Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

storage: API incorrectly returns an error when User Assigned Identities are specified #17650

Open
tombuildsstuff opened this issue Feb 3, 2022 · 9 comments
Open

storage: API incorrectly returns an error when User Assigned Identities are specified #17650

tombuildsstuff opened this issue Feb 3, 2022 · 9 comments
Labels
ARM customer-reported Issues that are reported by GitHub users external to the Azure organization. Managed Identity question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Service Attention Workflow: This issue is responsible by Azure service team.

Comments

@tombuildsstuff
Copy link
Contributor

Service: Storage
API Version 2021-04-01

The Storage API supports Managed Identity however returns an error when an empty list of User Assigned Identities is provided when specifying a a System Assigned Identity.

Since a System Assigned Identity doesn't use any of the User Assigned Identities and there are none specified, these should be being ignored - however instead the API returns:

Failed to perform resource identity operation. Status: 'BadRequest'. Response: '{"error":{"code":"BadRequest","message":"The request format was unexpected, a non-UserAssigned identity type should not contain: userAssignedIdentities"}}

Can the Storage API be updated to fix this bug?

Thanks!
@ghost ghost added needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that customer-reported Issues that are reported by GitHub users external to the Azure organization. labels Feb 3, 2022
tombuildsstuff added a commit to hashicorp/terraform-provider-azurerm that referenced this issue Feb 3, 2022
@tombuildsstuff
r/storage_account: only specifying the User Assigned Identities block…
011bde4 
… when the field has a value

Works around the upstream issue Azure/azure-rest-api-specs#17650
@tombuildsstuff tombuildsstuff mentioned this issue Feb 3, 2022
Merged
@JackTn JackTn added Service Attention Workflow: This issue is responsible by Azure service team. Storage Storage Service (Queues, Blobs, Files) labels Feb 6, 2022
@ghost ghost removed the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Feb 6, 2022
@ghost
Copy link

ghost commented Feb 6, 2022

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @xgithubtriage.

Issue Details

Service: Storage
API Version 2021-04-01

The Storage API supports Managed Identity however returns an error when an empty list of User Assigned Identities is provided when specifying a a System Assigned Identity.

Since a System Assigned Identity doesn't use any of the User Assigned Identities and there are none specified, these should be being ignored - however instead the API returns:

Failed to perform resource identity operation. Status: 'BadRequest'. Response: '{"error":{"code":"BadRequest","message":"The request format was unexpected, a non-UserAssigned identity type should not contain: userAssignedIdentities"}}

Can the Storage API be updated to fix this bug?

Thanks!

Author: tombuildsstuff
Assignees: -
Labels:

question, Storage, Service Attention, customer-reported, needs-triage
Milestone: -

@blueww
Copy link
Member

blueww commented Feb 7, 2022

@HimanshuChhabra
Would you please help to look at the server error?

@blueww blueww added the ARM label Oct 8, 2022
@ghost
Copy link

ghost commented Oct 8, 2022

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @josephkwchan, @jennyhunter-msft.

Issue Details

Service: Storage
API Version 2021-04-01

The Storage API supports Managed Identity however returns an error when an empty list of User Assigned Identities is provided when specifying a a System Assigned Identity.

Since a System Assigned Identity doesn't use any of the User Assigned Identities and there are none specified, these should be being ignored - however instead the API returns:

Failed to perform resource identity operation. Status: 'BadRequest'. Response: '{"error":{"code":"BadRequest","message":"The request format was unexpected, a non-UserAssigned identity type should not contain: userAssignedIdentities"}}

Can the Storage API be updated to fix this bug?

Thanks!

Author: tombuildsstuff
Assignees: HimanshuChhabra
Labels:

question, Storage, ARM, Service Attention, customer-reported
Milestone: -

@blueww blueww removed the Storage Storage Service (Queues, Blobs, Files) label Oct 8, 2022
@blueww
Copy link
Member

blueww commented Oct 8, 2022

Add label "ARM" and remove "Storage", since the error is not coming from SRP, It is being returned by the either ARM/MSI Service.

@tombuildsstuff
Copy link
Contributor Author

@blueww any idea of a timeframe to fix this? So far this has taken 8 months to be routed to the right team.

@jennyhunter-msft
Copy link
Member

It looks like the error response is not contained within ARM's repository, which means that it might be something related to Managed Identities - this error response should be handled by them.

I would assume this error is occurring by-design, because an improper input is being passed in, but that would also depend on the API contract specified; either way, we would need some correlation identifier to guarantee that an outgoing request is being made from ARM and the error response is just being propagated.

@blueww
Copy link
Member

blueww commented Oct 12, 2022

@tombuildsstuff
As I get from ARM/MSI team, this validation is by design.
Server will return error if the userAssigendIdentity dictionary is empty.

@tombuildsstuff
Copy link
Contributor Author

@blueww this isn't the case for other Resource Manager API's, so why is Storage behaving differently here?

@blueww
Copy link
Member

blueww commented Oct 18, 2022

@tombuildsstuff

For "this isn't the case for other Resource Manager API's", could you give the details?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ARM customer-reported Issues that are reported by GitHub users external to the Azure organization. Managed Identity question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Service Attention Workflow: This issue is responsible by Azure service team.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@tombuildsstuff @blueww @HimanshuChhabra @jennyhunter-msft @JackTn