search

Azure / logicapps

Azure Logic Apps labs, samples, and tools
MIT License
352 stars 291 forks source link

Azure Monitor Logs authentication issue #853

Closed maakku closed 8 months ago

maakku commented 11 months ago

Describe the Bug

When querying Log Analytics with Azure Monitor Logs (managed) connector, I get the following error:

{
  "ResultStatus": "BadRequest",
  "Content": {
    "status": 400,
    "source": "https://logic-apis-westeurope.consent.azure-apim.net:443/api/tokens/exchange?api-version=2015-11-01-preview",
    "message": "Failed to retrieve token for resource=https://api.loganalytics.io. Message=Parameter=Token not found."
  },
  "Message": "Failed to get HTTP response because of invalid input (ResourceTokenExchanger, queryData). Bad request input. Please Check user input parameters (query syntax, chart type or other resource input)\r\nclientRequestId: 31d0e177-3be1-4164-b6ac-fc919f4cd528"
}

Connection was created using authentication type "Logic Apps Managed Identity". Logic App has Log Analytics Reader role set to the Log Analytics resource in question.

The generated connections.json looks like:

{
    "managedApiConnections": {
        "azuremonitorlogs": {
            "api": {
                "id": "/subscriptions/1dbfc712-1224-4f6e-8e6f-81c6c4e880ec/providers/Microsoft.Web/locations/westeurope/managedApis/azuremonitorlogs"
            },
            "authentication": {
                "type": "ManagedServiceIdentity"
            },
            "connection": {
                "id": "/subscriptions/.../resourceGroups/.../providers/Microsoft.Web/connections/azuremonitorlogs"
            },
            "connectionProperties": {
                "authentication": {
                    "audience": "https://management.core.windows.net/",
                    "type": "ManagedServiceIdentity"
                }
            },
            "connectionRuntimeUrl": "https://bd562559f8cac779.07.common.logic-westeurope.azure-apihub.net/apim/azuremonitorlogs/aecf13b1b14b4aafad3f3d6cf8e9cbd2"
        }
    }
}

The same query works with http connector and managed identity.

image

Plan Type

Standard

Steps to Reproduce the Bug or Issue

  1. Add Azure Monitor Logs action "Run query and list results" to Logic App standard workflow
  2. Create connection with Authentication Type set to Logic Apps Managed Identity
  3. Run workflow

Workflow JSON

No response

Screenshots or Videos

No response

Additional context

No response

AB#24831531

haggerty-ian commented 10 months ago

My team is seeing the same issue with our Log-Analytics-related workflow. We're using a consumption plan, and experience failures with the built-in connector about ~3% of the times we try to run it. Thanks for the idea of using a basic HTTP connector in order to avert this issue.

JamalJShaheed commented 10 months ago

+1 on this. Seems to only occur when using the System Managed Identity with the connector.

github-actions[bot] commented 8 months ago

This issue is stale because it has been open for 45 days with no activity.

github-actions[bot] commented 8 months ago

This issue was closed because it has been inactive for 14 days since being marked as stale.

andyliddle commented 8 months ago

Same issue, please reopen, need to soluition