Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

It is not possible to create data connectors with az sentinel data-connector #27092

Open
celsocoutinho-tangany opened this issue Aug 4, 2023 · 19 comments
Open

It is not possible to create data connectors with az sentinel data-connector #27092

celsocoutinho-tangany opened this issue Aug 4, 2023 · 19 comments
Assignees
@necusjz
Labels
bug This issue requires a change to an existing behavior in the product in order to be resolved. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention This issue needs attention from Azure service team or SDK team SecurityInsights Service Attention This issue is responsible by Azure service team.
Milestone
Backlog

Comments

@celsocoutinho-tangany
Copy link

celsocoutinho-tangany commented Aug 4, 2023
edited
Loading

Describe the bug

I am trying to create and enable data connectors in Azure Sentinel. The documentation doesn't help much, but it should be a two step process:

  1. az sentinel data-connector create to create the data connector in Azure Sentinel
  2. az sentinel data-connector connect to enable

I am not able to go past the first step. In particular, the command below should work:

az sentinel data-connector create --data-connector-id AzureActiveDirectory
--resource-group my-rg \
--workspace-name my-workspace
--subscription my-subscription

But I am getting the following error:

The command failed with an unexpected error. Here is the traceback:
Model 'AAZObjectType' has no field named 'kind'
Traceback (most recent call last):
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
    cmd_result = self.invocation.execute(args)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 663, in execute
    raise ex
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 726, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 697, in _run_job
    result = cmd_copy(params)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_command.py", line 149, in __call__
    return self._handler(*args, **kwargs)
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 31, in _handler
    self._execute_operations()
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1105, in _execute_operations
    self.DataConnectorsCreateOrUpdate(ctx=self.ctx)()
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1115, in __call__
    request = self.make_request()
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_operation.py", line 318, in make_request
    self.content, self.form_content, self.stream_content)
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1209, in content
    _builder.discriminate_by("kind", "APIPolling")
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_content_builder.py", line 159, in discriminate_by
    schema.discriminate_by(prop_name, prop_value)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_field_type.py", line 243, in discriminate_by
    raise AAZUnknownFieldError(self, key)
azure.cli.core.aaz.exceptions.AAZUnknownFieldError: Model 'AAZObjectType' has no field named 'kind'

I tried to add the --kind argument, but then I get the error unrecognized arguments: --kind StaticUI.

Related command

az sentinel data-connector create

Errors

The command failed with an unexpected error. Here is the traceback:
Model 'AAZObjectType' has no field named 'kind'
Traceback (most recent call last):
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
    cmd_result = self.invocation.execute(args)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 663, in execute
    raise ex
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 726, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 697, in _run_job
    result = cmd_copy(params)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_command.py", line 149, in __call__
    return self._handler(*args, **kwargs)
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 31, in _handler
    self._execute_operations()
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1105, in _execute_operations
    self.DataConnectorsCreateOrUpdate(ctx=self.ctx)()
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1115, in __call__
    request = self.make_request()
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_operation.py", line 318, in make_request
    self.content, self.form_content, self.stream_content)
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1209, in content
    _builder.discriminate_by("kind", "APIPolling")
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_content_builder.py", line 159, in discriminate_by
    schema.discriminate_by(prop_name, prop_value)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_field_type.py", line 243, in discriminate_by
    raise AAZUnknownFieldError(self, key)
azure.cli.core.aaz.exceptions.AAZUnknownFieldError: Model 'AAZObjectType' has no field named 'kind'

Issue script & Debug output

cli.knack.cli: Command arguments: ['sentinel', 'data-connector', 'create', '--data-connector-id', 'AzureActiveDirectory', '--resource-group', 'my-rg', '--workspace-name', 'my-workspace', '--subscription', 'my-subscription', '--debug']
cli.knack.cli: __init__ debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x104f6df30>, <function OutputProducer.on_global_arguments at 0x104ffaef0>, <function CLIQuery.on_global_arguments at 0x1050643a0>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'sentinel': ['azext_sentinel']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name                  Load Time    Groups  Commands
cli.azure.cli.core: Total (0)                 0.000         0         0
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name                  Load Time    Groups  Commands  Directory
cli.azure.cli.core: sentinel                  0.060        17        21  /Users/me/.azure/cliextensions/sentinel
cli.azure.cli.core: Total (1)                 0.060        17        21  
cli.azure.cli.core: Loaded 17 groups, 21 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command  : sentinel data-connector create
cli.azure.cli.core: Command table: sentinel data-connector create
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x105b0e9e0>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/Users/me/.azure/commands/2023-08-04.12-14-47.sentinel_data-connector_create.70650.log'.
az_command_data_logger: command args: sentinel data-connector create --data-connector-id {} --resource-group {} --workspace-name {} --subscription {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument.<locals>.add_subscription_parameter at 0x105b23370>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument.<locals>.add_ids_arguments at 0x105c05090>, <function register_cache_arguments.<locals>.add_cache_arguments at 0x105c051b0>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x104ffaf80>, <function CLIQuery.handle_query_parameter at 0x105064430>, <function register_ids_argument.<locals>.parse_ids_arguments at 0x105c05120>]
az_command_data_logger: extension name: sentinel
az_command_data_logger: extension version: 0.2.0
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
cli.azure.cli.core.auth.persistence: build_persistence: location='/Users/me/.azure/msal_token_cache.json', encrypt=False
cli.azure.cli.core.auth.binary_cache: load: /Users/me/.azure/msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/50811143-5dac-46d6-92e0-3f954e222f9f/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/50811143-5dac-46d6-92e0-3f954e222f9f/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/50811143-5dac-46d6-92e0-3f954e222f9f/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/50811143-5dac-46d6-92e0-3f954e222f9f/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/50811143-5dac-46d6-92e0-3f954e222f9f/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/50811143-5dac-46d6-92e0-3f954e222f9f/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/50811143-5dac-46d6-92e0-3f954e222f9f/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
cli.azure.cli.core.azclierror: Traceback (most recent call last):
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
    cmd_result = self.invocation.execute(args)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 663, in execute
    raise ex
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 726, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 697, in _run_job
    result = cmd_copy(params)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_command.py", line 149, in __call__
    return self._handler(*args, **kwargs)
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 31, in _handler
    self._execute_operations()
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1105, in _execute_operations
    self.DataConnectorsCreateOrUpdate(ctx=self.ctx)()
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1115, in __call__
    request = self.make_request()
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_operation.py", line 318, in make_request
    self.content, self.form_content, self.stream_content)
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1209, in content
    _builder.discriminate_by("kind", "APIPolling")
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_content_builder.py", line 159, in discriminate_by
    schema.discriminate_by(prop_name, prop_value)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_field_type.py", line 243, in discriminate_by
    raise AAZUnknownFieldError(self, key)
azure.cli.core.aaz.exceptions.AAZUnknownFieldError: Model 'AAZObjectType' has no field named 'kind'

cli.azure.cli.core.azclierror: The command failed with an unexpected error. Here is the traceback:
az_command_data_logger: The command failed with an unexpected error. Here is the traceback:
cli.azure.cli.core.azclierror: Model 'AAZObjectType' has no field named 'kind'
Traceback (most recent call last):
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
    cmd_result = self.invocation.execute(args)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 663, in execute
    raise ex
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 726, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 697, in _run_job
    result = cmd_copy(params)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_command.py", line 149, in __call__
    return self._handler(*args, **kwargs)
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 31, in _handler
    self._execute_operations()
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1105, in _execute_operations
    self.DataConnectorsCreateOrUpdate(ctx=self.ctx)()
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1115, in __call__
    request = self.make_request()
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_operation.py", line 318, in make_request
    self.content, self.form_content, self.stream_content)
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1209, in content
    _builder.discriminate_by("kind", "APIPolling")
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_content_builder.py", line 159, in discriminate_by
    schema.discriminate_by(prop_name, prop_value)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_field_type.py", line 243, in discriminate_by
    raise AAZUnknownFieldError(self, key)
azure.cli.core.aaz.exceptions.AAZUnknownFieldError: Model 'AAZObjectType' has no field named 'kind'
az_command_data_logger: Model 'AAZObjectType' has no field named 'kind'
Traceback (most recent call last):
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
    cmd_result = self.invocation.execute(args)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 663, in execute
    raise ex
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 726, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 697, in _run_job
    result = cmd_copy(params)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_command.py", line 149, in __call__
    return self._handler(*args, **kwargs)
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 31, in _handler
    self._execute_operations()
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1105, in _execute_operations
    self.DataConnectorsCreateOrUpdate(ctx=self.ctx)()
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1115, in __call__
    request = self.make_request()
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_operation.py", line 318, in make_request
    self.content, self.form_content, self.stream_content)
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1209, in content
    _builder.discriminate_by("kind", "APIPolling")
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_content_builder.py", line 159, in discriminate_by
    schema.discriminate_by(prop_name, prop_value)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_field_type.py", line 243, in discriminate_by
    raise AAZUnknownFieldError(self, key)
azure.cli.core.aaz.exceptions.AAZUnknownFieldError: Model 'AAZObjectType' has no field named 'kind'
To check existing issues, please visit: https://github.com/Azure/azure-cli/issues
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x105b0ec20>]
az_command_data_logger: exit code: 1
cli.__main__: Command ran in 0.154 seconds (init: 0.052, invoke: 0.102)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 7558 in cache
telemetry.check: Negative: The /Users/me/.azure/telemetry.txt was modified at 2023-08-04 12:05:17.665744, which in less than 600.000000 s

Expected behavior

The command should have finished with a success code, and the data connector should have been created on Azure Sentinel

Environment Summary

{
  "azure-cli": "2.50.0",
  "azure-cli-core": "2.50.0",
  "azure-cli-telemetry": "1.0.8",
  "extensions": {
    "account": "0.2.5",
    "azure-devops": "0.26.0",
    "resource-graph": "2.1.0",
    "sentinel": "0.2.0"
  }
}

Additional context

No response
@celsocoutinho-tangany celsocoutinho-tangany added the bug This issue requires a change to an existing behavior in the product in order to be resolved. label Aug 4, 2023
@azure-client-tools-bot-prd
Copy link

Hi @celsocoutinho-tangany,

2.50.0 is not the latest Azure CLI(2.51.0).

Please upgrade to the latest Azure CLI version by following https://learn.microsoft.com/en-us/cli/azure/update-azure-cli.

@azure-client-tools-bot-prd azure-client-tools-bot-prd bot added the Auto-Resolve Auto resolve by bot label Aug 4, 2023
@ghost ghost added customer-reported Issues that are reported by GitHub users external to the Azure organization. Auto-Assign Auto assign by bot Graph az ad labels Aug 4, 2023
@ghost ghost assigned jiasli Aug 4, 2023
@ghost ghost added this to the Backlog milestone Aug 4, 2023
@yonzhan
Copy link
Collaborator

yonzhan commented Aug 4, 2023

Thank you for opening this issue, we will look into it.

@yonzhan yonzhan added the CXP Attention This issue is handled by CXP team. label Aug 4, 2023
@ghost
Copy link

ghost commented Aug 4, 2023

Thank you for your feedback. This has been routed to the support team for assistance.

1 similar comment
@microsoft-github-policy-service
Copy link
Contributor

Thank you for your feedback. This has been routed to the support team for assistance.

@jsntcy jsntcy assigned necusjz and unassigned jiasli Aug 4, 2023
@jsntcy jsntcy removed Graph az ad Auto-Assign Auto assign by bot Auto-Resolve Auto resolve by bot labels Aug 4, 2023
@navba-MSFT navba-MSFT added Service Attention This issue is responsible by Azure service team. needs-team-attention This issue needs attention from Azure service team or SDK team and removed CXP Attention This issue is handled by CXP team. labels Aug 7, 2023
@ghost
Copy link

ghost commented Aug 7, 2023

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @amirkeren.

Issue Details

Describe the bug

I am trying to create and enable data connectors in Azure Sentinel. The documentation doesn't help much, but it should be a two step process:

  1. az sentinel data-connector create to create the data connector in Azure Sentinel
  2. az sentinel data-connector connect to enable

I am not able to go past the first step. In particular, the command below should work:

az sentinel data-connector create --data-connector-id AzureActiveDirectory
--resource-group my-rg \
--workspace-name my-workspace
--subscription my-subscription

But I am getting the following error:

The command failed with an unexpected error. Here is the traceback:
Model 'AAZObjectType' has no field named 'kind'
Traceback (most recent call last):
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
    cmd_result = self.invocation.execute(args)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 663, in execute
    raise ex
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 726, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 697, in _run_job
    result = cmd_copy(params)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_command.py", line 149, in __call__
    return self._handler(*args, **kwargs)
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 31, in _handler
    self._execute_operations()
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1105, in _execute_operations
    self.DataConnectorsCreateOrUpdate(ctx=self.ctx)()
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1115, in __call__
    request = self.make_request()
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_operation.py", line 318, in make_request
    self.content, self.form_content, self.stream_content)
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1209, in content
    _builder.discriminate_by("kind", "APIPolling")
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_content_builder.py", line 159, in discriminate_by
    schema.discriminate_by(prop_name, prop_value)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_field_type.py", line 243, in discriminate_by
    raise AAZUnknownFieldError(self, key)
azure.cli.core.aaz.exceptions.AAZUnknownFieldError: Model 'AAZObjectType' has no field named 'kind'

I tried to add the --kind argument, but then I get the error unrecognized arguments: --kind StaticUI.

Related command

az sentinel data-connector create

Errors

The command failed with an unexpected error. Here is the traceback:
Model 'AAZObjectType' has no field named 'kind'
Traceback (most recent call last):
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
    cmd_result = self.invocation.execute(args)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 663, in execute
    raise ex
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 726, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 697, in _run_job
    result = cmd_copy(params)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_command.py", line 149, in __call__
    return self._handler(*args, **kwargs)
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 31, in _handler
    self._execute_operations()
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1105, in _execute_operations
    self.DataConnectorsCreateOrUpdate(ctx=self.ctx)()
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1115, in __call__
    request = self.make_request()
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_operation.py", line 318, in make_request
    self.content, self.form_content, self.stream_content)
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1209, in content
    _builder.discriminate_by("kind", "APIPolling")
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_content_builder.py", line 159, in discriminate_by
    schema.discriminate_by(prop_name, prop_value)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_field_type.py", line 243, in discriminate_by
    raise AAZUnknownFieldError(self, key)
azure.cli.core.aaz.exceptions.AAZUnknownFieldError: Model 'AAZObjectType' has no field named 'kind'

Issue script & Debug output

cli.knack.cli: Command arguments: ['sentinel', 'data-connector', 'create', '--data-connector-id', 'AzureActiveDirectory', '--resource-group', 'my-rg', '--workspace-name', 'my-workspace', '--subscription', 'my-subscription', '--debug']
cli.knack.cli: __init__ debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x104f6df30>, <function OutputProducer.on_global_arguments at 0x104ffaef0>, <function CLIQuery.on_global_arguments at 0x1050643a0>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'sentinel': ['azext_sentinel']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name                  Load Time    Groups  Commands
cli.azure.cli.core: Total (0)                 0.000         0         0
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name                  Load Time    Groups  Commands  Directory
cli.azure.cli.core: sentinel                  0.060        17        21  /Users/me/.azure/cliextensions/sentinel
cli.azure.cli.core: Total (1)                 0.060        17        21  
cli.azure.cli.core: Loaded 17 groups, 21 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command  : sentinel data-connector create
cli.azure.cli.core: Command table: sentinel data-connector create
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x105b0e9e0>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/Users/me/.azure/commands/2023-08-04.12-14-47.sentinel_data-connector_create.70650.log'.
az_command_data_logger: command args: sentinel data-connector create --data-connector-id {} --resource-group {} --workspace-name {} --subscription {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument.<locals>.add_subscription_parameter at 0x105b23370>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument.<locals>.add_ids_arguments at 0x105c05090>, <function register_cache_arguments.<locals>.add_cache_arguments at 0x105c051b0>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x104ffaf80>, <function CLIQuery.handle_query_parameter at 0x105064430>, <function register_ids_argument.<locals>.parse_ids_arguments at 0x105c05120>]
az_command_data_logger: extension name: sentinel
az_command_data_logger: extension version: 0.2.0
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
cli.azure.cli.core.auth.persistence: build_persistence: location='/Users/me/.azure/msal_token_cache.json', encrypt=False
cli.azure.cli.core.auth.binary_cache: load: /Users/me/.azure/msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/50811143-5dac-46d6-92e0-3f954e222f9f/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/50811143-5dac-46d6-92e0-3f954e222f9f/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/50811143-5dac-46d6-92e0-3f954e222f9f/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/50811143-5dac-46d6-92e0-3f954e222f9f/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/50811143-5dac-46d6-92e0-3f954e222f9f/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/50811143-5dac-46d6-92e0-3f954e222f9f/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/50811143-5dac-46d6-92e0-3f954e222f9f/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
cli.azure.cli.core.azclierror: Traceback (most recent call last):
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
    cmd_result = self.invocation.execute(args)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 663, in execute
    raise ex
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 726, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 697, in _run_job
    result = cmd_copy(params)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_command.py", line 149, in __call__
    return self._handler(*args, **kwargs)
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 31, in _handler
    self._execute_operations()
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1105, in _execute_operations
    self.DataConnectorsCreateOrUpdate(ctx=self.ctx)()
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1115, in __call__
    request = self.make_request()
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_operation.py", line 318, in make_request
    self.content, self.form_content, self.stream_content)
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1209, in content
    _builder.discriminate_by("kind", "APIPolling")
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_content_builder.py", line 159, in discriminate_by
    schema.discriminate_by(prop_name, prop_value)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_field_type.py", line 243, in discriminate_by
    raise AAZUnknownFieldError(self, key)
azure.cli.core.aaz.exceptions.AAZUnknownFieldError: Model 'AAZObjectType' has no field named 'kind'

cli.azure.cli.core.azclierror: The command failed with an unexpected error. Here is the traceback:
az_command_data_logger: The command failed with an unexpected error. Here is the traceback:
cli.azure.cli.core.azclierror: Model 'AAZObjectType' has no field named 'kind'
Traceback (most recent call last):
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
    cmd_result = self.invocation.execute(args)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 663, in execute
    raise ex
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 726, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 697, in _run_job
    result = cmd_copy(params)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_command.py", line 149, in __call__
    return self._handler(*args, **kwargs)
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 31, in _handler
    self._execute_operations()
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1105, in _execute_operations
    self.DataConnectorsCreateOrUpdate(ctx=self.ctx)()
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1115, in __call__
    request = self.make_request()
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_operation.py", line 318, in make_request
    self.content, self.form_content, self.stream_content)
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1209, in content
    _builder.discriminate_by("kind", "APIPolling")
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_content_builder.py", line 159, in discriminate_by
    schema.discriminate_by(prop_name, prop_value)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_field_type.py", line 243, in discriminate_by
    raise AAZUnknownFieldError(self, key)
azure.cli.core.aaz.exceptions.AAZUnknownFieldError: Model 'AAZObjectType' has no field named 'kind'
az_command_data_logger: Model 'AAZObjectType' has no field named 'kind'
Traceback (most recent call last):
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
    cmd_result = self.invocation.execute(args)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 663, in execute
    raise ex
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 726, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 697, in _run_job
    result = cmd_copy(params)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_command.py", line 149, in __call__
    return self._handler(*args, **kwargs)
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 31, in _handler
    self._execute_operations()
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1105, in _execute_operations
    self.DataConnectorsCreateOrUpdate(ctx=self.ctx)()
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1115, in __call__
    request = self.make_request()
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_operation.py", line 318, in make_request
    self.content, self.form_content, self.stream_content)
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1209, in content
    _builder.discriminate_by("kind", "APIPolling")
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_content_builder.py", line 159, in discriminate_by
    schema.discriminate_by(prop_name, prop_value)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_field_type.py", line 243, in discriminate_by
    raise AAZUnknownFieldError(self, key)
azure.cli.core.aaz.exceptions.AAZUnknownFieldError: Model 'AAZObjectType' has no field named 'kind'
To check existing issues, please visit: https://github.com/Azure/azure-cli/issues
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x105b0ec20>]
az_command_data_logger: exit code: 1
cli.__main__: Command ran in 0.154 seconds (init: 0.052, invoke: 0.102)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 7558 in cache
telemetry.check: Negative: The /Users/me/.azure/telemetry.txt was modified at 2023-08-04 12:05:17.665744, which in less than 600.000000 s

Expected behavior

The command should have finished with a success code, and the data connector should have been created on Azure Sentinel

Environment Summary

{
  "azure-cli": "2.50.0",
  "azure-cli-core": "2.50.0",
  "azure-cli-telemetry": "1.0.8",
  "extensions": {
    "account": "0.2.5",
    "azure-devops": "0.26.0",
    "resource-graph": "2.1.0",
    "sentinel": "0.2.0"
  }
}

Additional context

No response

Author: celsocoutinho-tangany
Assignees: necusjz
Labels:

bug, Service Attention, customer-reported, needs-team-attention, SecurityInsights
Milestone: Backlog

@navba-MSFT
Copy link
Contributor

Adding service team to look into this.

@celsocoutinho-tangany
Copy link
Author

Hi @necusjz!

Have you had any chance to look into this issue? It should be the same problem that causes this other issue.

In case this is not a priority, do you have a workaround maybe?

@necusjz
Copy link
Member

necusjz commented Aug 17, 2023

@celsocoutinho-tangany It seems --azure-active-directory needs to be filled.

@celsocoutinho-tangany
Copy link
Author

What exactly needs to be passed in that parameter? I don't really understand what is meant byTry ?? to show more, in the documentation.

Could you give me an example of a working command? For example, for the AzureActiveDirectory data connector, how would I need to change the command below in order to activate it?

az sentinel data-connector create --data-connector-id AzureActiveDirectory \
	--resource-group my-rg \
	--workspace-name my-workspace \
	--subscription my-subscription \
         --azure-active-directory ??

@necusjz
Copy link
Member

necusjz commented Aug 17, 2023
edited
Loading

It comes from shorthand syntax, e.g.,

image

and

image

Ref: https://github.com/Azure/azure-cli/blob/dev/doc/shorthand_syntax.md

@celsocoutinho-tangany
Copy link
Author

Thank you! I have managed to do some progress I think, with the command below:

az sentinel data-connector create --data-connector-id AzureActiveDirectory \
	--resource-group my-rg \
	--workspace-name my-workspace \
	--subscription my-subscription \
        --azure-active-directory "{data-types:{alerts:{state:Enabled}},tenant-id:my-tenant-id}"

I am now getting the following error, which is strange because I have all the required permissions. I am able to do it manually on Azure Portal. Any idea what the problem is?

(Unauthorized) Access denied
Code: Unauthorized
Message: Access denied

@Kaloszer
Copy link

@celsocoutinho-tangany Security Administrator/Global Administrator role on the account? It's odd that it works through portal and not through CLI. I feel like I'm having a similar issue trying to get it done through bicep.

@celsocoutinho-tangany
Copy link
Author

@Kaloszer I have Contributor rights on the subscription where the Log Analytics Workspace is deployed. Why would I need permissions on Azure AD to run this command? 🤔

@Kaloszer
Copy link

Kaloszer commented Aug 21, 2023
edited
Loading

@celsocoutinho-tangany voodoo magic, what else, there's no permissions required defined anywhere in the docs for data connectors, maybe for some you can find articles (eg. Microsoft 365 Defender in an article from 2020 says Global Administrator), Azure Activity (legacy connector says Security Administrator) - the new one deploys using Azure Policy so there's another set of permissions required again (which is again, not defined anywhere in the docs that I could find :/ )

@edit

For the bicep deployment Security Administrator is not enough, it does not seem to have "/providers/Microsoft.aadiam" scope in it. So it needs to be added manually

@necusjz
Copy link
Member

necusjz commented Aug 22, 2023

Could you please provide the debug log by appending --debug?

@celsocoutinho-tangany
Copy link
Author

@necusjz here it is:

cli.knack.cli: Command arguments: ['sentinel', 'data-connector', 'create', '--data-connector-id', 'AzureActiveDirectory', '--resource-group', 'my-rg', '--workspace-name', 'my-workspace', '--subscription', 'siem-prod', '--azure-active-directory', '{data-types:{alerts:{state:Enabled}},tenant-id:my-tenant-id}', '--debug']
cli.knack.cli: __init__ debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x1013c1fc0>, <function OutputProducer.on_global_arguments at 0x10144eb90>, <function CLIQuery.on_global_arguments at 0x1014bc040>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'sentinel': ['azext_sentinel']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name                  Load Time    Groups  Commands
cli.azure.cli.core: Total (0)                 0.000         0         0
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name                  Load Time    Groups  Commands  Directory
cli.azure.cli.core: sentinel                  0.058        17        21  /Users/me/.azure/cliextensions/sentinel
cli.azure.cli.core: Total (1)                 0.058        17        21  
cli.azure.cli.core: Loaded 17 groups, 21 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command  : sentinel data-connector create
cli.azure.cli.core: Command table: sentinel data-connector create
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x101f65cf0>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/Users/me/.azure/commands/2023-08-22.14-06-13.sentinel_data-connector_create.72626.log'.
az_command_data_logger: command args: sentinel data-connector create --data-connector-id {} --resource-group {} --workspace-name {} --subscription {} --azure-active-directory {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument.<locals>.add_subscription_parameter at 0x101f76680>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument.<locals>.add_ids_arguments at 0x10205c1f0>, <function register_cache_arguments.<locals>.add_cache_arguments at 0x10205c310>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x10144ec20>, <function CLIQuery.handle_query_parameter at 0x1014bc0d0>, <function register_ids_argument.<locals>.parse_ids_arguments at 0x10205c280>]
az_command_data_logger: extension name: sentinel
az_command_data_logger: extension version: 0.2.0
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
cli.azure.cli.core.auth.persistence: build_persistence: location='/Users/me/.azure/msal_token_cache.json', encrypt=False
cli.azure.cli.core.auth.binary_cache: load: /Users/me/.azure/msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/my-tenant-id/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/my-tenant-id/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/my-tenant-id/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/my-tenant-id/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/my-tenant-id/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/my-tenant-id/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/my-tenant-id/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 437e2a74-1d51-4af4-9e3f-09cf8c78b8f1
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/my-subscription/resourceGroups/my-rg/providers/Microsoft.OperationalInsights/workspaces/my-workspace/providers/Microsoft.SecurityInsights/dataConnectors/AzureActiveDirectory?api-version=2022-06-01-preview'
cli.azure.cli.core.sdk.policies: Request method: 'PUT'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies:     'Content-Type': 'application/json'
cli.azure.cli.core.sdk.policies:     'Accept': 'application/json'
cli.azure.cli.core.sdk.policies:     'Content-Length': '147'
cli.azure.cli.core.sdk.policies:     'x-ms-client-request-id': '4a50cbf2-40e4-11ee-97bf-7640d5f61569'
cli.azure.cli.core.sdk.policies:     'CommandName': 'sentinel data-connector create'
cli.azure.cli.core.sdk.policies:     'ParameterSetName': '--data-connector-id --resource-group --workspace-name --subscription --azure-active-directory --debug'
cli.azure.cli.core.sdk.policies:     'User-Agent': 'AZURECLI/2.50.0 (HOMEBREW) (AAZ) azsdk-python-core/1.26.0 Python/3.10.12 (macOS-13.4.1-arm64-arm-64bit)'
cli.azure.cli.core.sdk.policies:     'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: {"kind": "AzureActiveDirectory", "properties": {"dataTypes": {"alerts": {"state": "Enabled"}}, "tenantId": "my-tenant-id"}}
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "PUT /subscriptions/my-subscription/resourceGroups/my-rg/providers/Microsoft.OperationalInsights/workspaces/my-workspace/providers/Microsoft.SecurityInsights/dataConnectors/AzureActiveDirectory?api-version=2022-06-01-preview HTTP/1.1" 401 59
cli.azure.cli.core.sdk.policies: Response status: 401
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies:     'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies:     'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies:     'Content-Length': '59'
cli.azure.cli.core.sdk.policies:     'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies:     'Expires': '-1'
cli.azure.cli.core.sdk.policies:     'x-ms-ratelimit-remaining-subscription-resource-requests': '499'
cli.azure.cli.core.sdk.policies:     'x-ms-request-id': 'c5685d3c-7547-4e70-a368-1cc2ffe01ff7'
cli.azure.cli.core.sdk.policies:     'x-ms-correlation-request-id': 'c5685d3c-7547-4e70-a368-1cc2ffe01ff7'
cli.azure.cli.core.sdk.policies:     'x-ms-routing-request-id': 'GERMANYWESTCENTRAL:20230822T120615Z:c5685d3c-7547-4e70-a368-1cc2ffe01ff7'
cli.azure.cli.core.sdk.policies:     'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies:     'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies:     'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies:     'X-MSEdge-Ref': 'Ref A: 0A7473DCB37D481A89AD05576FF5FA2B Ref B: FRA231050414029 Ref C: 2023-08-22T12:06:14Z'
cli.azure.cli.core.sdk.policies:     'Date': 'Tue, 22 Aug 2023 12:06:15 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"error":{"code":"Unauthorized","message":"Access denied"}}
cli.azure.cli.core.azclierror: Traceback (most recent call last):
  File "/opt/homebrew/Cellar/azure-cli/2.50.0_1/libexec/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
    cmd_result = self.invocation.execute(args)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0_1/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 663, in execute
    raise ex
  File "/opt/homebrew/Cellar/azure-cli/2.50.0_1/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 726, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "/opt/homebrew/Cellar/azure-cli/2.50.0_1/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 697, in _run_job
    result = cmd_copy(params)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0_1/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_command.py", line 149, in __call__
    return self._handler(*args, **kwargs)
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 31, in _handler
    self._execute_operations()
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1105, in _execute_operations
    self.DataConnectorsCreateOrUpdate(ctx=self.ctx)()
  File "/Users/me/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1120, in __call__
    return self.on_error(session.http_response)
  File "/opt/homebrew/Cellar/azure-cli/2.50.0_1/libexec/lib/python3.10/site-packages/azure/cli/core/aaz/_operation.py", line 329, in on_error
    raise error_type(response=response)
azure.core.exceptions.ClientAuthenticationError: (Unauthorized) Access denied
Code: Unauthorized
Message: Access denied

cli.azure.cli.core.azclierror: (Unauthorized) Access denied
Code: Unauthorized
Message: Access denied
az_command_data_logger: (Unauthorized) Access denied
Code: Unauthorized
Message: Access denied
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x101f65f30>]
az_command_data_logger: exit code: 1
cli.__main__: Command ran in 1.606 seconds (init: 0.050, invoke: 1.555)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 3754 in cache
telemetry.check: Negative: The /Users/me/.azure/telemetry.txt was modified at 2023-08-22 14:01:40.599337, which in less than 600.000000 s

@necusjz
Copy link
Member

necusjz commented Aug 23, 2023

Thank you for your info, I'll contact service team for the root cause.

@celsocoutinho-tangany
Copy link
Author

Hi @necusjz ! Has there been any progress here?

@necusjz
Copy link
Member

necusjz commented Sep 19, 2023

Hi @necusjz ! Has there been any progress here?

Please refer to #27190.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@necusjz necusjz

Labels
bug This issue requires a change to an existing behavior in the product in order to be resolved. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention This issue needs attention from Azure service team or SDK team SecurityInsights Service Attention This issue is responsible by Azure service team.
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
7 participants
@jiasli @necusjz @jsntcy @yonzhan @navba-MSFT @Kaloszer @celsocoutinho-tangany