Yes, we configured managed identity for our VM. We provided Storage blob contributor role, also tried using Blob data owner.
Thanks From: Peter Turcsanyi <turcsa...@apache.org> Sent: Friday, May 31, 2024 3:04 PM To: users@nifi.apache.org Subject: [EXTERNAL] Re: writing to adls - NiFi on Azure ATTENTION: This email originated from outside of GM. Hi Tahir, Did you configure system-assigned or user-assigned managed identity for your VM on the Azure portal? Did you grant the right role (e.g. Storage Blob Data Owner) to that managed identity? Best regards, Peter Turcsanyi On Fri, May 31, 2024 at 8:10 PM Tahir Khan <tahir.k...@gm.com<mailto:tahir.k...@gm.com>> wrote: Hi, We are unable to right to ADLS using NiFi 1.19.1 on Azure. We are not using SAS keys but using Managed identity. How do we troubleshoot this error? PutAzureDataLakeStorage[id=cfc5a7dd-018f-1000-f5cb-aea40944549c] Failed to create file on Azure Data Lake Storage: com.azure.storage.file.datalake.models.DataLakeStorageException: If you are using a StorageSharedKeyCredential, and the server returned an error message that says 'Signature did not match', you can compare the string to sign with the one generated by the SDK. To log the string to sign, pass in the context key value pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate method call. If you are using a SAS token, and the server returned an error message that says 'Signature did not match', you can compare the string to sign with the one generated by the SDK. To log the string to sign, pass in the context key value pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate generateSas method call. Please remember to disable 'Azure-Storage-Log-String-To-Sign' before going to production as this string can potentially contain PII. Status code 403, "{"error":{"code":"AuthorizationFailure","message":"This request is not authorized to perform this operation.\nRequestId:f1e09e45-501f-0010-0385-b37c15000000\nTime:2024-05-31T18:05:14.1576031Z"}}" Any help will be appreciated. Nothing in this message is intended to constitute an electronic signature unless a specific statement to the contrary is included in this message. Confidentiality Note: This message is intended only for the person or entity to which it is addressed. It may contain confidential and/or privileged material. Any review, transmission, dissemination or other use, or taking of any action in reliance upon this message by persons or entities other than the intended recipient is prohibited and may be unlawful. If you received this message in error, please contact the sender and delete it from your computer. Nothing in this message is intended to constitute an electronic signature unless a specific statement to the contrary is included in this message. Confidentiality Note: This message is intended only for the person or entity to which it is addressed. It may contain confidential and/or privileged material. Any review, transmission, dissemination or other use, or taking of any action in reliance upon this message by persons or entities other than the intended recipient is prohibited and may be unlawful. If you received this message in error, please contact the sender and delete it from your computer.
