Open
Description
Description
Trying to integrate APIM and Application Insights via az command using connectionstring: https://learn.microsoft.com/en-us/powershell/module/az.apimanagement/new-azapimanagementlogger
Receiving the below error,
Error Code: ValidationError
Error Message: Validation failed for logger-id 'apim_name'. Exception Received 'The Service Bus connection string is not of the expected format. Either there are unexpected properties within the string or the format is incorrect. Please check the string before trying again.'
To address the issue with the New-AzApiManagementLogger command,
As per our document: https://learn.microsoft.com/en-us/powershell/module/az.apimanagement/new-azapimanagementlogger, ConnectionString is used for Azure Event Hub service.
Hence for Application Insights, used InstrumentationKey parameter. Below is the sample command to create a logger for Application Insights:
$apimContext = New-AzApiManagementContext -ResourceGroupName "Resource_Group_Name" -ServiceName "Service_Name"
New-AzApiManagementLogger -Context $apimContext -LoggerId "Logger_Name" -InstrumentationKey "Instrumentation_Key_Application_Insights"
Upon following the above command, was able to integrate Application Insights with APIM.
But when looking at the Azure Portal, there is a difference between the manually created Loggers from azure portal and the az created logger. When created using az module, it doesn't have any hyperlink or doesn't redirect to Application Insights resource.
This issue is happening because when Instrumentation Key is passed, there is a hard requirement to pass resource ID of the Application Insights also. If not the Azure portal will not link the logger to application insights resource.
(Compared the REST API calls in HAR trace while trying to integrate APIM with Applciation Insights from the Azure Portal)
But the "New-AzApiManagementDiagnostic" module doesnot support resourceID parameter.
Checked the powershell code as well: https://github.com/Azure/azure-powershell/blob/main/src/ApiManagement/ApiManagement.ServiceManagement/Commands/NewAzureApiManagementLogger.cs
When we debug the az command, we can see that the resourceid parameter is null, where as it should contain the resourceid of the Application Insights.
To resolve this we need to edit the code of the az module to allow passing of resource ID of the Application Insights along with instrumentation key.
Issue script & Debug output
PS /home/anjali> $DebugPreference='Continue' PS /home/anjali>
PS /home/anjali> $apimContext = New-AzApiManagementContext -ResourceGroupName "Anjali_Divitha_RG" -ServiceName "APIMAD"
DEBUG: 4:42:51 AM - NewAzureApiManagementContext begin processing with ParameterSet 'ContextParameterSet'.
DEBUG: 4:42:51 AM - using account id 'MSI@50342'...
DEBUG: 4:42:51 AM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 4:42:51 AM - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 4:42:51 AM - [ConfigManager] Got nothing from [CheckForUpgrade], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: AzureQoSEvent: Module: Az.ApiManagement:4.0.2; CommandName: New-AzApiManagementContext; PSVersion: 7.4.1; IsSuccess: True; Duration: 00:00:00.0011200
DEBUG: 4:42:51 AM - [ConfigManager] Got [True] from [EnableDataCollection], Module = [], Cmdlet = [].
DEBUG: 4:42:51 AM - NewAzureApiManagementContext end processing.
PS /home/anjali> New-AzApiManagementLogger -Context $apimContext -LoggerId "testlogger" -InstrumentationKey "bffcc821-3855-4db4-9141-7525c7c36a17"
DEBUG: 4:43:01 AM - NewAzureApiManagementLogger begin processing with ParameterSet 'ApplicationInsightsLoggerSet'.
DEBUG: 4:43:01 AM - using account id 'MSI@50342'...
DEBUG: 4:43:01 AM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: [Common.Authentication]: Authenticating using Account: 'MSI@50342', environment: 'AzureCloud', tenant: '72f988bf-86f1-41af-91ab-2d7cd011db47'
DEBUG: 4:43:01 AM - [ManagedServiceIdentityAuthenticator] Calling ManagedIdentityCredential.GetTokenAsync - TenantId:'72f988bf-86f1-41af-91ab-2d7cd011db47', Scopes:'https://management.core.windows.net/', UserId:''
DEBUG: ManagedIdentityCredential.GetToken invoked. Scopes: [ https://management.core.windows.net/ ] ParentRequestId:
DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 CBL-Mariner/Linux [2024-03-01 04:43:01Z - 17df274b-ed6d-4938-812d-496cd6e0d5fc] MSAL MSAL.CoreCLR with assembly version '4.56.0.0'. CorrelationId(17df274b-ed6d-4938-812d-496cd6e0d5fc)
DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 CBL-Mariner/Linux [2024-03-01 04:43:01Z - 17df274b-ed6d-4938-812d-496cd6e0d5fc] === AcquireTokenForClientParameters ===
SendX5C: False
ForceRefresh: False
DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 CBL-Mariner/Linux [2024-03-01 04:43:01Z - 17df274b-ed6d-4938-812d-496cd6e0d5fc]
=== Request Data ===
Authority Provided? - True
Scopes - https://management.core.windows.net/
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenForClient
IsConfidentialClient - True
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - 17df274b-ed6d-4938-812d-496cd6e0d5fc
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:
DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 CBL-Mariner/Linux [2024-03-01 04:43:01Z - 17df274b-ed6d-4938-812d-496cd6e0d5fc] === Token Acquisition (ClientCredentialRequest) started:
Scopes: https://management.core.windows.net/
Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 CBL-Mariner/Linux [2024-03-01 04:43:01Z - 17df274b-ed6d-4938-812d-496cd6e0d5fc] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 CBL-Mariner/Linux [2024-03-01 04:43:01Z - 17df274b-ed6d-4938-812d-496cd6e0d5fc] [Instance Discovery] Skipping Instance discovery because it is disabled.
DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 CBL-Mariner/Linux [2024-03-01 04:43:01Z - 17df274b-ed6d-4938-812d-496cd6e0d5fc] [ClientCredentialRequest] Sending Token response to client credential request endpoint ...
DEBUG: Request [e3b34eb0-42a5-49b5-876a-8cff9e0d1467] POST http://localhost:50342/oauth2/token
Content-Type:application/x-www-form-urlencoded
Metadata:REDACTED
x-ms-client-request-id:e3b34eb0-42a5-49b5-876a-8cff9e0d1467
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.10.3 (.NET 8.0.1; CBL-Mariner/Linux)
client assembly: Azure.Identity
DEBUG: Response [e3b34eb0-42a5-49b5-876a-8cff9e0d1467] 200 OK (00.0s)
X-Powered-By:REDACTED
ETag:W/"971-2YKSB0r0rshM/LVqRKq2xay8q1g"
Date:Fri, 01 Mar 2024 04:43:01 GMT
Connection:keep-alive
Keep-Alive:REDACTED
Content-Type:application/json; charset=utf-8
Content-Length:2417
DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 CBL-Mariner/Linux [2024-03-01 04:43:01Z - 17df274b-ed6d-4938-812d-496cd6e0d5fc] Checking client info returned from the server..
DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 CBL-Mariner/Linux [2024-03-01 04:43:01Z - 17df274b-ed6d-4938-812d-496cd6e0d5fc] Saving token response to cache..
DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 CBL-Mariner/Linux [2024-03-01 04:43:01Z - 17df274b-ed6d-4938-812d-496cd6e0d5fc] [SaveTokenResponseAsync] ID Token not present in response.
DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 CBL-Mariner/Linux [2024-03-01 04:43:01Z - 17df274b-ed6d-4938-812d-496cd6e0d5fc] Cannot determine home account id - or id token or no client info and no subject
DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 CBL-Mariner/Linux [2024-03-01 04:43:01Z - 17df274b-ed6d-4938-812d-496cd6e0d5fc] [SaveTokenResponseAsync] Saving AT in cache and removing overlapping ATs...
DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 CBL-Mariner/Linux [2024-03-01 04:43:01Z - 17df274b-ed6d-4938-812d-496cd6e0d5fc] Looking for scopes for the authority in the cache which intersect with https://management.core.windows.net/
DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 CBL-Mariner/Linux [2024-03-01 04:43:01Z - 17df274b-ed6d-4938-812d-496cd6e0d5fc] Intersecting scope entries count - 0
DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 CBL-Mariner/Linux [2024-03-01 04:43:01Z - 17df274b-ed6d-4938-812d-496cd6e0d5fc]
=== Token Acquisition finished successfully:
DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 CBL-Mariner/Linux [2024-03-01 04:43:01Z - 17df274b-ed6d-4938-812d-496cd6e0d5fc] AT expiration time: 3/1/2024 5:43:39 AM +00:00, scopes: https://management.core.windows.net/. source: IdentityProvider
DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 CBL-Mariner/Linux [2024-03-01 04:43:01Z - 17df274b-ed6d-4938-812d-496cd6e0d5fc] Fetched access token from host login.microsoftonline.com.
DEBUG: ManagedIdentityCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net/ ] ParentRequestId: ExpiresOn: 2024-03-01T05:43:39.3983818+00:00
DEBUG: [Common.Authentication]: Received token with LoginType 'User', Tenant: '72f988bf-86f1-41af-91ab-2d7cd011db47', UserId: 'MSI@50342'
DEBUG: ============================ HTTP REQUEST ============================
HTTP Method:
PUT
Absolute Uri:
https://management.azure.com/subscriptions/a1749151-946a-4af4-b836-d44f2e8709c9/resourceGroups/Anjali_Divitha_RG/providers/Microsoft.ApiManagement/service/APIMAD/loggers/testlogger?api-version=2021-08-01
Headers:
Accept-Language : en-US
x-ms-client-request-id : f531fa4f-2ca2-46ee-b66f-aeba2a77c162
Body:
{
"properties": {
"loggerType": "applicationInsights",
"credentials": {
"instrumentationKey": "bffcc821-3855-4db4-9141-7525c7c36a17"
},
"isBuffered": true
}
}
DEBUG: ============================ HTTP RESPONSE ============================
Status Code:
OK
Headers:
Cache-Control : no-cache
Pragma : no-cache
ETag : "AAAAAAABC7A="
Strict-Transport-Security : max-age=31536000; includeSubDomains
X-Content-Type-Options : nosniff
x-ms-request-id : c647d75a-7a67-4b9c-a37e-57a20f3df767
x-ms-ratelimit-remaining-subscription-writes: 1199
x-ms-correlation-request-id : c647d75a-7a67-4b9c-a37e-57a20f3df767
x-ms-routing-request-id : WESTINDIA:20240301T044302Z:c647d75a-7a67-4b9c-a37e-57a20f3df767
X-Cache : CONFIG_NOCACHE
X-MSEdge-Ref : Ref A: BAF83ECD25744724BA54CB953464BE69 Ref B: MAA201060514027 Ref C: 2024-03-01T04:43:01Z
Date : Fri, 01 Mar 2024 04:43:02 GMT
Body:
{
"id": "/subscriptions/a1749151-946a-4af4-b836-d44f2e8709c9/resourceGroups/Anjali_Divitha_RG/providers/Microsoft.ApiManagement/service/APIMAD/loggers/TestLogger",
"type": "Microsoft.ApiManagement/service/loggers",
"name": "TestLogger",
"properties": {
"loggerType": "applicationInsights",
"description": null,
"credentials": {
"instrumentationKey": "{{Logger-Credentials--65e15cd65ddd17100821bb6e}}"
},
"isBuffered": true,
"resourceId": null
}
}
LoggerId : TestLogger
Description :
Type : ApplicationInsights
IsBuffered : True
Id : /subscriptions/a1749151-946a-4af4-b836-d44f2e8709c9/resourceGroups/Anjali_Divitha_
RG/providers/Microsoft.ApiManagement/service/APIMAD/loggers/TestLogger
ResourceGroupName : Anjali_Divitha_RG
ServiceName : APIMAD
DEBUG: 4:43:02 AM - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 4:43:02 AM - [ConfigManager] Got nothing from [CheckForUpgrade], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: AzureQoSEvent: Module: Az.ApiManagement:4.0.2; CommandName: New-AzApiManagementLogger; PSVersion: 7.4.1; IsSuccess: True; Duration: 00:00:01.5946829
DEBUG: 4:43:02 AM - [ConfigManager] Got [True] from [EnableDataCollection], Module = [], Cmdlet = [].
DEBUG: 4:43:02 AM - NewAzureApiManagementLogger end processing.Environment data
PS /home/anjali> $PSVersionTable
Name Value
---- -----
PSVersion 7.4.1
PSEdition Core
GitCommitId 7.4.1
OS CBL-Mariner/Linux
Platform Unix
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0Module versions
PS /home/anjali> Get-Module Az*
ModuleType Version PreRelease Name ExportedCommands
---------- ------- ---------- ---- ----------------
Script 2.15.1 Az.Accounts {Add-AzEnvironment, Clear-AzConf…
Script 4.0.2 Az.ApiManagement {Add-AzApiManagementApiToGateway…
Script 7.1.1 Az.Compute {Add-AzImageDataDisk, Add-AzVhd,…
Script 7.4.0 Az.Network {Add-AzApplicationGatewayAuthent…
Script 6.15.0 Az.Resources {Export-AzResourceGroup, Export-…
Script 6.1.1 Az.Storage {Add-AzRmStorageContainerLegalHo…
Script 1.1.3 Az.Tools.Predictor {Disable-AzPredictor, Enable-AzP…
Script 0.0.0.10 AzureAD.Standard.Preview {Add-AzureADApplicationOwner, Ad…
Script 0.9.3 AzurePSDriveError output
PS /home/anjali> Resolve-AzError
DEBUG: 4:45:42 AM - ResolveError begin processing with ParameterSet 'AnyErrorParameterSet'.
DEBUG: 4:45:42 AM - using account id 'MSI@50342'...
DEBUG: 4:45:42 AM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
HistoryId: 1
Message : The specified module 'Microsoft.PowerShell.UnixCompleters' was not loaded because no
valid module file was found in any module directory.
StackTrace :
Exception : System.IO.FileNotFoundException
InvocationInfo : {Import-Module}
Line : Microsoft.PowerShell.Core\Import-Module -Name
Microsoft.PowerShell.UnixCompleters -ErrorAction SilentlyContinue
Position : At /opt/microsoft/powershell/7/profile.ps1:382 char:5
+ Microsoft.PowerShell.Core\Import-Module -Name Microsoft.PowerShel …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId : 1
DEBUG: 4:45:42 AM - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 4:45:42 AM - [ConfigManager] Got nothing from [CheckForUpgrade], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: AzureQoSEvent: Module: Az.Accounts:2.15.1; CommandName: Resolve-AzError; PSVersion: 7.4.1; IsSuccess: True; Duration: 00:00:00.0240032
DEBUG: 4:45:42 AM - [ConfigManager] Got [True] from [EnableDataCollection], Module = [], Cmdlet = [].
DEBUG: 4:45:42 AM - ResolveError end processing.