search

Azure / azure-sdk-for-js

This repository is for active development of the Azure SDK for JavaScript (NodeJS & Browser). For consumers of the SDK we recommend visiting our public developer docs at https://docs.microsoft.com/javascript/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-js.
MIT License
2.07k stars 1.19k forks source link

[azure/storage-blob] , Intermitent failure while deploying ARM template stored in Storage account. #31411

Open sahuroshan opened 1 week ago

sahuroshan commented 1 week ago

Describe the bug Hi , I am trying to deploy an ARM template stored in storage account by generating a URL . I am following this guide to generate URL - https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/deploy-to-azure-button#template-stored-in-azure-storage-account

But I am facing intermitent issues while deploying the template . Sometimes it works but sometimes it fails. We have tested it on multilple machines .We receive the following error. Image

If we open the URL in above screenshot , in a browser . we see this error - RestError: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.

AuthenticationFailed Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:03824724-601e-0041-2825-1f9ee4000000 Time:2024-10-15T17:13:39.3694765Z Signature fields not well formed.

To Reproduce Steps to reproduce the behavior:

  1. shared sample code

Expected behavior The upload template should work each time.

Screenshots If applicable, add screenshots to help explain your problem.

Additional context Sharing the code for reference - We see this intermitent issue in line number 18 and line 22

  1. const sasToken = generateBlobSASQueryParameters(
  2. {
  3. containerName,
  4. permissions: BlobSASPermissions.parse("racwd"),
  5. expiresOn: new Date(new Date().valueOf() + 86400),
  6. },
  7. sharedKeyCredential
  8. ).toString();
  10. let sasUrls: string[] = [];
  12. try {
  13. for (let i = 0; i < templates.length; i++) {
  14. const blobName = utils.generateTemplatePath(this.migrationStateModel, this._targetType, i + 1);
  15. var sasUrl = https://${accountName}.blob.core.windows.net/${containerName}/${blobName}?${sasToken};
  16. sasUrls.push(sasUrl);
  17. const blockBlobClient = new BlockBlobClient(sasUrl);
  18. await blockBlobClient.upload(templates[i], templates[i].length);
  19. }
  21. for (let i = 0; i < sasUrls.length; i++) {
  22. let deployToAzureUrl = 'https://portal.azure.com/#create/Microsoft.Template/uri/' + encodeURIComponent(sasUrls[i]); exec(${opener} ${deployToAzureUrl}); }
  23. }
github-actions[bot] commented 1 week ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @xgithubtriage.

jeremymeng commented 1 week ago

@sahuroshan thank you for reporting this issue! We will take a look as soon as we can.

EmmaZhu commented 1 week ago

I tried to investigate from service side log for the request.

The error happened on a GET request which seems to try to download the template. Azure storage service received request with SAS token look like: sv=2023-08-03&se=2024-10-15T10%253A06%253A18Z , which seems was encoded twice. The correct SAS token should look like sv=2023-08-03&se=2024-10-15T10%3A06%3A18Z.

Could you have a try with remove the invoking of encodeURIComponent in code line 22?

github-actions[bot] commented 2 days ago

Hi @sahuroshan. Thank you for opening this issue and giving us the opportunity to assist. To help our team better understand your issue and the details of your scenario please provide a response to the question asked above or the information requested above. This will help us more accurately address your issue.