AuditsTimer 403 (Forbidden)
Opened this issue · 1 comments
petertheguy commented
I went to test the AuditsTimer function within the function app and received 403 (Forbidden) error messages (see excerpt below). Not super savvy with Azure, any idea what this could be? Something to do with the created secret or privileges of my Azure account?
2024-04-15T07:37:36Z [Information] Executing 'Functions.AuditsTimer' (Reason='This function was programmatically called via the host APIs.', Id=7d871506-8bce-4c12-9804-8f2755a3193a)
2024-04-15T07:37:36Z [Verbose] Sending invocation id: '7d871506-8bce-4c12-9804-8f2755a3193a
2024-04-15T07:37:36Z [Verbose] Posting invocation id:7d871506-8bce-4c12-9804-8f2755a3193a on workerId:49abab0d-03a8-40d9-a47c-02c63f200c54
2024-04-15T07:37:46Z [Information] INFORMATION: PBIMonitor - Fetch Activity Started: 04/15/2024 07:37:45
2024-04-15T07:37:46Z [Information] INFORMATION: Building PBIMonitor Config from Azure Function Configuration
2024-04-15T07:37:46Z [Information] INFORMATION: AppDataPath: C:\home\data\pbimonitor
2024-04-15T07:37:46Z [Information] INFORMATION: ScriptsPath: C:\home\site\wwwroot\Scripts
2024-04-15T07:37:46Z [Information] INFORMATION: OutputPath: C:\local\Temp\PBIMonitorData\0f2337d7e3774480b53b8c140c0c7327
2024-04-15T07:37:47Z [Information] INFORMATION: Starting Power BI Activity Fetch
2024-04-15T07:37:47Z [Information] INFORMATION: Since: 2024-03-16T00:00:00
2024-04-15T07:37:47Z [Information] INFORMATION: OutputBatchCount: 5000
2024-04-15T07:37:47Z [Information] INFORMATION: Getting OAuth Token
2024-04-15T07:37:48Z [Information] INFORMATION: Login with: e82caa08-8c62-4d4c-8c7c-3a8207c3c4b2
2024-04-15T07:37:48Z [Information] INFORMATION: Getting audit data for: '20240316'
2024-04-15T07:37:48Z [Information] INFORMATION: Ellapsed: 1.3668811s
2024-04-15T07:37:48Z [Information] OUTPUT:
2024-04-15T07:37:48Z [Information] OUTPUT: HistoryId: 1
2024-04-15T07:37:48Z [Information] OUTPUT:
2024-04-15T07:37:48Z [Information] OUTPUT: Message : Response status code does not indicate success: 403 (Forbidden).
2024-04-15T07:37:48Z [Information] OUTPUT: StackTrace : at Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod.InvokeRestMethod(String url, String body, PowerBIWebRequestMethod requestType)
2024-04-15T07:37:48Z [Information] OUTPUT: Exception : System.Net.Http.HttpRequestException
2024-04-15T07:37:48Z [Information] OUTPUT: InvocationInfo : {Invoke-PowerBIRestMethod}
2024-04-15T07:37:48Z [Information] OUTPUT: Line : $result = Invoke-PowerBIRestMethod -Url $activityAPIUrl -method Get | ConvertFrom-Json
2024-04-15T07:37:48Z [Information] OUTPUT:
2024-04-15T07:37:48Z [Information] OUTPUT: Position : At C:\home\site\wwwroot\Scripts\Fetch - Activity.ps1:90 char:27
2024-04-15T07:37:48Z [Information] OUTPUT: + … $result = Invoke-PowerBIRestMethod -Url $activityAPIUrl -method Get …
2024-04-15T07:37:48Z [Information] OUTPUT: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2024-04-15T07:37:48Z [Information] OUTPUT: HistoryId : 1
2024-04-15T07:37:48Z [Information] OUTPUT:
2024-04-15T07:37:48Z [Information] OUTPUT: Message : Response status code does not indicate success: 403 (Forbidden).
2024-04-15T07:37:48Z [Information] OUTPUT: StackTrace : at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
2024-04-15T07:37:48Z [Information] OUTPUT: at Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod.InvokeRestMethod(String url, String body, PowerBIWebRequestMethod requestType)
2024-04-15T07:37:48Z [Information] OUTPUT: Exception : System.Net.Http.HttpRequestException
2024-04-15T07:37:48Z [Information] OUTPUT: InvocationInfo : {Invoke-PowerBIRestMethod}
2024-04-15T07:37:48Z [Information] OUTPUT: Line : $result = Invoke-PowerBIRestMethod -Url $activityAPIUrl -method Get | ConvertFrom-Json
2024-04-15T07:37:48Z [Information] OUTPUT:
2024-04-15T07:37:48Z [Information] OUTPUT: Position : At C:\home\site\wwwroot\Scripts\Fetch - Activity.ps1:90 char:27
2024-04-15T07:37:48Z [Information] OUTPUT: + … $result = Invoke-PowerBIRestMethod -Url $activityAPIUrl -method Get …
2024-04-15T07:37:48Z [Information] OUTPUT: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2024-04-15T07:37:48Z [Information] OUTPUT: HistoryId : 1
2024-04-15T07:37:48Z [Information] OUTPUT:
2024-04-15T07:37:49Z [Error] EXCEPTION: One or more errors occurred. (Response status code does not indicate success: 403 (Forbidden).)
Exception :
Type : System.AggregateException
InnerExceptions :
Type : System.Net.Http.HttpRequestException
TargetSite :
Name : MoveNext
DeclaringType : Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod+<InvokeRestMethod>d__35, Microsoft.PowerBI.Commands.Profile, Version=1.2.1111.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
MemberType : Method
Module : Microsoft.PowerBI.Commands.Profile.dll
Message : Response status code does not indicate success: 403 (Forbidden).
InnerException :
Type : System.Net.Http.HttpRequestException
StatusCode : Forbidden
TargetSite :
Name : EnsureSuccessStatusCode
DeclaringType : System.Net.Http.HttpResponseMessage
MemberType : Method
Module : System.Net.Http.dll
Message : Response status code does not indicate success: 403 (Forbidden).
Source : System.Net.Http
HResult : -2146233088
StackTrace :
at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
at Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod.InvokeRestMethod(String url, String body, PowerBIWebRequestMethod requestType)
Source : Microsoft.PowerBI.Commands.Profile
HResult : -2146233088
StackTrace :
at Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod.InvokeRestMethod(String url, String body, PowerBIWebRequestMethod requestType)
Message : One or more errors occurred. (Response status code does not indicate success: 403 (Forbidden).)
TargetSite :
Name : ThrowIfExceptional
DeclaringType : System.Threading.Tasks.Task
MemberType : Method
Module : System.Private.CoreLib.dll
InnerException :
Type : System.Net.Http.HttpRequestException
TargetSite :
Name : MoveNext
DeclaringType : Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod+<InvokeRestMethod>d__35, Microsoft.PowerBI.Commands.Profile, Version=1.2.1111.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
MemberType : Method
Module : Microsoft.PowerBI.Commands.Profile.dll
Message : Response status code does not indicate success: 403 (Forbidden).
InnerException :
Type : System.Net.Http.HttpRequestException
StatusCode : Forbidden
TargetSite :
Name : EnsureSuccessStatusCode
DeclaringType : System.Net.Http.HttpResponseMessage
MemberType : Method
Module : System.Net.Http.dll
Message : Response status code does not indicate success: 403 (Forbidden).
Source : System.Net.Http
HResult : -2146233088
StackTrace :
at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
at Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod.InvokeRestMethod(String url, String body, PowerBIWebRequestMethod requestType)
Source : Microsoft.PowerBI.Commands.Profile
HResult : -2146233088
StackTrace :
at Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod.InvokeRestMethod(String url, String body, PowerBIWebRequestMethod requestType)
Source : System.Private.CoreLib
HResult : -2146233088
StackTrace :
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at System.Threading.Tasks.Task`1.get_Result()
at Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod.ExecuteCmdlet()
at Microsoft.PowerBI.Commands.Common.PowerBICmdlet.ProcessRecord()
TargetObject : Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod
CategoryInfo : WriteError: (Microsoft.PowerBI.C…kePowerBIRestMethod:InvokePowerBIRestMethod) [Invoke-PowerBIRestMethod], AggregateException
FullyQualifiedErrorId : One or more errors occurred. (Response status code does not indicate success: 403 (Forbidden).),Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod
InvocationInfo :
MyCommand : Invoke-PowerBIRestMethod
ScriptLineNumber : 90
OffsetInLine : 27
HistoryId : 1
ScriptName : C:\home\site\wwwroot\Scripts\Fetch - Activity.ps1
Line : $result = Invoke-PowerBIRestMethod -Url $activityAPIUrl -method Get | ConvertFrom-Json
Statement : Invoke-PowerBIRestMethod -Url $activityAPIUrl -method Get
PositionMessage : At C:\home\site\wwwroot\Scripts\Fetch - Activity.ps1:90 char:27
+ … $result = Invoke-PowerBIRestMethod -Url $activityAPIUrl -method Get …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PSScriptRoot : C:\home\site\wwwroot\Scripts
PSCommandPath : C:\home\site\wwwroot\Scripts\Fetch - Activity.ps1
InvocationName : Invoke-PowerBIRestMethod
CommandOrigin : Internal
ScriptStackTrace : at <ScriptBlock>, C:\home\site\wwwroot\Scripts\Fetch - Activity.ps1: line 90
at <ScriptBlock>, C:\home\site\wwwroot\AuditsTimer\run.ps1: line 31
PipelineIterationInfo :
2024-04-15T07:37:49Z [Error] Executed 'Functions.AuditsTimer' (Failed, Id=7d871506-8bce-4c12-9804-8f2755a3193a, Duration=12467ms)
WillCisler commented
I would make sure you SP is in the tenant settings to run read only API calls and then test the process locally. The readme has a section named "Authorize the Service Principal on PowerBI Tenant" with the needed configuration.
The fetch script is a bit cryptic due to some if/else structure but the functions you need are there.
This section is for Auth but you can simplify
I suspect that the login process was successful but the SP is not allowed to call the activity log.