search

Azure / azure-rest-api-specs

The source for REST API specifications for Microsoft Azure.
MIT License
2.61k stars 5.01k forks source link

Microsoft.SecurityInsights api-version 2019-01-01 - ThreatIntelligenceAlertRuleProperties - Severity/displayName is not ReadOnly #14213

Open kaovd opened 3 years ago

kaovd commented 3 years ago

While Implementing the securityinsight.ThreatIntelligenceAlertRule type, there appears to be a mismatch from the API Spec and the actual backend. Recieved below error when creating an alert rule from template


{"kind":"ThreatIntelligence","properties":{"alertRuleTemplateName":"0dd422ee-e6af-4204-b219-f59ac172e4c6","enabled":false}}
2021/05/02 10:27:22 [DEBUG] AzureRM Response for https://management.azure.com/subscriptions/[redacted]/resourceGroups/acctestRG-sentinel-210502102421773467/providers/Microsoft.OperationalInsights/workspaces/acctestLAW-210502102421773467/providers/Microsoft.SecurityInsights/alertRules/acctest-SentinelAlertRule-ThreatIntelligence-210502102421773467?api-version=2019-01-01-preview: 
HTTP/2.0 400 Bad Request
-- snipped --

{"error":{"code":"BadRequest","message":"Required property 'severity' not found in JSON. Path 'properties', line 3, position 17."}}

This appears to be implemented correctly as readonly in the Go SDK here - From this im guessing this must be a backend issue. severity and displayName should both be readonly although are required. See below of a succesful API Request: image

https://github.com/Azure/azure-rest-api-specs/blob/dceaa75fe47854ad7b0fcc0c7cf38677b4bb181f/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json#L9021

ghost commented 3 years ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @amirkeren.

Issue Details
While Implementing the securityinsight.ThreatIntelligenceAlertRule type, there appears to be a mismatch from the API Spec and the actual backend. Recieved below error when creating an alert rule from template ``` {"kind":"ThreatIntelligence","properties":{"alertRuleTemplateName":"0dd422ee-e6af-4204-b219-f59ac172e4c6","enabled":false}} 2021/05/02 10:27:22 [DEBUG] AzureRM Response for https://management.azure.com/subscriptions/[redacted]/resourceGroups/acctestRG-sentinel-210502102421773467/providers/Microsoft.OperationalInsights/workspaces/acctestLAW-210502102421773467/providers/Microsoft.SecurityInsights/alertRules/acctest-SentinelAlertRule-ThreatIntelligence-210502102421773467?api-version=2019-01-01-preview: HTTP/2.0 400 Bad Request -- snipped -- {"error":{"code":"BadRequest","message":"Required property 'severity' not found in JSON. Path 'properties', line 3, position 17."}} ``` This appears to be implemented correctly as readonly in the Go SDK [here](https://github.com/Azure/azure-sdk-for-go/blob/master/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/models.go#L18152) - From this im guessing this must be a backend issue. severity and displayName should both be readonly although are required. See below of a succesful API Request: ![image](https://user-images.githubusercontent.com/29356754/116809047-23ab2580-ab34-11eb-96e6-7c8411fff0fe.png) https://github.com/Azure/azure-rest-api-specs/blob/dceaa75fe47854ad7b0fcc0c7cf38677b4bb181f/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json#L9021
Author: kaovd
Assignees: leni-msft
Labels: `SecurityInsights`, `Service Attention`, `needs-triage`, `question`
Milestone: -
kaovd commented 3 years ago

This is also broken in 2021-03-01-preview API Spec @anat-gilenson image

https://github.com/Azure/azure-rest-api-specs/pull/14753