search

skyplane-project / skyplane

🔥 Blazing fast bulk data transfers between any cloud 🔥
https://skyplane.org
Apache License 2.0
999 stars 58 forks source link

[bug] Permission mismatch even if the principal has Owner and Storage Blob Data Owner permissions in Azure #919

Open maciej-wolny opened 12 months ago

maciej-wolny commented 12 months ago

Describe the bug I manually granted all the listed roles ( 'Storage Blob Data Contributor' and 'Storage Account Contributor') to the skyplane_UMI and waited around 30 mins. Still the same error and even granting the principal owner permission of Subscription and Storage Blob Data Owner doesn't seem to have an effect

To Reproduce Steps to reproduce the behavior (please include the full Skyplane command you ran):

  1. Go to '...'
  2. Click on '....'
  3. Scroll down to '....'
  4. See error

Expected behavior A clear and concise description of what you expected to happen.

Screenshots If applicable, add screenshots to help explain your problem.

Transfer client log In the log output from Skyplane, please upload the debug log from the CLI. You can find the path to the file in the log output:

 skyplane cp -r https://abc.blob.core.windows.net/xxx s3://research/xxx
 _____ _   ____   _______ _       ___   _   _  _____ 
/  ___| | / /\ \ / / ___ \ |     / _ \ | \ | ||  ___|
\ `--.| |/ /  \ V /| |_/ / |    / /_\ \|  \| || |__  
 `--. \    \   \ / |  __/| |    |  _  || . ` ||  __| 
/\__/ / |\  \  | | | |   | |____| | | || |\  || |___ 
\____/\_| \_/  \_/ \_|   \_____/\_| |_/\_| \_/\____/

Logging to: /tmp/skyplane/transfer_logs/20230901_190656-22376490/client.log
Using Skyplane version 0.3.2
Will transfer objects from azure:westeurope to aws:eu-west-1
  VMs to provision: 1x aws:eu-west-1, 1x azure:westeurope
  Estimated egress cost: $0.09/GB
  ⠼ Querying objects for transfer...19:07:02 [ERROR] Unable to list objects in container xxx as you don't have permission to access it. You need the 'Storage Blob Data Contributor' and 'Storage Account Contributor' roles: This request is not 
authorized to perform this operation using this permission.
RequestId:3efc0e78-701e-005b-0eff-dc29fb000000
Time:2023-09-01T18:07:02.6195010Z
ErrorCode:AuthorizationPermissionMismatch
Content: <?xml version="1.0" encoding="utf-8"?><Error><Code>AuthorizationPermissionMismatch</Code><Message>This request is not authorized to perform this operation using this permission.
RequestId:3efc0e78-701e-005b-0eff-dc29fb000000
Time:2023-09-01T18:07:02.6195010Z</Message></Error>
Uncaught exception: (HttpResponseError) This request is not authorized to perform this operation using this permission.
RequestId:3efc0e78-701e-005b-0eff-dc29fb000000
Time:2023-09-01T18:07:02.6195010Z
ErrorCode:AuthorizationPermissionMismatch
Content: <?xml version="1.0" encoding="utf-8"?><Error><Code>AuthorizationPermissionMismatch</Code><Message>This request is not authorized to perform this operation using this permission.
RequestId:3efc0e78-701e-005b-0eff-dc29fb000000
Time:2023-09-01T18:07:02.6195010Z</Message></Error>
Please check the log file for more information, and ensure to include it if reporting an issue on Github.

Environment info (please complete the following information):

abiswal2001 commented 12 months ago

Hi, can you check the permissions listed on the account you signed in with for "az login" for the skyplane CLI? If your account doesn't have the roles listed above, then try adding them within the subscription and seeing if that fixes your issue for the time being, while the umi issue is investigated.