search

Azure / AzOps

AzOps is a PowerShell module which deploys (Push) ARM Resource Templates & Bicep files at all Azure scope levels and exports (Pull) ARM resource hierarchy.
https://aka.ms/AzOps
MIT License
371 stars 158 forks source link

RP Microsoft.Management missing from Subscription during Initialize #863

Closed SebastianClaesson closed 3 months ago

SebastianClaesson commented 3 months ago

Describe the bug Unable to list Management groups if the resource provider "Microsoft.Management" is not registered in the subscription where AzOps is initialized.

This is only a bug due to the way we have decided to use AzOps, where we set it up in a Reader mode only.

The AzOps engine provides an error message that indicates it could be a permission issue, however, the issue is due to the resource provider not being registered in the subscription where the engine is initialized.

Steps to reproduce

  1. Set a subscription that does not have the resource provider "Microsoft.Management" registered in the credential variables.
  2. Fire off the AzOps Pull pipeline.

Screenshots Not registered: image

After registration: image

Jefajers commented 3 months ago

Hi @SebastianClaesson, thanks for reaching out. This scenario/situation and the given outcome is expected.

AzOps requires the management group resource provider registered in the Azure subscription designated during initialization.

To move forward please ensure to register the management group resource provider in the designated Azure subscription used during initialization and re-run the pipeline.

SebastianClaesson commented 3 months ago

Hi @Jefajers ,

Thanks for the response!

I guess the wiki could be updated here or added to the FAQ (to help anyone else implementing azops in the same way we've done); https://github.com/azure/azops/wiki/prerequisites#steps With the information box, with information that the "Microsoft.Management" resource provider will be registered (or requires that it's pre-registered).

The Initialize-AzOpsEnviroment function does not output the error from the PowerShell function, instead it provides a customized error message; https://github.com/Azure/AzOps/blob/2451859f4c99708fe387bcafbe42b275ed7005ee/src/functions/Initialize-AzOpsEnvironment.ps1#L121-L124

Seems the Azure PowerShell command itself does have this check; image

So perhaps it wouldn't be a huge code change to implement it!

Exception provided by Get-AzManagementGroup function in Az PowerShell Module; https://github.com/Azure/azure-powershell/blob/8b31f633c9e5e27139a5922847b203819e340714/src/Resources/Resources/ManagementGroups/Common/AzureManagementGroupsCmdletBase.cs#L132-L138

Jefajers commented 3 months ago

Great idea @SebastianClaesson, lets adopt both of your suggestions by clarifying this requirement in the wiki and in addition to the custom message we could output the generated error code as well to improve clarity.

I will amend this issue as a feature request :)

Would you possibly like to create a PR for these changes for me to review or would you prefer that i implement these suggestions?.

SebastianClaesson commented 3 months ago

I'll create a PR for these changes during the day for your reviewal.

Thanks a lot @Jefajers !