search

RuiRomano / pbimonitor

MIT License
220 stars 83 forks source link

AuditsTimer 403 (Forbidden) #50

Open petertheguy opened 7 months ago

petertheguy commented 7 months ago

I went to test the AuditsTimer function within the function app and received 403 (Forbidden) error messages (see excerpt below). Not super savvy with Azure, any idea what this could be? Something to do with the created secret or privileges of my Azure account?

2024-04-15T07:37:36Z   [Information]   Executing 'Functions.AuditsTimer' (Reason='This function was programmatically called via the host APIs.', Id=7d871506-8bce-4c12-9804-8f2755a3193a)
2024-04-15T07:37:36Z   [Verbose]   Sending invocation id: '7d871506-8bce-4c12-9804-8f2755a3193a
2024-04-15T07:37:36Z   [Verbose]   Posting invocation id:7d871506-8bce-4c12-9804-8f2755a3193a on workerId:49abab0d-03a8-40d9-a47c-02c63f200c54
2024-04-15T07:37:46Z   [Information]   INFORMATION: PBIMonitor - Fetch Activity Started: 04/15/2024 07:37:45
2024-04-15T07:37:46Z   [Information]   INFORMATION: Building PBIMonitor Config from Azure Function Configuration
2024-04-15T07:37:46Z   [Information]   INFORMATION: AppDataPath: C:\home\data\pbimonitor
2024-04-15T07:37:46Z   [Information]   INFORMATION: ScriptsPath: C:\home\site\wwwroot\Scripts
2024-04-15T07:37:46Z   [Information]   INFORMATION: OutputPath: C:\local\Temp\PBIMonitorData\0f2337d7e3774480b53b8c140c0c7327
2024-04-15T07:37:47Z   [Information]   INFORMATION: Starting Power BI Activity Fetch
2024-04-15T07:37:47Z   [Information]   INFORMATION: Since: 2024-03-16T00:00:00
2024-04-15T07:37:47Z   [Information]   INFORMATION: OutputBatchCount: 5000
2024-04-15T07:37:47Z   [Information]   INFORMATION: Getting OAuth Token
2024-04-15T07:37:48Z   [Information]   INFORMATION: Login with: e82caa08-8c62-4d4c-8c7c-3a8207c3c4b2
2024-04-15T07:37:48Z   [Information]   INFORMATION: Getting audit data for: '20240316'
2024-04-15T07:37:48Z   [Information]   INFORMATION: Ellapsed: 1.3668811s
2024-04-15T07:37:48Z   [Information]   OUTPUT: 
2024-04-15T07:37:48Z   [Information]   OUTPUT:    HistoryId: 1
2024-04-15T07:37:48Z   [Information]   OUTPUT: 
2024-04-15T07:37:48Z   [Information]   OUTPUT: Message        : Response status code does not indicate success: 403 (Forbidden).
2024-04-15T07:37:48Z   [Information]   OUTPUT: StackTrace     :    at Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod.InvokeRestMethod(String url, String body, PowerBIWebRequestMethod requestType)
2024-04-15T07:37:48Z   [Information]   OUTPUT: Exception      : System.Net.Http.HttpRequestException
2024-04-15T07:37:48Z   [Information]   OUTPUT: InvocationInfo : {Invoke-PowerBIRestMethod}
2024-04-15T07:37:48Z   [Information]   OUTPUT: Line           :                 $result = Invoke-PowerBIRestMethod -Url $activityAPIUrl -method Get | ConvertFrom-Json
2024-04-15T07:37:48Z   [Information]   OUTPUT:                  
2024-04-15T07:37:48Z   [Information]   OUTPUT: Position       : At C:\home\site\wwwroot\Scripts\Fetch - Activity.ps1:90 char:27
2024-04-15T07:37:48Z   [Information]   OUTPUT:                  + …   $result = Invoke-PowerBIRestMethod -Url $activityAPIUrl -method Get …
2024-04-15T07:37:48Z   [Information]   OUTPUT:                  +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2024-04-15T07:37:48Z   [Information]   OUTPUT: HistoryId      : 1
2024-04-15T07:37:48Z   [Information]   OUTPUT: 
2024-04-15T07:37:48Z   [Information]   OUTPUT: Message        : Response status code does not indicate success: 403 (Forbidden).
2024-04-15T07:37:48Z   [Information]   OUTPUT: StackTrace     :    at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
2024-04-15T07:37:48Z   [Information]   OUTPUT:                     at Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod.InvokeRestMethod(String url, String body, PowerBIWebRequestMethod requestType)
2024-04-15T07:37:48Z   [Information]   OUTPUT: Exception      : System.Net.Http.HttpRequestException
2024-04-15T07:37:48Z   [Information]   OUTPUT: InvocationInfo : {Invoke-PowerBIRestMethod}
2024-04-15T07:37:48Z   [Information]   OUTPUT: Line           :                 $result = Invoke-PowerBIRestMethod -Url $activityAPIUrl -method Get | ConvertFrom-Json
2024-04-15T07:37:48Z   [Information]   OUTPUT:                  
2024-04-15T07:37:48Z   [Information]   OUTPUT: Position       : At C:\home\site\wwwroot\Scripts\Fetch - Activity.ps1:90 char:27
2024-04-15T07:37:48Z   [Information]   OUTPUT:                  + …   $result = Invoke-PowerBIRestMethod -Url $activityAPIUrl -method Get …
2024-04-15T07:37:48Z   [Information]   OUTPUT:                  +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2024-04-15T07:37:48Z   [Information]   OUTPUT: HistoryId      : 1
2024-04-15T07:37:48Z   [Information]   OUTPUT: 
2024-04-15T07:37:49Z   [Error]   EXCEPTION: One or more errors occurred. (Response status code does not indicate success: 403 (Forbidden).)

Exception             : 
    Type            : System.AggregateException
    InnerExceptions : 
        Type           : System.Net.Http.HttpRequestException
        TargetSite     : 
            Name          : MoveNext
            DeclaringType : Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod+<InvokeRestMethod>d__35, Microsoft.PowerBI.Commands.Profile, Version=1.2.1111.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
            MemberType    : Method
            Module        : Microsoft.PowerBI.Commands.Profile.dll
        Message        : Response status code does not indicate success: 403 (Forbidden).
        InnerException : 
            Type       : System.Net.Http.HttpRequestException
            StatusCode : Forbidden
            TargetSite : 
                Name          : EnsureSuccessStatusCode
                DeclaringType : System.Net.Http.HttpResponseMessage
                MemberType    : Method
                Module        : System.Net.Http.dll
            Message    : Response status code does not indicate success: 403 (Forbidden).
            Source     : System.Net.Http
            HResult    : -2146233088
            StackTrace : 
   at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
   at Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod.InvokeRestMethod(String url, String body, PowerBIWebRequestMethod requestType)
        Source         : Microsoft.PowerBI.Commands.Profile
        HResult        : -2146233088
        StackTrace     : 
   at Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod.InvokeRestMethod(String url, String body, PowerBIWebRequestMethod requestType)
    Message         : One or more errors occurred. (Response status code does not indicate success: 403 (Forbidden).)
    TargetSite      : 
        Name          : ThrowIfExceptional
        DeclaringType : System.Threading.Tasks.Task
        MemberType    : Method
        Module        : System.Private.CoreLib.dll
    InnerException  : 
        Type           : System.Net.Http.HttpRequestException
        TargetSite     : 
            Name          : MoveNext
            DeclaringType : Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod+<InvokeRestMethod>d__35, Microsoft.PowerBI.Commands.Profile, Version=1.2.1111.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
            MemberType    : Method
            Module        : Microsoft.PowerBI.Commands.Profile.dll
        Message        : Response status code does not indicate success: 403 (Forbidden).
        InnerException : 
            Type       : System.Net.Http.HttpRequestException
            StatusCode : Forbidden
            TargetSite : 
                Name          : EnsureSuccessStatusCode
                DeclaringType : System.Net.Http.HttpResponseMessage
                MemberType    : Method
                Module        : System.Net.Http.dll
            Message    : Response status code does not indicate success: 403 (Forbidden).
            Source     : System.Net.Http
            HResult    : -2146233088
            StackTrace : 
   at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
   at Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod.InvokeRestMethod(String url, String body, PowerBIWebRequestMethod requestType)
        Source         : Microsoft.PowerBI.Commands.Profile
        HResult        : -2146233088
        StackTrace     : 
   at Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod.InvokeRestMethod(String url, String body, PowerBIWebRequestMethod requestType)
    Source          : System.Private.CoreLib
    HResult         : -2146233088
    StackTrace      : 
   at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
   at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
   at System.Threading.Tasks.Task`1.get_Result()
   at Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod.ExecuteCmdlet()
   at Microsoft.PowerBI.Commands.Common.PowerBICmdlet.ProcessRecord()
TargetObject          : Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod
CategoryInfo          : WriteError: (Microsoft.PowerBI.C…kePowerBIRestMethod:InvokePowerBIRestMethod) [Invoke-PowerBIRestMethod], AggregateException
FullyQualifiedErrorId : One or more errors occurred. (Response status code does not indicate success: 403 (Forbidden).),Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod
InvocationInfo        : 
    MyCommand        : Invoke-PowerBIRestMethod
    ScriptLineNumber : 90
    OffsetInLine     : 27
    HistoryId        : 1
    ScriptName       : C:\home\site\wwwroot\Scripts\Fetch - Activity.ps1
    Line             : $result = Invoke-PowerBIRestMethod -Url $activityAPIUrl -method Get | ConvertFrom-Json

    Statement        : Invoke-PowerBIRestMethod -Url $activityAPIUrl -method Get
    PositionMessage  : At C:\home\site\wwwroot\Scripts\Fetch - Activity.ps1:90 char:27
                       + …   $result = Invoke-PowerBIRestMethod -Url $activityAPIUrl -method Get …
                       +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    PSScriptRoot     : C:\home\site\wwwroot\Scripts
    PSCommandPath    : C:\home\site\wwwroot\Scripts\Fetch - Activity.ps1
    InvocationName   : Invoke-PowerBIRestMethod
    CommandOrigin    : Internal
ScriptStackTrace      : at <ScriptBlock>, C:\home\site\wwwroot\Scripts\Fetch - Activity.ps1: line 90
                        at <ScriptBlock>, C:\home\site\wwwroot\AuditsTimer\run.ps1: line 31
PipelineIterationInfo : 

2024-04-15T07:37:49Z   [Error]   Executed 'Functions.AuditsTimer' (Failed, Id=7d871506-8bce-4c12-9804-8f2755a3193a, Duration=12467ms)
WillCisler commented 7 months ago

I would make sure you SP is in the tenant settings to run read only API calls and then test the process locally. The readme has a section named "Authorize the Service Principal on PowerBI Tenant" with the needed configuration.

The fetch script is a bit cryptic due to some if/else structure but the functions you need are there.

This section is for Auth but you can simplify

https://github.com/RuiRomano/pbimonitor/blob/main/AzureFunction%2FScripts%2FFetch%20-%20Activity.ps1#L61-L73

I suspect that the login process was successful but the SP is not allowed to call the activity log.