yonzhan
commented
2 years ago @kairu-ms for awareness
Open peni19 opened 2 years ago
yonzhan
commented
2 years ago @kairu-ms for awareness
ghost
commented
2 years ago Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @SameergMS, @dadunl.
| Author: | peni19 |
|---|---|
| Assignees: | AllyW, kairu-ms |
| Labels: | `Service Attention`, `Monitor`, `question`, `customer-reported`, `Auto-Assign`, `Azure CLI Team` |
| Milestone: | Backlog |
ghost
commented
1 year ago Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @SameergMS, @dadunl.
| Author: | peni19 |
|---|---|
| Assignees: | AllyW, kairu-ms |
| Labels: | `Service Attention`, `Monitor`, `customer-reported`, `feature-request`, `Auto-Assign`, `Azure CLI Team` |
| Milestone: | Backlog |
SAS token for event hub requires “manage” to be accepted. Manage should not be required. Please remove this bug!
PS H:__AzureDevOps\AZUR.ManagedHSM\AZUR.ManagedHSM> az monitor diagnostic-settings create --name "*_to_event_hub" --resource $keyVaultID --logs '[{""category"": ""AuditEvent"", ""enabled"":true}]' --event-hub /subscriptions/****/resourceGroups/rt-002/providers/Microsoft.EventHub/namespaces/**/eventhubs/**** --event-hub-rule /subscriptions/***/resourceGroups/****-002/providers/Microsoft.EventHub/namespaces/**/authorizationRules/**** (BadRequest) If a valid EventHub name is not specified in the diagnostic setting, the EventHub authorization rule requires manage|send|listen access, this EventHub authorization rule does not have 'manage' access. Code: BadRequest Message: If a valid EventHub name is not specified in the diagnostic setting, the EventHub authorization rule requires manage|send|listen access, this EventHub authorization rule does not have 'manage' access.
If SAS token has “manage” permissions it works:
PS H:__AzureDevOps\AZUR.ManagedHSM\AZUR.ManagedHSM> az monitor diagnostic-settings create --name "mhsmlogs_to_event_hub" --resource $keyVaultID --logs '[{""category"": ""AuditEvent"", ""enabled"":true}]' --event-hub /subscriptions/***/resourceGroups/rg-log-mgmt-002/providers/Microsoft.EventHub/namespaces/****/eventhubs/* --event-hub-rule /subscriptions/***/resourcegroups/****/providers/Microsoft.EventHub/namespaces/evhn-logg-pr-swc-001/eventhubs/*/authorizationrules/** (BadRequest) "Resource type 'microsoft.eventhub/namespaces/eventhubs/authorizationrules' is invalid for property 'properties.eventHubAuthorizationRuleId'. Expected types are 'microsoft.servicebus/namespaces/authorizationrules', 'microsoft.eventhub/namespaces/authorizationrules'" Code: BadRequest Message: "Resource type 'microsoft.eventhub/namespaces/eventhubs/authorizationrules' is invalid for property 'properties.eventHubAuthorizationRuleId'. Expected types are 'microsoft.servicebus/namespaces/authorizationrules', 'microsoft.eventhub/namespaces/authorizationrules'"
This is the output from “az monitor diagnostic-settings list --resource $keyVaultID”
{ "eventHubAuthorizationRuleId": "/subscriptions/****/resourceGroups/*****-002/providers/Microsoft.EventHub/namespaces/**/authorizationRules/**", "eventHubName": "**", "id": "/subscriptions/****/resourcegroups/-001/providers/microsoft.keyvault/managedhsms/****/providers/microsoft.insights/diagnosticSettings/mhsmlogs_to_event_hub", "identity": null, "kind": null, "location": null, "logAnalyticsDestinationType": null, "logs": [ { "category": "AuditEvent", "categoryGroup": null, "enabled": true, "retentionPolicy": null } ], "marketplacePartnerId": null, "metrics": [], "name": "mhsmlogs_to_event_hub", "resourceGroup": "****r-001", "serviceBusRuleId": null, "storageAccountId": null, "systemData": null, "tags": null, "type": "Microsoft.Insights/diagnosticSettings", "workspaceId": null },
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.