Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error working with Azure on MacOS #22

Open
Electronickss opened this issue Sep 24, 2018 · 7 comments
Open

Error working with Azure on MacOS #22

Electronickss opened this issue Sep 24, 2018 · 7 comments
Labels
bug help wanted

Comments

@Electronickss
Copy link

Electronickss commented Sep 24, 2018
edited
Loading

Running into an issue with CS-Suite on MacOS and Azure

  • MacOS Version: 10.13.6 (17G65)
  • I made sure to git pull before running it
  • The check number I am having this issue on is: 4.2.1: Checking if SQL DB has AUDIT policy enabled
  • I reran the setup tools to make sure everything was the correct version

Here is the error

Can not perform requested operation on nested resource. Parent resource 'SERVERNAME/master' not found.
Traceback (most recent call last):
  File "cs.py", line 55, in <module>
    main()
  File "cs.py", line 51, in main
    azureaudit.azure_audit()
  File "/Users/REDACTED/gitProjects/cs-suite/modules/azureaudit.py", line 1472, in azure_audit
    sql_db_audit()
  File "/Users/REDACTED/gitProjects/cs-suite/modules/azureaudit.py", line 1170, in sql_db_audit
    audit_policy = subprocess.check_output(['az sql db audit-policy show --resource-group %s --server %s --name %s --query \'state\' --output tsv' %(resource_group,name,database)], shell=True).strip()
  File "/usr/local/Cellar/python/2.7.14/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 219, in check_output
    raise CalledProcessError(retcode, cmd, output=output)
subprocess.CalledProcessError: Command '["az sql db audit-policy show --resource-group REDACTED --server REDACTED --name master --query 'state' --output tsv"]' returned non-zero exit status 3
@Electronickss
Copy link
Author

Electronickss commented Sep 24, 2018
edited
Loading

Looks to me like this could potentially be an issue with azure-cli or how cs-suite interfaces with azure-cli?

https://stackoverflow.com/questions/45624411/azure-cloud-shell-fails-to-identify-server-throws-error-can-not-perform-reque
Error:

Azure Cloud shell fails to identify server. Throws error : Can not perform requested operation on nested resource. Parent resource not found

Fix:

The failure was because I have multiple subscriptions on Azure and my default subscription did not have the sql-server. I changed the subscription by using az account set --subscription and now the command to get firewall works

@Electronickss
Copy link
Author

Electronickss commented Sep 24, 2018
edited
Loading

I discovered it was an issue with one of the DBs in my setup. I can run:

az sql db audit-policy show --resource-group REDACTED_RG --server REDACTED_SERVER_NAME --name REDACTED_DB_2 --query 'state' --output tsv

And it works. However when I run:

az sql db audit-policy show --resource-group REDACTED_RG --server REDACTED_SERVER_NAME --name REDACTED_DB_1 --query 'state' --output tsv

I get the error: Can not perform requested operation on nested resource. Parent resource 'REDACTED_SERVER_NAME/REQUESTED_DB_1' not found.

I have tested that I can see the DB with the command:

az sql db list --server REDACTED_SERVER_NAME --resource-group REDACTED_RG --query "[*].name" --output tsv

and I see the DB that is giving me trouble.

Does your team have a recommendation for working through this? I am assuming this issue is being caused because something from a different resource or subscription created the DB I am having issues with. I will attempt to confirm this theory

@Electronickss
Copy link
Author

When looking at this server through the webui, the DB I am having issues with does not show up on the SQL server. Is it possible to just add some error handling and skip over this? The api and the webui are showing a different number of DBs

@Electronickss
Copy link
Author

https://i.imgur.com/WdmEwo9.png
https://i.imgur.com/tPsK8Pf.png

@shivankar-madaan
Copy link
Contributor

shivankar-madaan commented Sep 24, 2018
edited
Loading

yes @Electronickss
I think you're right, the azure-cli sometimes does not show the right output
and that's possibly the case, due to which it fails
I had commented on a issue on azure-cli on a different case, regarding the output it throws
Azure/azure-cli#5243
We will add error handling into this, but it might take us some time
thanks for raising this issue
and if you have further suggestions regarding the Azure checks, if we have missed any, please let us know, it'll be really helpful.

@Electronickss
Copy link
Author

So I need this to work as soon as possible so I am looking at implementing error handling myself. As an example:

try:
    email_policy = subprocess.check_output(['az sql db threat-policy show --resource-group %s --server %s --name %s --query \'emailAccountAdmins\' --output tsv' %(resource_group, name, database)], shell=True).strip()
except subprocess.CalledProcessError as e:
    continue

I can fork/pr this if you like the solution

@shivankar-madaan
Copy link
Contributor

sure
can you just submit a PR, that will be great, I will verify once as well, it shouldn't break anything though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Electronickss @shivankar-madaan