Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to run on Azure Function - CamundaCloudTokenProvider makes unauthorised writes to local file system #415

Open
matt-ankerson opened this issue Jun 12, 2022 · 0 comments
Open

Unable to run on Azure Function - CamundaCloudTokenProvider makes unauthorised writes to local file system #415

matt-ankerson opened this issue Jun 12, 2022 · 0 comments
Assignees
@ChrisKujawa
Labels
bug Something isn't working

Comments

@matt-ankerson
Copy link

matt-ankerson commented Jun 12, 2022
edited
Loading

The CamundaCloudTokenProvider class maintains a local token cache, using a local file as a means to persist the token. Azure Functions and other Windows hosting environments, don't recommend writes, and may even prohibit writes, to the default file location.

The default location is Environment.SpecialFolder.UserProfile. Below is the description for the UserProfile enumeration:

The user's profile folder. Applications should not create files or folders at this level; they should put their data under the locations referred to by ApplicationData.
Source.

When I run with the default file location on an Azure Function, I observe the following exception.

Status(StatusCode="Unavailable", Detail="Getting metadata from plugin failed with error: Exception occurred in metadata credentials plugin. System.UnauthorizedAccessException: Access to the path 'C:\Program Files (x86)\SiteExtensions\Functions\4.5.1\32bit.zeebe' is denied.
at System.IO.FileSystem.CreateDirectory(String fullPath, Byte[] securityDescriptor)
at System.IO.Directory.CreateDirectory(String path)
at Zeebe.Client.Impl.Builder.CamundaCloudTokenProvider.RequestAccessTokenAsync()
at Grpc.Auth.GoogleAuthInterceptors.<>c__DisplayClass2_0.<b__0>d.MoveNext()

This issue is possibly more of a heads-up, as it may not be an objective of this project to maintain compatibility with Azure Functions, or any specific hosting platform for that matter.

Nevertheless, the CamundaCloudTokenProvider class could have a more agreeable default configuration, to avoid this trap for the uninitiated.

To Reproduce

  1. Create a Zeebe client, using the default CamundaCloudTokenProvider class as the token supplier.
  2. Supply a LoggingFactory and set the default log level to Trace.
  3. Use the client to invoke a process.
  4. Deploy process invocation as an HTTP-triggered Azure Function.
  5. Trigger the HTTP Function several times over the course of a few hours.

Outcome
The call to invoke the process fails intermittently with an exception, owing to the Function's inability to write to the default file location.

Enviroment

  • Azure Function (Windows)
  • .NET 6
@matt-ankerson matt-ankerson added the bug Something isn't working label Jun 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ChrisKujawa ChrisKujawa

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ChrisKujawa @matt-ankerson