Giter VIP home page Giter VIP logo

Comments (8)

anwather avatar anwather commented on September 7, 2024

from enterprise-azure-policy-as-code.

anderssonpof avatar anderssonpof commented on September 7, 2024

We are currently deploying with azure devops, deploy doesn't even run since the build stage fails.

I'm unsure how to reproduce this since I cannot correlate the resources with any configuration in the policy files.

Looking at the debug logs it loops through all resources in the subscription? It seems that the resources gets returned twice from the API and then Build-ExemptionsPlan tries to add it twice to the list.

===================================================================================================
Processing Policy Exemption files in folder './policy/definitions/policyExemptions/tenant'
===================================================================================================
Number of Policy Exemption files = 2

---------------------------------------------------------------------------------------------------
Processing file './policy/definitions/policyExemptions/tenant/policy-exemption.jsonc'
---------------------------------------------------------------------------------------------------
DEBUG: 12:28:18 PM - InvokeAzRestMethodCommand begin processing with ParameterSet 'ByPath'.
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://management.azure.com/subscriptions/subid/resources?api-version=2021-04-01

starting row 832576
    {
      "id": "/subscriptions/subid/resourceGroups/rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/DeploymentScript",
      "name": "DeploymentScript",
      "type": "Microsoft.ManagedIdentity/userAssignedIdentities",
      "location": "westeurope",
      "tags": {}
    },
"nextLink": "https://management.azure.com/subscriptions/id/resources?api-version=2021-04-01&%24skiptoken=token%3d"

HTTP Method:
GET

Absolute Uri:
https://management.azure.com/subscriptions/subid/resources?api-version=2021-04-01&%24skiptoken=token%3d
starting row 846243
    {
      "id": "/subscriptions/subid/resourceGroups/rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/DeploymentScript",
      "name": "DeploymentScript",
      "type": "Microsoft.ManagedIdentity/userAssignedIdentities",
      "location": "westeurope",
      "tags": {}
    },

from enterprise-azure-policy-as-code.

anwather avatar anwather commented on September 7, 2024

Can you please try explicitly using v10.2.13 and see if the issue still occurs - I'm trying to narrow down what is cause this. It may have been a change to Get-AzResourceListMethod .

Also can you confirm the number of resources in the subscription? I want to check if it is fault with the code we have added to support paging.

from enterprise-azure-policy-as-code.

anderssonpof avatar anderssonpof commented on September 7, 2024

v10.2.13 works without any errors.

Number of resources in the subscription according to Get-AzResource is: 2664

from enterprise-azure-policy-as-code.

anwather avatar anwather commented on September 7, 2024

Yeah just thinking it is using the paging function which could be wrong - are you able to run Get-AzResourceListMethod and see if any duplicate resources are returned from that function? Specifically the Id field. What we do in the code (for some reason) is construct a new hashtable from the result of that function and add each item returned into it using the id as they key. So I suspect there are duplicate id's being returned and I'm not sure why....

from enterprise-azure-policy-as-code.

anderssonpof avatar anderssonpof commented on September 7, 2024

I used the following https://github.com/Azure/enterprise-azure-policy-as-code/blob/main/Scripts/Helpers/RestMethods/Get-AzResourceListRestMethod.ps1

Duplicate types are Microsoft.ManagedIdentity/userAssignedIdentities and Microsoft.Insights/ActivityLogAlerts

Running Get-AzResourceListRestMethod
With the following filter

$path = "/subscriptions/$SubscriptionId/resources?api-version=$ApiVersion&`$filter=resourceType eq 'Microsoft.Insights/ActivityLogAlerts'"

No duplicates

With the following filter

$path = "/subscriptions/$SubscriptionId/resources?api-version=$ApiVersion&`$filter=resourceType eq 'Microsoft.ManagedIdentity/userAssignedIdentities'"

No duplicateas

Running it without any filters

$path = "/subscriptions/$SubscriptionId/resources?api-version=$ApiVersion"

I get duplicates for some reason
Looking at the hashtable there's duplicates

Count          : 5
IsFixedSize    : False
IsReadOnly     : False
IsSynchronized : False
Keys           : {id, name, type, location…}
Values         : {/subscriptions/subid/resourceGroups/rgname/providers/Microsoft.ManagedIdentity/userAssignedIdentities/DeploymentScript, DeploymentScript, Microsoft.ManagedIdentity/userAssignedIdentities, westeurope…}
SyncRoot       : {[id, /subscriptions/subid/resourceGroups/rgname/providers/Microsoft.ManagedIdentity/userAssignedIdentities/DeploymentScript], [name, DeploymentScript], [type, Microsoft.ManagedIdentity/userAssignedIdentities], [location, westeurope]…}


Count          : 5
IsFixedSize    : False
IsReadOnly     : False
IsSynchronized : False
Keys           : {id, name, type, location…}
Values         : {/subscriptions/subid/resourceGroups/rgname/providers/Microsoft.ManagedIdentity/userAssignedIdentities/DeploymentScript, DeploymentScript, Microsoft.ManagedIdentity/userAssignedIdentities, westeurope…}
SyncRoot       : {[id, /subscriptions/subid/resourceGroups/rgname/providers/Microsoft.ManagedIdentity/userAssignedIdentities/DeploymentScript], [name, DeploymentScript], [type, Microsoft.ManagedIdentity/userAssignedIdentities], [location, westeurope]…}

from enterprise-azure-policy-as-code.

anwather avatar anwather commented on September 7, 2024

from enterprise-azure-policy-as-code.

anderssonpof avatar anderssonpof commented on September 7, 2024

From what I can discern the object(s) have the same properties and the same resource id.

from enterprise-azure-policy-as-code.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.