github-actions[bot]
commented
4 days ago Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @AzmonActionG @AzmonAlerts @AzMonEssential @AzmonLogA @dadunl @SameergMS.
Open qingbojin opened 4 days ago
github-actions[bot]
commented
4 days ago Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @AzmonActionG @AzmonAlerts @AzMonEssential @AzmonLogA @dadunl @SameergMS.
jeremymeng
commented
4 days ago /cc @KarishmaGhiya @maorleger for EnvironmentCredential authentication errors.
Describe the bug One of customer tried to use monitor-query to query the log analytics, but getting an error: AuthenticationError: EnvironmentCredential authentication failed. invalid_resource: 500011 - [2024-07-03 23:06:26Z]: AADSTS500011: The resource principal named https://api.loganalytics.azure.cn/.default was not found in the tenant named Test_Test_CSSMooncake. they are using the example: https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/monitor/monitor-query/samples/v1/javascript/logsQuery.js
To Reproduce Steps to reproduce the behavior:
code example below ` const { DefaultAzureCredential, EnvironmentCredential, ClientSecretCredential, AzureAuthorityHosts } = require("@azure/identity"); const { Durations, LogsQueryClient, LogsQueryResultStatus ,ClientSecretCredentialOptions} = require("@azure/monitor-query"); require("dotenv").config();
const monitorWorkspaceId = process.env.MONITOR_WORKSPACE_ID;
async function main() {
const credential = new DefaultAzureCredential();
const logsQueryClient = new LogsQueryClient(credential , { endpoint: "https://api.loganalytics.azure.cn/v1"
,audience: "https://api.loganalytics.azure.cn/.default", });
if (!monitorWorkspaceId) { throw new Error("MONITOR_WORKSPACE_ID must be set in the environment for this sample"); } const kustoQuery = "AppEvents | project TimeGenerated, Name, AppRoleInstance | order by TimeGenerated asc | limit 10";
console.log(
Running '${kustoQuery}' over the last One Hour);const queryLogsOptions = { // explicitly control the amount of time the server can spend processing the query. serverTimeoutInSeconds: 600, // optionally enable returning additional statistics about the query's execution. // (by default this is off) includeQueryStatistics: true, };
console.log('flag5'); // Corrected timespan format const timespan = { start: new Date(new Date().valueOf() - 60 60 1000), // 1 hour ago end: new Date(), };
const result = await logsQueryClient.queryWorkspace( monitorWorkspaceId, kustoQuery, // The timespan is an ISO8601 formatted time (or interval). Some common aliases // are available (like OneDay, OneHour, FoutyEightHours, etc..) but any properly formatted ISO8601 // value is valid. { duration: Durations.oneHour }, queryLogsOptions ); `
Expected behavior should be able to see the log analytics query result
Screenshots If applicable, add screenshots to help explain your problem.
Additional context
full stack error:
The sample encountered an error: AuthenticationError: EnvironmentCredential authentication failed. To troubleshoot, visit https://aka.ms/azsdk/js/identity/environmentcredential/troubleshoot. Status code: 400 More details: invalid_resource: 500011 - [2024-07-04 00:01:36Z]: AADSTS500011: The resource principal named https://api.loganalytics.azure.cn/.default was not found in the tenant named Test_Test_CSSMooncake. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant. Trace ID: 6ee46463-0f61-41eb-843f-c983c4611600 Correlation ID: 74721357-86ff-4c61-b89a-3c292db85b53 Timestamp: 2024-07-04 00:01:36Z - Correlation ID: 74721357-86ff-4c61-b89a-3c292db85b53 - Trace ID: 6ee46463-0f61-41eb-843f-c983c4611600 at C:\working\monitor\javascriptMonitorQuery\node_modules\@azure\identity\dist\index.js:3673:49 at process.processTicksAndRejections (c:\working\monitor\javascriptMonitorQuery\lib\internal\process\task_queues.js:95:5) at async Object.withSpan (C:\working\monitor\javascriptMonitorQuery\node_modules\@azure\core-tracing\dist\commonjs\tracingClient.js:36:28) at async C:\working\monitor\javascriptMonitorQuery\node_modules\@azure\identity\dist\index.js:3340:29 at async Object.withSpan (C:\working\monitor\javascriptMonitorQuery\node_modules\@azure\core-tracing\dist\commonjs\tracingClient.js:36:28) at async DefaultAzureCredential.getToken (C:\working\monitor\javascriptMonitorQuery\node_modules\@azure\identity\dist\index.js:3330:27) at async tryGetAccessToken (C:\working\monitor\javascriptMonitorQuery\node_modules\@azure\core-rest-pipeline\dist\commonjs\util\tokenCycler.js:36:32) at async beginRefresh (C:\working\monitor\javascriptMonitorQuery\node_modules\@azure\core-rest-pipeline\dist\commonjs\util\tokenCycler.js:44:17) at async Object.defaultAuthorizeRequest [as authorizeRequest] (C:\working\monitor\javascriptMonitorQuery\node_modules\@azure\core-rest-pipeline\dist\commonjs\policies\bearerTokenAuthenticationPolicy.js:21:25) at async Object.sendRequest (C:\working\monitor\javascriptMonitorQuery\node_modules\@azure\core-rest-pipeline\dist\commonjs\policies\bearerTokenAuthenticationPolicy.js:72:13) {statusCode: 400, errorResponse: {…}, name: 'AuthenticationError', stack: 'AuthenticationError: EnvironmentCredential au…es\bearerTokenAuthenticationPolicy.js:72:13)', message: 'EnvironmentCredential authentication failed.…ace ID: 6ee46463-0f61-41eb-843f-c983c4611600'}