Closed MatthewMWR closed 2 months ago
Thank you for opening this issue, we will look into it.
Please advise on what to expect from here. We have a customer facing private preview impacted by this. Also, can you help me understand the significance of the bug label having been removed and the question label added? If it has been confirmed this is not a bug but some kind of user error, please advise what the use error was.
Hi @yonzhan , friendly bump on this.
This is a known issue:
The example in the docs shows:
az policy definition create --name readOnlyStorage --rules "{ \"if\": \
{ \"field\": \"type\", \"equals\": \"Microsoft.Storage/storageAccounts/write\" }, \
\"then\": { \"effect\": \"deny\" } }"
What is passed to the --rules
argument is not the complete json file, but only the policyRule
block
Thank you for the clarification. I was assuming it would want the same input as portal and powershell workflows. Now I see the distinction.
Describe the bug
Using this policy definition json, I can successfully create a policy defintion using Azure Portal (Policy > Definitions > Add) or Az PowerShell (
New-AzPolicyDefintion
), butaz policy definition create
fails with the following:I have tried providing the JSON by URL, or by file. I have not tried inline as this is a complex JSON and cmdline escaping would be madness. I concede this could be user error. Perhaps this command is expecting different input that its Portal and PowerShell parallels?
Thanks
Related command
az policy definition create
Errors
(InvalidPolicyRule) Failed to parse policy rule: 'Could not find member 'properties' on object of type 'PolicyRuleDefinition'. Path 'properties'.'. Code: InvalidPolicyRule Message: Failed to parse policy rule: 'Could not find member 'properties' on object of type 'PolicyRuleDefinition'. Path 'properties'.'..
Issue script & Debug output
~ > az policy definition create --name "[Preview] SSH Posture Control policy" --rules https://raw.githubusercontent.com/Azure/azure-osconfig/main/src/adapters/mc/sshpreview/OsConfigPolicy_DeployIfNotExists.json --debug cli.knack.cli: Command arguments: ['policy', 'definition', 'create', '--name', '[Preview] SSH Posture Control policy', '--rules', 'https://raw.githubusercontent.com/Azure/azure-osconfig/main/src/adapters/mc/sshpreview/OsConfigPolicy_DeployIfNotExists.json', '--debug'] cli.knack.cli: init debug log: Enable color in terminal. cli.knack.cli: Event: Cli.PreExecute [] cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x7fb7ff46a1f0>, <function OutputProducer.on_global_arguments at 0x7fb7ff386d30>, <function CLIQuery.on_global_arguments at 0x7fb7ff31d310>] cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate [] cli.azure.cli.core: Modules found from index for 'policy': ['azure.cli.command_modules.policyinsights', 'azure.cli.command_modules.resource'] cli.azure.cli.core: Loading command modules: cli.azure.cli.core: Name Load Time Groups Commands cli.azure.cli.core: policyinsights 0.122 9 17 cli.azure.cli.core: resource 0.015 51 228 cli.azure.cli.core: Total (2) 0.137 60 245 cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_next'] cli.azure.cli.core: Loading extensions: cli.azure.cli.core: Name Load Time Groups Commands Directory cli.azure.cli.core: ai-examples 0.069 1 1 /usr/lib/python3.9/site-packages/azure-cli-extensions/ai-examples cli.azure.cli.core: Total (1) 0.069 1 1.add_subscription_parameter at 0x7fb7fe76b550>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x7fb7fe793550>, <function register_cache_arguments..add_cache_arguments at 0x7fb7fe737430>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x7fb7ff386dc0>, <function CLIQuery.handle_query_parameter at 0x7fb7ff31d3a0>, <function register_ids_argument..parse_ids_arguments at 0x7fb7fe7373a0>]
cli.azure.cli.core.commands.client_factory: Getting management service client client_type=PolicyClient
urllib3.connectionpool: Starting new HTTP connection (1): localhost:50342
urllib3.connectionpool: http://localhost:50342 "POST /oauth2/token HTTP/1.1" 200 2241
msrestazure.azure_active_directory: MSI: Retrieving a token from http://localhost:50342/oauth2/token, with payload {'resource': 'https://management.core.windows.net/'}
cli.azure.cli.core.auth.adal_authentication: MSIAuthenticationWrapper.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
urllib3.connectionpool: Starting new HTTP connection (1): localhost:50342
urllib3.connectionpool: http://localhost:50342 "POST /oauth2/token HTTP/1.1" 200 2241
msrestazure.azure_active_directory: MSI: Retrieving a token from http://localhost:50342/oauth2/token, with payload {'resource': 'https://management.core.windows.net/'}
cli.azure.cli.core.auth.adal_authentication: Normalize expires_on: '1708035460' -> 1708035460
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/54ea281d-e6f7-4e09-a315-8eba4de04b2d/providers/Microsoft.Authorization/policyDefinitions/%5BPreview%5D%20SSH%20Posture%20Control%20policy?api-version=2021-06-01'
cli.azure.cli.core.sdk.policies: Request method: 'PUT'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json'
cli.azure.cli.core.sdk.policies: 'Content-Length': '10060'
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '5c50fe54-cc4d-11ee-a6cb-00155dcea10a'
cli.azure.cli.core.sdk.policies: 'CommandName': 'policy definition create'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--name --rules --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.57.0 (RPM) azsdk-python-azure-mgmt-resource/23.1.0b2 Python/3.9.14 (Linux-5.10.102.2-microsoft-standard-x86_64-with-glibc2.35) cloud-shell/1.0'
cli.azure.cli.core.sdk.policies: 'Authorization': '*'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: {"properties": {"policyRule": {"properties": {"displayName": "[Preview] SSH Posture Control policy", "policyType": "Custom", "mode": "Indexed", "description": "This policy ensures that the SSH Server is securely configured on the Linux device", "metadata": {"category": "Guest Configuration", "version": "1.0.0.0", "requiredProviders": ["Microsoft.GuestConfiguration"], "guestConfiguration": {"name": "LinuxSshServerSecurityBaseline", "version": "1.", "configurationParameter": {"AllowUsers": "Ensure allowed users for SSH access are configured;DesiredObjectValue", "DenyUsers": "Ensure denied users for SSH are configured;DesiredObjectValue", "AllowGroups": "Ensure allowed groups for SSH are configured;DesiredObjectValue", "DenyGroups": "Ensure denied groups for SSH are configured;DesiredObjectValue"}}}, "parameters": {"IncludeArcMachines": {"type": "string", "metadata": {"displayName": "Include Arc connected machines", "description": "By selecting this option, you agree to be charged monthly per Arc connected machine.", "portalReview": "true"}, "allowedValues": ["true", "false"], "defaultValue": "false"}, "AllowUsers": {"type": "string", "metadata": {"displayName": "Allowed users for SSH", "description": "List of users to be allowed to connect with SSH. Default is all authenticated users ('@')"}, "defaultValue": "@"}, "DenyUsers": {"type": "string", "metadata": {"displayName": "Denied users for SSH", "description": "List of users to be denied to connect with SSH. Default is root"}, "defaultValue": "root"}, "AllowGroups": {"type": "string", "metadata": {"displayName": "Allowed groups for SSH", "description": "List of user groups to be allowed to connect with SSH. Default is all groups ('')"}, "defaultValue": ""}, "DenyGroups": {"type": "string", "metadata": {"displayName": "Denied groups for SSH", "description": "List of user groups to be denied to connect with SSH. Default is root"}, "defaultValue": "root"}}, "policyRule": {"if": {"anyOf": [{"allOf": [{"anyOf": [{"field": "type", "equals": "Microsoft.Compute/virtualMachines"}, {"field": "type", "equals": "Microsoft.Compute/virtualMachineScaleSets"}]}, {"field": "tags['aks-managed-orchestrator']", "exists": "false"}, {"field": "tags['aks-managed-poolName']", "exists": "false"}, {"anyOf": [{"field": "Microsoft.Compute/imagePublisher", "in": ["microsoft-aks", "qubole-inc", "datastax", "couchbase", "scalegrid", "checkpoint", "paloaltonetworks", "debian", "credativ"]}, {"allOf": [{"field": "Microsoft.Compute/imagePublisher", "equals": "OpenLogic"}, {"field": "Microsoft.Compute/imageSKU", "notLike": "6"}]}, {"allOf": [{"field": "Microsoft.Compute/imagePublisher", "equals": "Oracle"}, {"field": "Microsoft.Compute/imageSKU", "notLike": "6"}]}, {"allOf": [{"field": "Microsoft.Compute/imagePublisher", "equals": "RedHat"}, {"field": "Microsoft.Compute/imageSKU", "notLike": "6"}]}, {"allOf": [{"field": "Microsoft.Compute/imagePublisher", "equals": "center-for-internet-security-inc"}, {"field": "Microsoft.Compute/imageOffer", "notLike": "cis-windows"}]}, {"allOf": [{"field": "Microsoft.Compute/imagePublisher", "equals": "Suse"}, {"field": "Microsoft.Compute/imageSKU", "notLike": "11"}]}, {"allOf": [{"field": "Microsoft.Compute/imagePublisher", "equals": "Canonical"}, {"field": "Microsoft.Compute/imageSKU", "notLike": "12"}]}, {"allOf": [{"field": "Microsoft.Compute/imagePublisher", "equals": "microsoft-dsvm"}, {"field": "Microsoft.Compute/imageOffer", "notLike": "dsvm-win"}]}, {"allOf": [{"field": "Microsoft.Compute/imagePublisher", "equals": "cloudera"}, {"field": "Microsoft.Compute/imageSKU", "notLike": "6"}]}, {"allOf": [{"field": "Microsoft.Compute/imagePublisher", "equals": "microsoft-ads"}, {"field": "Microsoft.Compute/imageOffer", "like": "linux"}]}, {"allOf": [{"anyOf": [{"field": "Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration", "exists": true}, {"field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType", "like": "Linux"}, {"field": "Microsoft.Compute/virtualMachineScaleSets/osProfile.linuxConfiguration", "exists": true}, {"field": "Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.osDisk.osType", "like": "Linux"}]}, {"anyOf": [{"field": "Microsoft.Compute/imagePublisher", "exists": false}, {"field": "Microsoft.Compute/imagePublisher", "notIn": ["OpenLogic", "RedHat", "credativ", "Suse", "Canonical", "microsoft-dsvm", "cloudera", "microsoft-ads", "center-for-internet-security-inc", "Oracle", "AzureDatabricks", "azureopenshift"]}]}]}]}]}, {"allOf": [{"value": "[parameters('IncludeArcMachines')]", "equals": true}, {"anyOf": [{"allOf": [{"field": "type", "equals": "Microsoft.HybridCompute/machines"}, {"field": "Microsoft.HybridCompute/imageOffer", "like": "linux"}]}, {"allOf": [{"field": "type", "equals": "Microsoft.ConnectedVMwarevSphere/virtualMachines"}, {"field": "Microsoft.ConnectedVMwarevSphere/virtualMachines/osProfile.osType", "like": "linux"}]}]}]}]}, "then": {"effect": "deployIfNotExists", "details": {"roleDefinitionIds": ["/providers/Microsoft.Authorization/roleDefinitions/088ab73d-1256-47ae-bea9-9de8e7131f31"], "type": "Microsoft.GuestConfiguration/guestConfigurationAssignments", "name": "[concat('LinuxSshServerSecurityBaseline$pid', uniqueString(policy().assignmentId, policy().definitionReferenceId))]", "existenceCondition": {"allOf": [{"field": "Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus", "equals": "Compliant"}, {"field": "Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash", "equals": "[base64(concat('Ensure allowed users for SSH access are configured;DesiredObjectValue', '=', parameters('AllowUsers'), ',', 'Ensure denied users for SSH are configured;DesiredObjectValue', '=', parameters('DenyUsers'), ',', 'Ensure allowed groups for SSH are configured;DesiredObjectValue', '=', parameters('AllowGroups'), ',', 'Ensure denied groups for SSH are configured;DesiredObjectValue', '=', parameters('DenyGroups')))]"}]}, "deployment": {"properties": {"mode": "incremental", "parameters": {"vmName": {"value": "[field('name')]"}, "location": {"value": "[field('location')]"}, "type": {"value": "[field('type')]"}, "assignmentName": {"value": "[concat('LinuxSshServerSecurityBaseline$pid', uniqueString(policy().assignmentId, policy().definitionReferenceId))]"}, "AllowUsers": {"value": "[parameters('AllowUsers')]"}, "DenyUsers": {"value": "[parameters('DenyUsers')]"}, "AllowGroups": {"value": "[parameters('AllowGroups')]"}, "DenyGroups": {"value": "[parameters('DenyGroups')]"}}, "template": {"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": {"vmName": {"type": "string"}, "location": {"type": "string"}, "type": {"type": "string"}, "assignmentName": {"type": "string"}, "AllowUsers": {"type": "string"}, "DenyUsers": {"type": "string"}, "AllowGroups": {"type": "string"}, "DenyGroups": {"type": "string"}}, "resources": [{"condition": "[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]", "apiVersion": "2018-11-20", "type": "Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments", "name": "[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('assignmentName'))]", "location": "[parameters('location')]", "properties": {"guestConfiguration": {"name": "LinuxSshServerSecurityBaseline", "version": "1.", "assignmentType": "ApplyAndAutoCorrect", "configurationParameter": [{"name": "Ensure allowed users for SSH access are configured;DesiredObjectValue", "value": "[parameters('AllowUsers')]"}, {"name": "Ensure denied users for SSH are configured;DesiredObjectValue", "value": "[parameters('DenyUsers')]"}, {"name": "Ensure allowed groups for SSH are configured;DesiredObjectValue", "value": "[parameters('AllowGroups')]"}, {"name": "Ensure denied groups for SSH are configured;DesiredObjectValue", "value": "[parameters('DenyGroups')]"}]}}}, {"condition": "[equals(toLower(parameters('type')), toLower('Microsoft.HybridCompute/machines'))]", "apiVersion": "2018-11-20", "type": "Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments", "name": "[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('assignmentName'))]", "location": "[parameters('location')]", "properties": {"guestConfiguration": {"name": "LinuxSshServerSecurityBaseline", "version": "1.", "assignmentType": "ApplyAndAutoCorrect", "configurationParameter": [{"name": "Ensure allowed users for SSH access are configured;DesiredObjectValue", "value": "[parameters('AllowUsers')]"}, {"name": "Ensure denied users for SSH are configured;DesiredObjectValue", "value": "[parameters('DenyUsers')]"}, {"name": "Ensure allowed groups for SSH are configured;DesiredObjectValue", "value": "[parameters('AllowGroups')]"}, {"name": "Ensure denied groups for SSH are configured;DesiredObjectValue", "value": "[parameters('DenyGroups')]"}]}}}, {"condition": "[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachineScaleSets'))]", "apiVersion": "2018-11-20", "type": "Microsoft.Compute/virtualMachineScaleSets/providers/guestConfigurationAssignments", "name": "[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('assignmentName'))]", "location": "[parameters('location')]", "properties": {"guestConfiguration": {"name": "LinuxSshServerSecurityBaseline", "version": "1.", "assignmentType": "ApplyAndAutoCorrect", "configurationParameter": [{"name": "Ensure allowed users for SSH access are configured;DesiredObjectValue", "value": "[parameters('AllowUsers')]"}, {"name": "Ensure denied users for SSH are configured;DesiredObjectValue", "value": "[parameters('DenyUsers')]"}, {"name": "Ensure allowed groups for SSH are configured;DesiredObjectValue", "value": "[parameters('AllowGroups')]"}, {"name": "Ensure denied groups for SSH are configured;DesiredObjectValue", "value": "[parameters('DenyGroups')]"}]}}}]}}}}}}}, "name": "6d76c6e7-0670-4931-8741-16cff3fbfa3e"}}}
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "PUT /subscriptions/54ea281d-e6f7-4e09-a315-8eba4de04b2d/providers/Microsoft.Authorization/policyDefinitions/%5BPreview%5D%20SSH%20Posture%20Control%20policy?api-version=2021-06-01 HTTP/1.1" 400 178
cli.azure.cli.core.sdk.policies: Response status: 400
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-store, no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '178'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-writes': '1199'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '45689d55-4154-419c-9dbf-3aba517cbcee'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '45689d55-4154-419c-9dbf-3aba517cbcee'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'WESTUS:20240215T215833Z:45689d55-4154-419c-9dbf-3aba517cbcee'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 5327E314CC284D59B9AF6B24AAE3F855 Ref B: SJC211051205031 Ref C: 2024-02-15T21:58:33Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Thu, 15 Feb 2024 21:58:33 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"error":{"code":"InvalidPolicyRule","message":"Failed to parse policy rule: 'Could not find member 'properties' on object of type 'PolicyRuleDefinition'. Path 'properties'.'."}}
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "/usr/lib64/az/lib/python3.9/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 664, in execute
raise ex
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 729, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 698, in _run_job
result = cmd_copy(params)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 334, in call
return self.handler(args, kwargs)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
return op(*command_args)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/command_modules/resource/custom.py", line 3316, in create_policy_definition
return policy_client.policy_definitions.create_or_update(name, parameters)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/core/tracing/decorator.py", line 76, in wrapper_use_tracer
return func(args, kwargs)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/mgmt/resource/policy/v2021_06_01/operations/_operations.py", line 2550, in create_or_update
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
azure.core.exceptions.HttpResponseError: (InvalidPolicyRule) Failed to parse policy rule: 'Could not find member 'properties' on object of type 'PolicyRuleDefinition'. Path 'properties'.'.
Code: InvalidPolicyRule
Message: Failed to parse policy rule: 'Could not find member 'properties' on object of type 'PolicyRuleDefinition'. Path 'properties'.'.
cli.azure.cli.core: Loaded 60 groups, 246 commands. cli.azure.cli.core: Found a match in the command table. cli.azure.cli.core: Raw command : policy definition create cli.azure.cli.core: Command table: policy definition create cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x7fb7fe7c4940>] cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/home/matthew/.azure/commands/2024-02-15.21-58-33.policy_definition_create.946.log'. az_command_data_logger: command args: policy definition create --name {} --rules {} --debug cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument.
cli.azure.cli.core.azclierror: (InvalidPolicyRule) Failed to parse policy rule: 'Could not find member 'properties' on object of type 'PolicyRuleDefinition'. Path 'properties'.'. Code: InvalidPolicyRule Message: Failed to parse policy rule: 'Could not find member 'properties' on object of type 'PolicyRuleDefinition'. Path 'properties'.'. az_command_data_logger: (InvalidPolicyRule) Failed to parse policy rule: 'Could not find member 'properties' on object of type 'PolicyRuleDefinition'. Path 'properties'.'. Code: InvalidPolicyRule Message: Failed to parse policy rule: 'Could not find member 'properties' on object of type 'PolicyRuleDefinition'. Path 'properties'.'. cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x7fb7fe7c4b80>] az_command_data_logger: exit code: 1 cli.main: Command ran in 0.917 seconds (init: 0.139, invoke: 0.778) telemetry.main: Begin splitting cli events and extra events, total events: 1 telemetry.client: Accumulated 0 events. Flush the clients. telemetry.main: Finish splitting cli events and extra events, cli events: 1 telemetry.save: Save telemetry record of length 3884 in cache telemetry.main: Begin creating telemetry upload process. telemetry.process: Creating upload process: "/usr/bin/python3.9 /usr/lib/az/lib/python3.9/site-packages/azure/cli/telemetry/init.py /home/matthew/.azure" telemetry.process: Return from creating process telemetry.main: Finish creating telemetry upload process. ~ >
Expected behavior
Policy definition should be created
Environment Summary
Additional context
No response