Closed timayabi2020 closed 1 year ago
@timayabi2020 Would you share more details to reproduce the issue? e.g. swagger, how you guys generate the module with autorest.powershell
@dolauli below are the steps on how to reproduce this issue
Connect-MgGraph -Scope "AccessReview.ReadWrite.All"
.Select-MgProfile "beta"
$requestBody = @{ "descriptionForAdmins" = "Review for some pim roles" "descriptionForReviewers" = "Review for some pim roles" "displayName" = "PIM review" "scope" = @{ "query" = "/roleManagement/directory/roleEligibilityScheduleInstances?$expand=principal&$filter=(isof(principal,'microsoft.graph.user') and roleDefinitionId eq '9c6df0f2-1e7c-4dc3-b195-66dfbd24aa8f')" "queryType" = "MicrosoftGraph" "@odata.type" = "#microsoft.graph.accessReviewQueryScope" } "settings" = @{ "defaultDecision" = "Deny" "defaultDecisionEnabled" = $false "instanceDurationInDays" = 25 "justificationRequiredOnApproval" = $true "mailNotificationsEnabled" = $true "recommendationsEnabled" = $true "reminderNotificationsEnabled" = $true "recurrence" = @{ "pattern" = @{ "type" = "absoluteMonthly" "interval" = 3 } "range" = @{ "type" = "noEnd" "startDate" = "2023-06-01" } } } }
New-MgIdentityGovernanceAccessReviewDefinition -BodyParameter $requestBody -debug
We use pipelines defined on this repository to generate powershell cmdlets from open API files. In this particular case, the open API file responsible is here
@dolauli Xiaogang Ding FTE below are the steps on how to reproduce this issue
- Install Microsoft.Graph PowerShell SDK from here.
- Connect to Microsoft Graph
Connect-MgGraph -Scope "AccessReview.ReadWrite.All"
.- Switch to Microsoft Graph's beta endpoint
Select-MgProfile "beta"
- Construct the request payload like the one below.
$requestBody = @{ "descriptionForAdmins" = "Review for some pim roles" "descriptionForReviewers" = "Review for some pim roles" "displayName" = "PIM review" "scope" = @{ "query" = "/roleManagement/directory/roleEligibilityScheduleInstances?$expand=principal&$filter=(isof(principal,'microsoft.graph.user') and roleDefinitionId eq '9c6df0f2-1e7c-4dc3-b195-66dfbd24aa8f')" "queryType" = "MicrosoftGraph" "@odata.type" = "#microsoft.graph.accessReviewQueryScope" } "settings" = @{ "defaultDecision" = "Deny" "defaultDecisionEnabled" = $false "instanceDurationInDays" = 25 "justificationRequiredOnApproval" = $true "mailNotificationsEnabled" = $true "recommendationsEnabled" = $true "reminderNotificationsEnabled" = $true "recurrence" = @{ "pattern" = @{ "type" = "absoluteMonthly" "interval" = 3 } "range" = @{ "type" = "noEnd" "startDate" = "2023-06-01" } } } }
- Run the following command with debug
New-MgIdentityGovernanceAccessReviewDefinition -BodyParameter $requestBody -debug
We use pipelines defined on this repository to generate powershell cmdlets from open API files. In this particular case, the open API file responsible is here
@timayabi2020 This is not something I really need. I do not have much time to dive into your project. Would you provide two things for me to reproduce your issue.
Here is an example you may follow.
@dolauli thanks for the clarification and the shared example. Below are the repro steps Using sample at: https://gist.github.com/timayabi2020/ce733256dab5002ee304d87d4b15642f
autorest --title:"Identity.Governance" autorestConfig.yml --verbose
autorestConfig.yml
powershell: true
version: latest
use: '@autorest/powershell@3.x' #Replace with '@autorest/powershell@2.x' for autorest v2
export-properties-for-dict: false
subject-prefix: '-Mg'
azure: false
input-file: "https://gist.githubusercontent.com/timayabi2020/ce733256dab5002ee304d87d4b15642f/raw/d1cc2aae8a47646f32ad9c0ac4448425f9e8a88d/SampleIdentityGovernance.yml"
output-folder: IdentityGovernance\src\$(title)
clear-output-folder: true
use-internal-constructors: true
use-datetimeoffset : true
metadata:
authors: Microsoft Corporation
owners: Microsoft Corporation
companyName: Microsoft Corporation
description: 'Microsoft Graph PowerShell Cmdlets'
copyright: © Microsoft Corporation. All rights reserved.
tags: Microsoft Office365 Graph PowerShell PSModule PSIncludes_Cmdlet
requireLicenseAcceptance: true
licenseUri: https://aka.ms/devservicesagreement
projectUri: https://github.com/microsoftgraph/msgraph-sdk-powershell
iconUri: https://raw.githubusercontent.com/microsoftgraph/g-raph/master/g-raph.png
directive:
- no-inline:
- MicrosoftGraphSharepointIds
- MicrosoftGraphIdentitySet
- MicrosoftGraphItemReference
- MicrosoftGraphDirectoryObject
- MicrosoftGraphUser
- MicrosoftGraphDrive
- MicrosoftGraphListItem
- MicrosoftGraphPost
- MicrosoftGraphSectionGroup
- MicrosoftGraphTeam
- MicrosoftGraphRecipient
- MicrosoftGraphGroupPolicyCategory
- MicrosoftGraphPrinter
- MicrosoftGraphPrinterShare
- MicrosoftGraphGovernanceResource
- MicrosoftGraphGovernanceRoleAssignment
- MicrosoftGraphGovernanceRoleDefinition
- MicrosoftGraphWorkbookOperationError
- MicrosoftGraphParentLabelDetails
- MicrosoftGraphEdiscoveryTag
- MicrosoftGraphEdiscoverySourceCollection
- MicrosoftGraphContentType
- MicrosoftGraphColumnDefinition
- MicrosoftGraphGroupPolicyDefinition
- MicrosoftGraphGroupPolicyDefinitionValue
- MicrosoftGraphSynchronizationLinkedObjects
- MicrosoftGraphSecuritySecurity
- MicrosoftGraphTeamSummary
- MicrosoftGraphSecurityInformationProtection
- MicrosoftGraphSecurityInformationProtectionPolicySetting
- MicrosoftGraphSecuritySensitivityLabel
- MicrosoftGraphTaskViewpoint
- MicrosoftGraphSecurityEdiscoveryReviewTag
- MicrosoftGraphSecurityEdiscoverySearch
- MicrosoftGraphManagedTenantsManagementTemplateStep
- MicrosoftGraphPlannerTaskCreation
- MicrosoftGraphPlannerTeamsPublicationInfo
The below versions (V3 and V2) of autorest have been used.
@timayabi2020 This is not an autorest issue. The root cause if you did not construct the $requestBody correctly. In PowerShell, if you use $xx, it will parse it as a variable whose name is xx. You will need to use something like "`$xx" instead of "$xx".
@dolauli . Thanks alot.
For paths with query options like $filter, $expand etc. that form part of the request body to Microsoft Graph APIs, the Microsoft Graph PowerShell SDK treats them as empty variables and ends up removing them from the path.
For example, for such a request body which has an Odata path as part of the request body, the $filter and $expand query options will be removed. { "descriptionForAdmins": "Review for some pim roles", "descriptionForReviewers": "Review for some pim roles", "displayName": "PIM review", "scope": { "query": "/roleManagement/directory/roleEligibilityScheduleInstances?$expand=principal&$filter=(isof(principal,'microsoft.graph.user') and roleDefinitionId eq '8424c6f0-XXXX-499e-XXXX-26c1753c96d4')", "queryType": "MicrosoftGraph", "@odata.type": "#microsoft.graph.accessReviewQueryScope" }, "settings": { "defaultDecision": "Deny", "defaultDecisionEnabled": false, "instanceDurationInDays": 25, "justificationRequiredOnApproval": true, "mailNotificationsEnabled": true, "recommendationsEnabled": true, "reminderNotificationsEnabled": true, "recurrence": { "pattern": { "type": "absoluteMonthly", "interval": 3 }, "range": { "type": "noEnd", "startDate": "2023-06-01" } } } }
This is the request being sent to the API resulting to an "Internal server error response"
The same request executes successfully when done via Graph Explorer.
See related issue