Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Azure Data Connector cli doesn't work #27190

Open
zoxendine opened this issue Aug 17, 2023 · 22 comments
Open

Azure Data Connector cli doesn't work #27190

zoxendine opened this issue Aug 17, 2023 · 22 comments
Assignees
Labels
bug This issue requires a change to an existing behavior in the product in order to be resolved. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention This issue needs attention from Azure service team or SDK team SecurityInsights Service Attention This issue is responsible by Azure service team.
Milestone

Comments

@zoxendine
Copy link

Describe the bug

the azure data connector create does not create the desired data connection

Related command

az sentinel data-connector create -n AzureActivity -g rg -w workspace

Errors

The command failed with an unexpected error. Here is the traceback:
"Model 'AAZObjectType' has no field named 'kind'"
Traceback (most recent call last):
File "/usr/lib64/az/lib/python3.9/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 663, in execute
raise ex
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 726, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 697, in _run_job
result = cmd_copy(params)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_command.py", line 154, in call
return self._handler(*args, **kwargs)
File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 31, in _handler
self._execute_operations()
File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1105, in _execute_operations
self.DataConnectorsCreateOrUpdate(ctx=self.ctx)()
File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1115, in call
request = self.make_request()
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_operation.py", line 318, in make_request
self.content, self.form_content, self.stream_content)
File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1209, in content
_builder.discriminate_by("kind", "APIPolling")
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_content_builder.py", line 159, in discriminate_by
schema.discriminate_by(prop_name, prop_value)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_field_type.py", line 243, in discriminate_by
raise AAZUnknownFieldError(self, key)
azure.cli.core.aaz.exceptions.AAZUnknownFieldError: "Model 'AAZObjectType' has no field named 'kind'"

Issue script & Debug output

msal.application: Broker enabled? False
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "/usr/lib64/az/lib/python3.9/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 663, in execute
raise ex
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 726, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 697, in _run_job
result = cmd_copy(params)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_command.py", line 154, in call
return self._handler(*args, **kwargs)
File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 31, in _handler
self._execute_operations()
File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1105, in _execute_operations
self.DataConnectorsCreateOrUpdate(ctx=self.ctx)()
File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1115, in call
request = self.make_request()
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_operation.py", line 318, in make_request
self.content, self.form_content, self.stream_content)
File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1209, in content
_builder.discriminate_by("kind", "APIPolling")
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_content_builder.py", line 159, in discriminate_by
schema.discriminate_by(prop_name, prop_value)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_field_type.py", line 243, in discriminate_by
raise AAZUnknownFieldError(self, key)
azure.cli.core.aaz.exceptions.AAZUnknownFieldError: "Model 'AAZObjectType' has no field named 'kind'"

cli.azure.cli.core.azclierror: The command failed with an unexpected error. Here is the traceback:
az_command_data_logger: The command failed with an unexpected error. Here is the traceback:
cli.azure.cli.core.azclierror: "Model 'AAZObjectType' has no field named 'kind'"
Traceback (most recent call last):
File "/usr/lib64/az/lib/python3.9/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 663, in execute
raise ex
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 726, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 697, in _run_job
result = cmd_copy(params)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_command.py", line 154, in call
return self._handler(*args, **kwargs)
File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 31, in _handler
self._execute_operations()
File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1105, in _execute_operations
self.DataConnectorsCreateOrUpdate(ctx=self.ctx)()
File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1115, in call
request = self.make_request()
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_operation.py", line 318, in make_request
self.content, self.form_content, self.stream_content)
File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1209, in content
_builder.discriminate_by("kind", "APIPolling")
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_content_builder.py", line 159, in discriminate_by
schema.discriminate_by(prop_name, prop_value)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_field_type.py", line 243, in discriminate_by
raise AAZUnknownFieldError(self, key)
azure.cli.core.aaz.exceptions.AAZUnknownFieldError: "Model 'AAZObjectType' has no field named 'kind'"
az_command_data_logger: "Model 'AAZObjectType' has no field named 'kind'"
Traceback (most recent call last):
File "/usr/lib64/az/lib/python3.9/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 663, in execute
raise ex
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 726, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 697, in _run_job
result = cmd_copy(params)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_command.py", line 154, in call
return self._handler(*args, **kwargs)
File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 31, in _handler
self._execute_operations()
File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1105, in _execute_operations
self.DataConnectorsCreateOrUpdate(ctx=self.ctx)()
File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1115, in call
request = self.make_request()
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_operation.py", line 318, in make_request
self.content, self.form_content, self.stream_content)
File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1209, in content
_builder.discriminate_by("kind", "APIPolling")
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_content_builder.py", line 159, in discriminate_by
schema.discriminate_by(prop_name, prop_value)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_field_type.py", line 243, in discriminate_by
raise AAZUnknownFieldError(self, key)
azure.cli.core.aaz.exceptions.AAZUnknownFieldError: "Model 'AAZObjectType' has no field named 'kind'"
To check existing issues, please visit: https://github.com/Azure/azure-cli/issues
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x7fb2bc4ea790>]
az_command_data_logger: exit code: 1
cli.main: Command ran in 2.296 seconds (init: 1.040, invoke: 1.257)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 7412 in cache
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "/usr/bin/python3.9 /usr/lib64/az/lib/python3.9/site-packages/azure/cli/telemetry/init.py /home/vagrant/.azure"
telemetry.process: Return from creating process
telemetry.main: Finish creating telemetry upload process.

Expected behavior

data connection work

Environment Summary

azure-cli 2.51

Additional context

No response

@zoxendine zoxendine added the bug This issue requires a change to an existing behavior in the product in order to be resolved. label Aug 17, 2023
@microsoft-github-policy-service microsoft-github-policy-service bot added the customer-reported Issues that are reported by GitHub users external to the Azure organization. label Aug 17, 2023
@yonzhan
Copy link
Collaborator

yonzhan commented Aug 17, 2023

Thank you for opening this issue, we will look into it.

@yonzhan yonzhan added the CXP Attention This issue is handled by CXP team. label Aug 18, 2023
@microsoft-github-policy-service
Copy link
Contributor

Thank you for your feedback. This has been routed to the support team for assistance.

@jsntcy
Copy link
Member

jsntcy commented Aug 18, 2023

@necusjz, please help take a look.

@jsntcy jsntcy added this to the Backlog milestone Aug 18, 2023
@navba-MSFT navba-MSFT self-assigned this Aug 18, 2023
@navba-MSFT
Copy link
Contributor

@zoxendine Thanks for reaching out to us and reporting this issue. While running the az sentinel data-connector create CLI command please pass the --azure-active-directory parameter as shown below and check if that helps.

image

More info here.

@navba-MSFT navba-MSFT added the needs-author-feedback More information is needed from author to address the issue. label Aug 18, 2023
@zoxendine
Copy link
Author

@navba-MSFT Why is active-directory required for Azure Activity? What permissions are required for sentinel connections with AAD as I can't find any documentation with this information, as I am seeing a permissions error that must be due to AAD access as I was able to use the data connector for defender with no errors.

az sentinel data-connector create --data-connector-id AzureActivity \ --resource-group my-rg \ --workspace-name my-workspace \ --azure-active-directory "{data-types:{alerts:{state:Enabled}},tenant-id:my-tenant-id}" This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus (Unauthorized) Access denied Code: Unauthorized Message: Access denied

@microsoft-github-policy-service microsoft-github-policy-service bot added needs-team-attention This issue needs attention from Azure service team or SDK team and removed needs-author-feedback More information is needed from author to address the issue. labels Aug 18, 2023
@necusjz
Copy link
Member

necusjz commented Aug 21, 2023

@zoxendine What about other similar arguments? Is there any argument meet your scenario? If so, then try to fill it.

image

@navba-MSFT navba-MSFT added needs-author-feedback More information is needed from author to address the issue. and removed needs-team-attention This issue needs attention from Azure service team or SDK team labels Aug 21, 2023
@zoxendine
Copy link
Author

I get access denied when attempt to create an AAD connection. We need to know what perms are required for these data connections to take place

az sentinel data-connector create --data-connector-id AzureActiveDirectory --resource-group rg --workspace-nameworkspace --azure-active-directory "{data-types:{alerts:{state:Enabled}},tenant-id:id" This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus (Unauthorized) Access denied Code: Unauthorized Message: Access denied

@microsoft-github-policy-service microsoft-github-policy-service bot added needs-team-attention This issue needs attention from Azure service team or SDK team and removed needs-author-feedback More information is needed from author to address the issue. labels Aug 21, 2023
@necusjz necusjz added the Service Attention This issue is responsible by Azure service team. label Aug 22, 2023
@necusjz
Copy link
Member

necusjz commented Aug 22, 2023

Could you please provide the debug log by appending --debug?

@microsoft-github-policy-service
Copy link
Contributor

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @amirkeren.

@zoxendine
Copy link
Author

Could you please provide the debug log by appending --debug?

Still seeing an access denied issue are there no documentation on what perms are required for data connections?

`cli.azure.cli.core.sdk.policies: Request URL: 'https://management.usgovcloudapi.net/subscriptions/sub-id/resourceGroups/rg/providers/Microsoft.OperationalInsights/workspaces/workspace/providers/Microsoft.SecurityInsights/dataConnectors/AzureActiveDirectory?api-version=2022-06-01-preview'
cli.azure.cli.core.sdk.policies: Request method: 'PUT'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json'
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'Content-Length': '147'
cli.azure.cli.core.sdk.policies: 'CommandName': 'sentinel data-connector create'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--data-connector-id --resource-group --workspace-name --azure-active-directory --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.51.0 (RPM) (AAZ) azsdk-python-core/1.26.0 Python/3.9.16 (Linux-6.1.11-200.fc37.x86_64-x86_64-with-glibc2.36)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: {"kind": "AzureActiveDirectory", "properties": {"dataTypes": {"alerts": {"state": "Enabled"}}, "tenantId": "id"}}
urllib3.connectionpool: Starting new HTTPS connection (1): management.usgovcloudapi.n/id/resourceGroups/rg/providers/Microsoft.OperationalInsights/workspaces/workspace/providers/Microsoft.SecurityInsights/dataConnectors/AzureActiveDirectory?api-version=2022-06-01-preview HTTP/1.1" 401 59
cli.azure.cli.core.sdk.policies: Response status: 401
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '59'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'Server': 'Kestrel'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-writes': '1199'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'Date': 'Tue, 22 Aug 2023 12:48:27 GMT'
cli.azure.cli.core.sdk.policies: 'Connection': 'close'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"error":{"code":"Unauthorized","message":"Access denied"}}
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "/usr/lib64/az/lib/python3.9/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 663, in execute
raise ex
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 726, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 697, in _run_job
result = cmd_copy(params)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_command.py", line 154, in call
return self._handler(*args, **kwargs)
File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 31, in _handler
self._execute_operations()
File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1105, in _execute_operations
self.DataConnectorsCreateOrUpdate(ctx=self.ctx)()
File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1120, in call
return self.on_error(session.http_response)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_operation.py", line 329, in on_error
raise error_type(response=response)
azure.core.exceptions.ClientAuthenticationError: (Unauthorized) Access denied
Code: Unauthorized
Message: Access denied

cli.azure.cli.core.azclierror: (Unauthorized) Access denied
Code: Unauthorized
Message: Access denied
az_command_data_logger: (Unauthorized) Access denied
Code: Unauthorized
Message: Access denied
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x7f9c39929820>]
az_command_data_logger: exit code: 1
cli.main: Command ran in 3.993 seconds (init: 1.243, invoke: 2.750)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 3725 in cache
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "/usr/bin/python3.9 /usr/lib64/az/lib/python3.9/site-packages/azure/cli/telemetry/init.py /home/vagrant/.azure"
telemetry.process: Return from creating process
telemetry.main: Finish creating telemetry upload process.
`

@necusjz
Copy link
Member

necusjz commented Aug 23, 2023

Thank you for your info, I'll contact service team for the root cause.

@zoxendine
Copy link
Author

@necusjz Any update on this matter?

@necusjz
Copy link
Member

necusjz commented Aug 28, 2023

@necusjz Any update on this matter?

Waiting for reply from service team.

@zoxendine
Copy link
Author

Bumping for assistance @necusjz

@necusjz
Copy link
Member

necusjz commented Sep 1, 2023

Bumping for assistance @necusjz

I'll keep you updated, but unfortunately...

@navba-MSFT navba-MSFT removed their assignment Sep 5, 2023
@navba-MSFT navba-MSFT removed the CXP Attention This issue is handled by CXP team. label Sep 5, 2023
@zoxendine
Copy link
Author

Any updates?

@necusjz
Copy link
Member

necusjz commented Sep 11, 2023

az sentinel data-connector create

No feedback from service team. But I found some hints from client telemetry, there are parameters of successful execution in recent 30 days:

image
It seems --azure-security-center and --office365 may help your case.

@Kaloszer
Copy link

@necusjz

These are completely different data connectors so this does not help this case at all unfortunately. Azure Activity currently applies through policy and it had changed sometime back so my bet is that it had never been implemented in az cli.

@zoxendine
Copy link
Author

Am I correct to assume that the az cli doesn't support/work with data connectors at this point; and this needs to be done manually through the Portal? I am also attempting to use terraform for automation but get authorization issues with that as well.

@necusjz
Copy link
Member

necusjz commented Sep 13, 2023

Am I correct to assume that the az cli doesn't support/work with data connectors at this point; and this needs to be done manually through the Portal? I am also attempting to use terraform for automation but get authorization issues with that as well.

I think so.

@Kaloszer
Copy link

@necusjz

Any timeline or feedback on this issue. Can we expect az cli to implement these at some point? This is really an issue with automation of IaC steps. Applying the policy through code seems wonky and I couldn't get it to work under:
Azure/Azure-Sentinel#8871

I still have yet to raise a support case on that one but this is a blocker for us.

@danwilcock
Copy link

I have the same issue deploying through terraform. The service principle has data connector update perms but returns a 401. Any update? Details on perms for the user/spn creating the service connector through the apis would be helpful

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug This issue requires a change to an existing behavior in the product in order to be resolved. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention This issue needs attention from Azure service team or SDK team SecurityInsights Service Attention This issue is responsible by Azure service team.
Projects
None yet
Development

No branches or pull requests

7 participants