Skip to content

Fix: Cyren-SentinelOne workspaceResourceId ARM deployment error (InvalidTemplate on workspace name)#13990

Merged
v-atulyadav merged 9 commits intoAzure:masterfrom
mazamizo21:fix/cyren-sentinelone-workspace-resourceid
Apr 7, 2026
Merged

Fix: Cyren-SentinelOne workspaceResourceId ARM deployment error (InvalidTemplate on workspace name)#13990
v-atulyadav merged 9 commits intoAzure:masterfrom
mazamizo21:fix/cyren-sentinelone-workspace-resourceid

Conversation

@mazamizo21
Copy link
Copy Markdown
Contributor

@mazamizo21 mazamizo21 commented Apr 3, 2026

Problem

When deploying the Cyren-SentinelOne connector from Content Hub, deployment fails with:

InvalidTemplate: The template variable 'workspaceResourceId' is not valid.
The language expression 'resourceId('Microsoft.OperationalInsights/workspaces', cyren-to-sentinel)'
is not valid: the string character 't' at position '61' is not expected.

The workspace name was being inlined as a bare identifier instead of a quoted string reference.

Root Cause

In the inner Logic App template (contentTemplates.properties.mainTemplate), the workspaceResourceId variable used parameters('workspace') directly inside a double-bracket [[ expression:

"workspaceResourceId": "[[resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace'))]"

In the TemplateSpec/contentTemplate evaluation context, parameters('workspace') inside [[ does not resolve the parameter value at inner template deployment time — it inlines the value as a bare identifier, breaking ARMs expression parser.

Fix

Changed to use variables('workspace-name') instead, where workspace-name = [parameters('workspace')] is evaluated at outer scope. This is the exact same pattern used in the live TacitRed-SentinelOne connector (merged and verified working on Content Hub).

"workspaceResourceId": "[[resourceId('Microsoft.OperationalInsights/workspaces', variables('workspace-name'))]"

Files Changed

  • Solutions/Cyren-SentinelOne-ThreatIntelligence/Package/mainTemplate.json — 1 line change
  • Solutions/Cyren-SentinelOne-ThreatIntelligence/Package/3.0.1.zip — rebuilt with corrected template

Verification

  • Pattern confirmed against live TacitRed-SentinelOne connector (identical workspace-name variable indirection) ✅
  • ARM expression resolves correctly with fix ✅

fix: Cyren-SentinelOne inner template workspaceResourceId uses variab…
5f0bead 
…les('workspace-name') to fix ARM deployment error

When deploying from Content Hub, the inner Logic App template was evaluating
[[resourceId('...workspaces', parameters('workspace'))] incorrectly, causing:
'InvalidTemplate: The string character t at position 61 is not expected'

Fix: reference variables('workspace-name') which is [parameters('workspace')] at
outer evaluation scope — same pattern used in live TacitRed-SentinelOne connector.
@mazamizo21 mazamizo21 requested review from a team as code owners April 3, 2026 22:51
mazamizo21 pushed a commit to mazamizo21/Azure-Sentinel that referenced this pull request Apr 3, 2026
fix: workspaceResourceId use variables('workspace-name') not paramete…
1ef5e0b 
…rs('workspace') — same fix as Cyren-SentinelOne PR Azure#13990
mazamizo21 pushed a commit to mazamizo21/Azure-Sentinel that referenced this pull request Apr 3, 2026
fix: workspaceResourceId use variables('workspace-name') — ARM deploy…
a94b17c 
…ment fix (same as Cyren-SentinelOne PR Azure#13990)
@v-maheshbh v-maheshbh self-assigned this Apr 6, 2026
@v-maheshbh v-maheshbh added the Solution Solution specialty review needed label Apr 6, 2026
@v-atulyadav v-atulyadav merged commit c3b970c into Azure:master Apr 7, 2026
33 checks passed
mazamizo21 pushed a commit to mazamizo21/Azure-Sentinel that referenced this pull request Apr 19, 2026
fix: Vaikora-AzureSecurityCenter Content Hub + naming fixes (Azure#13986
7493ce2 
)

Per reviewer pattern scraped from TacitRed-Defender Azure#13266 + Cyren-SentinelOne
Azure#13657 merged commits:

1. Add missing `hidden-SentinelWorkspaceId` tag on Logic App resource
   (required for Content Hub template visibility — both TacitRed-IOC-CrowdStrike
   and Cyren-SentinelOne merged have this tag; we were missing it).
2. Define `workspace-name` + `workspaceResourceId` variables inside the
   nested playbook deployment template (matching Cyren-SentinelOne pattern
   post-Azure#13990 workspaceResourceId fix).
3. Bump Logic App tag version 1.0 → 1.0.0 (matches merged Cyren + TacitRed
   convention).
4. Fix broken logo URL: data443_logo.svg (404) → vaikora_logo.png
   (also added the PNG to Logos/ for this branch).
5. Fix createUiDefinition + Solution_*.json URL width attribute glue bug.
6. Fix solutionId format: vaikora-security-center-connector →
   azure-sentinel-solution-vaikora-security-center (matches
   data443riskmitigationinc1761580347231.azure-sentinel-solution-*
   pattern from all merged solutions).
7. Rebuild 3.0.0.zip with mainTemplate + createUiDefinition only
   (no testParameters, no Finder duplicates).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@v-atulyadav v-atulyadav v-atulyadav approved these changes

@v-maheshbh v-maheshbh v-maheshbh approved these changes

Assignees

@v-maheshbh v-maheshbh

Labels

Solution Solution specialty review needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mazamizo21 @v-atulyadav @v-maheshbh