From 6957f78ceafbddfdc0ba1783ea0f59d9ac44f43b Mon Sep 17 00:00:00 2001 From: Dhanya H <117677327+dhanya-sgnl@users.noreply.github.com> Date: Fri, 19 Sep 2025 19:46:13 +0000 Subject: [PATCH 1/2] [sc-58664] Add temp logging when response is not 200. --- pkg/azuread/datasource.go | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/pkg/azuread/datasource.go b/pkg/azuread/datasource.go index d0bd423..02e8d79 100644 --- a/pkg/azuread/datasource.go +++ b/pkg/azuread/datasource.go @@ -6,6 +6,7 @@ import ( "encoding/json" "fmt" "io" + "log/slog" "net/http" "strconv" "time" @@ -222,6 +223,24 @@ func (d *Datasource) GetPage(ctx context.Context, request *Request) (*Response, } if res.StatusCode != http.StatusOK { + // TEMP: Log the response body for debugging purposes. + body, readErr := io.ReadAll(res.Body) + if readErr != nil { + slog.Error( + "Failed to read error response body", + slog.String("endpoint", endpoint), + "error", readErr, + ) + } else { + slog.Error( + "Azure AD API error", + slog.Int("status", res.StatusCode), + slog.String("endpoint", endpoint), + slog.String("response", string(body)), + ) + } + // END TEMP. + return response, nil } From 47df74f380a99aca496853f9bef2b433901955c7 Mon Sep 17 00:00:00 2001 From: Dhanya H <117677327+dhanya-sgnl@users.noreply.github.com> Date: Tue, 23 Sep 2025 21:29:39 +0000 Subject: [PATCH 2/2] [sc-58664] Adds header consistency level eventual when NOT operator is used. --- pkg/azuread/datasource.go | 3 ++- pkg/azuread/datasource_test.go | 5 +++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/pkg/azuread/datasource.go b/pkg/azuread/datasource.go index cdea8e2..f39bb80 100644 --- a/pkg/azuread/datasource.go +++ b/pkg/azuread/datasource.go @@ -404,7 +404,8 @@ func IsAdvancedQuery(request *Request, endpoint string) bool { } // Check for 'ne' and 'not' operators using word boundary regex on decoded endpoint. - if neOperatorRegex.MatchString(decodedEndpoint) || notOperatorRegex.MatchString(decodedEndpoint) { + decodedEndpointLower := strings.ToLower(decodedEndpoint) + if neOperatorRegex.MatchString(decodedEndpointLower) || notOperatorRegex.MatchString(decodedEndpointLower) { return true } } diff --git a/pkg/azuread/datasource_test.go b/pkg/azuread/datasource_test.go index 8957e7c..d02d298 100644 --- a/pkg/azuread/datasource_test.go +++ b/pkg/azuread/datasource_test.go @@ -1536,6 +1536,11 @@ func TestIsAdvancedQuery(t *testing.T) { endpoint: "https://graph.microsoft.com/v1.0/users?$filter=displayName eq 'cannot'&$select=id", want: false, }, + "filter_odata_not": { + request: &azuread.Request{}, + endpoint: "https://graph.microsoft.com/v1.0/groups?$select=id&$top=1&$filter=NOT+groupTypes%2Fany%28c%3Ac+eq+%27DynamicMembership%27%29", + want: true, + }, // Note: Advanced queries don't currently support $expand. // This test documents that $expand alone does NOT trigger advanced query requirements.