search

Azure / azure-sdk-for-js

This repository is for active development of the Azure SDK for JavaScript (NodeJS & Browser). For consumers of the SDK we recommend visiting our public developer docs at https://docs.microsoft.com/javascript/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-js.
MIT License
2.1k stars 1.21k forks source link

[ARM App Platform] Breaking change from 2.0.0 to 3.0.0-beta #26106

Open HarshaNalluru opened 1 year ago

HarshaNalluru commented 1 year ago

Background

@qiaozha and I were investigating why the test with the endpoint option was failing with The resource principal named https://eastus2euap.management.azure.com was not found in the tenant named Microsoft and were wondering if our test framework is causing the problem.

Upon decoupling the test framework, realized the test itself fails with the newer version but not the old version. This sample works fine with @azure/arm-appplatform@2.0.0 but fails with @azure/arm-appplatform@3.0.0-beta.1

Error

  statusCode: 400,
  errorResponse: {
    error: 'EnvironmentCredential authentication failed. To troubleshoot, visit https://aka.ms/azsdk/js/identity/environmentcredential/troubleshoot.',
    errorDescription: 'invalid_resource: 500011 - [2023-06-06 01:16:48Z]: AADSTS500011: The resource principal named https://eastus2euap.management.azure.com was not found in the tenant named Microsoft. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\n' +
      'Trace ID: fceea4d5-359e-49bd-8228-12cda3c09500\r\n' +
87-4d4d-be95-174659640125 - Trace ID: fceea4d5-359e-49bd-8228-12cda3c09500',
    correlationId: undefined,

Sample

import { AppPlatformManagementClient } from "@azure/arm-appplatform";
import { DefaultAzureCredential } from "@azure/identity";
import dotenv from "dotenv";
dotenv.config();

const resourceGroup = process.env["RESOURCE_GROUP"];
const serviceName = "-----";
const location = "westeurope";
const appName = "----";
const subscriptionId = process.env["AZURE_SUBSCRIPTION_ID"];

async function createApp() {
    const client = new AppPlatformManagementClient(
        new DefaultAzureCredential(),
        subscriptionId,
        {
            endpoint: "https://eastus2euap.management.azure.com",
        }
    );

    const res1 = await client.services.beginCreateOrUpdateAndWait(
        resourceGroup,
        serviceName,
        {
            sku: {
                name: "B0",

                tier: "Basic",
            },
            tags: {
                key1: "value1",
            },
            location: location,
        }
    );

    console.log(res1);

    const res = await client.apps.beginCreateOrUpdateAndWait(
        resourceGroup,
        serviceName,
        appName,
        {}
    );

    console.log(res);
}

createApp();
MaryGao commented 1 year ago

I notice that this is introduced by fixing the government clouds issue and fix pr.

I am consulting auth team if the above fix is correct or not, https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/6185.

MaryGao commented 1 year ago

Ask the ARM RBAC for help: https://stackoverflow.microsoft.com/questions/363991.