diff --git a/pkg/azuread/datasource.go b/pkg/azuread/datasource.go index 4e44792..f39bb80 100644 --- a/pkg/azuread/datasource.go +++ b/pkg/azuread/datasource.go @@ -6,6 +6,7 @@ import ( "encoding/json" "fmt" "io" + "log/slog" "net/http" "net/url" "regexp" @@ -238,6 +239,24 @@ func (d *Datasource) GetPage(ctx context.Context, request *Request) (*Response, } if res.StatusCode != http.StatusOK { + // TEMP: Log the response body for debugging purposes. + body, readErr := io.ReadAll(res.Body) + if readErr != nil { + slog.Error( + "Failed to read error response body", + slog.String("endpoint", endpoint), + "error", readErr, + ) + } else { + slog.Error( + "Azure AD API error", + slog.Int("status", res.StatusCode), + slog.String("endpoint", endpoint), + slog.String("response", string(body)), + ) + } + // END TEMP. + return response, nil } @@ -385,7 +404,8 @@ func IsAdvancedQuery(request *Request, endpoint string) bool { } // Check for 'ne' and 'not' operators using word boundary regex on decoded endpoint. - if neOperatorRegex.MatchString(decodedEndpoint) || notOperatorRegex.MatchString(decodedEndpoint) { + decodedEndpointLower := strings.ToLower(decodedEndpoint) + if neOperatorRegex.MatchString(decodedEndpointLower) || notOperatorRegex.MatchString(decodedEndpointLower) { return true } } diff --git a/pkg/azuread/datasource_test.go b/pkg/azuread/datasource_test.go index 8957e7c..d02d298 100644 --- a/pkg/azuread/datasource_test.go +++ b/pkg/azuread/datasource_test.go @@ -1536,6 +1536,11 @@ func TestIsAdvancedQuery(t *testing.T) { endpoint: "https://graph.microsoft.com/v1.0/users?$filter=displayName eq 'cannot'&$select=id", want: false, }, + "filter_odata_not": { + request: &azuread.Request{}, + endpoint: "https://graph.microsoft.com/v1.0/groups?$select=id&$top=1&$filter=NOT+groupTypes%2Fany%28c%3Ac+eq+%27DynamicMembership%27%29", + want: true, + }, // Note: Advanced queries don't currently support $expand. // This test documents that $expand alone does NOT trigger advanced query requirements.