedIdentityCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net/ ] ParentRequestId:  ExpiresOn: 2022-09-03T10:09:31.0000000+00:00
2022-09-02T10:09:48Z   [Verbose]   DEBUG: [Common.Authentication]: Received token with LoginType 'User', Tenant: 'XXX', UserId: 'MSI@XXX'
2022-09-02T10:09:48Z   [Verbose]   DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
POST

Absolute Uri:
https://management.azure.com/subscriptions/XXX/resourceGroups/[rg of 2]/providers/Microsoft.Web/sites/[name of 2]/config/publishingcredentials/list?api-version=2021-01-15

Headers:
x-ms-client-request-id        : 14d96ef2-917f-41bd-a0d7-63213e453803
Accept-Language               : en-US

Body:

2022-09-02T10:09:48Z   [Verbose]   DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
Forbidden

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
x-ms-failure-cause            : gateway
x-ms-request-id               : f4f98dd9-1275-4d22-895f-14dad4213ed8
x-ms-correlation-request-id   : f4f98dd9-1275-4d22-895f-14dad4213ed8
x-ms-routing-request-id       : GERMANYWESTCENTRAL:20220902T100948Z:f4f98dd9-1275-4d22-895f-14dad4213ed8
Strict-Transport-Security     : max-age=31536000; includeSubDomains
X-Content-Type-Options        : nosniff
Date                          : Fri, 02 Sep 2022 10:09:47 GMT
Connection                    : close

Body:
{
  "error": {
    "code": "AuthorizationFailed",
    "message": "The client '[system assigned managed identity of 1]' with object id '[system assigned managed identity of 1]' does not have authorization to perform action 'Microsoft.Web/sites/config/list/action' over scope '/subscriptions/XXX/resourceGroups/[rg of 2]/providers/Microsoft.Web/sites/[name of 2]/config/publishingcredentials' or the scope is invalid. If access was recently granted, please refresh your credentials."
  }
}

2022-09-02T10:09:48Z   [Verbose]   DEBUG: 10:09:48 AM - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True].
2022-09-02T10:09:49Z   [Error]   ERROR: Operation returned an invalid status code 'Forbidden'

Exception             : 
    Type       : Microsoft.Azure.Management.WebSites.Models.DefaultErrorResponseException
    Request    : 
        Method     : POST
        RequestUri : https://management.azure.com/subscriptions/XXX/resourceGroups/[rg of 2]/providers/Microsoft.Web/sites/[name of 2]/config/publishingcredentials/list?api-version=2021-01-15
        Headers    : 
            x-ms-client-request-id : 14d96ef2-917f-41bd-a0d7-63213e453803
            Accept-Language : REDACTED
            Authorization : …
            User-Agent : FxVersion/4.700.22.30802 OSName/Windows OSVersion/Microsoft.Windows.10.0.14393 Microsoft.Azure.Management.WebSites.WebSiteManagementClient/3.1.2 AzurePowershell/v0.0.0 PSVersion/v3.0.0.0 Az.Websites/2.11.3
            CommandName : REDACTED
            ParameterSetName : REDACTED

    Response   : 
        StatusCode   : Forbidden
        ReasonPhrase : Forbidden
        Content      : {"error":{"code":"AuthorizationFailed","message":"The client '[system assigned managed identity of 1]' with object id '[system assigned managed identity of 1]' does not have authorization to perform action 'Microsoft.Web/sites/config/list/action' over scope '/subscriptions/XXX/resourceGroups/[rg of 2]/providers/Microsoft.Web/sites/[name of 2]/config/publishingcredentials' or the scope is invalid. If access was recently granted, please refresh your credentials."}}
        Headers      : 
            Cache-Control : no-cache
            Pragma : no-cache
            x-ms-failure-cause : gateway
            x-ms-request-id : f4f98dd9-1275-4d22-895f-14dad4213ed8
            x-ms-correlation-request-id : f4f98dd9-1275-4d22-895f-14dad4213ed8
            x-ms-routing-request-id : GERMANYWESTCENTRAL:20220902T100948Z:f4f98dd9-1275-4d22-895f-14dad4213ed8
            Strict-Transport-Security : max-age=31536000; includeSubDomains
            X-Content-Type-Options : nosniff
            Date : Fri, 02 Sep 2022 10:09:47 GMT
            Connection : close
            Content-Type : application/json; charset=utf-8
            Expires : -1
            Content-Length : 515

    Body       : Microsoft.Azure.Management.WebSites.Models.DefaultErrorResponse
    TargetSite : 
        Name          : MoveNext
        DeclaringType : Microsoft.Azure.Management.WebSites.WebAppsOperations+<BeginListPublishingCredentialsWithHttpMessagesAsync>d__398, Microsoft.Azure.Management.Websites, Version=3.1.2.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
        MemberType    : Method
        Module        : Microsoft.Azure.Management.Websites.dll
    StackTrace : 
   at Microsoft.Azure.Management.WebSites.WebAppsOperations.BeginListPublishingCredentialsWithHttpMessagesAsync(String resourceGroupName, String name, Dictionary`2 customHeaders, CancellationToken cancellationToken)
   at Microsoft.Azure.Management.WebSites.WebAppsOperations.ListPublishingCredentialsWithHttpMessagesAsync(String resourceGroupName, String name, Dictionary`2 customHeaders, CancellationToken cancellationToken)
   at Microsoft.Azure.Management.WebSites.WebAppsOperationsExtensions.ListPublishingCredentialsAsync(IWebAppsOperations operations, String resourceGroupName, String name, CancellationToken cancellationToken)
   at Microsoft.Azure.Management.WebSites.WebAppsOperationsExtensions.ListPublishingCredentials(IWebAppsOperations operations, String resourceGroupName, String name)
   at Microsoft.Azure.Commands.WebApps.Utilities.WebsitesClient.GetPublishingCredentials(String resourceGroupName, String webSiteName, String slotName)
   at Microsoft.Azure.Commands.WebApps.Cmdlets.WebApps.PublishAzureWebAppCmdlet.ExecuteCmdlet()
   at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.<>c__3`1.<ExecuteSynchronouslyOrAsJob>b__3_0(T c)
   at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet, Action`1 executor)
   at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet)
   at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
    Message    : Operation returned an invalid status code 'Forbidden'
    Source     : Microsoft.Azure.Management.Websites
    HResult    : -2146233088
CategoryInfo          : CloseError: (:) [Publish-AzWebApp], DefaultErrorResponseException
FullyQualifiedErrorId : Microsoft.Azure.Commands.WebApps.Cmdlets.WebApps.PublishAzureWebAppCmdlet
InvocationInfo        : 
    MyCommand        : Publish-AzWebApp
    ScriptLineNumber : 53
    OffsetInLine     : 1
    HistoryId        : 1
    ScriptName       : C:\home\site\wwwroot\Update\run.ps1
    Line             : Publish-AzWebApp -ArchivePath "$versionZipPath" -ResourceGroupName $ResourceGroupName -Name $AppServiceName -Force

    PositionMessage  : At C:\home\site\wwwroot\Update\run.ps1:53 char:1
                       + Publish-AzWebApp -ArchivePath "$versionZipPath" -ResourceGroupName $R …
                       + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    PSScriptRoot     : C:\home\site\wwwroot\Update
    PSCommandPath    : C:\home\site\wwwroot\Update\run.ps1
    InvocationName   : Publish-AzWebApp
    CommandOrigin    : Internal
ScriptStackTrace      : at <ScriptBlock>, C:\home\site\wwwroot\Update\run.ps1: line 53
PipelineIterationInfo : 

2022-09-02T10:09:49Z   [Verbose]   DEBUG: 10:09:49 AM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
2022-09-02T10:09:49Z   [Verbose]   DEBUG: AzureQoSEvent: Module: Az.Websites:2.11.3; CommandName: Publish-AzWebApp; PSVersion: 3.0.0.0; IsSuccess: False; Duration: 00:00:01.5049918; Exception: Operation returned an invalid status code 'Forbidden';
2022-09-02T10:09:49Z   [Verbose]   DEBUG: Finish sending metric.
2022-09-02T10:09:49Z   [Verbose]   DEBUG: 10:09:49 AM - PublishAzureWebAppCmdlet end processing.
2022-09-02T10:09:49Z   [Information]   INFORMATION: Resolve-AzError:
2022-09-02T10:09:49Z   [Verbose]   DEBUG: 10:09:49 AM - ResolveError begin processing with ParameterSet 'AnyErrorParameterSet'.
2022-09-02T10:09:49Z   [Verbose]   DEBUG: 10:09:49 AM - using account id 'MSI@XXX'...
2022-09-02T10:09:49Z   [Verbose]   DEBUG: 10:09:49 AM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].

Environment data

2022-09-02T10:09:40Z   [Information]   OUTPUT: Name                           Value
2022-09-02T10:09:40Z   [Information]   OUTPUT: ----                           -----
2022-09-02T10:09:40Z   [Information]   OUTPUT: PSVersion                      7.0.11
2022-09-02T10:09:40Z   [Information]   OUTPUT: PSEdition                      Core
2022-09-02T10:09:40Z   [Information]   OUTPUT: GitCommitId                    7.0.11
2022-09-02T10:09:40Z   [Information]   OUTPUT: OS                             Microsoft Windows 10.0.14393
2022-09-02T10:09:40Z   [Information]   OUTPUT: Platform                       Win32NT
2022-09-02T10:09:40Z   [Information]   OUTPUT: PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
2022-09-02T10:09:40Z   [Information]   OUTPUT: PSRemotingProtocolVersion      2.3
2022-09-02T10:09:40Z   [Information]   OUTPUT: SerializationVersion           1.1.0.1
2022-09-02T10:09:40Z   [Information]   OUTPUT: WSManStackVersion              3.0

Module versions

2022-09-02T10:09:40Z   [Information]   OUTPUT: 
2022-09-02T10:09:40Z   [Information]   OUTPUT: Name              : Az.Accounts
2022-09-02T10:09:40Z   [Information]   OUTPUT: Path              : C:\home\data\ManagedDependencies\2208301447399459688.r\Az.Accounts\2.9.1\Az.Accounts.psm1
2022-09-02T10:09:40Z   [Information]   OUTPUT: Description       : Microsoft Azure PowerShell - Accounts credential management cmdlets for Azure Resource Manager in Windows PowerShell and PowerShell Core.
2022-09-02T10:09:40Z   [Information]   OUTPUT:                     
2022-09-02T10:09:40Z   [Information]   OUTPUT:                     For more information on account credential management, please visit the following: https://docs.microsoft.com/powershell/azure/authenticate-azureps
2022-09-02T10:09:40Z   [Information]   OUTPUT: Guid              : 17a2feff-488b-47f9-8729-e2cec094624c
2022-09-02T10:09:40Z   [Information]   OUTPUT: Version           : 2.9.1
2022-09-02T10:09:40Z   [Information]   OUTPUT: ModuleBase        : C:\home\data\ManagedDependencies\2208301447399459688.r\Az.Accounts\2.9.1
2022-09-02T10:09:40Z   [Information]   OUTPUT: ModuleType        : Script
2022-09-02T10:09:40Z   [Information]   OUTPUT: PrivateData       : {PSData}
2022-09-02T10:09:40Z   [Information]   OUTPUT: AccessMode        : ReadWrite
2022-09-02T10:09:40Z   [Information]   OUTPUT: ExportedAliases   : {[Add-AzAccount, Add-AzAccount], [Get-AzDomain, Get-AzDomain], [Invoke-AzRest, Invoke-AzRest], [Login-AzAccount, Login-AzAccount]…}
2022-09-02T10:09:40Z   [Information]   OUTPUT: ExportedCmdlets   : {[Add-AzEnvironment, Add-AzEnvironment], [Clear-AzConfig, Clear-AzConfig], [Clear-AzContext, Clear-AzContext], [Clear-AzDefault, Clear-AzDefault]…}
2022-09-02T10:09:40Z   [Information]   OUTPUT: ExportedFunctions : {}
2022-09-02T10:09:40Z   [Information]   OUTPUT: ExportedVariables : {}
2022-09-02T10:09:40Z   [Information]   OUTPUT: NestedModules     : {Microsoft.Azure.PowerShell.Cmdlets.Accounts}
2022-09-02T10:09:40Z   [Information]   OUTPUT: 
2022-09-02T10:09:40Z   [Information]   OUTPUT: 
2022-09-02T10:09:40Z   [Information]   OUTPUT: Name              : Az.Storage
2022-09-02T10:09:40Z   [Information]   OUTPUT: Path              : C:\home\data\ManagedDependencies\2208301447399459688.r\Az.Storage\4.8.0\Az.Storage.psm1
2022-09-02T10:09:40Z   [Information]   OUTPUT: Description       : Microsoft Azure PowerShell - Storage service data plane and management cmdlets for Azure Resource Manager in Windows PowerShell and PowerShell Core.  Creates and manages storage accounts in Azure Resource Manager.
2022-09-02T10:09:40Z   [Information]   OUTPUT:                     
2022-09-02T10:09:40Z   [Information]   OUTPUT:                     For more information on Storage, please visit the following: https://docs.microsoft.com/azure/storage/
2022-09-02T10:09:40Z   [Information]   OUTPUT: Guid              : dfa9e4ea-1407-446d-9111-79122977ab20
2022-09-02T10:09:40Z   [Information]   OUTPUT: Version           : 4.8.0
2022-09-02T10:09:40Z   [Information]   OUTPUT: ModuleBase        : C:\home\data\ManagedDependencies\2208301447399459688.r\Az.Storage\4.8.0
2022-09-02T10:09:40Z   [Information]   OUTPUT: ModuleType        : Script
2022-09-02T10:09:40Z   [Information]   OUTPUT: PrivateData       : {PSData}
2022-09-02T10:09:40Z   [Information]   OUTPUT: AccessMode        : ReadWrite
2022-09-02T10:09:40Z   [Information]   OUTPUT: ExportedAliases   : {[Disable-AzStorageSoftDelete, Disable-AzStorageSoftDelete], [Enable-AzStorageSoftDelete, Enable-AzStorageSoftDelete], [Get-AzDatalakeGen2FileSystem, Get-AzDatalakeGen2FileSystem], [Get-AzStorageContainerAcl, Get-AzStorageContainerAcl]…}
2022-09-02T10:09:40Z   [Information]   OUTPUT: ExportedCmdlets   : {[Add-AzRmStorageContainerLegalHold, Add-AzRmStorageContainerLegalHold], [Add-AzStorageAccountManagementPolicyAction, Add-AzStorageAccountManagementPolicyAction], [Add-AzStorageAccountNetworkRule, Add-AzStorageAccountNetworkRule], [Close-AzStorageFileHandle, Close-AzStorageFileHandle]…}
2022-09-02T10:09:40Z   [Information]   OUTPUT: ExportedFunctions : {}
2022-09-02T10:09:40Z   [Information]   OUTPUT: ExportedVariables : {}
2022-09-02T10:09:40Z   [Information]   OUTPUT: NestedModules     : {Microsoft.Azure.PowerShell.Cmdlets.Storage.Management, Microsoft.Azure.PowerShell.Cmdlets.Storage}

Error output

2022-09-02T10:09:49Z   [Verbose]   DEBUG: 10:09:49 AM - ResolveError begin processing with ParameterSet 'AnyErrorParameterSet'.
2022-09-02T10:09:49Z   [Verbose]   DEBUG: 10:09:49 AM - using account id 'MSI@XXX'...
2022-09-02T10:09:49Z   [Verbose]   DEBUG: 10:09:49 AM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
2022-09-02T10:09:49Z   [Warning]   WARNING: Upcoming breaking changes in the cmdlet 'Resolve-AzError' :
The `Resolve-Error` alias will be removed in a future release.  Please change any scripts that use this alias to use `Resolve-AzError` instead.
Note : Go to https://aka.ms/azps-changewarnings for steps to suppress this breaking change warning, and other information on breaking changes in Azure PowerShell.
2022-09-02T10:09:49Z   [Information]   OUTPUT: 
2022-09-02T10:09:49Z   [Information]   OUTPUT: InnerException   : False
2022-09-02T10:09:49Z   [Information]   OUTPUT: Exception        : Microsoft.Azure.Management.WebSites.Models.DefaultErrorResponseException: Operation returned an invalid status code 'Forbidden'
2022-09-02T10:09:49Z   [Information]   OUTPUT:                       at Microsoft.Azure.Management.WebSites.WebAppsOperations.BeginListPublishingCredentialsWithHttpMessagesAsync(String resourceGroupName, String name, Dictionary`2 customHeaders, CancellationToken cancellationToken)
2022-09-02T10:09:49Z   [Information]   OUTPUT:                       at Microsoft.Azure.Management.WebSites.WebAppsOperations.ListPublishingCredentialsWithHttpMessagesAsync(String resourceGroupName, String name, Dictionary`2 customHeaders, CancellationToken cancellationToken)
2022-09-02T10:09:49Z   [Information]   OUTPUT:                       at Microsoft.Azure.Management.WebSites.WebAppsOperationsExtensions.ListPublishingCredentialsAsync(IWebAppsOperations operations, String resourceGroupName, String name, CancellationToken cancellationToken)
2022-09-02T10:09:49Z   [Information]   OUTPUT:                       at Microsoft.Azure.Management.WebSites.WebAppsOperationsExtensions.ListPublishingCredentials(IWebAppsOperations operations, String resourceGroupName, String name)
2022-09-02T10:09:49Z   [Information]   OUTPUT:                       at Microsoft.Azure.Commands.WebApps.Utilities.WebsitesClient.GetPublishingCredentials(String resourceGroupName, String webSiteName, String slotName)
2022-09-02T10:09:49Z   [Information]   OUTPUT:                       at Microsoft.Azure.Commands.WebApps.Cmdlets.WebApps.PublishAzureWebAppCmdlet.ExecuteCmdlet()
2022-09-02T10:09:49Z   [Information]   OUTPUT:                       at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.<>c__3`1.<ExecuteSynchronouslyOrAsJob>b__3_0(T c)
2022-09-02T10:09:49Z   [Information]   OUTPUT:                       at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet, Action`1 executor)
2022-09-02T10:09:49Z   [Information]   OUTPUT:                       at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet)
2022-09-02T10:09:49Z   [Information]   OUTPUT:                       at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
2022-09-02T10:09:49Z   [Information]   OUTPUT: Message          : Operation returned an invalid status code 'Forbidden'
2022-09-02T10:09:49Z   [Information]   OUTPUT: StackTrace       :    at Microsoft.Azure.Management.WebSites.WebAppsOperations.BeginListPublishingCredentialsWithHttpMessagesAsync(String resourceGroupName, String name, Dictionary`2 customHeaders, CancellationToken cancellationToken)
2022-09-02T10:09:49Z   [Information]   OUTPUT:                       at Microsoft.Azure.Management.WebSites.WebAppsOperations.ListPublishingCredentialsWithHttpMessagesAsync(String resourceGroupName, String name, Dictionary`2 customHeaders, CancellationToken cancellationToken)
2022-09-02T10:09:49Z   [Information]   OUTPUT:                       at Microsoft.Azure.Management.WebSites.WebAppsOperationsExtensions.ListPublishingCredentialsAsync(IWebAppsOperations operations, String resourceGroupName, String name, CancellationToken cancellationToken)
2022-09-02T10:09:49Z   [Information]   OUTPUT:                       at Microsoft.Azure.Management.WebSites.WebAppsOperationsExtensions.ListPublishingCredentials(IWebAppsOperations operations, String resourceGroupName, String name)
2022-09-02T10:09:49Z   [Information]   OUTPUT:                       at Microsoft.Azure.Commands.WebApps.Utilities.WebsitesClient.GetPublishingCredentials(String resourceGroupName, String webSiteName, String slotName)
2022-09-02T10:09:49Z   [Information]   OUTPUT:                       at Microsoft.Azure.Commands.WebApps.Cmdlets.WebApps.PublishAzureWebAppCmdlet.ExecuteCmdlet()
2022-09-02T10:09:49Z   [Information]   OUTPUT:                       at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.<>c__3`1.<ExecuteSynchronouslyOrAsJob>b__3_0(T c)
2022-09-02T10:09:49Z   [Information]   OUTPUT:                       at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet, Action`1 executor)
2022-09-02T10:09:49Z   [Information]   OUTPUT:                       at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet)
2022-09-02T10:09:49Z   [Information]   OUTPUT:                       at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
2022-09-02T10:09:49Z   [Information]   OUTPUT: HelpLink         : 
2022-09-02T10:09:49Z   [Information]   OUTPUT: ErrorDetails     : 
2022-09-02T10:09:49Z   [Information]   OUTPUT: ErrorCategory    : CloseError: (:) [Publish-AzWebApp], DefaultErrorResponseException
2022-09-02T10:09:49Z   [Information]   OUTPUT: InvocationInfo   : System.Management.Automation.InvocationInfo
2022-09-02T10:09:49Z   [Information]   OUTPUT: ScriptStackTrace : at <ScriptBlock>, C:\home\site\wwwroot\Update\run.ps1: line 53
ghost commented 2 years ago

Thank you for your feedback. This has been routed to the support team for assistance.

michvllni commented 2 years ago

FYI - I was able to work around this issue by using a separate service principal instead of the system assigned managed identity in the function app. However, the issue still persists with the system assigned managed identity. It also appears to happen with other CMDLets regarding the AzWebApp, for example Get-AzWebApp.

Kotasudhakarreddy commented 2 years ago

Assigning to Functions team for analysis. cc- @fabiocav

Francisco-Gamino commented 1 year ago

Hello @panchagnula -- You're team owns the Az.Websites cmdlets, I am assigning this issue to you for triage.

Kotasudhakarreddy commented 1 year ago

will take a look

Francisco-Gamino commented 1 year ago

@Kotasudhakarreddy -- Could you please move this to the Az.WebSites cmdlets issues? Thanks.

ghost commented 1 year ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @antcp, @AzureAppServiceCLI.

Issue Details
### Description We have a function app (1) that has a system assigned managed identity. This managed identity has the website contributor RBAC role on an app service (2). 1 has an HTTP Trigger that, after receiving information on what to publish, uses Publish-AzWebApp to publish a zip to an azure app service (in this case 2, but for testing I've also created a test function app that only calls 1, same effect). When calling 1 and telling it via HTTP request to publish an app to 2, it works perfectly well. However, as soon as the HTTP of 1 trigger gets called not from a local machine but from an azure machine, for example 2, (the HTTP Request is exactly the same), the Publish-AzWebApp command fails with the error "The client '[system assigned managed identity of 1]' with object id '[xxx]' does not have authorization to perform action 'Microsoft.Web/sites/config/list/action' over scope '/subscriptions/[xxx]/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2].azurewebsites.net/config/publishingcredentials' or the scope is invalid." Very simplified the HTTP trigger of 1 looks like this: ```powershell using namespace System.Net param($Request, $TriggerMetadata) $ResourceGroupName = $Request.Body.ResourceGroupName $AppServiceName = $Request.Body.AppServiceName $versionZipPath = "path/to/ziparchive.zip" Publish-AzWebApp -ArchivePath "$versionZipPath" -ResourceGroupName $ResourceGroupName -Name $AppServiceName -Force ``` ### Issue script & Debug output ```PowerShell `Publish-AzWebApp -ArchivePath "$versionZipPath" -ResourceGroupName $ResourceGroupName -Name $AppServiceName -Force` # OUTPUT WHEN SENT LOCALLY 2022-09-02T10:19:32Z [Verbose] DEBUG: 10:19:31 AM - PublishAzureWebAppCmdlet begin processing with ParameterSet 'FromResourceName'. 2022-09-02T10:19:32Z [Verbose] DEBUG: 10:19:31 AM - using account id 'MSI@XXX'... 2022-09-02T10:19:32Z [Verbose] DEBUG: 10:19:31 AM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True]. 2022-09-02T10:19:46Z [Verbose] DEBUG: [Common.Authentication]: Authenticating using Account: 'MSI@XXX', environment: 'AzureCloud', tenant: 'XXX' 2022-09-02T10:19:46Z [Verbose] DEBUG: 10:19:31 AM - [ManagedServiceIdentityAuthenticator] Calling ManagedIdentityCredential.GetTokenAsync - TenantId:'XXX', Scopes:'https://management.core.windows.net/', UserId:'' 2022-09-02T10:19:46Z [Verbose] DEBUG: ManagedIdentityCredential.GetToken invoked. Scopes: [ https://management.core.windows.net/ ] ParentRequestId: 2022-09-02T10:19:46Z [Verbose] DEBUG: Request [59e99dd6-b482-42ff-a54e-8fbc5a9d6600] GET http://127.0.0.1:41443/msi/token/?api-version=2019-08-01&resource=REDACTED X-IDENTITY-HEADER:REDACTED x-ms-client-request-id:59e99dd6-b482-42ff-a54e-8fbc5a9d6600 x-ms-return-client-request-id:true User-Agent:azsdk-net-Identity/1.6.0,(.NET Core 3.1.27; Microsoft Windows 10.0.14393) client assembly: Azure.Identity 2022-09-02T10:19:46Z [Verbose] DEBUG: Response [59e99dd6-b482-42ff-a54e-8fbc5a9d6600] 200 OK (00.0s) Date:Fri, 02 Sep 2022 10:19:31 GMT Server:Kestrel Transfer-Encoding:chunked X-CORRELATION-ID:REDACTED Content-Type:application/json; charset=utf-8 2022-09-02T10:19:46Z [Verbose] DEBUG: ManagedIdentityCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net/ ] ParentRequestId: ExpiresOn: 2022-09-03T10:09:31.0000000+00:00 2022-09-02T10:19:46Z [Verbose] DEBUG: [Common.Authentication]: Received token with LoginType 'User', Tenant: 'XXX', UserId: 'MSI@XXX' 2022-09-02T10:19:46Z [Verbose] DEBUG: ============================ HTTP REQUEST ============================ HTTP Method: POST Absolute Uri: https://management.azure.com/subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2]/config/publishingcredentials/list?api-version=2021-01-15 Headers: x-ms-client-request-id : 08d3db28-6fd7-49e3-a54f-87555263a0bb Accept-Language : en-US Body: 2022-09-02T10:19:46Z [Verbose] DEBUG: ============================ HTTP RESPONSE ============================ Status Code: OK Headers: Cache-Control : no-cache Pragma : no-cache Strict-Transport-Security : max-age=31536000; includeSubDomains x-ms-request-id : fe799dd7-458b-42f3-b1a4-e58f60e49e2c Server : Microsoft-IIS/10.0 X-AspNet-Version : 4.0.30319 X-Powered-By : ASP.NET x-ms-ratelimit-remaining-subscription-resource-requests: 11999 x-ms-correlation-request-id : 554b60c2-a82e-43e8-a1d8-4883fcca584a x-ms-routing-request-id : GERMANYWESTCENTRAL:20220902T101932Z:554b60c2-a82e-43e8-a1d8-4883fcca584a X-Content-Type-Options : nosniff Date : Fri, 02 Sep 2022 10:19:31 GMT Body: { "id": "/subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2]/publishingcredentials/$[name of 2]", "name": "[name of 2]", "type": "Microsoft.Web/sites/publishingcredentials", "location": "Germany West Central", "tags": {}, "properties": { "name": null, "publishingUserName": "$[name of 2]", "publishingPassword": "PASSWORD", "publishingPasswordHash": null, "publishingPasswordHashSalt": null, "metadata": null, "isDeleted": false, "scmUri": "https://$[name of 2]:PASSWORD@[name of 2].scm.azurewebsites.net" } } 2022-09-02T10:19:46Z [Verbose] DEBUG: ============================ HTTP REQUEST ============================ HTTP Method: GET Absolute Uri: https://management.azure.com/subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2]?api-version=2021-01-15 Headers: x-ms-client-request-id : 08d3db28-6fd7-49e3-a54f-87555263a0bb Accept-Language : en-US Body: 2022-09-02T10:19:46Z [Verbose] DEBUG: ============================ HTTP RESPONSE ============================ Status Code: OK Headers: Cache-Control : no-cache Pragma : no-cache ETag : "1D8BE19D6A1068B" Strict-Transport-Security : max-age=31536000; includeSubDomains x-ms-request-id : d08da382-f232-4f50-ad0c-8dd32c4c7dd3 Server : Microsoft-IIS/10.0 X-AspNet-Version : 4.0.30319 X-Powered-By : ASP.NET x-ms-ratelimit-remaining-subscription-reads: 11999 x-ms-correlation-request-id : c61b06cd-90aa-461a-a539-40274c18479f x-ms-routing-request-id : GERMANYWESTCENTRAL:20220902T101942Z:c61b06cd-90aa-461a-a539-40274c18479f X-Content-Type-Options : nosniff Date : Fri, 02 Sep 2022 10:19:41 GMT Body: { "id": "/subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2]", "name": "[name of 2]", "type": "Microsoft.Web/sites", "kind": "app", "location": "Germany West Central", "tags": {}, "properties": { "name": "[name of 2]", "state": "Running", "hostNames": [ "axinftest.dev.infoma-rwf.app", "[name of 2].azurewebsites.net" ], "webSpace": "rg-rwf-dev-global-GermanyWestCentralwebspace", "selfLink": "https://waws-prod-fra-011.api.azurewebsites.windows.net:454/subscriptions/XXX/webspaces/rg-rwf-dev-global-GermanyWestCentralwebspace/sites/[name of 2]", "repositorySiteName": "[name of 2]", "owner": null, "usageState": "Normal", "enabled": true, "adminEnabled": true, "enabledHostNames": [ "axinftest.dev.infoma-rwf.app", "[name of 2].azurewebsites.net", "[name of 2].scm.azurewebsites.net" ], "siteProperties": { "metadata": null, "properties": [ { "name": "LinuxFxVersion", "value": "" }, { "name": "WindowsFxVersion", "value": null } ], "appSettings": null }, "availabilityState": "Normal", "sslCertificates": null, "csrs": [], "cers": null, "siteMode": null, "hostNameSslStates": [ { "name": "[name of 2].azurewebsites.net", "sslState": "Disabled", "ipBasedSslResult": null, "virtualIP": null, "thumbprint": null, "toUpdate": null, "toUpdateIpBasedSsl": null, "ipBasedSslState": "NotConfigured", "hostType": "Standard" }, { "name": "axinftest.dev.infoma-rwf.app", "sslState": "SniEnabled", "ipBasedSslResult": null, "virtualIP": null, "thumbprint": "44BFA555E2D937FEFE5C9792EA99AD997D4EE2C6", "toUpdate": null, "toUpdateIpBasedSsl": null, "ipBasedSslState": "NotConfigured", "hostType": "Standard" }, { "name": "[name of 2].scm.azurewebsites.net", "sslState": "Disabled", "ipBasedSslResult": null, "virtualIP": null, "thumbprint": null, "toUpdate": null, "toUpdateIpBasedSsl": null, "ipBasedSslState": "NotConfigured", "hostType": "Repository" } ], "computeMode": null, "serverFarm": null, "serverFarmId": "/subscriptions/XXX/resourceGroups/rg-rwf-dev-global/providers/Microsoft.Web/serverfarms/plan-rwf-dev-global", "reserved": false, "isXenon": false, "hyperV": false, "lastModifiedTimeUtc": "2022-09-01T15:45:19.1766667", "storageRecoveryDefaultState": "Running", "contentAvailabilityState": "Normal", "runtimeAvailabilityState": "Normal", "vnetRouteAllEnabled": false, "containerAllocationSubnet": null, "useContainerLocalhostBindings": null, "vnetImagePullEnabled": false, "vnetContentShareEnabled": false, "siteConfig": { "numberOfWorkers": 1, "defaultDocuments": null, "netFrameworkVersion": null, "phpVersion": null, "pythonVersion": null, "nodeVersion": null, "powerShellVersion": null, "linuxFxVersion": "", "windowsFxVersion": null, "requestTracingEnabled": null, "remoteDebuggingEnabled": null, "remoteDebuggingVersion": null, "httpLoggingEnabled": null, "azureMonitorLogCategories": null, "acrUseManagedIdentityCreds": false, "acrUserManagedIdentityID": null, "logsDirectorySizeLimit": null, "detailedErrorLoggingEnabled": null, "publishingUsername": null, "publishingPassword": null, "appSettings": null, "metadata": null, "connectionStrings": null, "machineKey": null, "handlerMappings": null, "documentRoot": null, "scmType": null, "use32BitWorkerProcess": null, "webSocketsEnabled": null, "alwaysOn": true, "javaVersion": null, "javaContainer": null, "javaContainerVersion": null, "appCommandLine": null, "managedPipelineMode": null, "virtualApplications": null, "winAuthAdminState": null, "winAuthTenantState": null, "customAppPoolIdentityAdminState": null, "customAppPoolIdentityTenantState": null, "runtimeADUser": null, "runtimeADUserPassword": null, "loadBalancing": null, "routingRules": null, "experiments": null, "limits": null, "autoHealEnabled": null, "autoHealRules": null, "tracingOptions": null, "vnetName": null, "vnetRouteAllEnabled": null, "vnetPrivatePortsCount": null, "publicNetworkAccess": null, "cors": null, "push": null, "apiDefinition": null, "apiManagementConfig": null, "autoSwapSlotName": null, "localMySqlEnabled": null, "managedServiceIdentityId": null, "xManagedServiceIdentityId": null, "keyVaultReferenceIdentity": null, "ipSecurityRestrictions": null, "ipSecurityRestrictionsDefaultAction": null, "scmIpSecurityRestrictions": null, "scmIpSecurityRestrictionsDefaultAction": null, "scmIpSecurityRestrictionsUseMain": null, "http20Enabled": false, "minTlsVersion": null, "minTlsCipherSuite": null, "supportedTlsCipherSuites": null, "scmMinTlsVersion": null, "ftpsState": null, "preWarmedInstanceCount": null, "functionAppScaleLimit": 0, "elasticWebAppScaleLimit": null, "healthCheckPath": null, "fileChangeAuditEnabled": null, "functionsRuntimeScaleMonitoringEnabled": null, "websiteTimeZone": null, "minimumElasticInstanceCount": 0, "azureStorageAccounts": null, "http20ProxyFlag": null, "sitePort": null, "antivirusScanEnabled": null, "storageType": null }, "deploymentId": "[name of 2]", "slotName": null, "trafficManagerHostNames": null, "sku": "PremiumV3", "scmSiteAlsoStopped": false, "targetSwapSlot": null, "hostingEnvironment": null, "hostingEnvironmentProfile": null, "clientAffinityEnabled": true, "clientCertEnabled": false, "clientCertMode": "Required", "clientCertExclusionPaths": null, "hostNamesDisabled": false, "domainVerificationIdentifiers": null, "customDomainVerificationId": "CB11D200C441EC55E66A84EBADFBB9987E621CEC5B5181ABD8EF098D647867C6", "kind": "app", "inboundIpAddress": "51.116.145.36", "possibleInboundIpAddresses": "51.116.145.36", "ftpUsername": "[name of 2]\\$[name of 2]", "ftpsHostName": "ftps://waws-prod-fra-011.ftp.azurewebsites.windows.net/site/wwwroot", "outboundIpAddresses": "20.79.96.17,20.79.96.18,20.79.96.19,20.79.96.20,20.79.96.21,20.79.96.22,51.116.145.36", "possibleOutboundIpAddresses": "20.79.96.48,20.79.96.0,20.79.96.1,20.79.96.2,20.79.78.140,20.79.96.4,20.79.96.6,20.79.96.10,20.79.96.11,20.79.96.12,20.79.96.13,20.79.96.16,20.79.96.17,20.79.96.18,20.79.96.19,20.79.96.20,20.79.96.21,20.79.96.22,20.79.96.23,20.79.96.25,20.79.96.28,20.79.96.30,20.79.96.31,20.79.96.64,20.79.96.66,20.79.77.246,20.79.96.67,20.79.80.18,20.79.80.20,20.79.80.22,51.116.145.36", "containerSize": 0, "dailyMemoryTimeQuota": 0, "suspendedTill": null, "siteDisabledReason": 0, "functionExecutionUnitsCache": null, "maxNumberOfWorkers": null, "homeStamp": "waws-prod-fra-011", "cloningInfo": null, "hostingEnvironmentId": null, "tags": {}, "resourceGroup": "[resource group of 2]", "defaultHostName": "[name of 2].azurewebsites.net", "slotSwapStatus": null, "httpsOnly": true, "redundancyMode": "None", "inProgressOperationId": null, "geoDistributions": null, "privateEndpointConnections": [], "publicNetworkAccess": null, "buildVersion": null, "targetBuildVersion": null, "migrationState": null, "eligibleLogCategories": "AppServiceAppLogs,AppServiceAuditLogs,AppServiceConsoleLogs,AppServiceHTTPLogs,AppServiceIPSecAuditLogs,AppServicePlatformLogs,ScanLogs,AppServiceFileAuditLogs,AppServiceAntivirusScanAuditLogs", "storageAccountRequired": false, "virtualNetworkSubnetId": null, "keyVaultReferenceIdentity": "SystemAssigned", "privateLinkIdentifiers": null }, "identity": { "type": "SystemAssigned", "tenantId": "XXX", "principalId": "2a85a408-68ed-4409-aa42-2c152b4422bc" } } 2022-09-02T10:19:46Z [Verbose] DEBUG: ============================ HTTP REQUEST ============================ HTTP Method: GET Absolute Uri: https://management.azure.com/subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2]/config/web?api-version=2021-01-15 Headers: x-ms-client-request-id : 08d3db28-6fd7-49e3-a54f-87555263a0bb Accept-Language : en-US Body: 2022-09-02T10:19:46Z [Verbose] DEBUG: ============================ HTTP RESPONSE ============================ Status Code: OK Headers: Cache-Control : no-cache Pragma : no-cache Strict-Transport-Security : max-age=31536000; includeSubDomains x-ms-request-id : d1ca7a4b-b1cf-43c3-93aa-7bfddd4faffa Server : Microsoft-IIS/10.0 X-AspNet-Version : 4.0.30319 X-Powered-By : ASP.NET x-ms-ratelimit-remaining-subscription-reads: 11998 x-ms-correlation-request-id : d72b43f3-c315-4d79-89a2-71cabd2ad1ff x-ms-routing-request-id : GERMANYWESTCENTRAL:20220902T101942Z:d72b43f3-c315-4d79-89a2-71cabd2ad1ff X-Content-Type-Options : nosniff Date : Fri, 02 Sep 2022 10:19:42 GMT Body: { "id": "/subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2]/config/web", "name": "[name of 2]", "type": "Microsoft.Web/sites/config", "location": "Germany West Central", "tags": {}, "properties": { "numberOfWorkers": 1, "defaultDocuments": [ "Default.htm", "Default.html", "Default.asp", "index.htm", "index.html", "iisstart.htm", "default.aspx", "index.php", "hostingstart.html" ], "netFrameworkVersion": "v4.0", "phpVersion": "", "pythonVersion": "", "nodeVersion": "", "powerShellVersion": "", "linuxFxVersion": "", "windowsFxVersion": null, "requestTracingEnabled": false, "remoteDebuggingEnabled": false, "remoteDebuggingVersion": "VS2019", "httpLoggingEnabled": false, "azureMonitorLogCategories": null, "acrUseManagedIdentityCreds": false, "acrUserManagedIdentityID": null, "logsDirectorySizeLimit": 35, "detailedErrorLoggingEnabled": false, "publishingUsername": "$[name of 2]", "publishingPassword": null, "appSettings": null, "metadata": null, "connectionStrings": null, "machineKey": null, "handlerMappings": null, "documentRoot": null, "scmType": "None", "use32BitWorkerProcess": true, "webSocketsEnabled": false, "alwaysOn": true, "javaVersion": null, "javaContainer": null, "javaContainerVersion": null, "appCommandLine": "", "managedPipelineMode": "Integrated", "virtualApplications": [ { "virtualPath": "/", "physicalPath": "site\\wwwroot", "preloadEnabled": true, "virtualDirectories": null } ], "winAuthAdminState": 0, "winAuthTenantState": 0, "customAppPoolIdentityAdminState": false, "customAppPoolIdentityTenantState": false, "runtimeADUser": null, "runtimeADUserPassword": null, "loadBalancing": "LeastRequests", "routingRules": [], "experiments": { "rampUpRules": [] }, "limits": null, "autoHealEnabled": false, "autoHealRules": null, "tracingOptions": null, "vnetName": "", "vnetRouteAllEnabled": false, "vnetPrivatePortsCount": 0, "publicNetworkAccess": null, "siteAuthEnabled": false, "siteAuthSettings": { "enabled": null, "unauthenticatedClientAction": null, "tokenStoreEnabled": null, "allowedExternalRedirectUrls": null, "defaultProvider": null, "clientId": null, "clientSecret": null, "clientSecretSettingName": null, "clientSecretCertificateThumbprint": null, "issuer": null, "allowedAudiences": null, "additionalLoginParams": null, "isAadAutoProvisioned": false, "aadClaimsAuthorization": null, "googleClientId": null, "googleClientSecret": null, "googleClientSecretSettingName": null, "googleOAuthScopes": null, "facebookAppId": null, "facebookAppSecret": null, "facebookAppSecretSettingName": null, "facebookOAuthScopes": null, "gitHubClientId": null, "gitHubClientSecret": null, "gitHubClientSecretSettingName": null, "gitHubOAuthScopes": null, "twitterConsumerKey": null, "twitterConsumerSecret": null, "twitterConsumerSecretSettingName": null, "microsoftAccountClientId": null, "microsoftAccountClientSecret": null, "microsoftAccountClientSecretSettingName": null, "microsoftAccountOAuthScopes": null, "configVersion": null }, "cors": null, "push": null, "apiDefinition": null, "apiManagementConfig": null, "autoSwapSlotName": null, "localMySqlEnabled": false, "managedServiceIdentityId": 16365, "xManagedServiceIdentityId": null, "keyVaultReferenceIdentity": null, "ipSecurityRestrictions": [ { "ipAddress": "Any", "action": "Allow", "priority": 2147483647, "name": "Allow all", "description": "Allow all access" } ], "ipSecurityRestrictionsDefaultAction": null, "scmIpSecurityRestrictions": [ { "ipAddress": "Any", "action": "Allow", "priority": 2147483647, "name": "Allow all", "description": "Allow all access" } ], "scmIpSecurityRestrictionsDefaultAction": null, "scmIpSecurityRestrictionsUseMain": false, "http20Enabled": false, "minTlsVersion": "1.2", "minTlsCipherSuite": null, "supportedTlsCipherSuites": null, "scmMinTlsVersion": "1.2", "ftpsState": "FtpsOnly", "preWarmedInstanceCount": 0, "functionAppScaleLimit": null, "elasticWebAppScaleLimit": 0, "healthCheckPath": null, "fileChangeAuditEnabled": false, "functionsRuntimeScaleMonitoringEnabled": false, "websiteTimeZone": null, "minimumElasticInstanceCount": 0, "azureStorageAccounts": { "rwfdata": { "type": "AzureFiles", "accountName": "strwfdevaxinftest8327", "shareName": "rwfdata", "accessKey": null, "mountPath": "/mounts/rwfdata", "state": "Ok" } }, "http20ProxyFlag": 0, "sitePort": null, "antivirusScanEnabled": false, "storageType": "StorageVolume" } } 2022-09-02T10:19:46Z [Verbose] DEBUG: ============================ HTTP REQUEST ============================ HTTP Method: POST Absolute Uri: https://management.azure.com/subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2]/config/appsettings/list?api-version=2021-01-15 Headers: x-ms-client-request-id : 08d3db28-6fd7-49e3-a54f-87555263a0bb Accept-Language : en-US Body: 2022-09-02T10:19:46Z [Verbose] DEBUG: ============================ HTTP RESPONSE ============================ Status Code: OK Headers: Cache-Control : no-cache Pragma : no-cache Strict-Transport-Security : max-age=31536000; includeSubDomains x-ms-request-id : 1aaef922-e540-451e-809d-c290f7e98eb3 Server : Microsoft-IIS/10.0 X-AspNet-Version : 4.0.30319 X-Powered-By : ASP.NET x-ms-ratelimit-remaining-subscription-resource-requests: 11998 x-ms-correlation-request-id : 5f73f37d-8778-4590-95aa-072c2c1db74d x-ms-routing-request-id : GERMANYWESTCENTRAL:20220902T101943Z:5f73f37d-8778-4590-95aa-072c2c1db74d X-Content-Type-Options : nosniff Date : Fri, 02 Sep 2022 10:19:42 GMT Body: { "id": "/subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2]/config/appsettings", "name": "appsettings", "type": "Microsoft.Web/sites/config", "location": "Germany West Central", "tags": {}, "properties": { "NavAdministrators": "Manfred.steinacker@axinftest.onmicrosoft.com", "appdatapath": "\\mounts\\rwfdata", "basenavurl": "https://infoma.api.bc.dynamics.com/v2.0/9ff11aaa-cddc-4df5-97c9-b9e79db1ba1d/AxiansInfomaSandbox/WS", "infomaonline:KeyVaultName": "kv-rwf-dev-axinftest8327", "infomaonline:RedirectUri": "https://axinftest.dev.infoma-rwf.app/", "infomaonline:appservicename": "[name of 2]", "infomaonline:resourcegroupname": "[resource group of 2]", "infomaonline:updateHostName": "func-rwf-dev-update.azurewebsites.net" } } 2022-09-02T10:19:46Z [Verbose] DEBUG: ============================ HTTP REQUEST ============================ HTTP Method: POST Absolute Uri: https://management.azure.com/subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2]/config/connectionstrings/list?api-version=2021-01-15 Headers: x-ms-client-request-id : 08d3db28-6fd7-49e3-a54f-87555263a0bb Accept-Language : en-US Body: 2022-09-02T10:19:46Z [Verbose] DEBUG: ============================ HTTP RESPONSE ============================ Status Code: OK Headers: Cache-Control : no-cache Pragma : no-cache Strict-Transport-Security : max-age=31536000; includeSubDomains x-ms-request-id : 248ded56-56aa-4a6a-9ab9-b7b509d634cf Server : Microsoft-IIS/10.0 X-AspNet-Version : 4.0.30319 X-Powered-By : ASP.NET x-ms-ratelimit-remaining-subscription-resource-requests: 11997 x-ms-correlation-request-id : 7b8d502d-f0c7-428b-829c-082a13d936ee x-ms-routing-request-id : GERMANYWESTCENTRAL:20220902T101944Z:7b8d502d-f0c7-428b-829c-082a13d936ee X-Content-Type-Options : nosniff Date : Fri, 02 Sep 2022 10:19:43 GMT Body: { "id": "/subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2]/config/connectionstrings", "name": "connectionstrings", "type": "Microsoft.Web/sites/config", "location": "Germany West Central", "tags": {}, "properties": {} } 2022-09-02T10:19:46Z [Verbose] DEBUG: ============================ HTTP REQUEST ============================ HTTP Method: POST Absolute Uri: https://management.azure.com/subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2]/config/azurestorageaccounts/list?api-version=2021-01-15 Headers: x-ms-client-request-id : 08d3db28-6fd7-49e3-a54f-87555263a0bb Accept-Language : en-US Body: 2022-09-02T10:19:46Z [Verbose] DEBUG: ============================ HTTP RESPONSE ============================ Status Code: OK Headers: Cache-Control : no-cache Pragma : no-cache Strict-Transport-Security : max-age=31536000; includeSubDomains x-ms-request-id : 63ce2f8b-6314-4509-b506-90cdaa4d345c Server : Microsoft-IIS/10.0 X-AspNet-Version : 4.0.30319 X-Powered-By : ASP.NET x-ms-ratelimit-remaining-subscription-resource-requests: 11996 x-ms-correlation-request-id : 6cb98a8e-6148-43b7-8348-57da4d4edb96 x-ms-routing-request-id : GERMANYWESTCENTRAL:20220902T101945Z:6cb98a8e-6148-43b7-8348-57da4d4edb96 X-Content-Type-Options : nosniff Date : Fri, 02 Sep 2022 10:19:44 GMT Body: { "id": "/subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2]/config/appsettings", "name": "azurestorageaccounts", "type": "Microsoft.Web/sites/config", "location": "Germany West Central", "tags": {}, "properties": { "rwfdata": { "type": "AzureFiles", "accountName": "strwfdevaxinftest8327", "shareName": "rwfdata", "accessKey": "M2Gw1EiuBV5PQL4mjfn1BYM+8B17Suc+UQJymxesqZzGusI+cosFcIoaLEUMyXFWTLPFXc+F3K8C+AStluu4mA==", "mountPath": "/mounts/rwfdata", "state": "Ok" } } } 2022-09-02T10:19:46Z [Information] OUTPUT: 2022-09-02T10:19:46Z [Information] OUTPUT: AzureStoragePath : {rwfdata} 2022-09-02T10:19:46Z [Information] OUTPUT: GitRemoteName : 2022-09-02T10:19:46Z [Information] OUTPUT: GitRemoteUri : 2022-09-02T10:19:46Z [Information] OUTPUT: GitRemoteUsername : 2022-09-02T10:19:46Z [Information] OUTPUT: GitRemotePassword : 2022-09-02T10:19:46Z [Information] OUTPUT: AzureStorageAccounts : 2022-09-02T10:19:46Z [Information] OUTPUT: State : Running 2022-09-02T10:19:46Z [Information] OUTPUT: HostNames : {axinftest.dev.infoma-rwf.app, [name of 2].azurewebsites.net} 2022-09-02T10:19:46Z [Information] OUTPUT: RepositorySiteName : [name of 2] 2022-09-02T10:19:46Z [Information] OUTPUT: UsageState : Normal 2022-09-02T10:19:46Z [Information] OUTPUT: Enabled : True 2022-09-02T10:19:46Z [Information] OUTPUT: EnabledHostNames : {axinftest.dev.infoma-rwf.app, [name of 2].azurewebsites.net, [name of 2].scm.azurewebsites.net} 2022-09-02T10:19:46Z [Information] OUTPUT: AvailabilityState : Normal 2022-09-02T10:19:46Z [Information] OUTPUT: HostNameSslStates : {[name of 2].azurewebsites.net, axinftest.dev.infoma-rwf.app, [name of 2].scm.azurewebsites.net} 2022-09-02T10:19:46Z [Information] OUTPUT: ServerFarmId : /subscriptions/XXX/resourceGroups/rg-rwf-dev-global/providers/Microsoft.Web/serverfarms/plan-rwf-dev-global 2022-09-02T10:19:46Z [Information] OUTPUT: Reserved : False 2022-09-02T10:19:46Z [Information] OUTPUT: IsXenon : False 2022-09-02T10:19:46Z [Information] OUTPUT: HyperV : 2022-09-02T10:19:46Z [Information] OUTPUT: LastModifiedTimeUtc : 9/1/2022 3:45:19 PM 2022-09-02T10:19:46Z [Information] OUTPUT: SiteConfig : Microsoft.Azure.Management.WebSites.Models.SiteConfig 2022-09-02T10:19:46Z [Information] OUTPUT: TrafficManagerHostNames : 2022-09-02T10:19:46Z [Information] OUTPUT: ScmSiteAlsoStopped : False 2022-09-02T10:19:46Z [Information] OUTPUT: TargetSwapSlot : 2022-09-02T10:19:46Z [Information] OUTPUT: HostingEnvironmentProfile : 2022-09-02T10:19:46Z [Information] OUTPUT: ClientAffinityEnabled : True 2022-09-02T10:19:46Z [Information] OUTPUT: ClientCertEnabled : False 2022-09-02T10:19:46Z [Information] OUTPUT: ClientCertMode : 2022-09-02T10:19:46Z [Information] OUTPUT: ClientCertExclusionPaths : 2022-09-02T10:19:46Z [Information] OUTPUT: HostNamesDisabled : False 2022-09-02T10:19:46Z [Information] OUTPUT: CustomDomainVerificationId : CB11D200C441EC55E66A84EBADFBB9987E621CEC5B5181ABD8EF098D647867C6 2022-09-02T10:19:46Z [Information] OUTPUT: OutboundIpAddresses : 20.79.96.17,20.79.96.18,20.79.96.19,20.79.96.20,20.79.96.21,20.79.96.22,51.116.145.36 2022-09-02T10:19:46Z [Information] OUTPUT: PossibleOutboundIpAddresses : 20.79.96.48,20.79.96.0,20.79.96.1,20.79.96.2,20.79.78.140,20.79.96.4,20.79.96.6,20.79.96.10,20.79.96.11,20.79.96.12,20.79.96.13,20.79.96.16,20.79.96.17,20.79.96.18,20.79.96.19,20.79.96.20,20.79.96.21,20.79.96.22,20.79.96.23,20.79.96.25,20.79.96.28,20.79.96.30,20.79.96.31,20.79.96.64,20.79.96.66,20.79.77.246,20.79.96.67,20.79.80.18,20.79.80.20,20.79.80.22,51.116.145.36 2022-09-02T10:19:46Z [Information] OUTPUT: ContainerSize : 0 2022-09-02T10:19:46Z [Information] OUTPUT: DailyMemoryTimeQuota : 0 2022-09-02T10:19:46Z [Information] OUTPUT: SuspendedTill : 2022-09-02T10:19:46Z [Information] OUTPUT: MaxNumberOfWorkers : 2022-09-02T10:19:46Z [Information] OUTPUT: CloningInfo : 2022-09-02T10:19:46Z [Information] OUTPUT: ResourceGroup : [resource group of 2] 2022-09-02T10:19:46Z [Information] OUTPUT: IsDefaultContainer : 2022-09-02T10:19:46Z [Information] OUTPUT: DefaultHostName : [name of 2].azurewebsites.net 2022-09-02T10:19:46Z [Information] OUTPUT: SlotSwapStatus : 2022-09-02T10:19:46Z [Information] OUTPUT: HttpsOnly : True 2022-09-02T10:19:46Z [Information] OUTPUT: RedundancyMode : 2022-09-02T10:19:46Z [Information] OUTPUT: InProgressOperationId : 2022-09-02T10:19:46Z [Information] OUTPUT: StorageAccountRequired : 2022-09-02T10:19:46Z [Information] OUTPUT: KeyVaultReferenceIdentity : 2022-09-02T10:19:46Z [Information] OUTPUT: VirtualNetworkSubnetId : 2022-09-02T10:19:46Z [Information] OUTPUT: Identity : Microsoft.Azure.Management.WebSites.Models.ManagedServiceIdentity 2022-09-02T10:19:46Z [Information] OUTPUT: ExtendedLocation : 2022-09-02T10:19:46Z [Information] OUTPUT: Id : /subscriptions/XXX/resourceGroups/[resource group of 2]/providers/Microsoft.Web/sites/[name of 2] 2022-09-02T10:19:46Z [Information] OUTPUT: Name : [name of 2] 2022-09-02T10:19:46Z [Information] OUTPUT: Kind : app 2022-09-02T10:19:46Z [Information] OUTPUT: Location : Germany West Central 2022-09-02T10:19:46Z [Information] OUTPUT: Type : Microsoft.Web/sites 2022-09-02T10:19:46Z [Information] OUTPUT: Tags : {} 2022-09-02T10:19:46Z [Information] OUTPUT: 2022-09-02T10:19:46Z [Verbose] DEBUG: 10:19:45 AM - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True]. 2022-09-02T10:19:46Z [Verbose] DEBUG: AzureQoSEvent: Module: Az.Websites:2.11.3; CommandName: Publish-AzWebApp; PSVersion: 3.0.0.0; IsSuccess: True; Duration: 00:00:14.0867412 2022-09-02T10:19:46Z [Verbose] DEBUG: Finish sending metric. 2022-09-02T10:19:46Z [Verbose] DEBUG: 10:19:45 AM - PublishAzureWebAppCmdlet end processing. # OUTPUT WHEN SENT FROM AN AZURE APP SERVICE 2022-09-02T10:09:48Z [Verbose] DEBUG: 10:09:47 AM - PublishAzureWebAppCmdlet begin processing with ParameterSet 'FromResourceName'. 2022-09-02T10:09:48Z [Verbose] DEBUG: 10:09:47 AM - using account id 'MSI@XXX'... 2022-09-02T10:09:48Z [Verbose] DEBUG: 10:09:47 AM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True]. 2022-09-02T10:09:48Z [Verbose] DEBUG: [Common.Authentication]: Authenticating using Account: 'MSI@XXX', environment: 'AzureCloud', tenant: 'XXX' 2022-09-02T10:09:48Z [Verbose] DEBUG: 10:09:47 AM - [ManagedServiceIdentityAuthenticator] Calling ManagedIdentityCredential.GetTokenAsync - TenantId:'XXX', Scopes:'https://management.core.windows.net/', UserId:'' 2022-09-02T10:09:48Z [Verbose] DEBUG: ManagedIdentityCredential.GetToken invoked. Scopes: [ https://management.core.windows.net/ ] ParentRequestId: 2022-09-02T10:09:48Z [Verbose] DEBUG: Request [dab23a8a-d973-47d6-b167-5c003c1cdbeb] GET http://127.0.0.1:41443/msi/token/?api-version=2019-08-01&resource=REDACTED X-IDENTITY-HEADER:REDACTED x-ms-client-request-id:dab23a8a-d973-47d6-b167-5c003c1cdbeb x-ms-return-client-request-id:true User-Agent:azsdk-net-Identity/1.6.0,(.NET Core 3.1.27; Microsoft Windows 10.0.14393) client assembly: Azure.Identity 2022-09-02T10:09:48Z [Verbose] DEBUG: Response [dab23a8a-d973-47d6-b167-5c003c1cdbeb] 200 OK (00.0s) Date:Fri, 02 Sep 2022 10:09:47 GMT Server:Kestrel Transfer-Encoding:chunked X-CORRELATION-ID:REDACTED Content-Type:application/json; charset=utf-8 2022-09-02T10:09:48Z [Verbose] DEBUG: ManagedIdentityCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net/ ] ParentRequestId: ExpiresOn: 2022-09-03T10:09:31.0000000+00:00 2022-09-02T10:09:48Z [Verbose] DEBUG: [Common.Authentication]: Received token with LoginType 'User', Tenant: 'XXX', UserId: 'MSI@XXX' 2022-09-02T10:09:48Z [Verbose] DEBUG: ============================ HTTP REQUEST ============================ HTTP Method: POST Absolute Uri: https://management.azure.com/subscriptions/XXX/resourceGroups/[rg of 2]/providers/Microsoft.Web/sites/[name of 2]/config/publishingcredentials/list?api-version=2021-01-15 Headers: x-ms-client-request-id : 14d96ef2-917f-41bd-a0d7-63213e453803 Accept-Language : en-US Body: 2022-09-02T10:09:48Z [Verbose] DEBUG: ============================ HTTP RESPONSE ============================ Status Code: Forbidden Headers: Cache-Control : no-cache Pragma : no-cache x-ms-failure-cause : gateway x-ms-request-id : f4f98dd9-1275-4d22-895f-14dad4213ed8 x-ms-correlation-request-id : f4f98dd9-1275-4d22-895f-14dad4213ed8 x-ms-routing-request-id : GERMANYWESTCENTRAL:20220902T100948Z:f4f98dd9-1275-4d22-895f-14dad4213ed8 Strict-Transport-Security : max-age=31536000; includeSubDomains X-Content-Type-Options : nosniff Date : Fri, 02 Sep 2022 10:09:47 GMT Connection : close Body: { "error": { "code": "AuthorizationFailed", "message": "The client '[system assigned managed identity of 1]' with object id '[system assigned managed identity of 1]' does not have authorization to perform action 'Microsoft.Web/sites/config/list/action' over scope '/subscriptions/XXX/resourceGroups/[rg of 2]/providers/Microsoft.Web/sites/[name of 2]/config/publishingcredentials' or the scope is invalid. If access was recently granted, please refresh your credentials." } } 2022-09-02T10:09:48Z [Verbose] DEBUG: 10:09:48 AM - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True]. 2022-09-02T10:09:49Z [Error] ERROR: Operation returned an invalid status code 'Forbidden' Exception : Type : Microsoft.Azure.Management.WebSites.Models.DefaultErrorResponseException Request : Method : POST RequestUri : https://management.azure.com/subscriptions/XXX/resourceGroups/[rg of 2]/providers/Microsoft.Web/sites/[name of 2]/config/publishingcredentials/list?api-version=2021-01-15 Headers : x-ms-client-request-id : 14d96ef2-917f-41bd-a0d7-63213e453803 Accept-Language : REDACTED Authorization : … User-Agent : FxVersion/4.700.22.30802 OSName/Windows OSVersion/Microsoft.Windows.10.0.14393 Microsoft.Azure.Management.WebSites.WebSiteManagementClient/3.1.2 AzurePowershell/v0.0.0 PSVersion/v3.0.0.0 Az.Websites/2.11.3 CommandName : REDACTED ParameterSetName : REDACTED Response : StatusCode : Forbidden ReasonPhrase : Forbidden Content : {"error":{"code":"AuthorizationFailed","message":"The client '[system assigned managed identity of 1]' with object id '[system assigned managed identity of 1]' does not have authorization to perform action 'Microsoft.Web/sites/config/list/action' over scope '/subscriptions/XXX/resourceGroups/[rg of 2]/providers/Microsoft.Web/sites/[name of 2]/config/publishingcredentials' or the scope is invalid. If access was recently granted, please refresh your credentials."}} Headers : Cache-Control : no-cache Pragma : no-cache x-ms-failure-cause : gateway x-ms-request-id : f4f98dd9-1275-4d22-895f-14dad4213ed8 x-ms-correlation-request-id : f4f98dd9-1275-4d22-895f-14dad4213ed8 x-ms-routing-request-id : GERMANYWESTCENTRAL:20220902T100948Z:f4f98dd9-1275-4d22-895f-14dad4213ed8 Strict-Transport-Security : max-age=31536000; includeSubDomains X-Content-Type-Options : nosniff Date : Fri, 02 Sep 2022 10:09:47 GMT Connection : close Content-Type : application/json; charset=utf-8 Expires : -1 Content-Length : 515 Body : Microsoft.Azure.Management.WebSites.Models.DefaultErrorResponse TargetSite : Name : MoveNext DeclaringType : Microsoft.Azure.Management.WebSites.WebAppsOperations+d__398, Microsoft.Azure.Management.Websites, Version=3.1.2.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 MemberType : Method Module : Microsoft.Azure.Management.Websites.dll StackTrace : at Microsoft.Azure.Management.WebSites.WebAppsOperations.BeginListPublishingCredentialsWithHttpMessagesAsync(String resourceGroupName, String name, Dictionary`2 customHeaders, CancellationToken cancellationToken) at Microsoft.Azure.Management.WebSites.WebAppsOperations.ListPublishingCredentialsWithHttpMessagesAsync(String resourceGroupName, String name, Dictionary`2 customHeaders, CancellationToken cancellationToken) at Microsoft.Azure.Management.WebSites.WebAppsOperationsExtensions.ListPublishingCredentialsAsync(IWebAppsOperations operations, String resourceGroupName, String name, CancellationToken cancellationToken) at Microsoft.Azure.Management.WebSites.WebAppsOperationsExtensions.ListPublishingCredentials(IWebAppsOperations operations, String resourceGroupName, String name) at Microsoft.Azure.Commands.WebApps.Utilities.WebsitesClient.GetPublishingCredentials(String resourceGroupName, String webSiteName, String slotName) at Microsoft.Azure.Commands.WebApps.Cmdlets.WebApps.PublishAzureWebAppCmdlet.ExecuteCmdlet() at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.<>c__3`1.b__3_0(T c) at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet, Action`1 executor) at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet) at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord() Message : Operation returned an invalid status code 'Forbidden' Source : Microsoft.Azure.Management.Websites HResult : -2146233088 CategoryInfo : CloseError: (:) [Publish-AzWebApp], DefaultErrorResponseException FullyQualifiedErrorId : Microsoft.Azure.Commands.WebApps.Cmdlets.WebApps.PublishAzureWebAppCmdlet InvocationInfo : MyCommand : Publish-AzWebApp ScriptLineNumber : 53 OffsetInLine : 1 HistoryId : 1 ScriptName : C:\home\site\wwwroot\Update\run.ps1 Line : Publish-AzWebApp -ArchivePath "$versionZipPath" -ResourceGroupName $ResourceGroupName -Name $AppServiceName -Force PositionMessage : At C:\home\site\wwwroot\Update\run.ps1:53 char:1 + Publish-AzWebApp -ArchivePath "$versionZipPath" -ResourceGroupName $R … + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ PSScriptRoot : C:\home\site\wwwroot\Update PSCommandPath : C:\home\site\wwwroot\Update\run.ps1 InvocationName : Publish-AzWebApp CommandOrigin : Internal ScriptStackTrace : at , C:\home\site\wwwroot\Update\run.ps1: line 53 PipelineIterationInfo : 2022-09-02T10:09:49Z [Verbose] DEBUG: 10:09:49 AM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True]. 2022-09-02T10:09:49Z [Verbose] DEBUG: AzureQoSEvent: Module: Az.Websites:2.11.3; CommandName: Publish-AzWebApp; PSVersion: 3.0.0.0; IsSuccess: False; Duration: 00:00:01.5049918; Exception: Operation returned an invalid status code 'Forbidden'; 2022-09-02T10:09:49Z [Verbose] DEBUG: Finish sending metric. 2022-09-02T10:09:49Z [Verbose] DEBUG: 10:09:49 AM - PublishAzureWebAppCmdlet end processing. 2022-09-02T10:09:49Z [Information] INFORMATION: Resolve-AzError: 2022-09-02T10:09:49Z [Verbose] DEBUG: 10:09:49 AM - ResolveError begin processing with ParameterSet 'AnyErrorParameterSet'. 2022-09-02T10:09:49Z [Verbose] DEBUG: 10:09:49 AM - using account id 'MSI@XXX'... 2022-09-02T10:09:49Z [Verbose] DEBUG: 10:09:49 AM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True]. ``` ### Environment data ```PowerShell 2022-09-02T10:09:40Z [Information] OUTPUT: Name Value 2022-09-02T10:09:40Z [Information] OUTPUT: ---- ----- 2022-09-02T10:09:40Z [Information] OUTPUT: PSVersion 7.0.11 2022-09-02T10:09:40Z [Information] OUTPUT: PSEdition Core 2022-09-02T10:09:40Z [Information] OUTPUT: GitCommitId 7.0.11 2022-09-02T10:09:40Z [Information] OUTPUT: OS Microsoft Windows 10.0.14393 2022-09-02T10:09:40Z [Information] OUTPUT: Platform Win32NT 2022-09-02T10:09:40Z [Information] OUTPUT: PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…} 2022-09-02T10:09:40Z [Information] OUTPUT: PSRemotingProtocolVersion 2.3 2022-09-02T10:09:40Z [Information] OUTPUT: SerializationVersion 1.1.0.1 2022-09-02T10:09:40Z [Information] OUTPUT: WSManStackVersion 3.0 ``` ### Module versions ```PowerShell 2022-09-02T10:09:40Z [Information] OUTPUT: 2022-09-02T10:09:40Z [Information] OUTPUT: Name : Az.Accounts 2022-09-02T10:09:40Z [Information] OUTPUT: Path : C:\home\data\ManagedDependencies\2208301447399459688.r\Az.Accounts\2.9.1\Az.Accounts.psm1 2022-09-02T10:09:40Z [Information] OUTPUT: Description : Microsoft Azure PowerShell - Accounts credential management cmdlets for Azure Resource Manager in Windows PowerShell and PowerShell Core. 2022-09-02T10:09:40Z [Information] OUTPUT: 2022-09-02T10:09:40Z [Information] OUTPUT: For more information on account credential management, please visit the following: https://docs.microsoft.com/powershell/azure/authenticate-azureps 2022-09-02T10:09:40Z [Information] OUTPUT: Guid : 17a2feff-488b-47f9-8729-e2cec094624c 2022-09-02T10:09:40Z [Information] OUTPUT: Version : 2.9.1 2022-09-02T10:09:40Z [Information] OUTPUT: ModuleBase : C:\home\data\ManagedDependencies\2208301447399459688.r\Az.Accounts\2.9.1 2022-09-02T10:09:40Z [Information] OUTPUT: ModuleType : Script 2022-09-02T10:09:40Z [Information] OUTPUT: PrivateData : {PSData} 2022-09-02T10:09:40Z [Information] OUTPUT: AccessMode : ReadWrite 2022-09-02T10:09:40Z [Information] OUTPUT: ExportedAliases : {[Add-AzAccount, Add-AzAccount], [Get-AzDomain, Get-AzDomain], [Invoke-AzRest, Invoke-AzRest], [Login-AzAccount, Login-AzAccount]…} 2022-09-02T10:09:40Z [Information] OUTPUT: ExportedCmdlets : {[Add-AzEnvironment, Add-AzEnvironment], [Clear-AzConfig, Clear-AzConfig], [Clear-AzContext, Clear-AzContext], [Clear-AzDefault, Clear-AzDefault]…} 2022-09-02T10:09:40Z [Information] OUTPUT: ExportedFunctions : {} 2022-09-02T10:09:40Z [Information] OUTPUT: ExportedVariables : {} 2022-09-02T10:09:40Z [Information] OUTPUT: NestedModules : {Microsoft.Azure.PowerShell.Cmdlets.Accounts} 2022-09-02T10:09:40Z [Information] OUTPUT: 2022-09-02T10:09:40Z [Information] OUTPUT: 2022-09-02T10:09:40Z [Information] OUTPUT: Name : Az.Storage 2022-09-02T10:09:40Z [Information] OUTPUT: Path : C:\home\data\ManagedDependencies\2208301447399459688.r\Az.Storage\4.8.0\Az.Storage.psm1 2022-09-02T10:09:40Z [Information] OUTPUT: Description : Microsoft Azure PowerShell - Storage service data plane and management cmdlets for Azure Resource Manager in Windows PowerShell and PowerShell Core. Creates and manages storage accounts in Azure Resource Manager. 2022-09-02T10:09:40Z [Information] OUTPUT: 2022-09-02T10:09:40Z [Information] OUTPUT: For more information on Storage, please visit the following: https://docs.microsoft.com/azure/storage/ 2022-09-02T10:09:40Z [Information] OUTPUT: Guid : dfa9e4ea-1407-446d-9111-79122977ab20 2022-09-02T10:09:40Z [Information] OUTPUT: Version : 4.8.0 2022-09-02T10:09:40Z [Information] OUTPUT: ModuleBase : C:\home\data\ManagedDependencies\2208301447399459688.r\Az.Storage\4.8.0 2022-09-02T10:09:40Z [Information] OUTPUT: ModuleType : Script 2022-09-02T10:09:40Z [Information] OUTPUT: PrivateData : {PSData} 2022-09-02T10:09:40Z [Information] OUTPUT: AccessMode : ReadWrite 2022-09-02T10:09:40Z [Information] OUTPUT: ExportedAliases : {[Disable-AzStorageSoftDelete, Disable-AzStorageSoftDelete], [Enable-AzStorageSoftDelete, Enable-AzStorageSoftDelete], [Get-AzDatalakeGen2FileSystem, Get-AzDatalakeGen2FileSystem], [Get-AzStorageContainerAcl, Get-AzStorageContainerAcl]…} 2022-09-02T10:09:40Z [Information] OUTPUT: ExportedCmdlets : {[Add-AzRmStorageContainerLegalHold, Add-AzRmStorageContainerLegalHold], [Add-AzStorageAccountManagementPolicyAction, Add-AzStorageAccountManagementPolicyAction], [Add-AzStorageAccountNetworkRule, Add-AzStorageAccountNetworkRule], [Close-AzStorageFileHandle, Close-AzStorageFileHandle]…} 2022-09-02T10:09:40Z [Information] OUTPUT: ExportedFunctions : {} 2022-09-02T10:09:40Z [Information] OUTPUT: ExportedVariables : {} 2022-09-02T10:09:40Z [Information] OUTPUT: NestedModules : {Microsoft.Azure.PowerShell.Cmdlets.Storage.Management, Microsoft.Azure.PowerShell.Cmdlets.Storage} ``` ### Error output ```PowerShell 2022-09-02T10:09:49Z [Verbose] DEBUG: 10:09:49 AM - ResolveError begin processing with ParameterSet 'AnyErrorParameterSet'. 2022-09-02T10:09:49Z [Verbose] DEBUG: 10:09:49 AM - using account id 'MSI@XXX'... 2022-09-02T10:09:49Z [Verbose] DEBUG: 10:09:49 AM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True]. 2022-09-02T10:09:49Z [Warning] WARNING: Upcoming breaking changes in the cmdlet 'Resolve-AzError' : The `Resolve-Error` alias will be removed in a future release. Please change any scripts that use this alias to use `Resolve-AzError` instead. Note : Go to https://aka.ms/azps-changewarnings for steps to suppress this breaking change warning, and other information on breaking changes in Azure PowerShell. 2022-09-02T10:09:49Z [Information] OUTPUT: 2022-09-02T10:09:49Z [Information] OUTPUT: InnerException : False 2022-09-02T10:09:49Z [Information] OUTPUT: Exception : Microsoft.Azure.Management.WebSites.Models.DefaultErrorResponseException: Operation returned an invalid status code 'Forbidden' 2022-09-02T10:09:49Z [Information] OUTPUT: at Microsoft.Azure.Management.WebSites.WebAppsOperations.BeginListPublishingCredentialsWithHttpMessagesAsync(String resourceGroupName, String name, Dictionary`2 customHeaders, CancellationToken cancellationToken) 2022-09-02T10:09:49Z [Information] OUTPUT: at Microsoft.Azure.Management.WebSites.WebAppsOperations.ListPublishingCredentialsWithHttpMessagesAsync(String resourceGroupName, String name, Dictionary`2 customHeaders, CancellationToken cancellationToken) 2022-09-02T10:09:49Z [Information] OUTPUT: at Microsoft.Azure.Management.WebSites.WebAppsOperationsExtensions.ListPublishingCredentialsAsync(IWebAppsOperations operations, String resourceGroupName, String name, CancellationToken cancellationToken) 2022-09-02T10:09:49Z [Information] OUTPUT: at Microsoft.Azure.Management.WebSites.WebAppsOperationsExtensions.ListPublishingCredentials(IWebAppsOperations operations, String resourceGroupName, String name) 2022-09-02T10:09:49Z [Information] OUTPUT: at Microsoft.Azure.Commands.WebApps.Utilities.WebsitesClient.GetPublishingCredentials(String resourceGroupName, String webSiteName, String slotName) 2022-09-02T10:09:49Z [Information] OUTPUT: at Microsoft.Azure.Commands.WebApps.Cmdlets.WebApps.PublishAzureWebAppCmdlet.ExecuteCmdlet() 2022-09-02T10:09:49Z [Information] OUTPUT: at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.<>c__3`1.b__3_0(T c) 2022-09-02T10:09:49Z [Information] OUTPUT: at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet, Action`1 executor) 2022-09-02T10:09:49Z [Information] OUTPUT: at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet) 2022-09-02T10:09:49Z [Information] OUTPUT: at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord() 2022-09-02T10:09:49Z [Information] OUTPUT: Message : Operation returned an invalid status code 'Forbidden' 2022-09-02T10:09:49Z [Information] OUTPUT: StackTrace : at Microsoft.Azure.Management.WebSites.WebAppsOperations.BeginListPublishingCredentialsWithHttpMessagesAsync(String resourceGroupName, String name, Dictionary`2 customHeaders, CancellationToken cancellationToken) 2022-09-02T10:09:49Z [Information] OUTPUT: at Microsoft.Azure.Management.WebSites.WebAppsOperations.ListPublishingCredentialsWithHttpMessagesAsync(String resourceGroupName, String name, Dictionary`2 customHeaders, CancellationToken cancellationToken) 2022-09-02T10:09:49Z [Information] OUTPUT: at Microsoft.Azure.Management.WebSites.WebAppsOperationsExtensions.ListPublishingCredentialsAsync(IWebAppsOperations operations, String resourceGroupName, String name, CancellationToken cancellationToken) 2022-09-02T10:09:49Z [Information] OUTPUT: at Microsoft.Azure.Management.WebSites.WebAppsOperationsExtensions.ListPublishingCredentials(IWebAppsOperations operations, String resourceGroupName, String name) 2022-09-02T10:09:49Z [Information] OUTPUT: at Microsoft.Azure.Commands.WebApps.Utilities.WebsitesClient.GetPublishingCredentials(String resourceGroupName, String webSiteName, String slotName) 2022-09-02T10:09:49Z [Information] OUTPUT: at Microsoft.Azure.Commands.WebApps.Cmdlets.WebApps.PublishAzureWebAppCmdlet.ExecuteCmdlet() 2022-09-02T10:09:49Z [Information] OUTPUT: at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.<>c__3`1.b__3_0(T c) 2022-09-02T10:09:49Z [Information] OUTPUT: at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet, Action`1 executor) 2022-09-02T10:09:49Z [Information] OUTPUT: at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet) 2022-09-02T10:09:49Z [Information] OUTPUT: at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord() 2022-09-02T10:09:49Z [Information] OUTPUT: HelpLink : 2022-09-02T10:09:49Z [Information] OUTPUT: ErrorDetails : 2022-09-02T10:09:49Z [Information] OUTPUT: ErrorCategory : CloseError: (:) [Publish-AzWebApp], DefaultErrorResponseException 2022-09-02T10:09:49Z [Information] OUTPUT: InvocationInfo : System.Management.Automation.InvocationInfo 2022-09-02T10:09:49Z [Information] OUTPUT: ScriptStackTrace : at , C:\home\site\wwwroot\Update\run.ps1: line 53 ```
Author: michvllni
Assignees: Kotasudhakarreddy
Labels: `App Services`, `Service Attention`, `bug`, `customer-reported`
Milestone: -
navba-MSFT commented 1 year ago

Removing CXP attention and adding service attention label.

Kotasudhakarreddy commented 1 year ago

@michvllni This is failing with the authorization issue. The same information can be found in the error response content linked above. This issue is nothing to handle in the Publish-AzWebApp cmdlet. It is something related to the permissions scope. Find the details below FYR image

Content message: {"error":{"code":"AuthorizationFailed","message":"The client '[system assigned managed identity of 1]' with object id '[system assigned managed identity of 1]' does not have authorization to perform action 'Microsoft.Web/sites/config/list/action' over scope '/subscriptions/XXX/resourceGroups/[rg of 2]/providers/Microsoft.Web/sites/[name of 2]/config/publishingcredentials' or the scope is invalid. If access was recently granted, please refresh your credentials."}}

michvllni commented 1 year ago

@Kotasudhakarreddy if it is a permission issue: Why does it work if I invoke the trigger from my local powershell but not from a different azure function? If it was a permission issue both would fail the same as both used the same key to access the azure function

Kotasudhakarreddy commented 1 year ago

@michvllni could you please share the debug logs from your local PowerShell, for further investigation.

Kotasudhakarreddy commented 1 year ago

closing due to lack of response. Please file a new issue if this is still a problem.

michvllni commented 1 year ago

@Kotasudhakarreddy What output exactly do you need? When running the Request from a local powershell with something like Invoke-WebRequest -Uri "MyAppServiceUri" -Body "MyAppServiceBody" -Header "MyAppServiceHeader" it works without any errors. It only fails when calling the function in exactly the same way from another azure function app