How to resolve authorization errors with the backup store when using Azure storage?
Issue Description:
When performing a backup using Azure storage, you may encounter errors related to authorization. These errors typically manifest as failure messages indicating that the client does not have the necessary permissions to read disks or retrieve storage account keys. This is often due to storage account keys expiring.
Resolution:
To resolve this issue, you need to rotate the storage account keys within Azure and update the values used in the snapshot section of the 'input.json' file as shown below.
- Update the 'input.json' file with the new storage account keys and service principal credentials. Ensure the following fields are correctly populated with updated values:
-
"snapshot" : { "enabled": true, "external_object_storage": { "client_secret": "2uA8Q~oxT_qHayc9OaNiVSuoAJ9GrPe5ImLZUaq", "resource_group": "asaksdevtest-rg", "auth_mode": "ServicePrincipal", "account_name": "asaksdevtest-sa", "bucket_name": "uipath-backup-as", "subscription_id": "8c5214b0-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "storage_type": "azure", "client_id": "41666b23-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "cloud_name": "AzurePublicCloud" },
-
- Run the command to apply the updated configuration:
-
./uipathctl manifest apply input.json --only velero --versions versions.json
This will refresh the credentials and update the storage account keys, allowing Velero to perform backup operations successfully.
Additional Information:
Ensure that the Azure service principal has the necessary permissions to access the required resources. If access was recently granted, refreshing your credentials may also resolve the issue.