Hi Tahir,
If you add your VM's virtual network to the allowed networks, does it not
help?
The stack trace can be found in logs/nifi-app.log.
Regards,
Peter Turcsanyi
On Tue, Jun 11, 2024 at 4:05 PM Tahir Khan <tahir.k...@gm.com> wrote:
> Hi Peter,
>
>
>
> It is “Enabled from selected virtual networks and IP addresses”
>
>
>
> Where can I see the full stack trace?
>
>
>
> Thanks
>
>
>
> *From:* Peter Turcsanyi <turcsa...@apache.org>
> *Sent:* Thursday, June 6, 2024 1:39 AM
> *To:* users@nifi.apache.org
> *Subject:* [EXTERNAL] Re: Re: writing to adls - NiFi on Azure
>
>
>
> *ATTENTION:* This email originated from outside of GM.
>
>
>
>
> Hi Tahir,
>
>
>
> What is your "Public network access" setting on the Networking > Firewalls
> and virtual networks tab?
>
>
>
> If I set it to "Enabled from selected virtual networks and IP addresses",
> I get the very same error message
> ("code":"AuthorizationFailure","message":"This request is not authorized to
> perform this operation."). So I thought I managed to replicate your issue.
>
> Then I add my VM's virtual network and it works again.
>
>
>
> In case of "Disabled", you need to configure a private endpoint.
>
>
>
> If you use "Enabled from all networks" and still get the error, I have no
> more idea at the moment. Please send the stack trace from the log in this
> case.
>
>
>
> Regards,
>
> Peter Turcsanyi
>
>
>
> On Tue, Jun 4, 2024 at 8:45 PM Tahir Khan <tahir.k...@gm.com> wrote:
>
> Hi Peter,
>
> We tried that , still does not work. Same error.
>
>
>
> Thanks
>
>
>
> *From:* Peter Turcsanyi <turcsa...@apache.org>
> *Sent:* Friday, May 31, 2024 4:17 PM
> *To:* users@nifi.apache.org
> *Subject:* [EXTERNAL] Re: writing to adls - NiFi on Azure
>
>
>
> *ATTENTION:* This email originated from outside of GM.
>
>
>
>
> Hi Tahir,
>
>
>
> I tested it without permissions and got a different error message:
>
> "code":"AuthorizationPermissionMismatch","message":"This request is not
> authorized to perform this operation using this permission.
>
> So the role/permissions should not be an issue in your environment.
>
>
>
> For your error message ("code":"AuthorizationFailure","message":"This
> request is not authorized to perform this operation.), I found the
> following links:
>
>
> https://stackoverflow.com/questions/72653133/status-403-code-authorizationfailure-message-this-request-is-not-authorized-t
>
>
> https://powerusers.microsoft.com/t5/Using-Connectors/Azure-Blob-Storage-this-request-is-not-authorized-to-perform/m-p/2475973#M20786
>
>
>
> Based on these, I suggest checking the settings on the Networking tab in
> your Storage Account.
>
>
>
> Best,
>
> Peter Turcsanyi
>
>
>
> On Fri, May 31, 2024 at 10:39 PM Peter Turcsanyi <turcsa...@apache.org>
> wrote:
>
> R,
>
>
>
> You can unsubscribe by sending an email to
> users-unsubscr...@nifi.apache.org.
>
>
>
> Best,
>
> Peter Turcsanyi
>
>
>
> On Fri, May 31, 2024 at 10:11 PM R <ryanchristophery...@gmail.com> wrote:
>
> please remove me from this list
>
>
>
> On Fri, May 31, 2024 at 4:04 PM Peter Turcsanyi <turcsa...@apache.org>
> wrote:
>
> Hi Tahir,
>
>
>
> Did you configure system-assigned or user-assigned managed identity for
> your VM on the Azure portal?
>
> Did you grant the right role (e.g. Storage Blob Data Owner) to that
> managed identity?
>
>
>
> Best regards,
>
> Peter Turcsanyi
>
>
>
> On Fri, May 31, 2024 at 8:10 PM Tahir Khan <tahir.k...@gm.com> wrote:
>
> Hi,
>
> We are unable to right to ADLS using NiFi 1.19.1 on Azure. We are not
> using SAS keys but using Managed identity.
>
> How do we troubleshoot this error?
>
>
>
>
>
>
>
> PutAzureDataLakeStorage[id=cfc5a7dd-018f-1000-f5cb-aea40944549c] Failed to
> create file on Azure Data Lake Storage:
> com.azure.storage.file.datalake.models.DataLakeStorageException: If you are
> using a StorageSharedKeyCredential, and the server returned an error
> message that says 'Signature did not match', you can compare the string to
> sign with the one generated by the SDK. To log the string to sign, pass in
> the context key value pair 'Azure-Storage-Log-String-To-Sign': true to the
> appropriate method call.
>
> If you are using a SAS token, and the server returned an error message
> that says 'Signature did not match', you can compare the string to sign
> with the one generated by the SDK. To log the string to sign, pass in the
> context key value pair 'Azure-Storage-Log-String-To-Sign': true to the
> appropriate generateSas method call.
>
> Please remember to disable 'Azure-Storage-Log-String-To-Sign' before going
> to production as this string can potentially contain PII.
>
> Status code 403, "{"error":{"code":"AuthorizationFailure","message":"This
> request is not authorized to perform this
> operation.\nRequestId:f1e09e45-501f-0010-0385-b37c15000000\nTime:2024-05-31T18:05:14.1576031Z"}}"
>
>
>
> Any help will be appreciated.
>
>
>
>
>
> Nothing in this message is intended to constitute an electronic signature
> unless a specific statement to the contrary is included in this message.
>
> Confidentiality Note: This message is intended only for the person or
> entity to which it is addressed. It may contain confidential and/or
> privileged material. Any review, transmission, dissemination or other use,
> or taking of any action in reliance upon this message by persons or
> entities other than the intended recipient is prohibited and may be
> unlawful. If you received this message in error, please contact the sender
> and delete it from your computer.
>
>
>
> Nothing in this message is intended to constitute an electronic signature
> unless a specific statement to the contrary is included in this message.
>
> Confidentiality Note: This message is intended only for the person or
> entity to which it is addressed. It may contain confidential and/or
> privileged material. Any review, transmission, dissemination or other use,
> or taking of any action in reliance upon this message by persons or
> entities other than the intended recipient is prohibited and may be
> unlawful. If you received this message in error, please contact the sender
> and delete it from your computer.
>
>
>
> Nothing in this message is intended to constitute an electronic signature
> unless a specific statement to the contrary is included in this message.
>
> Confidentiality Note: This message is intended only for the person or
> entity to which it is addressed. It may contain confidential and/or
> privileged material. Any review, transmission, dissemination or other use,
> or taking of any action in reliance upon this message by persons or
> entities other than the intended recipient is prohibited and may be
> unlawful. If you received this message in error, please contact the sender
> and delete it from your computer.
>
