search

Azure / container-apps-deploy-pipelines-task

Azure Pipelines Task (Release Candidate) for building and deploying Azure Container Apps
MIT License
6 stars 10 forks source link

Provide option to provide log destination when creating container apps environment #36

Open nellyk opened 1 year ago

nellyk commented 1 year ago

This is my setup 

  - task: AzureContainerApps@1
    inputs:
      appSourcePath: '$(Build.SourcesDirectory)/src'
      azureSubscription: '$(azureSubscription)'
      acrName: '$(acrName)'
      resourceGroup: '$(resourceGroup)'
      location: '$(location)'

When i provide the above and run the pipeline i get the following error

2023-07-25T12:26:46.9172078Z [command]/usr/bin/az containerapp env create -n ado-task-app-155-20230725-7-env -g xxxx -l eastus2
2023-07-25T12:26:48.6034004Z WARNING: No Log Analytics workspace provided.
2023-07-25T12:26:48.6035077Z WARNING: Generating a Log Analytics workspace with name "workspace-xxxx"
2023-07-25T12:26:48.6036673Z ERROR: (AuthorizationFailed) The client 'xxxxxxxxx' with object id 'xxxxxxxx' does not have authorization to perform action 'Microsoft.OperationalInsights/workspaces/write' over scope '/subscriptions/xxxxxxx/resourcegroups/xxxxxx/providers/Microsoft.OperationalInsights/workspaces/workspace-xxxxxx' or the scope is invalid. If access was recently granted, please refresh your credentials.
2023-07-25T12:26:48.6037574Z Code: AuthorizationFailed
2023-07-25T12:26:48.6038818Z Message: The client 'xxxxxx' with object id 'xxxxxx' does not have authorization to perform action 'Microsoft.OperationalInsights/workspaces/write' over scope '/subscriptions/xxxxxxx/resourcegroups/xxxx/providers/Microsoft.OperationalInsights/workspaces/workspace-xxxxx' or the scope is invalid. If access was recently granted, please refresh your credentials.

I had a look a the az containerapp env create commands and for log destination if a value is not provided(in this case) the default selected is log-analytics. https://learn.microsoft.com/en-us/cli/azure/containerapp/env?view=azure-cli-latest#az-containerapp-env-create

--logs-destination Logs destination.

accepted values: azure-monitor, log-analytics, none default value: log-analytics

At the moment a workaround is i gave the service principal permission to create the log analytics workspace and i'm fairly okay with it. Especially because has an associated cost it would be good to provide an option to not provide it

cormacpayne commented 1 year ago

Discussing this issue with @nellyk offline -- will follow-up with resolution.

nellyk commented 11 months ago

@cormacpayne thanks for follow-up, just wanted to checkin to see if you had any updates on this.