Azure SQL Auditing Not Working With Managed Identity Authentication Type #30081
Labels
Auto-Assign
Auto assign by bot
bug
This issue requires a change to an existing behavior in the product in order to be resolved.
customer-reported
Issues that are reported by GitHub users external to the Azure organization.
Service Attention
This issue is responsible by Azure service team.
SQL
az sql
Describe the bug
MS wiki points to provide empty value for "--storage-key" parameter to use Managed Identity Authentication type:
https://learn.microsoft.com/en-us/azure/azure-sql/database/auditing-managed-identity?view=azuresql&tabs=azure-cli
But, when we do the same using Azure CLI, it fails with the below error message:
In text:
az : ERROR: argument --storage-key: expected one argument
At line:2 char:1
Examples from AI knowledge base:
az sql server audit-policy update --resource-group mygroup --name myserver --state Disabled
Disable an auditing policy.
https://docs.microsoft.com/en-US/cli/azure/sql/server/audit-policy#az_sql_server_audit_policy_update
Read more about the command in reference docs
Related command
az sql server audit-policy Update
--name $AzServerName
--resource-group $PortalResourceGroup
--subscription $PortalSubscriptionName
--state Enabled
--storage-key ""
--blob-storage-target-state Enabled
--storage-endpoint $StorageEndpoint
--retention-days $RetentionDays `
--debug
Errors
az : ERROR: argument --storage-key: expected one argument
At line:2 char:1
Examples from AI knowledge base:
az sql server audit-policy update --resource-group mygroup --name myserver --state Disabled
Disable an auditing policy.
https://docs.microsoft.com/en-US/cli/azure/sql/server/audit-policy#az_sql_server_audit_policy_update
Read more about the command in reference docs
Issue script & Debug output
az : DEBUG: cli.knack.cli: Command arguments: ['sql', 'server', 'audit-policy', 'Update', '--name', 'azdbdp-00123-xxxxxxxx', '--resource-group', 'RG-6393-777X-XXXX-XXXX', '--subscription', 'AZ-PRO-IT-XXXXXXX', '--state',
'Enabled', '--storage-key', '--blob-storage-target-state', 'Enabled', '--storage-endpoint', 'auditazdbdxxxxxxxxxx', '--retention-days', '90', '--debug']
At line:2 char:1
DEBUG: cli.knack.cli: init debug log:
Cannot enable color.
DEBUG: cli.knack.cli: Event: Cli.PreExecute []
DEBUG: cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x0000021E317DFD80>, <function OutputProducer.on_global_arguments at 0x0000021E319840E0>, <function
CLIQuery.on_global_arguments at 0x0000021E319ADC60>]
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
DEBUG: cli.azure.cli.core: Modules found from index for 'sql': ['azure.cli.command_modules.sql', 'azure.cli.command_modules.sqlvm']
DEBUG: cli.azure.cli.core: Loading command modules:
DEBUG: cli.azure.cli.core: Name Load Time Groups Commands
DEBUG: cli.azure.cli.core: sql 0.423 56 215
DEBUG: cli.azure.cli.core: sqlvm 0.040 4 20
DEBUG: cli.azure.cli.core: Total (2) 0.463 60 235
DEBUG: cli.azure.cli.core: Loaded 59 groups, 235 commands.
DEBUG: cli.azure.cli.core: Found a match in the command table.
DEBUG: cli.azure.cli.core: Raw command : sql server audit-policy update
DEBUG: cli.azure.cli.core: Command table: sql server audit-policy update
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x0000021E33C280E0>]
DEBUG: cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users\saocsanc.azure\commands\2024-10-14.14-47-00.sql_server_audit-policy_Update.10676.log'.
INFO: az_command_data_logger: command args: sql server audit-policy update --name {} --resource-group {} --subscription {} --state {} --storage-key --blob-storage-target-state {} --storage-endpoint {} --retention-days {} --debug
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x0000021E33CB0AE0>]
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x0000021E33CB0B80>, <function register_cache_arguments..add_cache_arguments at
0x0000021E33CB0CC0>, <function register_upcoming_breaking_change_info..update_breaking_change_info at 0x0000021E33CB0D60>]
DEBUG: cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
DEBUG: urllib3.connectionpool: Starting new HTTPS connection (1): app.aladdin.microsoft.com:443
DEBUG: urllib3.connectionpool: https://app.aladdin.microsoft.com:443 "GET /api/v1.0/suggestions?query=%7B%22command%22%3A+%22sql+server+audit-policy+update%22%2C+%22parameters%22%3A+%22--blob-storage-target-state%2C--retention-days%2
C--name%2C--state%2C--storage-endpoint%2C--resource-group%2C--subscription%2C--storage-key%22%7D&clientType=AzureCli&context=%7B%22versionNumber%22%3A+%222.65.0%22%2C+%22errorType%22%3A+%22ExpectedArgument%22%2C+%22correlationId%22%3
A+%2226f7b22c-6193-4d17-9bb8-dbe2216fd700%22%2C+%22subscriptionId%22%3A+%228fa3aaf6-678e-4e42-9576-291ec0d20c25%22%2C+%22eventId%22%3A+%22dfbe2f26-e58f-4709-8cc6-e3fff8819d0c%22%7D HTTP/1.1" 200 None
DEBUG: cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "argparse.py", line 1902, in parse_known_args
File "argparse.py", line 2114, in _parse_known_args
File "argparse.py", line 2044, in consume_optional
File "argparse.py", line 2208, in match_argument
argparse.ArgumentError: argument --storage-key: expected one argument
ERROR: cli.azure.cli.core.azclierror: argument --storage-key: expected one argument
ERROR: az_command_data_logger: argument --storage-key: expected one argument
Examples from AI knowledge base:
az sql server audit-policy update --resource-group mygroup --name myserver --state Disabled
Disable an auditing policy.
https://docs.microsoft.com/en-US/cli/azure/sql/server/audit-policy#az_sql_server_audit_policy_update
Read more about the command in reference docs
DEBUG: cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x0000021E33C28360>]
INFO: az_command_data_logger: exit code: 2
INFO: cli.main: Command ran in 2.502 seconds (init: 0.746, invoke: 1.756)
INFO: telemetry.main: Begin splitting cli events and extra events, total events: 1
INFO: telemetry.client: Accumulated 0 events. Flush the clients.
INFO: telemetry.main: Finish splitting cli events and extra events, cli events: 1
INFO: telemetry.save: Save telemetry record of length 3899 in cache file under C:\Users\saocsanc.azure\telemetry\20241014144702564
INFO: telemetry.main: Begin creating telemetry upload process.
INFO: telemetry.process: Creating upload process: "C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe C:\Program Files\Microsoft SDKs\Azure\CLI2\Lib\site-packages\azure\cli\telemetry_init.pyc C:\Users\saocsanc.azure
C:\Users\saocsanc.azure\telemetry\20241014144702564"
INFO: telemetry.process: Return from creating process 7364
INFO: telemetry.main: Finish creating telemetry upload process.
Expected behavior
az sql server audit-policy Update command to be completed successfully having Azure SQL Audting on storage account with Managed Identity authentication.
Environment Summary
azure-cli 2.65.0
core 2.65.0
telemetry 1.1.0
Dependencies:
msal 1.31.0
azure-mgmt-resource 23.1.1
Python location 'C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe'
Extensions directory 'C:\Users\saocsanc.azure\cliextensions'
Python (Windows) 3.11.8 (tags/v3.11.8:db85d51, Feb 6 2024, 22:03:32) [MSC v.1937 64 bit (AMD64)]
Legal docs and information: aka.ms/AzureCliLegal
Your CLI is up-to-date.
Additional context
No response
The text was updated successfully, but these errors were encountered: