Fix Update-AzSentinelIncident docs: clarify required params and add pipeline example#29294
Conversation
| Thanks for your contribution! The pull request validation has started. Please revisit this comment for updated status. |
|
Thank you for your contribution @coder999999999! We will review the pull request and get back to you soon. |
There was a problem hiding this comment.
Pull request overview
This PR updates the Az.SecurityInsights documentation for Update-AzSentinelIncident to reflect Sentinel’s PUT semantics where Title, Status, and Severity must be provided, and it adds an additional example intended to show how to update using -InputObject.
Changes:
- Added a note explaining that
-Title,-Status, and-Severityare required by the underlying API. - Added a new Example 2 showing an update flow using
-InputObjectwhile preserving required fields. - Updated
ChangeLog.mdwith release notes for the documentation fix.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| src/SecurityInsights/SecurityInsights/help/Update-AzSentinelIncident.md | Adds the note + new example to the published help markdown. |
| src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelIncident.md | Mirrors the note + new example in the AutoRest docs output. |
| src/SecurityInsights/SecurityInsights.Autorest/examples/Update-AzSentinelIncident.md | Mirrors the note + new example in the examples file. |
| src/SecurityInsights/SecurityInsights/ChangeLog.md | Adds upcoming release entries describing the doc changes. |
| ### Example 2: Update an Incident using the InputObject (pipeline) pattern | ||
| ```powershell | ||
| $incident = Get-AzSentinelIncident -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -Id "4a21e485-75ae-48b3-a7b9-e6a92bcfe434" | ||
| $labels = $incident.Label + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IncidentLabel]::new() | ||
| $labels[-1].LabelName = "Reviewed" | ||
| Update-AzSentinelIncident -InputObject $incident -Title $incident.Title -Status $incident.Status -Severity $incident.Severity -Label $labels |
There was a problem hiding this comment.
Example 2 is described as using the "pipeline" pattern, but the sample doesn’t actually use the PowerShell pipeline (it assigns to $incident and calls Update-AzSentinelIncident directly). Please either revise the wording to just describe using -InputObject, or update the sample to use a real pipeline-based flow (for example by piping the incident into a script block/ForEach-Object that calls Update-AzSentinelIncident).
| ### Example 2: Update an Incident using the InputObject (pipeline) pattern | ||
| ```powershell | ||
| $incident = Get-AzSentinelIncident -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -Id "4a21e485-75ae-48b3-a7b9-e6a92bcfe434" | ||
| $labels = $incident.Label + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IncidentLabel]::new() | ||
| $labels[-1].LabelName = "Reviewed" | ||
| Update-AzSentinelIncident -InputObject $incident -Title $incident.Title -Status $incident.Status -Severity $incident.Severity -Label $labels |
There was a problem hiding this comment.
Example 2 is labeled as a "pipeline" pattern, but the code isn’t actually pipeline-based. Please either remove/adjust the "pipeline" wording or rewrite the example to genuinely use pipeline input when calling Update-AzSentinelIncident (for example by piping the incident into a script block that preserves required fields).
| ### Example 2: Update an Incident using the InputObject (pipeline) pattern | ||
| ```powershell | ||
| $incident = Get-AzSentinelIncident -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -Id "4a21e485-75ae-48b3-a7b9-e6a92bcfe434" | ||
| $labels = $incident.Label + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IncidentLabel]::new() | ||
| $labels[-1].LabelName = "Reviewed" | ||
| Update-AzSentinelIncident -InputObject $incident -Title $incident.Title -Status $incident.Status -Severity $incident.Severity -Label $labels |
There was a problem hiding this comment.
This example is described as a "pipeline" pattern, but it doesn’t actually demonstrate PowerShell pipeline input (no use of '|'). Consider renaming it to "using -InputObject" or changing the example to a true pipeline flow.
| * Fixed documentation for `Update-AzSentinelIncident` to clarify that `-Title`, `-Status`, and `-Severity` are required by the API [#29130] | ||
| * Added pipeline example showing how to update an incident using `-InputObject` while preserving required fields |
There was a problem hiding this comment.
The second Upcoming Release entry mentions a "pipeline example", but the added documentation example isn’t currently pipeline-based. Also, since this changelog update is part of fixing issue #29130, it would be helpful to include the issue reference on this bullet as well (consistent with the first bullet).
…ipeline example (Azure#29130) The -Title, -Status, and -Severity parameters are required by the underlying Sentinel API (which uses PUT, not PATCH) even though the cmdlet signature marks them as optional. Omitting any of them results in an error. Changes: - Added a note to Example 1 explaining the requirement - Added Example 2 showing the -InputObject pipeline pattern with the required fields passed through from the original incident - Updated ChangeLog.md
coder999999999
force-pushed
the
fix/update-sentinel-incident-docs-29130
branch
from
93bf57c to
4bb8f9e
Compare
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 6 out of 6 changed files in this pull request and generated 5 comments.
Comments suppressed due to low confidence (1)
src/SecurityInsights/SecurityInsights.Autorest/generate-info.json:1
- The repository build/generation scripts expect each
*.Autorestsubmodule to include agenerate-info.json(tooling reads it to decide whether regeneration is needed and errors if it’s missing). Removing it fromSecurityInsights.Autorestis likely to break those scripts; please restore the file (or update the tooling if this submodule is intentionally exempt).
| @@ -0,0 +1,11 @@ | |||
| # Examples | |||
| This directory contains examples from the exported cmdlets of the module. When `build-module.ps1` is ran, example stub files will be generated here. If your module support Azure Profiles, the example stubs will be in individual profile folders. These example stubs should be updated to show how the cmdlet is used. The examples are imported into the documentation when `generate-help.ps1` is ran. | |||
There was a problem hiding this comment.
Grammar issues in this sentence make the guidance harder to read (e.g., “is ran” and “module support”). Please update to standard phrasing (“is run”, “module supports”, etc.).
| - Packaged: no | ||
|
|
||
| ## Purpose | ||
| This separates the example documentation details from the generated documentation information provided directly from the generated cmdlets. Since the cmdlets don't have examples from the REST spec, this provides a means to add examples easily. The example stubs provide the markdown format that is required. The 3 core elements are: the name of the example, the code information of the example, and the description of the example. That information, if the markdown format is followed, will be available to documentation generation and be part of the documents in the `..\docs` folder. No newline at end of file |
There was a problem hiding this comment.
The path shown as ..\docs is Windows-specific; in Markdown/docs guidance it’s typically clearer and cross-platform to use ../docs (forward slash). Please update the path format for consistency and to avoid confusion.
| $labels = $incident.Label + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IncidentLabel]::new() | ||
| $labels[-1].LabelName = "Reviewed" |
There was a problem hiding this comment.
Example 2 appends a new label using $incident.Label + ... and then uses $labels[-1]. If the incident has no existing labels, $labels can be a scalar and indexing will fail. Make sure $labels is always an array before indexing/appending (e.g., wrap the existing value into an array first).
| $labels = $incident.Label + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IncidentLabel]::new() | |
| $labels[-1].LabelName = "Reviewed" | |
| $newLabel = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IncidentLabel]::new() | |
| $newLabel.LabelName = "Reviewed" | |
| $labels = @($incident.Label) + $newLabel |
| ### Example 2: Update an Incident using InputObject | ||
| ```powershell | ||
| $incident = Get-AzSentinelIncident -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -Id "4a21e485-75ae-48b3-a7b9-e6a92bcfe434" | ||
| $labels = $incident.Label + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IncidentLabel]::new() |
There was a problem hiding this comment.
In Example 2, $labels is created with $incident.Label + ... and then indexed ($labels[-1]). If the incident has no labels, $incident.Label may be $null and $labels[-1] will fail. Initialize $labels as an array before indexing/appending so the example works for incidents without existing labels.
| $labels = $incident.Label + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IncidentLabel]::new() | |
| $labels = @($incident.Label) + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IncidentLabel]::new() |
| [assembly: System.Reflection.AssemblyTitleAttribute("Microsoft Azure PowerShell - SecurityInsights")] | ||
| [assembly: System.Reflection.AssemblyFileVersionAttribute("3.2.1")] | ||
| [assembly: System.Reflection.AssemblyVersionAttribute("3.2.1")] | ||
| [assembly: System.Reflection.AssemblyFileVersionAttribute("0.1.0.0")] | ||
| [assembly: System.Reflection.AssemblyVersionAttribute("0.1.0.0")] |
There was a problem hiding this comment.
This PR is marked as “documentation-only”, but it changes assembly version metadata in a generated AssemblyInfo file. If this wasn’t intentional, revert these version changes; if it is intentional, ensure the assembly versioning strategy is consistent with the module versioning/release process and explain why this change is required for the doc fix.
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
…ipeline example (#29294) Co-authored-by: coder999999999 <coder999999999@users.noreply.github.com> Co-authored-by: Nori Zhang <norizhang@microsoft.com>
Description
Fixes #29130
The
Update-AzSentinelIncidentdocumentation lists-Title,-Status, and-Severityas optional parameters. However, the underlying Sentinel REST API uses PUT (not PATCH), meaning these fields are required — omitting any of them results in an error:Changes
-Title,-Status, and-Severityare required by the API-InputObjectwhile preserving required fields from the original incidentFiles Changed
src/SecurityInsights/SecurityInsights.Autorest/examples/Update-AzSentinelIncident.mdsrc/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelIncident.mdsrc/SecurityInsights/SecurityInsights/help/Update-AzSentinelIncident.mdsrc/SecurityInsights/SecurityInsights/ChangeLog.md