QUESTION

When using Panther Analysis Tool (PAT) to update schemas, I'm getting a Failed to update schema from definition in file: key 'schema' not found error when processing test files, even though the main schema file updates successfully. Why is this happening and how can I fix it?

ANSWER

This error occurs because PAT attempts to process all YAML files (both .yml and .yaml extensions) in the directory structure as potential schema definitions. When test files use the .yaml extension, PAT incorrectly attempts to process them as schema files.

To resolve this issue, ensure all test files use the .yml extension instead of .yaml.

For example, if you have:

schemas/
└── intune/
    ├── intune.yaml
    └── tests/
        └── intune_tests.yaml

Rename intune_tests.yaml to intune_tests.yml:

schemas/
└── intune/
    ├── intune.yaml
    └── tests/
        └── intune_tests.yml

After making this change, PAT will properly recognize the test files and the schema update process should complete successfully without errors.