search

microsoft / azure-load-testing

MIT License
22 stars 2 forks source link

[BUG] Failing to create Tests using REST API - but can create Load Tests #120

Closed patmci closed 1 year ago

patmci commented 1 year ago

Describe the bug I am using an Azure App Registration to create Azure Load Tests. I am able to create a Load Test and retrieve it. However when I attempt to create a test on that load test using the dataPlaneUri, I am denied access. My App has scopes for loadtests.read and loadtests.write.

To Reproduce

  1. Create an Azure app registration
  2. Add Apis for loadtests.read and loadtests.write
  3. Authenticate from Postman and receive bearertoken
  4. Create Load Test and receive dataplaneuri
  5. Create Test using Patch instruction
  6. Error

Error message Bearer error="invalid_token", error_description="S2S17001: SAL was able to validate the protocol, but validation failed as none of the inbound policies were satisfied. Validation failures: '6ddb9c11-a689-43ec-b923-c673c49dea0c: InvalidAudience."

Additional context My bearertoken will allow me to create the load tests, but not to create the tests on the load test.

AB#1680254

Sachid26 commented 1 year ago

@patmci... does your app have the required roles? can you refer this

Harshan01 commented 1 year ago

@patmci Can you try generating the access token with scope "https://cnt-prod.loadtesting.azure.com/.default"? I assume the token generated did not use any scope/audience

patmci commented 1 year ago

@patmci... does your app have the required roles? can you refer this

Hi, thanks for this - I can confirm that the App has the contributor role on Load Test

patmci commented 1 year ago

@patmci Can you try generating the access token with scope "https://cnt-prod.loadtesting.azure.com/.default"? I assume the token generated did not use any scope/audience

How would I add a scope like this in an Azure App Registration?

The token has an audience of "aud": "https://management.azure.com/" currently

ninallam commented 1 year ago

@Harshan01 can you please help with this?

patmci commented 1 year ago

Thanks I got this working. I needed token with a resource of https://management.azure.com/ to create the load test. As per @Harshan01 I was missing the scope https://cnt-prod.loadtesting.azure.com/.default for the PATCH operation.

So I ended up with 2 tokens, 1 with the resource in the header to get the dataplaneuri from LoadTest and one with the scope in the header using the dataplaneuri to create the test