keyvault getSecret stopped working last night in Azure Webservice on Linux

[studioab]

• Package Name: @azure/keyvault-secrets
• Package Version: 4.3.0
• Operating system: Linuz
• nodejs
  • version:
• browser
  • name/version:
• typescript
  • version:

Describe the bug
This code was working before until last night,
now it throws an error "api-version must be specified", it's not clear where and how this api must be specified
I've tried adding serviceVersion but it didn't help.

Everything works fine locally.

I've tested webapp has full access to secrets in the keyvault.

To Reproduce

async function init() {

const keyVaultName = "Foo";
const KVUri = "https://" + keyVaultName + ".vault.azure.net";

const credential = new DefaultAzureCredential();
const client = new SecretClient(KVUri, credential, {
  serviceVersion: "7.1"
});

const retrievedSecret = await client.getSecret("mongodb");
mongoDBstring = retrievedSecret.value; 

}

[wongCH]

+1, same issue when i upgrade my version to @azure/keyvault-secrets": "^4.3.0"

[tim-brand]

We have the same issue with getting secrets. We just had a meeting with Microsoft Support and they are investigating it. They were able to reproduce it.
Will speak to him in a hour again, hopefully with a solution.

[timaiv]

Problem with query params
node-fetch/node-fetch#1300

[tim-brand]

@timaiv I'm not sure if this is the case, as our solution was working fine until today. And nothing has changed at our solution in the mean time.
Or this node-fetch must be used Microsoft side.

Correction. It's indeed related to the node-fetch package. When manually installing node-fetch@2.6.2 the error does not appear.

[wongCH]

Same goes here, no code change at my end. It just decided not working. But my collegue treid using powershell it work:

Get-AzKeyVaultSecret -VaultName vault-dev -Name secretName -AsPlainText

[timaiv]

@timaiv I'm not sure if this is the case, as our solution was working fine until today. And nothing has changed at our solution in the mean time.
Or this node-fetch must be used Microsoft side.

Correction. It's indeed related to the node-fetch package. When manually installing node-fetch@2.6.2 the error does not appear.

Our servers stopped working today. (when using 2.6.2, due to "node-fetch": "^2.6.0" in msdn package.json)
Downgrading to 2.6.2 helps us.

[tim-brand]

A new version of node-fetch has been released. This solves the issue.

https://www.npmjs.com/package/node-fetch/v/2.6.4

[wongCH]

yes, tested by rerun my pipeline. i do not need to manually install node-fetch and it work now.

[maorleger]

Looks like I missed quite the eventful night 😄 (at least in PDT)

So to summarize - it looks like node-fetch 2.6.3 shipped with a bug that caused query params not to be sent along with the request. In Key Vault's case, the api-version param (which is sent as part of the query string), was missing causing errors to be returned from the service.

node-fetch has released a hotfix, version 2.6.4, which should in theory make everything work again as expected. 2.6.3 does not look to be deprecated on npm so what I'll do is confirm that I can repro this bug using node-fetch 2.6.3 and that upgrading to 2.6.4 solves it before closing this.

Appreciate the follow-ups @tim-brand and thank you for sharing the node-fetch issue @timaiv - that saved me a lot of time!

[maorleger]

I can confirm that node-fetch@2.6.4 resolves this issue. Thanks everyone!

[LinusU]

Sorry for the breakage we caused here, we have as you've noticed released 2.6.4 which fixes this, and added a test case so that it doesn't happen again.

Version 2.6.3 will shortly be deprecated on npm 👍

[studioab]

do we have to do anything on our end?

[maorleger]

@studioab it really depends on your specific scenario and how things are configured on your end - you might run npm ls node-fetch to confirm that you are using 2.6.2 or 2.6.4 of node-fetch and update your version of node-fetch otherwise.

For example here's my output:

keyvault main % npm ls node-fetch
keyvault@1.0.0 /home/mleger/workspace/azure-sdk-experiments/keyvault
├─┬ @azure/keyvault-secrets@4.3.0
│ └─┬ @azure/core-http@2.2.0
│   └── node-fetch@2.6.4  deduped
└── node-fetch@2.6.4 

Edit to add: since you did end up on 2.6.3 I would guess that you do not to take any action to get on 2.6.4 - but wanted to add the above as a diagnostic / debugging tool. Hope this helps!

[studioab]

removing lock file and installing packages solved it for me.
TBH debugging this issue was a pia especially inside azure webservice on linux

Thank you all