Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure Monitor Logs authentication issue #853

Closed
maakku opened this issue Aug 13, 2023 · 5 comments
Closed

Azure Monitor Logs authentication issue #853

maakku opened this issue Aug 13, 2023 · 5 comments
Labels
stale

Comments

@maakku
Copy link

maakku commented Aug 13, 2023
edited by github-actions bot
Loading

Describe the Bug

When querying Log Analytics with Azure Monitor Logs (managed) connector, I get the following error:

{
  "ResultStatus": "BadRequest",
  "Content": {
    "status": 400,
    "source": "https://logic-apis-westeurope.consent.azure-apim.net:443/api/tokens/exchange?api-version=2015-11-01-preview",
    "message": "Failed to retrieve token for resource=https://api.loganalytics.io. Message=Parameter=Token not found."
  },
  "Message": "Failed to get HTTP response because of invalid input (ResourceTokenExchanger, queryData). Bad request input. Please Check user input parameters (query syntax, chart type or other resource input)\r\nclientRequestId: 31d0e177-3be1-4164-b6ac-fc919f4cd528"
}

Connection was created using authentication type "Logic Apps Managed Identity". Logic App has Log Analytics Reader role set to the Log Analytics resource in question.

The generated connections.json looks like:

{
    "managedApiConnections": {
        "azuremonitorlogs": {
            "api": {
                "id": "/subscriptions/1dbfc712-1224-4f6e-8e6f-81c6c4e880ec/providers/Microsoft.Web/locations/westeurope/managedApis/azuremonitorlogs"
            },
            "authentication": {
                "type": "ManagedServiceIdentity"
            },
            "connection": {
                "id": "/subscriptions/.../resourceGroups/.../providers/Microsoft.Web/connections/azuremonitorlogs"
            },
            "connectionProperties": {
                "authentication": {
                    "audience": "https://management.core.windows.net/",
                    "type": "ManagedServiceIdentity"
                }
            },
            "connectionRuntimeUrl": "https://bd562559f8cac779.07.common.logic-westeurope.azure-apihub.net/apim/azuremonitorlogs/aecf13b1b14b4aafad3f3d6cf8e9cbd2"
        }
    }
}

The same query works with http connector and managed identity.

image

Plan Type

Standard

Steps to Reproduce the Bug or Issue

  1. Add Azure Monitor Logs action "Run query and list results" to Logic App standard workflow
  2. Create connection with Authentication Type set to Logic Apps Managed Identity
  3. Run workflow

Workflow JSON

No response

Screenshots or Videos

No response

Additional context

No response

AB#24831531
@haggerty-ian
Copy link

My team is seeing the same issue with our Log-Analytics-related workflow. We're using a consumption plan, and experience failures with the built-in connector about ~3% of the times we try to run it. Thanks for the idea of using a basic HTTP connector in order to avert this issue.

@JamalJShaheed
Copy link

+1 on this. Seems to only occur when using the System Managed Identity with the connector.

@github-actions
Copy link

This issue is stale because it has been open for 45 days with no activity.

@github-actions github-actions bot added the stale label Oct 15, 2023
@github-actions
Copy link

This issue was closed because it has been inactive for 14 days since being marked as stale.

@andyliddle
Copy link

Same issue, please reopen, need to soluition

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@andyliddle @maakku @haggerty-ian @JamalJShaheed