Skip to content

Commit

Permalink
add troubleshooting guide for identity (#17734)
Browse files Browse the repository at this point in the history
* add troubleshooting guide for identity
Co-authored-by: Scott Addie <[email protected]>
  • Loading branch information
KarishmaGhiya authored Oct 13, 2021
1 parent a319c90 commit 0afa58e
Show file tree
Hide file tree
Showing 16 changed files with 281 additions and 25 deletions.
3 changes: 2 additions & 1 deletion sdk/identity/identity/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

After multiple beta releases over the past year, we're proud to announce the general availability of version 2 of the `@azure/identity` package. This version includes the best parts of v1, plus several improvements.

This changelog entry showcases the changes that have been made from version 1 of this package. See the [v1-to-v2 migration guide](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/migration-v1-v2.md) for details on how to upgrade your application to use the version 2 of `@azure/identity`.
This changelog entry showcases the changes that have been made from version 1 of this package. See the [v1-to-v2 migration guide](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/migration-v1-v2.md) for details on how to upgrade your application to use the version 2 of `@azure/identity`. For information on troubleshooting the Identity package, see the [troubleshooting guide](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/Troubleshooting.md).

### Features Added

Expand Down Expand Up @@ -68,6 +68,7 @@ A new method `authenticate()` is added to these credentials which is similar to
- `authenticate()` might succeed and still return `undefined` if we're unable to pick just one account record from the cache. This might happen if the cache is being used by more than one credential, or if multiple users have authenticated using the same Client ID and Tenant ID. To ensure consistency on a program with many users, please keep track of the `AuthenticationRecord` and provide them in the constructors of the credentials on initialization.

Learn more via the below samples

- [Samples around controlling user interaction](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#control-user-interaction).
- [Samples around persisting user authentication data](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#persist-user-authentication-data).

Expand Down
8 changes: 7 additions & 1 deletion sdk/identity/identity/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -283,7 +283,13 @@ Credentials raise `AuthenticationError` when they fail to authenticate. This cla

### Logging

Enabling logging may help uncover useful information about failures. In order to see a log of HTTP requests and responses, set the `AZURE_LOG_LEVEL` environment variable to `info`. Alternatively, logging can be enabled at runtime by calling `setLogLevel` in the `@azure/logger`:
Enabling logging may help uncover useful information about failures. To see a log of HTTP requests and responses, set the `AZURE_LOG_LEVEL` environment variable to `info`. You can read this environment variable from the *.env* file by explicitly specifying a file path:

```javascript
require("dotenv").config({ path: ".env" });
```

Alternatively, logging can be enabled at runtime by calling `setLogLevel` from the `@azure/logger` package:

```javascript
import { setLogLevel } from "@azure/logger";
Expand Down
247 changes: 246 additions & 1 deletion sdk/identity/identity/Troubleshooting.md

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import { TokenCredentialOptions } from "../client/identityClient";
import { credentialLogger, formatError } from "../util/logging";

const BrowserNotSupportedError = new Error(
"AuthorizationCodeCredential is not supported in the browser. InteractiveBrowserCredential is more appropriate for this use case."
"AuthorizationCodeCredential is not supported in the browser. InteractiveBrowserCredential is more appropriate for this use case."
);
const logger = credentialLogger("AuthorizationCodeCredential");

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,6 @@ export class AzureApplicationCredential extends ChainedTokenCredential {
constructor(options?: AzureApplicationCredentialOptions) {
super(...AzureApplicationCredentials.map((ctor) => new ctor(options)));
this.UnavailableMessage =
"ApplicationCredential => failed to retrieve a token from the included credentials";
"ApplicationCredential => failed to retrieve a token from the included credentials. To troubleshoot, visit https://aka.ms/azsdk/js/identity/applicationcredential/troubleshoot.";
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,8 @@ export const powerShellErrors = {
export const powerShellPublicErrorMessages = {
login:
"Please run 'Connect-AzAccount' from PowerShell to authenticate before using this credential.",
installed: `The 'Az.Account' module >= 2.2.0 is not installed. Install the Azure Az PowerShell module with: "Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force".`
installed: `The 'Az.Account' module >= 2.2.0 is not installed. Install the Azure Az PowerShell module with: "Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force".`,
troubleshoot: `To troubleshoot, visit https://aka.ms/azsdk/js/identity/powershellcredential/troubleshoot.`
};

// PowerShell Azure User not logged in error check.
Expand Down Expand Up @@ -92,7 +93,7 @@ export class AzurePowerShellCredential implements TokenCredential {
private tenantId?: string;

/**
* Creates an instance of the {@link AzurePowershellCredential}.
* Creates an instance of the {@link AzurePowerShellCredential}.
*
* To use this credential:
* - Install the Azure Az PowerShell module with:
Expand Down Expand Up @@ -150,7 +151,7 @@ export class AzurePowerShellCredential implements TokenCredential {
}
}

throw new Error(`Unable to execute PowerShell. Ensure that it is installed in your system.`);
throw new Error(`Unable to execute PowerShell. Ensure that it is installed in your system`);
}

/**
Expand Down Expand Up @@ -192,7 +193,9 @@ export class AzurePowerShellCredential implements TokenCredential {
logger.getToken.info(formatError(scope, error));
throw error;
}
const error = new CredentialUnavailableError(err);
const error = new CredentialUnavailableError(
`${err}. ${powerShellPublicErrorMessages.troubleshoot}`
);
logger.getToken.info(formatError(scope, error));
throw error;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -97,12 +97,12 @@ export class ClientCertificateCredential implements TokenCredential {
};
if (!configuration || !(configuration.certificate || configuration.certificatePath)) {
throw new Error(
`${credentialName}: Provide either a PEM certificate in string form, or the path to that certificate in the filesystem.`
`${credentialName}: Provide either a PEM certificate in string form, or the path to that certificate in the filesystem. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`
);
}
if (configuration.certificate && configuration.certificatePath) {
throw new Error(
`${credentialName}: To avoid unexpected behaviors, providing both the contents of a PEM certificate and the path to a PEM certificate is forbidden.`
`${credentialName}: To avoid unexpected behaviors, providing both the contents of a PEM certificate and the path to a PEM certificate is forbidden. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`
);
}
this.msalFlow = new MsalClientCertificate({
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ export class ClientSecretCredential implements TokenCredential {
) {
if (!tenantId || !clientId || !clientSecret) {
throw new Error(
"ClientSecretCredential: tenantId, clientId, and clientSecret are required parameters."
"ClientSecretCredential: tenantId, clientId, and clientSecret are required parameters. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot."
);
}
this.msalFlow = new MsalClientSecret({
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,6 @@ export class DefaultAzureCredential extends ChainedTokenCredential {
constructor(options?: DefaultAzureCredentialOptions) {
super(...defaultCredentials.map((ctor) => new ctor(options)));
this.UnavailableMessage =
"DefaultAzureCredential => failed to retrieve a token from the included credentials";
"DefaultAzureCredential => failed to retrieve a token from the included credentials. To troubleshoot, visit https://aka.ms/azsdk/js/identity/defaultazurecredential/troubleshoot.";
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,8 @@ export class EnvironmentCredential implements TokenCredential {
return result;
} catch (err) {
const authenticationError = new AuthenticationError(400, {
error: "EnvironmentCredential authentication failed.",
error:
"EnvironmentCredential authentication failed. To troubleshoot, visit https://aka.ms/azsdk/js/identity/environmentcredential/troubleshoot.",
error_description: err.message
.toString()
.split("More details:")
Expand All @@ -143,7 +144,7 @@ export class EnvironmentCredential implements TokenCredential {
}
}
throw new CredentialUnavailableError(
"EnvironmentCredential is unavailable. No underlying credential could be used."
"EnvironmentCredential is unavailable. No underlying credential could be used. To troubleshoot, visit https://aka.ms/azsdk/js/identity/environmentcredential/troubleshoot."
);
});
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ export class UsernamePasswordCredential implements TokenCredential {
) {
if (!tenantId || !clientId || !username || !password) {
throw new Error(
"UsernamePasswordCredential: tenantId, clientId, username and password are required parameters."
"UsernamePasswordCredential: tenantId, clientId, username and password are required parameters. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot."
);
}
this.msalFlow = new MsalUsernamePassword({
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -232,14 +232,14 @@ export class VisualStudioCodeCredential implements TokenCredential {
return tokenResponse.accessToken;
} else {
const error = new CredentialUnavailableError(
"Could not retrieve the token associated with Visual Studio Code. Have you connected using the 'Azure Account' extension recently?"
"Could not retrieve the token associated with Visual Studio Code. Have you connected using the 'Azure Account' extension recently? To troubleshoot, visit https://aka.ms/azsdk/js/identity/visualstudiocodecredential/troubleshoot."
);
logger.getToken.info(formatError(scopes, error));
throw error;
}
} else {
const error = new CredentialUnavailableError(
"Could not retrieve the token associated with Visual Studio Code. Did you connect using the 'Azure Account' extension?"
"Could not retrieve the token associated with Visual Studio Code. Did you connect using the 'Azure Account' extension? To troubleshoot, visit https://aka.ms/azsdk/js/identity/visualstudiocodecredential/troubleshoot."
);
logger.getToken.info(formatError(scopes, error));
throw error;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ describe("AzurePowerShellCredential", function() {
assert.equal(error?.name, "CredentialUnavailableError");
assert.equal(
error?.message,
`Error: Unable to execute PowerShell. Ensure that it is installed in your system.`
`Error: Unable to execute PowerShell. Ensure that it is installed in your system. To troubleshoot, visit https://aka.ms/azsdk/js/identity/powershellcredential/troubleshoot.`
);

sandbox.restore();
Expand Down Expand Up @@ -136,7 +136,7 @@ describe("AzurePowerShellCredential", function() {
assert.equal(error?.name, "CredentialUnavailableError");
assert.equal(
error?.message,
`Error: Unable to parse the output of PowerShell. Received output: Not valid JSON`
`Error: Unable to parse the output of PowerShell. Received output: Not valid JSON. To troubleshoot, visit https://aka.ms/azsdk/js/identity/powershellcredential/troubleshoot.`
);

sandbox.restore();
Expand Down Expand Up @@ -166,7 +166,7 @@ describe("AzurePowerShellCredential", function() {
assert.equal(error?.name, "CredentialUnavailableError");
assert.equal(
error?.message,
`Error: Unable to parse the output of PowerShell. Received output: Not valid JSON`
`Error: Unable to parse the output of PowerShell. Received output: Not valid JSON. To troubleshoot, visit https://aka.ms/azsdk/js/identity/powershellcredential/troubleshoot.`
);

sandbox.restore();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ describe("ClientCertificateCredential (internal)", function() {
errors.forEach((e) => {
assert.equal(
e.message,
"ClientCertificateCredential: Provide either a PEM certificate in string form, or the path to that certificate in the filesystem."
"ClientCertificateCredential: Provide either a PEM certificate in string form, or the path to that certificate in the filesystem. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot."
);
});

Expand All @@ -103,7 +103,7 @@ describe("ClientCertificateCredential (internal)", function() {
assert.ok(error);
assert.equal(
(error as Error).message,
"ClientCertificateCredential: To avoid unexpected behaviors, providing both the contents of a PEM certificate and the path to a PEM certificate is forbidden."
"ClientCertificateCredential: To avoid unexpected behaviors, providing both the contents of a PEM certificate and the path to a PEM certificate is forbidden. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot."
);
});

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ describe("ClientSecretCredential (internal)", function() {
errors.forEach((e) => {
assert.equal(
e.message,
"ClientSecretCredential: tenantId, clientId, and clientSecret are required parameters."
"ClientSecretCredential: tenantId, clientId, and clientSecret are required parameters. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot."
);
});
});
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ describe("UsernamePasswordCredential (internal)", function() {
errors.forEach((e) => {
assert.equal(
e.message,
"UsernamePasswordCredential: tenantId, clientId, username and password are required parameters."
"UsernamePasswordCredential: tenantId, clientId, username and password are required parameters. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot."
);
});
});
Expand Down

0 comments on commit 0afa58e

Please sign in to comment.