search

Azure / azure-sdk-for-rust

This repository is for active development of the *unofficial* Azure SDK for Rust. This repository is *not* supported by the Azure SDK team.
MIT License
685 stars 232 forks source link

`DefaultAzureCredential` throws away detailed error info #1543

Closed jorendorff closed 6 months ago

jorendorff commented 6 months ago

In azure_core, impl Display for Error does not print all the information in the case of Context::Full. I think that's standard practice in Rust for errors that implement source. One drawback of this practice is that it's easy to forget to output the nested error (which often pinpoints the root cause of the problem)!

For example, in azure_identity, there's a function format_aggregate_error that DefaultAzureCredential calls to make a single error message from multiple errors. It uses ToString::to_string. The output is like this:

Multiple errors were encountered while attempting to authenticate:
error getting environment credential
getting managed identity credential timed out
error getting token credential from Azure CLI

Only the most generic information is retained; the source info is lost. The actual Error values contain critical information (below).

These details should be included in the aggregate error message.

Error {
    context: Full(
        Custom {
            kind: Credential,
            error: Error {
                context: Full(
                    Custom {
                        kind: Credential,
                        error: ServerResponse(
                            StandardErrorResponse {
                                error: invalid_scope,
                                error_description: Some(
                                    "AADSTS70011: The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid. The scope https://storage.azure.com/ is not valid. Trace ID: faffb048-dc16-4647-a39d-d6f9b6a18e04 Correlation ID: 42b41949-6106-4bd2-a9ba-a3866fa5037a Timestamp: 2024-01-04 18:16:21Z",
                                ),
                                error_uri: None,
                            },
                        ),
                    },
                    "request token error",
                ),
            },
        },
        "error getting environment credential",
    ),
}
Error {
    context: Full(
        Custom {
            kind: Credential,
            error: Error {
                context: Message {
                    kind: Other,
                    message: "operation timed out",
                },
            },
        },
        "getting managed identity credential timed out",
    ),
}
Error {
    context: Full(
        Custom {
            kind: Credential,
            error: Error {
                context: Message {
                    kind: Credential,
                    message: "'az account get-access-token' command failed: ERROR: AADSTS70011: The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid. The scope https://storage.azure.com/ offline_access openid profile is not valid. The scope format is invalid. Scope must be in a valid URI form <https://example/scope> or a valid Guid <guid/scope>. Trace ID: 7e69546d-5efc-410f-b90e-9f9664222201 Correlation ID: b9670a9d-e693-4cc2-bd47-6f80af1de66e Timestamp: 2024-01-04 18:16:23Z\nInteractive authentication is needed. Please run:\naz login --scope https://storage.azure.com/\n",
                },
            },
        },
        "error getting token credential from Azure CLI",
    ),
}