From c65db818db199307cd36b60209310a709a8e9426 Mon Sep 17 00:00:00 2001 From: v-snalawade <98255332+v-snalawade@users.noreply.github.com> Date: Tue, 7 Jan 2025 15:36:37 +0530 Subject: [PATCH] Add 403 error for blob access in AzureVmssDeploymentV1 (#20770) * Add 403 error for blob access in AzureVmssDeploymentV1 * updated task.loc.json --- .../operations/VirtualMachineScaleSet.ts | 6 ++++++ Tasks/AzureVmssDeploymentV1/task.json | 6 ++++-- Tasks/AzureVmssDeploymentV1/task.loc.json | 6 ++++-- _generated/AzureVmssDeploymentV1.versionmap.txt | 4 ++-- .../Strings/resources.resjson/en-US/resources.resjson | 4 +++- .../operations/VirtualMachineScaleSet.ts | 6 ++++++ _generated/AzureVmssDeploymentV1/task.json | 10 ++++++---- _generated/AzureVmssDeploymentV1/task.loc.json | 10 ++++++---- .../Strings/resources.resjson/en-US/resources.resjson | 4 +++- .../operations/VirtualMachineScaleSet.ts | 6 ++++++ _generated/AzureVmssDeploymentV1_Node20/task.json | 10 ++++++---- _generated/AzureVmssDeploymentV1_Node20/task.loc.json | 10 ++++++---- 12 files changed, 58 insertions(+), 24 deletions(-) diff --git a/Tasks/AzureVmssDeploymentV1/operations/VirtualMachineScaleSet.ts b/Tasks/AzureVmssDeploymentV1/operations/VirtualMachineScaleSet.ts index d95eaf2a7b02..979f6ee04743 100644 --- a/Tasks/AzureVmssDeploymentV1/operations/VirtualMachineScaleSet.ts +++ b/Tasks/AzureVmssDeploymentV1/operations/VirtualMachineScaleSet.ts @@ -115,6 +115,9 @@ export default class VirtualMachineScaleSet { customScriptInfo.storageAccount = await this._getStorageAccountDetails(); customScriptInfo.blobUris = await this._uploadCustomScriptsToBlobService(customScriptInfo); } catch (error) { + if (error.statusCode && error.statusCode == 403) { + throw tl.loc("UploadingToStorageBlobsAuthenticationFailed", this.taskParameters.customScriptsStorageAccount ); + } throw tl.loc("UploadingToStorageBlobsFailed", error.message ? error.message : error); } @@ -264,6 +267,9 @@ export default class VirtualMachineScaleSet { return new Promise((resolve, reject) => { client.virtualMachineExtensions.createOrUpdate(resourceGroupName, this.taskParameters.vmssName, azureModel.ComputeResourceType.VirtualMachineScaleSet, customScriptExtension.name, customScriptExtension, (error, result, request, response) => { if (error) { + if (error.statusCode && error.statusCode == 403) { + return reject(tl.loc("SettingVMExtensionFailedwithAuthentication", utils.getError(error) , this.taskParameters.vmssName)); + } return reject(tl.loc("SettingVMExtensionFailed", utils.getError(error))); } diff --git a/Tasks/AzureVmssDeploymentV1/task.json b/Tasks/AzureVmssDeploymentV1/task.json index 461cfdb9e7e8..973ecd9682c0 100644 --- a/Tasks/AzureVmssDeploymentV1/task.json +++ b/Tasks/AzureVmssDeploymentV1/task.json @@ -14,7 +14,7 @@ "author": "Microsoft Corporation", "version": { "Major": 1, - "Minor": 249, + "Minor": 251, "Patch": 0 }, "demands": [], @@ -224,6 +224,8 @@ "CouldNotFetchAccessTokenforAzureStatusCode": "Could not fetch access token for Azure. Status code: %s, status message: %s", "CouldNotFetchAccessTokenforMSIDueToMSINotConfiguredProperlyStatusCode": "Could not fetch access token for Managed Service Principal. Please configure Managed Service Identity (MSI) for virtual machine 'https://aka.ms/azure-msi-docs'. Status code: %s, status message: %s", "CouldNotFetchAccessTokenforMSIStatusCode": "Could not fetch access token for Managed Service Principal. Status code: %s, status message: %s", - "ExpiredServicePrincipal": "Could not fetch access token for Azure. Verify if the Service Principal used is valid and not expired." + "ExpiredServicePrincipal": "Could not fetch access token for Azure. Verify if the Service Principal used is valid and not expired.", + "UploadingToStorageBlobsAuthenticationFailed": "Failed to upload custom scripts to azure blob storage. Please ensure that the subscription has the 'Storage Blob Data Contributor' role assigned for storage account '%s'.", + "SettingVMExtensionFailedwithAuthentication": "Failed to install VM custom script extension on VMSS. Error: %s. Please ensure that the subscription has the 'Contributor' role assigned for vmss '%s'. " } } \ No newline at end of file diff --git a/Tasks/AzureVmssDeploymentV1/task.loc.json b/Tasks/AzureVmssDeploymentV1/task.loc.json index 773f534d0d72..2f3b0bda62a6 100644 --- a/Tasks/AzureVmssDeploymentV1/task.loc.json +++ b/Tasks/AzureVmssDeploymentV1/task.loc.json @@ -14,7 +14,7 @@ "author": "Microsoft Corporation", "version": { "Major": 1, - "Minor": 249, + "Minor": 251, "Patch": 0 }, "demands": [], @@ -224,6 +224,8 @@ "CouldNotFetchAccessTokenforAzureStatusCode": "ms-resource:loc.messages.CouldNotFetchAccessTokenforAzureStatusCode", "CouldNotFetchAccessTokenforMSIDueToMSINotConfiguredProperlyStatusCode": "ms-resource:loc.messages.CouldNotFetchAccessTokenforMSIDueToMSINotConfiguredProperlyStatusCode", "CouldNotFetchAccessTokenforMSIStatusCode": "ms-resource:loc.messages.CouldNotFetchAccessTokenforMSIStatusCode", - "ExpiredServicePrincipal": "ms-resource:loc.messages.ExpiredServicePrincipal" + "ExpiredServicePrincipal": "ms-resource:loc.messages.ExpiredServicePrincipal", + "UploadingToStorageBlobsAuthenticationFailed": "ms-resource:loc.messages.UploadingToStorageBlobsAuthenticationFailed", + "SettingVMExtensionFailedwithAuthentication": "ms-resource:loc.messages.SettingVMExtensionFailedwithAuthentication" } } \ No newline at end of file diff --git a/_generated/AzureVmssDeploymentV1.versionmap.txt b/_generated/AzureVmssDeploymentV1.versionmap.txt index 07173a7bc4df..e3da902734ba 100644 --- a/_generated/AzureVmssDeploymentV1.versionmap.txt +++ b/_generated/AzureVmssDeploymentV1.versionmap.txt @@ -1,2 +1,2 @@ -Default|1.249.0 -Node20_229_6|1.249.1 +Default|1.251.0 +Node20_229_6|1.251.1 diff --git a/_generated/AzureVmssDeploymentV1/Strings/resources.resjson/en-US/resources.resjson b/_generated/AzureVmssDeploymentV1/Strings/resources.resjson/en-US/resources.resjson index 51ca14b9343e..7c8469115325 100644 --- a/_generated/AzureVmssDeploymentV1/Strings/resources.resjson/en-US/resources.resjson +++ b/_generated/AzureVmssDeploymentV1/Strings/resources.resjson/en-US/resources.resjson @@ -76,5 +76,7 @@ "loc.messages.CouldNotFetchAccessTokenforAzureStatusCode": "Could not fetch access token for Azure. Status code: %s, status message: %s", "loc.messages.CouldNotFetchAccessTokenforMSIDueToMSINotConfiguredProperlyStatusCode": "Could not fetch access token for Managed Service Principal. Please configure Managed Service Identity (MSI) for virtual machine 'https://aka.ms/azure-msi-docs'. Status code: %s, status message: %s", "loc.messages.CouldNotFetchAccessTokenforMSIStatusCode": "Could not fetch access token for Managed Service Principal. Status code: %s, status message: %s", - "loc.messages.ExpiredServicePrincipal": "Could not fetch access token for Azure. Verify if the Service Principal used is valid and not expired." + "loc.messages.ExpiredServicePrincipal": "Could not fetch access token for Azure. Verify if the Service Principal used is valid and not expired.", + "loc.messages.UploadingToStorageBlobsAuthenticationFailed": "Failed to upload custom scripts to azure blob storage. Please ensure that the subscription has the 'Storage Blob Data Contributor' role assigned for storage account '%s'.", + "loc.messages.SettingVMExtensionFailedwithAuthentication": "Failed to install VM custom script extension on VMSS. Error: %s. Please ensure that the subscription has the 'Contributor' role assigned for vmss '%s'. " } \ No newline at end of file diff --git a/_generated/AzureVmssDeploymentV1/operations/VirtualMachineScaleSet.ts b/_generated/AzureVmssDeploymentV1/operations/VirtualMachineScaleSet.ts index d95eaf2a7b02..979f6ee04743 100644 --- a/_generated/AzureVmssDeploymentV1/operations/VirtualMachineScaleSet.ts +++ b/_generated/AzureVmssDeploymentV1/operations/VirtualMachineScaleSet.ts @@ -115,6 +115,9 @@ export default class VirtualMachineScaleSet { customScriptInfo.storageAccount = await this._getStorageAccountDetails(); customScriptInfo.blobUris = await this._uploadCustomScriptsToBlobService(customScriptInfo); } catch (error) { + if (error.statusCode && error.statusCode == 403) { + throw tl.loc("UploadingToStorageBlobsAuthenticationFailed", this.taskParameters.customScriptsStorageAccount ); + } throw tl.loc("UploadingToStorageBlobsFailed", error.message ? error.message : error); } @@ -264,6 +267,9 @@ export default class VirtualMachineScaleSet { return new Promise((resolve, reject) => { client.virtualMachineExtensions.createOrUpdate(resourceGroupName, this.taskParameters.vmssName, azureModel.ComputeResourceType.VirtualMachineScaleSet, customScriptExtension.name, customScriptExtension, (error, result, request, response) => { if (error) { + if (error.statusCode && error.statusCode == 403) { + return reject(tl.loc("SettingVMExtensionFailedwithAuthentication", utils.getError(error) , this.taskParameters.vmssName)); + } return reject(tl.loc("SettingVMExtensionFailed", utils.getError(error))); } diff --git a/_generated/AzureVmssDeploymentV1/task.json b/_generated/AzureVmssDeploymentV1/task.json index 4348f5ee73cb..e07dc3961a5f 100644 --- a/_generated/AzureVmssDeploymentV1/task.json +++ b/_generated/AzureVmssDeploymentV1/task.json @@ -14,7 +14,7 @@ "author": "Microsoft Corporation", "version": { "Major": 1, - "Minor": 249, + "Minor": 251, "Patch": 0 }, "demands": [], @@ -224,10 +224,12 @@ "CouldNotFetchAccessTokenforAzureStatusCode": "Could not fetch access token for Azure. Status code: %s, status message: %s", "CouldNotFetchAccessTokenforMSIDueToMSINotConfiguredProperlyStatusCode": "Could not fetch access token for Managed Service Principal. Please configure Managed Service Identity (MSI) for virtual machine 'https://aka.ms/azure-msi-docs'. Status code: %s, status message: %s", "CouldNotFetchAccessTokenforMSIStatusCode": "Could not fetch access token for Managed Service Principal. Status code: %s, status message: %s", - "ExpiredServicePrincipal": "Could not fetch access token for Azure. Verify if the Service Principal used is valid and not expired." + "ExpiredServicePrincipal": "Could not fetch access token for Azure. Verify if the Service Principal used is valid and not expired.", + "UploadingToStorageBlobsAuthenticationFailed": "Failed to upload custom scripts to azure blob storage. Please ensure that the subscription has the 'Storage Blob Data Contributor' role assigned for storage account '%s'.", + "SettingVMExtensionFailedwithAuthentication": "Failed to install VM custom script extension on VMSS. Error: %s. Please ensure that the subscription has the 'Contributor' role assigned for vmss '%s'. " }, "_buildConfigMapping": { - "Default": "1.249.0", - "Node20_229_6": "1.249.1" + "Default": "1.251.0", + "Node20_229_6": "1.251.1" } } \ No newline at end of file diff --git a/_generated/AzureVmssDeploymentV1/task.loc.json b/_generated/AzureVmssDeploymentV1/task.loc.json index 18a7cd132f24..e74154636a78 100644 --- a/_generated/AzureVmssDeploymentV1/task.loc.json +++ b/_generated/AzureVmssDeploymentV1/task.loc.json @@ -14,7 +14,7 @@ "author": "Microsoft Corporation", "version": { "Major": 1, - "Minor": 249, + "Minor": 251, "Patch": 0 }, "demands": [], @@ -224,10 +224,12 @@ "CouldNotFetchAccessTokenforAzureStatusCode": "ms-resource:loc.messages.CouldNotFetchAccessTokenforAzureStatusCode", "CouldNotFetchAccessTokenforMSIDueToMSINotConfiguredProperlyStatusCode": "ms-resource:loc.messages.CouldNotFetchAccessTokenforMSIDueToMSINotConfiguredProperlyStatusCode", "CouldNotFetchAccessTokenforMSIStatusCode": "ms-resource:loc.messages.CouldNotFetchAccessTokenforMSIStatusCode", - "ExpiredServicePrincipal": "ms-resource:loc.messages.ExpiredServicePrincipal" + "ExpiredServicePrincipal": "ms-resource:loc.messages.ExpiredServicePrincipal", + "UploadingToStorageBlobsAuthenticationFailed": "ms-resource:loc.messages.UploadingToStorageBlobsAuthenticationFailed", + "SettingVMExtensionFailedwithAuthentication": "ms-resource:loc.messages.SettingVMExtensionFailedwithAuthentication" }, "_buildConfigMapping": { - "Default": "1.249.0", - "Node20_229_6": "1.249.1" + "Default": "1.251.0", + "Node20_229_6": "1.251.1" } } \ No newline at end of file diff --git a/_generated/AzureVmssDeploymentV1_Node20/Strings/resources.resjson/en-US/resources.resjson b/_generated/AzureVmssDeploymentV1_Node20/Strings/resources.resjson/en-US/resources.resjson index 51ca14b9343e..7c8469115325 100644 --- a/_generated/AzureVmssDeploymentV1_Node20/Strings/resources.resjson/en-US/resources.resjson +++ b/_generated/AzureVmssDeploymentV1_Node20/Strings/resources.resjson/en-US/resources.resjson @@ -76,5 +76,7 @@ "loc.messages.CouldNotFetchAccessTokenforAzureStatusCode": "Could not fetch access token for Azure. Status code: %s, status message: %s", "loc.messages.CouldNotFetchAccessTokenforMSIDueToMSINotConfiguredProperlyStatusCode": "Could not fetch access token for Managed Service Principal. Please configure Managed Service Identity (MSI) for virtual machine 'https://aka.ms/azure-msi-docs'. Status code: %s, status message: %s", "loc.messages.CouldNotFetchAccessTokenforMSIStatusCode": "Could not fetch access token for Managed Service Principal. Status code: %s, status message: %s", - "loc.messages.ExpiredServicePrincipal": "Could not fetch access token for Azure. Verify if the Service Principal used is valid and not expired." + "loc.messages.ExpiredServicePrincipal": "Could not fetch access token for Azure. Verify if the Service Principal used is valid and not expired.", + "loc.messages.UploadingToStorageBlobsAuthenticationFailed": "Failed to upload custom scripts to azure blob storage. Please ensure that the subscription has the 'Storage Blob Data Contributor' role assigned for storage account '%s'.", + "loc.messages.SettingVMExtensionFailedwithAuthentication": "Failed to install VM custom script extension on VMSS. Error: %s. Please ensure that the subscription has the 'Contributor' role assigned for vmss '%s'. " } \ No newline at end of file diff --git a/_generated/AzureVmssDeploymentV1_Node20/operations/VirtualMachineScaleSet.ts b/_generated/AzureVmssDeploymentV1_Node20/operations/VirtualMachineScaleSet.ts index d95eaf2a7b02..979f6ee04743 100644 --- a/_generated/AzureVmssDeploymentV1_Node20/operations/VirtualMachineScaleSet.ts +++ b/_generated/AzureVmssDeploymentV1_Node20/operations/VirtualMachineScaleSet.ts @@ -115,6 +115,9 @@ export default class VirtualMachineScaleSet { customScriptInfo.storageAccount = await this._getStorageAccountDetails(); customScriptInfo.blobUris = await this._uploadCustomScriptsToBlobService(customScriptInfo); } catch (error) { + if (error.statusCode && error.statusCode == 403) { + throw tl.loc("UploadingToStorageBlobsAuthenticationFailed", this.taskParameters.customScriptsStorageAccount ); + } throw tl.loc("UploadingToStorageBlobsFailed", error.message ? error.message : error); } @@ -264,6 +267,9 @@ export default class VirtualMachineScaleSet { return new Promise((resolve, reject) => { client.virtualMachineExtensions.createOrUpdate(resourceGroupName, this.taskParameters.vmssName, azureModel.ComputeResourceType.VirtualMachineScaleSet, customScriptExtension.name, customScriptExtension, (error, result, request, response) => { if (error) { + if (error.statusCode && error.statusCode == 403) { + return reject(tl.loc("SettingVMExtensionFailedwithAuthentication", utils.getError(error) , this.taskParameters.vmssName)); + } return reject(tl.loc("SettingVMExtensionFailed", utils.getError(error))); } diff --git a/_generated/AzureVmssDeploymentV1_Node20/task.json b/_generated/AzureVmssDeploymentV1_Node20/task.json index ea0d1e83deec..5d4c748024c7 100644 --- a/_generated/AzureVmssDeploymentV1_Node20/task.json +++ b/_generated/AzureVmssDeploymentV1_Node20/task.json @@ -14,7 +14,7 @@ "author": "Microsoft Corporation", "version": { "Major": 1, - "Minor": 249, + "Minor": 251, "Patch": 1 }, "demands": [], @@ -224,10 +224,12 @@ "CouldNotFetchAccessTokenforAzureStatusCode": "Could not fetch access token for Azure. Status code: %s, status message: %s", "CouldNotFetchAccessTokenforMSIDueToMSINotConfiguredProperlyStatusCode": "Could not fetch access token for Managed Service Principal. Please configure Managed Service Identity (MSI) for virtual machine 'https://aka.ms/azure-msi-docs'. Status code: %s, status message: %s", "CouldNotFetchAccessTokenforMSIStatusCode": "Could not fetch access token for Managed Service Principal. Status code: %s, status message: %s", - "ExpiredServicePrincipal": "Could not fetch access token for Azure. Verify if the Service Principal used is valid and not expired." + "ExpiredServicePrincipal": "Could not fetch access token for Azure. Verify if the Service Principal used is valid and not expired.", + "UploadingToStorageBlobsAuthenticationFailed": "Failed to upload custom scripts to azure blob storage. Please ensure that the subscription has the 'Storage Blob Data Contributor' role assigned for storage account '%s'.", + "SettingVMExtensionFailedwithAuthentication": "Failed to install VM custom script extension on VMSS. Error: %s. Please ensure that the subscription has the 'Contributor' role assigned for vmss '%s'. " }, "_buildConfigMapping": { - "Default": "1.249.0", - "Node20_229_6": "1.249.1" + "Default": "1.251.0", + "Node20_229_6": "1.251.1" } } \ No newline at end of file diff --git a/_generated/AzureVmssDeploymentV1_Node20/task.loc.json b/_generated/AzureVmssDeploymentV1_Node20/task.loc.json index f479a552de24..891b9da320d9 100644 --- a/_generated/AzureVmssDeploymentV1_Node20/task.loc.json +++ b/_generated/AzureVmssDeploymentV1_Node20/task.loc.json @@ -14,7 +14,7 @@ "author": "Microsoft Corporation", "version": { "Major": 1, - "Minor": 249, + "Minor": 251, "Patch": 1 }, "demands": [], @@ -224,10 +224,12 @@ "CouldNotFetchAccessTokenforAzureStatusCode": "ms-resource:loc.messages.CouldNotFetchAccessTokenforAzureStatusCode", "CouldNotFetchAccessTokenforMSIDueToMSINotConfiguredProperlyStatusCode": "ms-resource:loc.messages.CouldNotFetchAccessTokenforMSIDueToMSINotConfiguredProperlyStatusCode", "CouldNotFetchAccessTokenforMSIStatusCode": "ms-resource:loc.messages.CouldNotFetchAccessTokenforMSIStatusCode", - "ExpiredServicePrincipal": "ms-resource:loc.messages.ExpiredServicePrincipal" + "ExpiredServicePrincipal": "ms-resource:loc.messages.ExpiredServicePrincipal", + "UploadingToStorageBlobsAuthenticationFailed": "ms-resource:loc.messages.UploadingToStorageBlobsAuthenticationFailed", + "SettingVMExtensionFailedwithAuthentication": "ms-resource:loc.messages.SettingVMExtensionFailedwithAuthentication" }, "_buildConfigMapping": { - "Default": "1.249.0", - "Node20_229_6": "1.249.1" + "Default": "1.251.0", + "Node20_229_6": "1.251.1" } } \ No newline at end of file