search

Azure / azure-cli

Azure Command-Line Interface
MIT License
4.04k stars 3.01k forks source link

Azure Data Connector cli doesn't work #27190

Open zoxendine opened 1 year ago

zoxendine commented 1 year ago

Describe the bug

the azure data connector create does not create the desired data connection

Related command

az sentinel data-connector create -n AzureActivity -g rg -w workspace

Errors

The command failed with an unexpected error. Here is the traceback: "Model 'AAZObjectType' has no field named 'kind'" Traceback (most recent call last): File "/usr/lib64/az/lib/python3.9/site-packages/knack/cli.py", line 233, in invoke cmd_result = self.invocation.execute(args) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 663, in execute raise ex File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 726, in _run_jobs_serially results.append(self._run_job(expanded_arg, cmd_copy)) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 697, in _run_job result = cmd_copy(params) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_command.py", line 154, in call return self._handler(*args, **kwargs) File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 31, in _handler self._execute_operations() File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1105, in _execute_operations self.DataConnectorsCreateOrUpdate(ctx=self.ctx)() File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1115, in call request = self.make_request() File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_operation.py", line 318, in make_request self.content, self.form_content, self.stream_content) File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1209, in content _builder.discriminate_by("kind", "APIPolling") File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_content_builder.py", line 159, in discriminate_by schema.discriminate_by(prop_name, prop_value) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_field_type.py", line 243, in discriminate_by raise AAZUnknownFieldError(self, key) azure.cli.core.aaz.exceptions.AAZUnknownFieldError: "Model 'AAZObjectType' has no field named 'kind'"

Issue script & Debug output

msal.application: Broker enabled? False cli.azure.cli.core.azclierror: Traceback (most recent call last): File "/usr/lib64/az/lib/python3.9/site-packages/knack/cli.py", line 233, in invoke cmd_result = self.invocation.execute(args) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 663, in execute raise ex File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 726, in _run_jobs_serially results.append(self._run_job(expanded_arg, cmd_copy)) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 697, in _run_job result = cmd_copy(params) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_command.py", line 154, in call return self._handler(*args, **kwargs) File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 31, in _handler self._execute_operations() File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1105, in _execute_operations self.DataConnectorsCreateOrUpdate(ctx=self.ctx)() File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1115, in call request = self.make_request() File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_operation.py", line 318, in make_request self.content, self.form_content, self.stream_content) File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1209, in content _builder.discriminate_by("kind", "APIPolling") File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_content_builder.py", line 159, in discriminate_by schema.discriminate_by(prop_name, prop_value) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_field_type.py", line 243, in discriminate_by raise AAZUnknownFieldError(self, key) azure.cli.core.aaz.exceptions.AAZUnknownFieldError: "Model 'AAZObjectType' has no field named 'kind'"

cli.azure.cli.core.azclierror: The command failed with an unexpected error. Here is the traceback: az_command_data_logger: The command failed with an unexpected error. Here is the traceback: cli.azure.cli.core.azclierror: "Model 'AAZObjectType' has no field named 'kind'" Traceback (most recent call last): File "/usr/lib64/az/lib/python3.9/site-packages/knack/cli.py", line 233, in invoke cmd_result = self.invocation.execute(args) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 663, in execute raise ex File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 726, in _run_jobs_serially results.append(self._run_job(expanded_arg, cmd_copy)) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 697, in _run_job result = cmd_copy(params) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_command.py", line 154, in call return self._handler(*args, *kwargs) File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 31, in _handler self._execute_operations() File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1105, in _execute_operations self.DataConnectorsCreateOrUpdate(ctx=self.ctx)() File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1115, in call request = self.make_request() File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_operation.py", line 318, in make_request self.content, self.form_content, self.stream_content) File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1209, in content _builder.discriminate_by("kind", "APIPolling") File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_content_builder.py", line 159, in discriminate_by schema.discriminate_by(prop_name, prop_value) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_field_type.py", line 243, in discriminate_by raise AAZUnknownFieldError(self, key) azure.cli.core.aaz.exceptions.AAZUnknownFieldError: "Model 'AAZObjectType' has no field named 'kind'" az_command_data_logger: "Model 'AAZObjectType' has no field named 'kind'" Traceback (most recent call last): File "/usr/lib64/az/lib/python3.9/site-packages/knack/cli.py", line 233, in invoke cmd_result = self.invocation.execute(args) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 663, in execute raise ex File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 726, in _run_jobs_serially results.append(self._run_job(expanded_arg, cmd_copy)) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 697, in _run_job result = cmd_copy(params) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_command.py", line 154, in call return self._handler(args, **kwargs) File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 31, in _handler self._execute_operations() File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1105, in _execute_operations self.DataConnectorsCreateOrUpdate(ctx=self.ctx)() File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1115, in call request = self.make_request() File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_operation.py", line 318, in make_request self.content, self.form_content, self.stream_content) File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1209, in content _builder.discriminate_by("kind", "APIPolling") File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_content_builder.py", line 159, in discriminate_by schema.discriminate_by(prop_name, prop_value) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_field_type.py", line 243, in discriminate_by raise AAZUnknownFieldError(self, key) azure.cli.core.aaz.exceptions.AAZUnknownFieldError: "Model 'AAZObjectType' has no field named 'kind'" To check existing issues, please visit: https://github.com/Azure/azure-cli/issues cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x7fb2bc4ea790>] az_command_data_logger: exit code: 1 cli.main: Command ran in 2.296 seconds (init: 1.040, invoke: 1.257) telemetry.main: Begin splitting cli events and extra events, total events: 1 telemetry.client: Accumulated 0 events. Flush the clients. telemetry.main: Finish splitting cli events and extra events, cli events: 1 telemetry.save: Save telemetry record of length 7412 in cache telemetry.main: Begin creating telemetry upload process. telemetry.process: Creating upload process: "/usr/bin/python3.9 /usr/lib64/az/lib/python3.9/site-packages/azure/cli/telemetry/init.py /home/vagrant/.azure" telemetry.process: Return from creating process telemetry.main: Finish creating telemetry upload process.

Expected behavior

data connection work

Environment Summary

azure-cli 2.51

Additional context

No response

yonzhan commented 1 year ago

Thank you for opening this issue, we will look into it.

microsoft-github-policy-service[bot] commented 1 year ago

Thank you for your feedback. This has been routed to the support team for assistance.

jsntcy commented 1 year ago

@necusjz, please help take a look.

navba-MSFT commented 1 year ago

@zoxendine Thanks for reaching out to us and reporting this issue. While running the az sentinel data-connector create CLI command please pass the --azure-active-directory parameter as shown below and check if that helps.

image

More info here.

zoxendine commented 1 year ago

@navba-MSFT Why is active-directory required for Azure Activity? What permissions are required for sentinel connections with AAD as I can't find any documentation with this information, as I am seeing a permissions error that must be due to AAD access as I was able to use the data connector for defender with no errors.

az sentinel data-connector create --data-connector-id AzureActivity \ --resource-group my-rg \ --workspace-name my-workspace \ --azure-active-directory "{data-types:{alerts:{state:Enabled}},tenant-id:my-tenant-id}" This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus (Unauthorized) Access denied Code: Unauthorized Message: Access denied

necusjz commented 1 year ago

@zoxendine What about other similar arguments? Is there any argument meet your scenario? If so, then try to fill it.

image

zoxendine commented 1 year ago

I get access denied when attempt to create an AAD connection. We need to know what perms are required for these data connections to take place

az sentinel data-connector create --data-connector-id AzureActiveDirectory --resource-group rg --workspace-nameworkspace --azure-active-directory "{data-types:{alerts:{state:Enabled}},tenant-id:id" This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus (Unauthorized) Access denied Code: Unauthorized Message: Access denied

necusjz commented 1 year ago

Could you please provide the debug log by appending --debug?

microsoft-github-policy-service[bot] commented 1 year ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @amirkeren.

zoxendine commented 1 year ago

Could you please provide the debug log by appending --debug?

Still seeing an access denied issue are there no documentation on what perms are required for data connections?

`cli.azure.cli.core.sdk.policies: Request URL: 'https://management.usgovcloudapi.net/subscriptions/sub-id/resourceGroups/rg/providers/Microsoft.OperationalInsights/workspaces/workspace/providers/Microsoft.SecurityInsights/dataConnectors/AzureActiveDirectory?api-version=2022-06-01-preview' cli.azure.cli.core.sdk.policies: Request method: 'PUT' cli.azure.cli.core.sdk.policies: Request headers: cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json' cli.azure.cli.core.sdk.policies: 'Accept': 'application/json' cli.azure.cli.core.sdk.policies: 'Content-Length': '147' cli.azure.cli.core.sdk.policies: 'CommandName': 'sentinel data-connector create' cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--data-connector-id --resource-group --workspace-name --azure-active-directory --debug' cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.51.0 (RPM) (AAZ) azsdk-python-core/1.26.0 Python/3.9.16 (Linux-6.1.11-200.fc37.x86_64-x86_64-with-glibc2.36)' cli.azure.cli.core.sdk.policies: 'Authorization': '**' cli.azure.cli.core.sdk.policies: Request body: cli.azure.cli.core.sdk.policies: {"kind": "AzureActiveDirectory", "properties": {"dataTypes": {"alerts": {"state": "Enabled"}}, "tenantId": "id"}} urllib3.connectionpool: Starting new HTTPS connection (1): management.usgovcloudapi.n/id/resourceGroups/rg/providers/Microsoft.OperationalInsights/workspaces/workspace/providers/Microsoft.SecurityInsights/dataConnectors/AzureActiveDirectory?api-version=2022-06-01-preview HTTP/1.1" 401 59 cli.azure.cli.core.sdk.policies: Response status: 401 cli.azure.cli.core.sdk.policies: Response headers: cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache' cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache' cli.azure.cli.core.sdk.policies: 'Content-Length': '59' cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8' cli.azure.cli.core.sdk.policies: 'Expires': '-1' cli.azure.cli.core.sdk.policies: 'Server': 'Kestrel' cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-writes': '1199' cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff' cli.azure.cli.core.sdk.policies: 'Date': 'Tue, 22 Aug 2023 12:48:27 GMT' cli.azure.cli.core.sdk.policies: 'Connection': 'close' cli.azure.cli.core.sdk.policies: Response content: cli.azure.cli.core.sdk.policies: {"error":{"code":"Unauthorized","message":"Access denied"}} cli.azure.cli.core.azclierror: Traceback (most recent call last): File "/usr/lib64/az/lib/python3.9/site-packages/knack/cli.py", line 233, in invoke cmd_result = self.invocation.execute(args) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 663, in execute raise ex File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 726, in _run_jobs_serially results.append(self._run_job(expanded_arg, cmd_copy)) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 697, in _run_job result = cmd_copy(params) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_command.py", line 154, in call return self._handler(args, kwargs) File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 31, in _handler self._execute_operations() File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1105, in _execute_operations self.DataConnectorsCreateOrUpdate(ctx=self.ctx)() File "/home/vagrant/.azure/cliextensions/sentinel/azext_sentinel/aaz/latest/sentinel/data_connector/_create.py", line 1120, in call return self.on_error(session.http_response) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_operation.py", line 329, in on_error raise error_type(response=response) azure.core.exceptions.ClientAuthenticationError: (Unauthorized) Access denied Code: Unauthorized Message: Access denied

cli.azure.cli.core.azclierror: (Unauthorized) Access denied Code: Unauthorized Message: Access denied az_command_data_logger: (Unauthorized) Access denied Code: Unauthorized Message: Access denied cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x7f9c39929820>] az_command_data_logger: exit code: 1 cli.main: Command ran in 3.993 seconds (init: 1.243, invoke: 2.750) telemetry.main: Begin splitting cli events and extra events, total events: 1 telemetry.client: Accumulated 0 events. Flush the clients. telemetry.main: Finish splitting cli events and extra events, cli events: 1 telemetry.save: Save telemetry record of length 3725 in cache telemetry.main: Begin creating telemetry upload process. telemetry.process: Creating upload process: "/usr/bin/python3.9 /usr/lib64/az/lib/python3.9/site-packages/azure/cli/telemetry/init.py /home/vagrant/.azure" telemetry.process: Return from creating process telemetry.main: Finish creating telemetry upload process. `

necusjz commented 1 year ago

Thank you for your info, I'll contact service team for the root cause.

zoxendine commented 1 year ago

@necusjz Any update on this matter?

necusjz commented 1 year ago

@necusjz Any update on this matter?

Waiting for reply from service team.

zoxendine commented 1 year ago

Bumping for assistance @necusjz

necusjz commented 1 year ago

Bumping for assistance @necusjz

I'll keep you updated, but unfortunately...

zoxendine commented 1 year ago

Any updates?

necusjz commented 1 year ago

az sentinel data-connector create

No feedback from service team. But I found some hints from client telemetry, there are parameters of successful execution in recent 30 days:

image It seems --azure-security-center and --office365 may help your case.

Kaloszer commented 1 year ago

@necusjz

These are completely different data connectors so this does not help this case at all unfortunately. Azure Activity currently applies through policy and it had changed sometime back so my bet is that it had never been implemented in az cli.

zoxendine commented 1 year ago

Am I correct to assume that the az cli doesn't support/work with data connectors at this point; and this needs to be done manually through the Portal? I am also attempting to use terraform for automation but get authorization issues with that as well.

necusjz commented 1 year ago

Am I correct to assume that the az cli doesn't support/work with data connectors at this point; and this needs to be done manually through the Portal? I am also attempting to use terraform for automation but get authorization issues with that as well.

I think so.

Kaloszer commented 1 year ago

@necusjz

Any timeline or feedback on this issue. Can we expect az cli to implement these at some point? This is really an issue with automation of IaC steps. Applying the policy through code seems wonky and I couldn't get it to work under: https://github.com/Azure/Azure-Sentinel/issues/8871

I still have yet to raise a support case on that one but this is a blocker for us.

danwilcock commented 1 year ago

I have the same issue deploying through terraform. The service principle has data connector update perms but returns a 401. Any update? Details on perms for the user/spn creating the service connector through the apis would be helpful