You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When we operate an KeyVault that has 0 access policies, we get an error when we request the AAD objects because the AAD objectIds list is empty.
User Experienced Error: 2019-03-05 09:25:45,224: custodian.azure.utils.GraphHelper:WARNING Credentials not authorized for access to read from Microsoft Graph. Can not query on principalName, displayName, or aadType.
Actual Error: b'{"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"At least one identifier must be included."},"requestId":"e8403a84-f505-4de3-94cc-2acab19a09c9","date":"2019-03-04T22:31:33"}}'
The text was updated successfully, but these errors were encountered:
* Added empty list short circuits in `GraphHelper` and `WhiteListFilter` (underlying cause of raised error).
* Updated `GraphHelper` to not treat all `CloudError` exceptions as unauthorized.
* Updated `WhiteListFilter` to handle the case where policies couldn't be enhanced via the graph call.
* Added more detail to the `KeyError` raised when applying the `WhiteListFilter` with missing/incorrect keys.
* Updated keyvault test arm templates to use unique key naming.
* Added appropriate tests.
When we operate an KeyVault that has 0 access policies, we get an error when we request the AAD objects because the AAD objectIds list is empty.
User Experienced Error:
2019-03-05 09:25:45,224: custodian.azure.utils.GraphHelper:WARNING Credentials not authorized for access to read from Microsoft Graph. Can not query on principalName, displayName, or aadType.
Actual Error:
b'{"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"At least one identifier must be included."},"requestId":"e8403a84-f505-4de3-94cc-2acab19a09c9","date":"2019-03-04T22:31:33"}}'
The text was updated successfully, but these errors were encountered: