search

Azure / autorest.powershell

AutoRest PowerShell Generator
MIT License
113 stars 86 forks source link

Debug output missing #1115

Closed dicolanl closed 1 year ago

dicolanl commented 1 year ago

We are using autorest.powershell to generate a module for a non-azure API.

when running a cmdlet with -debug the output seems to be missing:

Get-ZNUser -Debug
DEBUG: CmdletBeginProcessing: 
DEBUG: CmdletProcessRecordStart: 
DEBUG: CmdletProcessRecordAsyncStart: 
DEBUG: CmdletGetPipeline: 
DEBUG: CmdletBeforeAPICall: 
DEBUG: URLCreated: /users?_limit=10
DEBUG: RequestCreated: /api/v1/users?_limit=10
DEBUG: HeaderParametersAdded: 
DEBUG: BeforeCall: 
DEBUG: ResponseCreated: 
DEBUG: BeforeResponseDispatch: 

DEBUG: Finally: 
DEBUG: CmdletAfterAPICall: 
DEBUG: CmdletProcessRecordAsyncEnd: 
DEBUG: CmdletProcessRecordEnd: 
DEBUG: CmdletEndProcessing:

But if you run it with an azure based cmdlet

EBUG: 10:22:53 AM - GetAzureRMContextCommand end processing.
DEBUG: [CmdletBeginProcessing]: Starting command
DEBUG: CmdletBeginProcessing:
DEBUG: CmdletProcessRecordStart:
DEBUG: CmdletGetPipeline:
DEBUG: CmdletBeforeAPICall:
DEBUG: URLCreated: /subscriptions/51a36d38-3b14-471f-8dde-a5867f5e51eb/resourceGroups/nicholas/providers/Microsoft.OperationalInsights/workspaces/zeronetworks/providers/Microsoft.SecurityInsights/alertRules?api-version=2021-09-01-preview
DEBUG: RequestCreated: /subscriptions/51a36d38-3b14-471f-8dde-a5867f5e51eb/resourceGroups/nicholas/providers/Microsoft.OperationalInsights/workspaces/zeronetworks/providers/Microsoft.SecurityInsights/alertRules?api-version=2021-09-01-preview
DEBUG: HeaderParametersAdded:
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://management.azure.com/subscriptions/51a36d38-3b14-471f-8dde-a5867f5e51eb/resourceGroups/nicholas/providers/Microsoft.OperationalInsights/workspaces/zeronetworks/providers/Microsoft.SecurityInsights/alertRules?api-version=2021-09-01-preview

Headers:
x-ms-unique-id                : 1
x-ms-client-request-id        : afd442f9-7377-4217-b9d3-552f8daae96f
CommandName                   : Get-AzSentinelAlertRule
FullCommandName               : Get-AzSentinelAlertRule_List
ParameterSetName              : __AllParameterSets
User-Agent                    : AzurePowershell/v7.3.0,PSVersion/v7.3.2,Az.SecurityInsights/2.0.0

Body:

DEBUG: BeforeCall:
DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
Server                        : Kestrel
x-ms-ratelimit-remaining-subscription-reads: 11999
x-ms-request-id               : 8c3542d5-52e0-4958-9f8d-1ea8ce421b50
x-ms-correlation-request-id   : 8c3542d5-52e0-4958-9f8d-1ea8ce421b50
x-ms-routing-request-id       : EASTUS2:20230215T152254Z:8c3542d5-52e0-4958-9f8d-1ea8ce421b50
Strict-Transport-Security     : max-age=31536000; includeSubDomains
X-Content-Type-Options        : nosniff
Date                          : Wed, 15 Feb 2023 15:22:54 GMT

Body:
{
  "value": [
    {
      "id": "/subscriptions/51a36d38-3b14-471f-8dde-a5867f5e51eb/resourceGroups/nicholas/providers/Microsoft.OperationalInsights/workspaces/zeronetworks/providers/Microsoft.SecurityInsights/alertRules/BuiltInFusion",
      "name": "BuiltInFusion",
      "etag": "\"9c00dcc7-0000-0100-0000-622287a20000\"",
      "type": "Microsoft.SecurityInsights/alertRules",
      "kind": "Fusion",
      "properties": {
        "displayName": "Advanced Multistage Attack Detection",
        "description": "Microsoft Sentinel uses Fusion, a correlation engine based on scalable machine learning algorithms, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nSince Fusion correlates multiple signals from various products to detect advanced multistage attacks, successful Fusion detections are presented as Fusion incidents on the Microsoft Sentinel Incidents page. This rule covers the following detections:\n- Fusion for emerging threats\n- Fusion for ransomware\n- Scenario-based Fusion detections (122 scenarios)\n\nTo enable these detections, we recommend you configure the following data connectors for best results:\n- Out-of-the-box anomaly detections\n- Azure Active Directory Identity Protection\n- Azure Defender\n- Azure Defender for IoT\n- Microsoft 365 Defender\n- Microsoft Cloud App Security    \n- Microsoft Defender for Endpoint\n- Microsoft Defender for Identity\n- Microsoft Defender for Office 365\n- Scheduled analytics rules, both built-in and those created by your security analysts. Analytics rules must contain kill-chain (tactics) and entity mapping information in order to be used by Fusion.\n\nFor the full description of each detection that is supported by Fusion, go to https://aka.ms/SentinelFusion.",
        "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8",
        "tactics": [
          "Collection",
          "CommandAndControl",
          "CredentialAccess",
          "DefenseEvasion",
          "Discovery",
          "Execution",
          "Exfiltration",
          "Impact",
          "InitialAccess",
          "LateralMovement",
          "Persistence",
          "PrivilegeEscalation"
        ],
        "severity": "High",
        "enabled": true,
        "lastModifiedUtc": "2022-03-04T21:41:54.7036016Z"
      }
    ......
DEBUG: ResponseCreated:
DEBUG: BeforeResponseDispatch:

DEBUG: Finally:
DEBUG: CmdletAfterAPICall:
DEBUG: [CmdletProcessRecordAsyncEnd]: Finish HTTP process
DEBUG: CmdletProcessRecordAsyncEnd:
DEBUG: CmdletProcessRecordEnd:
DEBUG: 10:22:54 AM - [ConfigManager] Got [True] from [EnableDataCollection], Module = [], Cmdlet = [].
DEBUG: AzureQoSEvent: Module: Az.SecurityInsights:2.0.0; CommandName: Get-AzSentinelAlertRule; PSVersion: 7.3.2; IsSuccess: True; Duration: 00:00:00.9993585

you get the request and response.

Does this only work with azure modules? or is there a directive missing?

dolauli commented 1 year ago

You will need to implement an EventListener by yourself. You may refer to here for details of the eventListener used in Azure. Then you will need to implement the partial function CustomInit() defined in generated/generated/Module.cs, in which you will need to assign your EventListener to the property EventListener defined in class Module.