We have experienced a 403 error for azure_appservice_web_app_auth_settings using the setup as described in https://hub.cloudquery.io/plugins/source/cloudquery/azure/latest/docs. The other tables we have synced using that method work fine. It looks like y’all are using the original GetAuthSettings. We have had success using GetAuthSettingsV2, but not sure if that’s the issue or not. This table is needed for the Azure CISv2.1 Benchmark check 9.1. Thank you in advance for any assistance y’all can provide.
Here is the error we get in the logs.
ERR table resolver finished with error error="POST https://management.azure.com/subscriptions/<subscription id>/resourceGroups/<resource group>/providers/Microsoft.Web/sites/<app name>/config/auth
settings/list\n--------------------------------------------------------------------------------\nRESPONSE 403: 403 Forbid
den\nERROR CODE: AuthorizationFailed\n--------------------------------------------------------------------------------\n{
\n \"error\": {\n \"code\": \"AuthorizationFailed\",\n \"message\": \"The client '<client id>' with object id '<object id>' does not have authorization to perform action 'Microsoft.Web/
sites/config/list/action' over scope '/subscriptions/<subscription id>/resourceGroups/<resource group>/providers/Microsoft.Web/sites/<app name>/config/authsettings' or the scope is invalid. If access was recently granted, please refresh your credentials.\"\n }\n}\n--------------------------------------------------------------------------------\n" client=subscriptions/<subscription id> invocation_id=<invocation id> module=azure-source table=azure_appservice_web_app_auth_settings