[Bug] Investigate "EnvironmentCredential is unavailable" error
pownkel opened this issue · 5 comments
Describe the bug
We occasionally see failed scan tasks with the error message "EnvironmentCredential is unavailable. Environment variables are not fully configured." This has only happened for 17 scans in prod between March 1 and April 20, but when it does happen it prevents us from updating the scan request doc, so it can cause scans to get stuck in an incomplete state.
Area
- Install script
- Update script
- Service
To Reproduce
Steps to reproduce the behavior:
Since the error is intermittent, it can't be reliably reproduced, but the error can be found in logs
- Go to the App Insights instance on any resource group
- Search in the logs for messages containing "EnvironmentCredential is unavailable"
- If needed, expand the timeframe until one of these errors is visible
Expected behavior
Log files
{
errors: [
{
name: 'Error',
message: 'EnvironmentCredential is unavailable. Environment variables are not fully configured.',
stack: 'Error: EnvironmentCredential is unavailable. Environment variables are not fully configured.\n' +
' at EnvironmentCredential.<anonymous> (C:\\web-api-scan-runner.js:49270:27)\n' +
' at Generator.next (<anonymous>)\n' +
' at C:\\web-api-scan-runner.js:91739:75\n' +
' at new Promise (<anonymous>)\n' +
' at Object.__awaiter (C:\\web-api-scan-runner.js:91735:16)\n' +
' at EnvironmentCredential.getToken (C:\\web-api-scan-runner.js:49236:22)\n' +
' at DefaultAzureCredential.<anonymous> (C:\\web-api-scan-runner.js:48646:52)\n' +
' at Generator.next (<anonymous>)\n' +
' at C:\\web-api-scan-runner.js:91739:75\n' +
' at new Promise (<anonymous>)\n' +
' at Object.__awaiter (C:\\web-api-scan-runner.js:91735:16)\n' +
' at DefaultAzureCredential.getToken (C:\\web-api-scan-runner.js:48640:22)\n' +
' at ChallengeBasedAuthenticationPolicy.<anonymous> (C:\\web-api-scan-runner.js:93598:61)\n' +
' at Generator.next (<anonymous>)\n' +
' at C:\\web-api-scan-runner.js:94777:75\n' +
' at new Promise (<anonymous>)\n' +
' at Object.__awaiter (C:\\web-api-scan-runner.js:94773:16)\n' +
' at ChallengeBasedAuthenticationPolicy.loadToken (C:\\web-api-scan-runner.js:93594:22)\n' +
' at ChallengeBasedAuthenticationPolicy.<anonymous> (C:\\web-api-scan-runner.js:93634:24)\n' +
' at Generator.next (<anonymous>)\n' +
' at C:\\web-api-scan-runner.js:94777:75\n' +
' at new Promise (<anonymous>)'
},
{
name: 'Error',
message: 'ManagedIdentityCredential - No MSI credential available',
stack: 'Error: ManagedIdentityCredential - No MSI credential available\n' +
' at ManagedIdentityCredential.<anonymous> (C:\\web-api-scan-runner.js:49595:19)\n' +
' at Generator.next (<anonymous>)\n' +
' at fulfilled (C:\\web-api-scan-runner.js:91736:62)\n' +
' at processTicksAndRejections (internal/process/task_queues.js:97:5)'
},
{
name: 'Error',
message: "Azure CLI could not be found. Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.",
stack: "Error: Azure CLI could not be found. Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.\n" +
' at C:\\web-api-scan-runner.js:49792:43\n' +
' at processTicksAndRejections (internal/process/task_queues.js:97:5)'
},
{
name: 'Error',
message: "Visual Studio Code credential requires the optional dependency 'keytar' to work correctly",
stack: "Error: Visual Studio Code credential requires the optional dependency 'keytar' to work correctly\n" +
' at VisualStudioCodeCredential.<anonymous> (C:\\web-api-scan-runner.js:49992:23)\n' +
' at Generator.next (<anonymous>)\n' +
' at fulfilled (C:\\web-api-scan-runner.js:91736:62)\n' +
' at processTicksAndRejections (internal/process/task_queues.js:97:5)'
}
],
name: 'AggregateAuthenticationError',
message: 'undefined\n' +
'\n' +
'Error: EnvironmentCredential is unavailable. Environment variables are not fully configured.\n' +
'Error: ManagedIdentityCredential - No MSI credential available\n' +
"Error: Azure CLI could not be found. Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.\n" +
"Error: Visual Studio Code credential requires the optional dependency 'keytar' to work correctly",
stack: 'AggregateAuthenticationError: undefined\n' +
'\n' +
'Error: EnvironmentCredential is unavailable. Environment variables are not fully configured.\n' +
'Error: ManagedIdentityCredential - No MSI credential available\n' +
"Error: Azure CLI could not be found. Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.\n" +
"Error: Visual Studio Code credential requires the optional dependency 'keytar' to work correctly\n" +
' at DefaultAzureCredential.<anonymous> (C:\\web-api-scan-runner.js:48659:29)\n' +
' at Generator.throw (<anonymous>)\n' +
' at rejected (C:\\web-api-scan-runner.js:91737:69)\n' +
' at processTicksAndRejections (internal/process/task_queues.js:97:5)'
}
Additional context
This error usually seems to happen when attempting to update the cosmos doc or add to the storage queue. We've seen it at different stages of the scan task, including after the initial update succeeded.
This issue has been marked as ready for team triage; we will triage it in our weekly review and update the issue. Thank you for contributing to Accessibility Insights!
This is transient auth error. The recent pull request has enabled global scan request retry functionality that should mitigate transient errors.
The team requires additional author feedback; please review their replies and update this issue accordingly. Thank you for contributing to Accessibility Insights!
This issue has been automatically marked as stale because it is marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment. Thank you for contributing to Accessibility Insights!