Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to download pricing data from Azure API with Workload Identity #2737

Open
namm2 opened this issue May 7, 2024 · 3 comments
Open

Unable to download pricing data from Azure API with Workload Identity #2737

namm2 opened this issue May 7, 2024 · 3 comments
Labels
E2 Estimated level of Effort (1 is easiest, 4 is hardest) needs-follow-up needs-triage opencost OpenCost issues vs. external/downstream P2 Estimated Priority (P0 is highest, P4 is lowest)

Comments

@namm2
Copy link

namm2 commented May 7, 2024
edited

Describe the bug
I'm deploying OpenCost to Azure public cloud with Workload Identity enabled, but I got errors in OpenCost logs that it's unable to download pricing data.

To Reproduce
Steps to reproduce the behavior:

  1. Go to '...'
  2. Click on '....'
  3. Scroll down to '....'
  4. See error

Expected behavior
OpenCost with Azure Workload Identity could download pricing data from Azure API.

Logs

{"level":"info","time":"2024-05-07T05:14:17.18953198Z","message":"Using ratecard query OfferDurableId eq 'MS-AZR-0003p' and Currency eq 'USD' and Locale eq 'en-US' and RegionInfo eq 'EU'"}
{"level":"warn","time":"2024-05-07T05:14:17.19911442Z","message":"Error in pricing download query from API"}
{"level":"info","time":"2024-05-07T05:14:17.199146422Z","message":"Failed to download pricing data: azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://management.azure.com/subscriptions/[REDACTED]/providers/Microsoft.Commerce/RateCard?%!f(MISSING)ilter=OfferDurableId+eq+%!M(MISSING)S-AZR-0003p%!+(MISSING)and+Currency+eq+%!U(MISSING)SD%!+(MISSING)and+Locale+eq+%!e(MISSING)n-US%!+(MISSING)and+RegionInfo+eq+%!E(MISSING)U%!&(MISSING)api-version=2015-06-01-preview: StatusCode=400 -- Original Error: adal: Refresh request failed. Status Code = '400'. Response body: {"error":"invalid_request","error_description":"Identity not found"} Endpoint http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&client_id=[REDACTED]&resource=https%!A(MISSING)%!F(MISSING)%!F(MISSING)management.azure.com%!F(MISSING)"}

Which version of OpenCost are you using?
v1.108.0

Additional context
azure.json content:

{
  "CPU": "0.031611",
  "GPU": "0.95",
  "RAM": "0.004237",
  "currencyCode": "USD",
  "description": "Azure default pricing",
  "discount": "0%",
  "internetNetworkEgress": "0.12",
  "regionNetworkEgress": "0.01",
  "spotCPU": "0.006655",
  "spotRAM": "0.000892",
  "storage": "5.479452e-05",
  "zoneNetworkEgress": "0.01",
  "provider" : "azure",
  "azureSubscriptionID": "[REDACTED]",
  "azureTenantID": "[REDACTED]",
  "azureBillingRegion": "EU"
}

For Azure AD Workload Identity, we're following from this guide: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/aks_workload_identity
@tuananhnguyen-ct
Copy link

#2363 (comment)

@mattray mattray added opencost OpenCost issues vs. external/downstream P2 Estimated Priority (P0 is highest, P4 is lowest) E2 Estimated level of Effort (1 is easiest, 4 is hardest) labels May 10, 2024
@mattray
Copy link
Collaborator

mattray commented May 10, 2024

@namm2 could you try upgrading to 1.110.0 to see if the issue remains? The link from @tuananhnguyen-ct is to a merge after 1.108.0.

@namm2
Copy link
Author

namm2 commented May 10, 2024

I also tried v1.110.0 but the error still remains.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
E2 Estimated level of Effort (1 is easiest, 4 is hardest) needs-follow-up needs-triage opencost OpenCost issues vs. external/downstream P2 Estimated Priority (P0 is highest, P4 is lowest)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mattray @namm2 @tuananhnguyen-ct