Skip to content

fix query parameters template for WithSecureElementsCCF#14619

Open
gloo-shock wants to merge 2 commits into
Azure:masterfrom
gloo-shock:master
Open

fix query parameters template for WithSecureElementsCCF#14619
gloo-shock wants to merge 2 commits into
Azure:masterfrom
gloo-shock:master

Conversation

@gloo-shock

Copy link
Copy Markdown
Contributor

This is the follow up PR to this PR (@v-shukore )

Change(s):

  • WithSecureElementsCCF data connector (WithSecureElements_PollerConfig.json) and regenerated Package (mainTemplate.json, 3.0.0.zip):
    • Fixed the OAuth2 token request: Authorization header now builds the HTTP Basic credential via an ARM expression [concat('Basic ', base64(concat(parameters('ClientId'), ':', parameters('ClientSecret'))))] instead of the invalid Basic {{base64(ClientId:ClientSecret)}} placeholder.
    • Fixed the security-events request body (queryParametersTemplate): the engine/engineGroup selection now falls back to the default engine group (epp,edr,ecp,xm) when the optional field is left empty or still holds the packaging placeholder, and keeps engine/engineGroup mutually exclusive.
    • Added the WithSecureElementsCCF DataConnector to the workbook metadata dependencies.
  • Solution_WithSecureElementsCCF.json: added a support contact email to the Author field and corrected BasePath.

Reason for Change(s):

  • The Content Hub "Connect" flow failed the connectivity check twice:
    • First with HTTP 400 on POST /as/token.oauth2 ("Invalid Credential") because Sentinel CCF does not honor IsClientSecretInHeader and did not send an Authorization: Basic header.
    • Then with HTTP 400 on POST /security-events/v1/security-events because the V3 packaging tool auto-generates the nested-template parameter defaults from the connector's textbox names, so a blank optional field produced an invalid "engineGroup":[""] / ["engineGroup"] value that the Elements API rejects.
  • Addresses reviewer feedback on required Solution Data fields (Author contact email).

Version Updated:

  • No, because there was no release after previous PR

Testing Completed:

  • Yes. The connector was deployed and validated end-to-end in a Microsoft Sentinel workspace; the token endpoint now authenticates and the security-events poll returns 200 with events ingested into the custom table. The packaged 3.0.0.zip was regenerated with the V3 tool and verified to contain the fixes.

Checked that the validations are passing and have addressed any issues that are present:

  • Yes. arm-ttk (Test-AzTemplate) passes; the only reported item is the known, documented false positive "IDs Should Be Derived From ResourceIDs" for contentProductId/id, which the V3 README states can be ignored. createUiDefinition.json, mainTemplate.json and testParameters.json all validate as valid JSON.

@gloo-shock gloo-shock requested review from a team as code owners July 3, 2026 05:42
@v-maheshbh v-maheshbh added the Solution Solution specialty review needed label Jul 3, 2026
@v-maheshbh v-maheshbh requested a review from Copilot July 3, 2026 06:29

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Fixes the WithSecureElementsCCF connector’s ARM-templated request construction so the “Connect” flow can successfully authenticate and produce a valid security-events request payload.

Changes:

  • Adds WithSecureElementsCCF as a workbook metadata dependency in the packaged template.
  • Replaces placeholder Basic-auth header with an ARM expression intended to build Authorization: Basic <base64(clientId:clientSecret)>.
  • Reworks queryParametersTemplate to keep engine/engineGroup mutually exclusive and default engineGroup when optional inputs are empty/placeholders.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 4 comments.

File Description
Solutions/WithSecureElementsCCF/Package/mainTemplate.json Updates packaged template dependencies and templated headers/body for token + security-events requests
Solutions/WithSecureElementsCCF/Data/Solution_WithSecureElementsCCF.json Adjusts solution metadata (Author contact, BasePath)
Solutions/WithSecureElementsCCF/Data Connectors/WithSecureElementsCCP/WithSecureElements_PollerConfig.json Updates connector poller config token auth header and request body generation

Comment thread Solutions/WithSecureElementsCCF/Package/mainTemplate.json
Comment thread Solutions/WithSecureElementsCCF/Package/mainTemplate.json
v-shukore
v-shukore previously approved these changes Jul 3, 2026
@v-shukore

Copy link
Copy Markdown
Contributor

Hi @gloo-shock, could you let me know why the basepath was removed from the data file? Please revert it as old one. Thanks!

@gloo-shock

Copy link
Copy Markdown
Contributor Author

Hi @gloo-shock, could you let me know why the basepath was removed from the data file? Please revert it as old one. Thanks!

@v-shukore done

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Solution Solution specialty review needed

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants