-
-
Notifications
You must be signed in to change notification settings - Fork 105
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
workflow Response status code does not indicate success: 401 (Unauthorized). #71
Comments
Thanks for opening your first issue! Reports like these help improve the project! |
It tries to fetch the data for the whole of the subscriptions, not on the resourcegroup level. That can be the reason you get the 401, as the scope is subscription. |
ty! I will try to specify a resource group name |
@mivano I try with this command how do you register the sp to get AZURE_CREDENTIALS? I found this ref https://learn.microsoft.com/en-us/azure/cost-management-billing/manage/assign-roles-azure-service-principals |
Your registration is correct, but you scope it to a resource group: And what you are doing is not wrong, but the tool does a call to the api with a scope on the subscription, not on a resource group level (yes, you can query or filter on resource groups, but it will still do the call on the subscription level). I could use a different scope, but for simplicity, it currently operates on subscriptions. To get the authentication, the tool looks at the default credentials provided, so it will first query the AZ login call. So you can try to log in using the |
Thank you so much @mivano it work fine now 😊 I remove the scope as you mentioned, still to play with the query parameters, I will try to add more examples to the Query section 😉. |
Good to hear that it works for you. If you have more examples, then please do a PR with them. |
Hi Folks, I try to create action workflow but I have this issue :
Version: 0.32.0.0 Using token credential: ChainedTokenCredential to fetch a token. Fetching subscription details... Token retrieved and expires at: 09/01/2023 17:12:06 +00:00 Retrieving data from /subscriptions//?api-version=2019-11-01 using the following payload: �[38;5;8mnull�[0m Response status code is OK and got payload size of 397 Retrieved subscription details: �[38;5;8m�[0m �[38;5;12m"id"�[0m�[38;5;11m:�[0m �[38;5;9m"/subscriptions/"�[0m�[38;5;8m,�[0m �[38;5;12m"authorizationSource"�[0m�[38;5;11m:�[0m �[38;5;9m"Bypassed"�[0m�[38;5;8m,�[0m �[38;5;12m"managedByTenants"�[0m�[38;5;11m:�[0m �[38;5;8m[�[0m �[38;5;8m],�[0m �[38;5;12m"subscriptionId"�[0m�[38;5;11m:�[0m �[38;5;9m""�[0m�[38;5;8m,�[0m �[38;5;12m"tenantId"�[0m�[38;5;11m:�[0m �[38;5;9m""�[0m�[38;5;8m,�[0m �[38;5;12m"displayName"�[0m�[38;5;11m:�[0m �[38;5;9m"Azure subscription 1"�[0m�[38;5;8m,�[0m �[38;5;12m"state"�[0m�[38;5;11m:�[0m �[38;5;9m"Enabled"�[0m�[38;5;8m,�[0m �[38;5;12m"subscriptionPolicies"�[0m�[38;5;11m:�[0m �[38;5;8m�[0m �[38;5;12m"locationPlacementId"�[0m�[38;5;11m:�[0m �[38;5;9m"Public_2014-09-01"�[0m�[38;5;8m,�[0m �[38;5;12m"quotaId"�[0m�[38;5;11m:�[0m �[38;5;9m"FreeTrial_2014-09-01"�[0m�[38;5;8m,�[0m �[38;5;12m"spendingLimit"�[0m�[38;5;11m:�[0m �[38;5;9m"On"�[0m �[38;5;8m�[0m �[38;5;8m�[0m Retrieving data from /subscriptions//providers/Microsoft.CostMana gement/query?api-version=2021-10-01&$top=5000 using the following payload: �[38;5;8m�[0m �[38;5;12m"type"�[0m�[38;5;11m:�[0m �[38;5;9m"ActualCost"�[0m�[38;5;8m,�[0m �[38;5;12m"timeframe"�[0m�[38;5;11m:�[0m �[38;5;9m"BillingMonthToDate"�[0m�[38;5;8m,�[0m �[38;5;12m"timePeriod"�[0m�[38;5;11m:�[0m �[38;5;8mnull,�[0m �[38;5;12m"dataSet"�[0m�[38;5;11m:�[0m �[38;5;8m�[0m �[38;5;12m"granularity"�[0m�[38;5;11m:�[0m �[38;5;9m"Daily"�[0m�[38;5;8m,�[0m �[38;5;12m"aggregation"�[0m�[38;5;11m:�[0m �[38;5;8m�[0m �[38;5;12m"totalCost"�[0m�[38;5;11m:�[0m �[38;5;8m�[0m �[38;5;12m"name"�[0m�[38;5;11m:�[0m �[38;5;9m"Cost"�[0m�[38;5;8m,�[0m �[38;5;12m"function"�[0m�[38;5;11m:�[0m �[38;5;9m"Sum"�[0m �[38;5;8m,�[0m �[38;5;12m"totalCostUSD"�[0m�[38;5;11m:�[0m �[38;5;8m�[0m �[38;5;12m"name"�[0m�[38;5;11m:�[0m �[38;5;9m"CostUSD"�[0m�[38;5;8m,�[0m �[38;5;12m"function"�[0m�[38;5;11m:�[0m �[38;5;9m"Sum"�[0m �[38;5;8m�[0m �[38;5;8m***,�[0m �[38;5;12m"filter"�[0m�[38;5;11m:�[0m �[38;5;8mnull,�[0m �[38;5;12m"sorting"�[0m�[38;5;11m:�[0m �[38;5;8m[�[0m �[38;5;8m�[0m �[38;5;12m"direction"�[0m�[38;5;11m:�[0m �[38;5;9m"Ascending"�[0m�[38;5;8m,�[0m �[38;5;12m"name"�[0m�[38;5;11m:�[0m �[38;5;9m"UsageDate"�[0m �[38;5;8m�[0m �[38;5;8m]�[0m �[38;5;8m�[0m �[38;5;8m�[0m Fetching cost data... Response status code is Unauthorized and got payload size of 156 Response content: "error":"code":"RBACAccessDenied","message":"The client does not have authorization to perform action. Request ID: 69fea753-8348-423d-90f1-85085ebec592"*** �[38;5;9mError:�[0m Response status code does not indicate success: 401 (Unauthorized).
I use
az ad sp create-for-rbac --name "FinOpsCli" --role "Cost Management Reader" --scopes /subscriptions/Sub-ID1/resourceGroups/FinOpsRG --sdk-auth
to assign role to sp and get AZURE_CREDENTIALS.Best regards,
The text was updated successfully, but these errors were encountered: