Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[COST-4216] Update Azure source error messages #4706

Closed
wants to merge 2 commits into from

Conversation

djnakabaale
Copy link
Contributor

@djnakabaale djnakabaale commented Sep 26, 2023

Jira Ticket

COST-4216

Description

This change will update conditional check on Azure error messages for unauthorized client actions.

Testing

  1. Checkout Branch

  2. Restart Koku

  3. Configure your permissions, see docs on configuring Azure roles

  4. Make a POST request to this endpoint http://127.0.0.1:8000/api/cost-management/v1/sources/ using the json object below but with an invalid azure_resource_group value:

    {
        "name": "Azure Unauthorized Source",
        "source_type": "AZURE",
        "authentication": {
            "credentials": {
                "subscription_id": "{{azure_subscription_id}}",
                "tenant_id": "{{azure_tenant_id}}",
                "client_id": "{{azure_client_id}}", 
                "client_secret": "{{azure_client_secret}}"
            }
        },
        "billing_source": {"data_source": {"resource_group": "{{azure_resource_group}}", "storage_account": "{{azure_storage_account}}"}}
    }
    
    
    

    i. You should get a 400 and a response similar to this:

    {
        "errors": [
            {
                "detail": "(AuthorizationFailed) The client '4689adf2-03f1-45e1-9cb3-2c0a88235a0d' with object id '4689adf2-03f1-45e1-9cb3-2c0a88235a0d' does not have authorization to perform action 'Microsoft.Storage/storageAccounts/listKeys/action' over scope '/subscriptions/89d256ea-88bb-4c30-b2ce-d2ba68d3d4c6/resourceGroups/dnakabaa-rsc-grou/providers/Microsoft.Storage/storageAccounts/dnakabaastorageacct' or the scope is invalid. If access was recently granted, please refresh your credentials.\nCode: AuthorizationFailed\nMessage: The client '4689adf2-03f1-45e1-9cb3-2c0a88235a0d' with object id '4689adf2-03f1-45e1-9cb3-2c0a88235a0d' does not have authorization to perform action 'Microsoft.Storage/storageAccounts/listKeys/action' over scope '/subscriptions/89d256ea-88bb-4c30-b2ce-d2ba68d3d4c6/resourceGroups/dnakabaa-rsc-grou/providers/Microsoft.Storage/storageAccounts/dnakabaastorageacct' or the scope is invalid. If access was recently granted, please refresh your credentials.",
                "source": "azure.exception",
                "status": 400
            }
        ]
    }
    

or run this test

tox -- sources.test.test_sources_error_message.SourcesErrorMessageTest.test_azure_errors

expect to see

WARNING:sources.sources_error_message:Source ID: 1 error message: Azure reported an authorization error. In Azure, check the resource group, storage account, cost export scope, and service principal.
[2023-09-27 19:07:15,780] INFO None 60848 validation error: {'azure.exception': [ErrorDetail(string="(AuthorizationFailed) The client 'xxxxx' with object id 'xxxxx' does not have authorization to perform action.", code='invalid')]}. Validation detail {'azure.exception': [ErrorDetail(string="(AuthorizationFailed) The client 'xxxxx' with object id 'xxxxx' does not have authorization to perform action.", code='invalid')]}
INFO:sources.sources_error_message:validation error: {'azure.exception': [ErrorDetail(string="(AuthorizationFailed) The client 'xxxxx' with object id 'xxxxx' does not have authorization to perform action.", code='invalid')]}. Validation detail {'azure.exception': [ErrorDetail(string="(AuthorizationFailed) The client 'xxxxx' with object id 'xxxxx' does not have authorization to perform action.", code='invalid')]}
[2023-09-27 19:07:15,780] WARNING None 60848 Source ID: 1 Internal message: (AuthorizationFailed) The client 'xxxxx' with object id 'xxxxx' does not have authorization to perform action..
WARNING:sources.sources_error_message:Source ID: 1 Internal message: (AuthorizationFailed) The client 'xxxxx' with object id 'xxxxx' does not have authorization to perform action..
[2023-09-27 19:07:15,780] WARNING None 60848 Source ID: 1 error message: Azure reported an authorization error. In Azure, check the resource group, storage account, cost export scope, and service principal.
WARNING:sources.sources_error_message:Source ID: 1 error message: Azure reported an authorization error. In Azure, check the resource group, storage account, cost export scope, and service principal.

Notes

...

@djnakabaale djnakabaale added the smoke-tests pr_check will build the image and run minimal required smokes label Sep 26, 2023
@djnakabaale djnakabaale requested review from a team as code owners September 26, 2023 18:11
@djnakabaale djnakabaale self-assigned this Sep 26, 2023
@djnakabaale djnakabaale changed the title update Azure client error [COST-4216] Update Azure source error messages Sep 26, 2023
@codecov
Copy link

codecov bot commented Sep 26, 2023

Codecov Report

Merging #4706 (ae6af4a) into main (7d787f0) will not change coverage.
The diff coverage is 100.0%.

@@          Coverage Diff          @@
##            main   #4706   +/-   ##
=====================================
  Coverage   93.8%   93.8%           
=====================================
  Files        367     367           
  Lines      30227   30227           
  Branches    3574    3574           
=====================================
  Hits       28348   28348           
- Misses      1219    1220    +1     
+ Partials     660     659    -1     

@sonarcloud
Copy link

sonarcloud bot commented Sep 26, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

100.0% 100.0% Coverage
0.0% 0.0% Duplication

@djnakabaale djnakabaale marked this pull request as draft September 28, 2023 10:28
@djnakabaale
Copy link
Contributor Author

closing, low priority

@maskarb maskarb deleted the cost-4216-azure-err-msgs branch July 12, 2024 18:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
smoke-tests pr_check will build the image and run minimal required smokes smokes-required
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant