search

Azure / Azure-Proactive-Resiliency-Library-v2

Azure Proactive Resiliency Library v2 (APRL) - Source for Azure WAF reliability guidance and associated ARG queries
https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/
MIT License
67 stars 81 forks source link

🪲 Bug Report - Resource Group Filter is not working #324

Closed humblejay closed 2 months ago

humblejay commented 3 months ago

Describe the bug

The latest 1_wara-collector.ps1 script allows selecting Tenant, Subscription, Resource Groups, Tag to scope a workload If in a single subscription and few resources groups in it are provided, the script returns all resources in all resource groups. In addition it creates duplicate entries under impacted resources. If only resource groups are provided the script errors out.

To Reproduce

Steps to reproduce the behaviour:

  1. Download 1_wara_collector.ps1
  2. Run the script with Tenant, Subscription and Resource groups (either commandline parameter or -ConfigFile)
  3. Run 2_wara_reports_generator.ps1 on the json created in Step 2
  4. Check "Impacted Resources", select all cells and attempt to remove duplicates from Data > Remove duplicates

Expected behaviour

If resource groups are provided in the same subscription only the resources in those resource groups should be collected. The script should not error out if only resource groups are provided in the format /subscriptions//resourceGroups/

Screenshots 📷

Additional context

Separate issue was logged for duplicates Issue 292

ejhenry commented 3 months ago

@humblejay can you provide the details on the command you are running that results in the error? Also, please include a screenshot if possible. As you mentioned #292 is already open for the duplicate results, so we'll focus on the error you encountered with this bug.

tksh164 commented 2 months ago

Tried to reproduce this issue then found some issues. But I will retry reproduce after #367 merged.

The following is my test result with the wara_collector.ps1 version 2.0.14 (the latest script at this time).

(A) Subscription ID only (no filters): No duplicated recommendations.

$params = @{
    TenantID        = '00000000-0000-0000-0000-000000000000'
    SubscriptionIds = '11111111-1111-1111-1111-111111111111'
}
.\1_wara_collector.ps1 @params

(B) Subscription ID with resource group filters: There are duplicated recommendations because data collection did two times against resources in the specified resource groups. The first collection is the entire subscription, second collection is the specified resource groups. This behavior seems by design because the next example (C) works correctly, but not user-friendly in my feel.

$params = @{
    TenantID        = '00000000-0000-0000-0000-000000000000'
    SubscriptionIds = '11111111-1111-1111-1111-111111111111'
    ResourceGroups  = @(
        '/subscriptions/11111111-1111-1111-1111-111111111111/resourceGroups/rg1',
        '/subscriptions/11111111-1111-1111-1111-111111111111/resourceGroups/rg2'
    )
}
.\1_wara_collector.ps1 @params

image

(C) Resource group filters only: The version 2.0.14 of 1_wara_collector.ps1 works without subscription ID. So, if you want to collect some resource groups within a single subscription, you need to be specify the ResourceGroups parameter only.

$params = @{
    TenantID        = '00000000-0000-0000-0000-000000000000'
    ResourceGroups  = @(
        '/subscriptions/11111111-1111-1111-1111-111111111111/resourceGroups/rg1',
        '/subscriptions/11111111-1111-1111-1111-111111111111/resourceGroups/rg2'
    )
}
.\1_wara_collector.ps1 @params

Also, there are duplicating cases other than those mentioned above. I'm not yet enough research, but some resource type's recommendations such as storage accounts are duplicated if specify the ResrouceGroups parameter.