azure - keyvault with zero policy throws error #3621
Labels
Projects
Comments
RichCzyzewski
pushed a commit
to RichCzyzewski/cloud-custodian
that referenced
this issue
Apr 17, 2019
* Added empty list short circuits in `GraphHelper` and `WhiteListFilter` (underlying cause of raised error). * Updated `GraphHelper` to not treat all `CloudError` exceptions as unauthorized. * Updated `WhiteListFilter` to handle the case where policies couldn't be enhanced via the graph call. * Added more detail to the `KeyError` raised when applying the `WhiteListFilter` with missing/incorrect keys. * Updated keyvault test arm templates to use unique key naming. * Added appropriate tests.
logachev
pushed a commit
that referenced
this issue
Apr 23, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When we operate an KeyVault that has 0 access policies, we get an error when we request the AAD objects because the AAD objectIds list is empty.
User Experienced Error:
2019-03-05 09:25:45,224: custodian.azure.utils.GraphHelper:WARNING Credentials not authorized for access to read from Microsoft Graph. Can not query on principalName, displayName, or aadType.Actual Error:
b'{"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"At least one identifier must be included."},"requestId":"e8403a84-f505-4de3-94cc-2acab19a09c9","date":"2019-03-04T22:31:33"}}'The text was updated successfully, but these errors were encountered: