I have some logs in my Application Insights that I want to query directly in Python. I'm using Azure Monitor Query and Azure Identity to do this.
Here's the code:
from azure.identity import DefaultAzureCredential
from azure.monitor.query import LogsQueryClient
cred = DefaultAzureCredential(logging_enable=True, managed_identity_client_id=my_managed_identity_client_id)
client = LogsQueryClient(cred)
response = client.query_workspace(
workspace_id=my_workspace_id,
query=some_query,
timespan(some_start_time, some_end_time))
So when doing this, I keep getting this "(InsufficientAccessError) The provided credentials have insufficient access to perform the requested operation."
I have given the managed identity contributor rights in IAM to the app insights, and to the Azure Databricks workspace that this code is running in, in IAM as well. So I don't believe the managed_identity is wrongly configured. Do let me know if this sounds wrong.
I grabbed the workspace_id from my app insights by going to the linked "Workspace" and grabbing Workspace ID from there.
Is there something I'm missing here?
Giving the Managed Identity the Contributor role allows it to modify the resource, not access to the data plan.
You need to assign a role that allows access to the data, like the Monitoring Reader role.