-
Notifications
You must be signed in to change notification settings - Fork 495
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue with where clause when using a client restricted to a partition key #1073
Comments
Are you running your app as x64? |
@bchong95 any suggestions? |
Our Azure App Service is currently running x86 |
My theory on why this is failing is the SDK needs to go to the gateway to get the query plan. The call to get the query plan is failing with the 403. @bchong95 can you confirm this and if so what is the fix? |
Note that the issue did not occur with sdk V2. |
@sboshra any suggestions? |
Any update on this issue ? Seems like a showstopper for Resource token based security allowing only read and/or write access on a given partition key ? |
Can we get a stack trace for the 403? |
Please find the stacktrace below.
|
Did the stack trace help out to find where the issue/bug occurs ? |
We are experiencing the same error with SDK V3. We have reverted back to V2 because of this. Please update if there is any solution/workaround. |
@BenLuts @Xiaoliangzhang Are you both using a @Xiaoliangzhang Can you share which is the V2 code you are using? |
@ealsur I am using the following query: For completion I also tried with the following, but got the same error: |
A little summary of my findings after some investigation:
Here is some code example:
Hence, I am wondering if the token generated by V3 is not right... |
@Xiaoliangzhang does the token work for other operations like ReadItemAsync on the partition or do all operations including query fail? For 3 can you provide the create permission logic? That method provided is only doing a read. |
@j82w Here is the create permission logic:
I'll do a test later and see if other operation works, as the query is our first operations and it fails, we never get to other operations actually. I'll reply to you after some more tests. |
@j82w Hi, just changed some code and tested CreateItemAsync(), which works fine for the same token generated by V3 SDK. |
Are all the failing queries using Linq? @Xiaoliangzhang are you also using Linq when it fails? |
@ealsur Nope, as you can see in code example 1 (V3 SDK), I was using sql query, not linq. |
The working code 1 stopped working today magically... so SDK V3 doesn't work at all. |
@Xiaoliangzhang any way you can provide a basic console app with a repo? I created a PR #1143 with a test that has the same functionality and it is passing against both prod and the local emulator. |
@j82w I would like to point out that in my original case the issue only occurs when deployed to our Azure App Service. In local development I don't have an issue. |
@BenLuts any chance you can try running it with the latest 3.5.1? There was several query fixes in the latest version. The test I wrote validates both scenarios with and without the service interop so there shouldn't be any difference. Are you running the app x32 locally and in app services? |
@j82w Hi, Thanks for your PR. I am just wondering if you tried to run it with Xamarin.Android or Xamarin.iOS? I did some similar tests. In my case, the tests are passed with a .net core console application however failed in Xamarin.Android , iOS and UWP. All my tests use the same code which is very similar to yours. |
@Xiaoliangzhang I was able to get a repo and root cause. The partition key isn't getting passed into the gateway plan retriever which is causing the validation to fail. I'm working on a fix now. |
PR #1143 has the fix |
Looking forward to the release! |
@j82w Thanks for the quick fix, will give a try. |
Is there a timeline for when the latest version will be released? |
@BenLuts doing the release now. Should be available within the hour. |
@BenLuts it's available now. |
@j82w Thanks. Updated my packages and dit some tests. Seems to work like expected now! |
We are experiencing an issue in the following scenario.
We have a container with a partitionkey defined. We create users with permissions specific to a single partitionkey. We create a client specific for this user, based on his token. When we query a single item like this:
container.ReadItemAsync<T>(itemId, PartitionKey)
Everything works as expected, the item is correctly retreived.
However when trying to retrieve a filtered list as such:
container.GetItemLinqQueryable<T>(requestOptions: new QueryRequestOptions { PartitionKey = PartitionKey }).Where(query).ToFeedIterator(); var result = new List<T>(); while (iterator.HasMoreResults) result.AddRange(await iterator.ReadNextAsync());
We receive an unauthorized response: 403.
It appears as though the where clause does not respect the QueryRequestOptions.
If we remove .Where(query) from the above code, then the issue does not present itself.
Environment summary
SDK Version: 3.4.1
.Net Core 2.2 running on Azure App Services
The text was updated successfully, but these errors were encountered: