Opencost fails to download Price Sheet from Azure

[kaitimmer]

Describe the bug

Opencost fails to download the Azure Price Sheet.

I'm having issues with downloading the Azure Price Sheet:

│ 2024-03-01T15:07:38.025963505Z ERR Error downloading Azure price sheet: getting download URL: beginning pricesheet download: GET https://management.azure.com/providers/Microsoft.Billing/billingAccounts//provid │
│ ers/Microsoft.Billing/billingAccounts/xxx/billingPeriods/202403/providers/Microsoft.Consumption/pricesheets/download             │
│ --------------------------------------------------------------------------------                                                                                                                                  │
│ RESPONSE 403: 403 Forbidden                                                                                                                                                                                       │
│ ERROR CODE: AuthorizationFailed                                                                                                                                                                                   │
│ --------------------------------------------------------------------------------                                                                                                                                  │
│ {                                                                                                                                                                                                                 │
│   "error": {                                                                                                                                                                                                      │
│     "code": "AuthorizationFailed",                                                                                                                                                                                │
│     "message": "The client 'fb3403ef-c807-457a-bc2b-2326788c6294' with object id 'fb3403ef-c807-457a-bc2b-2326788c6294' does not have authorization to perform action 'Microsoft.Billing/billingAccounts/Microsof │
│ t.Billing/xxx/202403/Microsoft.Consumption/download/read' over scope '/providers/Microsoft.Billing/billingAccounts/providers/Mic │
│ rosoft.Billing/billingAccounts/xxx/billingPeriods/202403/providers/Microsoft.Consumption/pricesheets' or the scope is invalid. I │
│ f access was recently granted, please refresh your credentials."                                                                                                                                                  │
│   }                                                                                                                                                                                                               │
│ }                                                                                                                                                                                                                 │

My Opencost "App/ServicePrincipal" does not have the right to read the information.

I tried to use the script, but I only get:

Creating EnrollmentReader role assignment for SP dev-de1-opencost (fb3403ef-c807-457a-bc2b-2326788c6294) in billing account b015b87b-54d3-54ff-5dce-e3b78cfbf1d4:ac5eb31c-e276-4ae2-9f6b-da7f5c42917a_2019-05-31
Role assignment name: 2B95F78F-DD14-4A69-91E6-1A7FF19C49F3
Response: {"code":"UnprocessableEntity","message":"PUT operation is currently supported only on EA billing accounts"}

So, I manually added my Opencost Service principals as "Reader" to my Billing Account.

Still no luck.

What might I be missing here?

Expected behavior

Opencost downloads the Price Sheet and uses it.

Screenshots
If applicable, add screenshots to help explain your problem.

Which version of OpenCost are you using?
1.108.0

[mattray]

@Sean-Holcomb I know you were discussing the Azure Price Sheet recently, did something change or is this a configuration issue?

[Sean-Holcomb]

I believe this would be @r2k1 domain of expertise, since it appears that id of the service principle matches the id in the error log. It should only be a matter of getting the right permissions applied to that service principle.

[kaitimmer]

Anything I can do to help debug this?

[AjayTripathy]

Hi @kaitimmer I'm not an expert here at all but does the READER role actually grant permission for the PUT operation? PUT sounds like it might be more expansive than just read? Response: {"code":"UnprocessableEntity","message":"PUT operation is currently supported only on EA billing accounts"}