search

microsoft / coe-starter-kit

Other
751 stars 223 forks source link

[CoE Starter Kit - BUG] Admin | Sync Audit Logs: Error from token exchange: Permission denied due to missing connection ACL: Connection #5191

Closed ApoorvaKantale closed 1 year ago

ApoorvaKantale commented 1 year ago

Describe the issue

Hi,

I have upgraded Audit log component, Now when I turn on the flow and run. There is an error being throwed. Error: Error from token exchange: Permission denied due to missing connection ACL: Connection https://unitedstates-002.azure-apim.net/@unitedstates-002/logicflows/f968edef-c7ef-43ab-f5cd-a8985fcb1450 version -9223372036854775808, connection=unitedstates-002/commondataservice/shared-commondataser-872ccec3-0baf-4ee2-8c29-bfca1c1a89c0

"body": { "status": 403, "source": "https://unitedstates-002.token.azure-apim.net:443/tokens/unitedstates-002/commondataservice/shared-commondataser-872ccec3-0baf-4ee2-8c29-bfca1c1a89c0/exchange", "message": "Error from token exchange: Permission denied due to missing connection ACL: Connection https://unitedstates-002.azure-apim.net/@unitedstates-002/logicflows/f968edef-c7ef-43ab-f5cd-a8985fcb1450 version -9223372036854775808, connection=unitedstates-002/commondataservice/shared-commondataser-872ccec3-0baf-4ee2-8c29-bfca1c1a89c0" } }

Can you please help me to resolve this.

Expected Behavior

The flow should run successful and even the child flow should run successfully.

What solution are you experiencing the issue with?

Audit Log

What solution version are you using?

3.3

What app or flow are you having the issue with?

Admin | Sync Audit Logs

Steps To Reproduce

Post upgraded. Turn on the Admin | Sync Audit Logs flow Run the flow

Anything else?

No response

Jenefer-Monroe commented 1 year ago

Hello. Connections to custom connectors get broken on solution upgrade. It sounds like you knew that and tried to fix though.

If the normal fix up steps did not resolve, then you likely ended up with a bad connection, perhaps due to the wrong identity provider being selected as in issue 4808

If that occurs please try the steps outlined in issue 4961

Sorry for the complexity here!

ApoorvaKantale commented 1 year ago

Hi, I have tired the above steps, But no luck.

Still facing the same issue

image

ApoorvaKantale commented 1 year ago

ListDefns-TenantIDEnvironmentVariable ListDefns-TenantIDEnvironmentVariable

{ "statusCode": 403, "headers": { "x-ms-failure-cause": "apihub-token-exchange", "x-ms-apihub-obo": "false", "x-ms-apihub-cached-response": "true", "Date": "Tue, 04 Apr 2023 17:45:08 GMT", "Content-Length": "523", "Content-Type": "application/json" }, "body": { "status": 403, "source": "https://unitedstates-002.token.azure-apim.net:443/tokens/unitedstates-002/commondataservice/shared-commondataser-872ccec3-0baf-4ee2-8c29-bfca1c1a89c0/exchange", "message": "Error from token exchange: Permission denied due to missing connection ACL: Connection https://unitedstates-002.azure-apim.net/@unitedstates-002/logicflows/f968edef-c7ef-43ab-f5cd-a8985fcb1450 version -9223372036854775808, connection=unitedstates-002/commondataservice/shared-commondataser-872ccec3-0baf-4ee2-8c29-bfca1c1a89c0" } }

Jenefer-Monroe commented 1 year ago

Hello, I'm afraid you appear to be on a very old version of the audit log solution or you have unmanaged layers preventing you from seeing our changes. We no longer fetch env vars that way.

Can you please share a screenshot with what solutions you have installed in this environment? Be sure to expand the indicated columns so that we can see full names image

ApoorvaKantale commented 1 year ago

image

Jenefer-Monroe commented 1 year ago

OK you must have unmanaged layers on the flow then preventing you from seeing our changes Please be sure to remove unmanaged layers when you do your upgrades

ApoorvaKantale commented 1 year ago

I have removed the unmanaged layer and upgraded the Audit component. But still I'm facing the same issue.

Today again I removed unmanaged layer and upgraded again, But still the issue persist

Jenefer-Monroe commented 1 year ago

Please remove the unmanaged layer manually instead of through our tooling for both this flow and the child (in case it has one too): image image

Jenefer-Monroe commented 1 year ago

If you are on 3.3 and dont have unmanaged layers, then that call should not be present. It shoudl look like this image

ApoorvaKantale commented 1 year ago

I have followed the same steps to remove unmanaged layer. Unmanaged layers are removed. But still i see old model of flow

image image image

ApoorvaKantale commented 1 year ago

Please help me to resolve this, I need to fix this issue on priority

Jenefer-Monroe commented 1 year ago

I'm afraid I don't know how to assist as if you've really removed the unmanaged layer, and really have 3.3 installed, then you would not see the old bits. Can you share this screenshot showing it not having unmanaged layers? image image

ApoorvaKantale commented 1 year ago

image

ApoorvaKantale commented 1 year ago

image

ApoorvaKantale commented 1 year ago

image

Jenefer-Monroe commented 1 year ago

ok I've never seen that, where the core components are a layer on the flow. So I have no idea how you got there. It should look like this image

Jenefer-Monroe commented 1 year ago

oh i thikn you didnt select the flow. You need to select the flow image

ApoorvaKantale commented 1 year ago

I have select the flow and only checked, I always see core in my Admin Audit flow.

image image

In Core Component also I see Admin|Sync Audit Logs flow

image

Jenefer-Monroe commented 1 year ago

ok from this, and the other bugs in your list, your environment is just in a broken and unknown state. I'm afraid we cannot help you get out of this. You should start from scratch in a clean environment.

ApoorvaKantale commented 1 year ago

All other flows in core are working fine.

Can help me to fix Audit component

Jenefer-Monroe commented 1 year ago

I'm afraid I cannot. From looking at this and through all your bugs you are just in a completely unknown state. You will need someone that can put their hands on it in order to resolve this, or you need to start from scratch.

If you chose the former, there are partners that specialize specifically in CoE Starter Kit, so you could reach out to them for assistance. You can find some via you can find them via AppSource

As a reminder, although the underlying features and components used to build the kit (such as Dataverse, admin APIs, and connectors) are fully supported, the kit itself represents sample implementations of these features. While we do our best to help people use them as is, they are not a supported feature.

ApoorvaKantale commented 1 year ago

Please let me know , if we have any alternative

Jenefer-Monroe commented 1 year ago

Your options are to start from scratch in a new environment or find someone that can sit with you (internally or by hiring a partner)

ApoorvaKantale commented 1 year ago

Hi,

Can please suggest some other options.

ApoorvaKantale commented 1 year ago

I have to fix in this environment itself, We cannot create new environment

Jenefer-Monroe commented 1 year ago

You will need to hire someone that can sit with you to fix your situation then. Your environment is not in a state that I can assist in debugging remotely.

There are partners that specialize specifically in CoE Starter Kit, so you could reach out to them for assistance. You can find some via you can find them via AppSource

As a reminder, although the underlying features and components used to build the kit (such as Dataverse, admin APIs, and connectors) are fully supported, the kit itself represents sample implementations of these features. While we do our best to help people use them as is, they are not a supported feature.

Jenefer-Monroe commented 1 year ago

closing out as no further action for starter kit team