ADF API Call from ACI via Ev2

Question

We’re using ShellExtension to deploy ADF configurations, executing PowerShell scripts via ACI, and we’re seeing the following error:

Status Code: Unauthorized Error Code Unauthorized
Error Message: Client IP not authorized to access the API.
Please ensure you are on corpnet, or that your IP is on an allowlist for the activities in your pipeline.

Request Id: 2de33394-657c-4e86-a675-e9227dfad6fb
Time: (Utc):03/30/2022 21:28:50

Ev2 run: Ev2 Portal - Dashboard (azure.net)

We believe the client is the ACI (Linux container) calling ADF API but is being denied access here.

Instead of requiring the ACI to have a Corp IP address, is there a way to check if the deployment request is coming from a subscription under the Microsoft AME tenant? If so, can we allow it to use the SCOPE extensions?

Any help would be much appreciated!

Answer 1

Hello @Ryan Pethel ,

Welcome to the MS Q&A platform.

Unfortunately, we can not whitelist the EV2 trigger process at this time. However, the Cosmos/ADLA/ADLS team is in the process of deploying a fix that will eliminate the corpnet only access restriction that is causing this issue.

We will update this thread once it's available.

Hope this will help. Please let us know if any further queries.

------------------------------

• Please don't forget to click on or upvote button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
• Want a reminder to come back and check responses? Here is how to subscribe to a notification
• If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators