Hi Peter,
It is “Enabled from selected virtual networks and IP addresses”
Where can I see the full stack trace?
Thanks
From: Peter Turcsanyi <turcsa...@apache.org>
Sent: Thursday, June 6, 2024 1:39 AM
To: users@nifi.apache.org
Subject: [EXTERNAL] Re: Re: writing to adls - NiFi on Azure
ATTENTION: This email originated from outside of GM.
Hi Tahir,
What is your "Public network access" setting on the Networking > Firewalls and
virtual networks tab?
If I set it to "Enabled from selected virtual networks and IP addresses", I get
the very same error message ("code":"AuthorizationFailure","message":"This
request is not authorized to perform this operation."). So I thought I managed
to replicate your issue.
Then I add my VM's virtual network and it works again.
In case of "Disabled", you need to configure a private endpoint.
If you use "Enabled from all networks" and still get the error, I have no more
idea at the moment. Please send the stack trace from the log in this case.
Regards,
Peter Turcsanyi
On Tue, Jun 4, 2024 at 8:45 PM Tahir Khan
<tahir.k...@gm.com<mailto:tahir.k...@gm.com>> wrote:
Hi Peter,
We tried that , still does not work. Same error.
Thanks
From: Peter Turcsanyi <turcsa...@apache.org<mailto:turcsa...@apache.org>>
Sent: Friday, May 31, 2024 4:17 PM
To: users@nifi.apache.org<mailto:users@nifi.apache.org>
Subject: [EXTERNAL] Re: writing to adls - NiFi on Azure
ATTENTION: This email originated from outside of GM.
Hi Tahir,
I tested it without permissions and got a different error message:
"code":"AuthorizationPermissionMismatch","message":"This request is not
authorized to perform this operation using this permission.
So the role/permissions should not be an issue in your environment.
For your error message ("code":"AuthorizationFailure","message":"This request
is not authorized to perform this operation.), I found the following links:
https://stackoverflow.com/questions/72653133/status-403-code-authorizationfailure-message-this-request-is-not-authorized-t
https://powerusers.microsoft.com/t5/Using-Connectors/Azure-Blob-Storage-this-request-is-not-authorized-to-perform/m-p/2475973#M20786
Based on these, I suggest checking the settings on the Networking tab in your
Storage Account.
Best,
Peter Turcsanyi
On Fri, May 31, 2024 at 10:39 PM Peter Turcsanyi
<turcsa...@apache.org<mailto:turcsa...@apache.org>> wrote:
R,
You can unsubscribe by sending an email to
users-unsubscr...@nifi.apache.org<mailto:users-unsubscr...@nifi.apache.org>.
Best,
Peter Turcsanyi
On Fri, May 31, 2024 at 10:11 PM R
<ryanchristophery...@gmail.com<mailto:ryanchristophery...@gmail.com>> wrote:
please remove me from this list
On Fri, May 31, 2024 at 4:04 PM Peter Turcsanyi
<turcsa...@apache.org<mailto:turcsa...@apache.org>> wrote:
Hi Tahir,
Did you configure system-assigned or user-assigned managed identity for your VM
on the Azure portal?
Did you grant the right role (e.g. Storage Blob Data Owner) to that managed
identity?
Best regards,
Peter Turcsanyi
On Fri, May 31, 2024 at 8:10 PM Tahir Khan
<tahir.k...@gm.com<mailto:tahir.k...@gm.com>> wrote:
Hi,
We are unable to right to ADLS using NiFi 1.19.1 on Azure. We are not using SAS
keys but using Managed identity.
How do we troubleshoot this error?
PutAzureDataLakeStorage[id=cfc5a7dd-018f-1000-f5cb-aea40944549c] Failed to
create file on Azure Data Lake Storage:
com.azure.storage.file.datalake.models.DataLakeStorageException: If you are
using a StorageSharedKeyCredential, and the server returned an error message
that says 'Signature did not match', you can compare the string to sign with
the one generated by the SDK. To log the string to sign, pass in the context
key value pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate
method call.
If you are using a SAS token, and the server returned an error message that
says 'Signature did not match', you can compare the string to sign with the one
generated by the SDK. To log the string to sign, pass in the context key value
pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate generateSas
method call.
Please remember to disable 'Azure-Storage-Log-String-To-Sign' before going to
production as this string can potentially contain PII.
Status code 403, "{"error":{"code":"AuthorizationFailure","message":"This
request is not authorized to perform this
operation.\nRequestId:f1e09e45-501f-0010-0385-b37c15000000\nTime:2024-05-31T18:05:14.1576031Z"}}"
Any help will be appreciated.
Nothing in this message is intended to constitute an electronic signature
unless a specific statement to the contrary is included in this message.
Confidentiality Note: This message is intended only for the person or entity to
which it is addressed. It may contain confidential and/or privileged material.
Any review, transmission, dissemination or other use, or taking of any action
in reliance upon this message by persons or entities other than the intended
recipient is prohibited and may be unlawful. If you received this message in
error, please contact the sender and delete it from your computer.
Nothing in this message is intended to constitute an electronic signature
unless a specific statement to the contrary is included in this message.
Confidentiality Note: This message is intended only for the person or entity to
which it is addressed. It may contain confidential and/or privileged material.
Any review, transmission, dissemination or other use, or taking of any action
in reliance upon this message by persons or entities other than the intended
recipient is prohibited and may be unlawful. If you received this message in
error, please contact the sender and delete it from your computer.
Nothing in this message is intended to constitute an electronic signature
unless a specific statement to the contrary is included in this message.
Confidentiality Note: This message is intended only for the person or entity to
which it is addressed. It may contain confidential and/or privileged material.
Any review, transmission, dissemination or other use, or taking of any action
in reliance upon this message by persons or entities other than the intended
recipient is prohibited and may be unlawful. If you received this message in
error, please contact the sender and delete it from your computer.
