Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[EventHub]"azure.eventhub.exceptions.AuthenticationError: Unable to open authentication session on connection EHProduce" on UsGov and China cloud #20875

Closed
v-xuto opened this issue Sep 26, 2021 · 15 comments
Closed

[EventHub]"azure.eventhub.exceptions.AuthenticationError: Unable to open authentication session on connection EHProduce" on UsGov and China cloud #20875

v-xuto opened this issue Sep 26, 2021 · 15 comments
Assignees
@yunhaoling
Labels
Client This issue points to a problem in the data-plane of the library. Event Hubs Messaging Messaging crew test-sovereign-cloud

Comments

@v-xuto
Copy link
Member

v-xuto commented Sep 26, 2021
edited
Loading

We are running live Tests against other clouds like US Gov and Azure China Cloud. The goal is to check whether new azure sdk package work with other clouds or not.

Error Description:
When running the Test Samples sync_samples/authenticate_with_azure_named_key_credential.py on UsGov and China cloud, it runs failed and the error message is shown as following, for more details please check here:
image

Error Track:
The code that failed is here
image

Expected Behavior:
In file test-resources.json, EVENT_HUB_HOSTNAME is available in UsGov and China Cloud.

@benbp , @jameszliao-msft , @lmazuel , @lilyjma , @ramya-rao-a and @annatisch for notification.
@ghost ghost added the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Sep 26, 2021
@v-xuto v-xuto added Client This issue points to a problem in the data-plane of the library. Event Hubs needs-team-triage Workflow: This issue needs the team to triage. test-sovereign-cloud and removed needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. labels Sep 26, 2021
@yunhaoling yunhaoling added the Messaging Messaging crew label Sep 28, 2021
@yunhaoling yunhaoling self-assigned this Oct 2, 2021
@yunhaoling yunhaoling removed the needs-team-triage Workflow: This issue needs the team to triage. label Oct 5, 2021
@v-xuto
Copy link
Member Author

v-xuto commented Oct 8, 2021

@yunhaoling What are your ideas on this issue?

@yunhaoling
Copy link
Contributor

hey @v-xuto , could you give some guidance on creating resources on the UsGov and China cloud? e.g. links would be helpful

@v-xuto
Copy link
Member Author

v-xuto commented Oct 11, 2021

@yunhaoling Creating resources is the same as in the public cloud. I don't understand your question too much.
@benbp What are your thoughts on this issue?

@yunhaoling
Copy link
Contributor

@v-xuto , sorry for not making it clear.

so when I tried to create EH resource on portal.azure.come, I didn't find a location with name "China" or "US Gov" in it:

image

so I'm wondering whether it needs a separate dedicated subscription or the China/US Gov cloud has its own portal.

@v-xuto
Copy link
Member Author

v-xuto commented Oct 12, 2021

@yunhaoling The China/US Gov cloud has its own portal.

@yunhaoling
Copy link
Contributor

thanks @v-xuto , I'll try it!

@benbp
Copy link
Member

benbp commented Oct 12, 2021

@yunhaoling when using the SDK you have to specify the right endpoint suffixes and tenant ids/authority hosts. Often this involves updating the ARM template to use the parameter serviceBusEndpointSuffix instead of a hardcoded value, and making sure the test credential builder uses the right tenant and authority host. Let me know if you need help.

@benbp benbp mentioned this issue Oct 12, 2021
Closed
@v-xuto
Copy link
Member Author

v-xuto commented Oct 26, 2021

@benbp - To resolve this issue, please help add a parameter variable to suffix .servicebus.windows.net. And in the pipeline environment, configure the corresponding endpoint suffix values for usgov and china cloud.

UsGov - .servicebus.usgovcloudapi.net
China - .servicebus.chinacloudapi.cn

image

@v-xuto
Copy link
Member Author

v-xuto commented Nov 3, 2021
edited
Loading

@benbp Any progress? Please help configure eventHubEndpointSuffix on different clouds.

@benbp
Copy link
Member

benbp commented Nov 3, 2021
edited
Loading

@v-xuto this is already available as serviceBusEndpointSuffix, for example:

    "ArmTemplateParameters": {
        "azureAuthorityHost": "https://login.chinacloudapi.cn/",
        "keyVaultDomainSuffix": ".vault.azure.cn",
        "keyVaultEndpointSuffix": ".vault.azure.cn",
        "keyVaultSku": "standard",
        "azConfigEndpointSuffix": ".azconfig.azure.cn",
        "cognitiveServicesEndpointSuffix": ".cognitiveservices.azure.cn",
        "storageEndpointSuffix": "core.chinacloudapi.cn",
        "serviceBusEndpointSuffix": ".servicebus.chinacloudapi.cn",
        "enableStorageVersioning": false,
        "textAnalyticsSku": "S"
    }

@v-xuto
Copy link
Member Author

v-xuto commented Nov 4, 2021
edited
Loading

@benbp Okay. Thanks. Are you sure you set the parameter serviceBusEndpointSuffix about different clouds?

Because after I modified the file sdk/eventhub/test-resources.json, some tests in UsGov still reported the same error: azure.eventhub.exceptions.AuthenticationError: Unable to open authentication session on connection EHProduce" . For more details please check here.

image

However, I directly update .servicebus.windows.net to .servicebus.usgovcloudapi.net. It passed in UsGov cloud. For more details please check here:
image.
So, the setting of this parameter serviceBusEndpointSuffix should not take effect. Please help to confirm again.

@benbp
Copy link
Member

benbp commented Nov 8, 2021

@v-xuto Ok I think there was an issue with Azure Pipelines not refreshing it's cache of the subscription configuration secrets. Sorry I didn't notice that earlier. I refreshed the cache and re-ran your failed pipeline jobs, but for some reason I think it's picking up your latest changes with the usgovcloudapi hardcoded instead of the problem commit with the serviceBusEndpointSuffix value.

@v-xuto
Copy link
Member Author

v-xuto commented Nov 9, 2021
edited
Loading

@benbp After I update .servicebus.windows.net to parameters('serviceBusEndpointSuffix') and re-run pipeline, the same error was reported. The problem was not resolved. Please help me to confirm again. For more details please check here.
image

@benbp
Copy link
Member

benbp commented Nov 9, 2021

@v-xuto I'm doing some testing but the issue should be fixed now. My updating scripts were targeting the wrong secret :( I'm going to prioritize some work to move these values into a more observable place so you can update and inspect them yourself, and also support logging non-secret arm parameter values.

@v-xuto
Copy link
Member Author

v-xuto commented Nov 11, 2021

@benbp Thanks for your help. This issue has fixed. This is the result. I will close this issue.

@v-xuto v-xuto closed this as completed Nov 11, 2021
@github-actions github-actions bot locked and limited conversation to collaborators Apr 11, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@yunhaoling yunhaoling

Labels
Client This issue points to a problem in the data-plane of the library. Event Hubs Messaging Messaging crew test-sovereign-cloud
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@benbp @yunhaoling @v-xuto