yonzhan
commented
2 years ago route to CXP team
Open HansZimmer5000 opened 2 years ago
yonzhan
commented
2 years ago route to CXP team
SatishBoddu-MSFT
commented
2 years ago Hello @HansZimmer5000 thanks for reaching out no this issue!
Did you try this command from Windows OS PC or from the Azure Portal's cloud shell? I see you are using Mac OS, so wanted to check if this command works from your side on Windows or the cloud shell/
Did you try the command with the resource group parameter?
az policy state list -g "myRg"
walking-appa
commented
2 years ago Facing a similar issue with the Python SDK Code:
from azure.mgmt.policyinsights import PolicyInsightsClient
from azure.mgmt.policyinsights.models import PolicyStatesResource
from azure.identity import AzureCliCredential
creds = AzureCliCredential()
client = PolicyInsightsClient(credential=creds, subscription_id="Placeholder")
results = client.policy_states.list_query_results_for_management_group(
management_group_name="Engineering",
policy_states_resource=PolicyStatesResource.DEFAULT)
for result in results:
passTraceback:
Traceback (most recent call last):
File "/Users/dhruv/Workspace/Projects/AEO0/security-policy/rbc/test.py", line 15, in <module>
for result in results:
File "/Users/dhruv/Workspace/Projects/AEO0/security-policy/.venv/lib/python3.7/site-packages/azure/core/paging.py", line 129, in __next__
return next(self._page_iterator)
File "/Users/dhruv/Workspace/Projects/AEO0/security-policy/.venv/lib/python3.7/site-packages/azure/core/paging.py", line 76, in __next__
self._response = self._get_next(self.continuation_token)
File "/Users/dhruv/Workspace/Projects/AEO0/security-policy/.venv/lib/python3.7/site-packages/azure/mgmt/policyinsights/operations/_policy_states_operations.py", line 158, in get_next
map_error(status_code=response.status_code, response=response, error_map=error_map)
File "/Users/dhruv/Workspace/Projects/AEO0/security-policy/.venv/lib/python3.7/site-packages/azure/core/exceptions.py", line 105, in map_error
raise error
azure.core.exceptions.ResourceNotFoundError: (ResourceTypeNotSupported) Unsupported resource type: 'Microsoft.PolicyInsights/policyStates/queryResults'.
Code: ResourceTypeNotSupported
Message: Unsupported resource type: 'Microsoft.PolicyInsights/policyStates/queryResults'.The issue occurs when the code tries to use skipToken
ghost
commented
2 years ago Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @josephkwchan, @jennyhunter-msft.
| Author: | HansZimmer5000 |
|---|---|
| Assignees: | jiasli, zhoxing-ms |
| Labels: | `Service Attention`, `ARM`, `customer-reported`, `needs-author-feedback`, `Auto-Assign` |
| Milestone: | Backlog |
HansZimmer5000
commented
2 years ago Good morning from Amsterdam!
Thanks for the replies.
@SatishBoddu-MSFT
Did you try this command from Windows OS PC or from the Azure Portal's cloud shell?
Get the same error via Cloud Shells PowerShell:
PS /path/user> az policy state list
(ResourceTypeNotSupported) Unsupported resource type: 'Microsoft.PolicyInsights/policyStates/queryResults'.
Code: ResourceTypeNotSupported
Message: Unsupported resource type: 'Microsoft.PolicyInsights/policyStates/queryResults'.Did you try the command with the resource group parameter?
Just yet, and indeed this one works without error.
zhoxing-ms
commented
2 years ago This issue seems to be a service issue:
Request URL:
GET /subscriptions/{subscription}/providers/Microsoft.PolicyInsights/policyStates/default/queryResults?api-version=2019-10-01&$skipToken=xxx HTTP/1.1Response:
{"error":{"code":"ResourceTypeNotSupported","message":"Unsupported resource type: 'Microsoft.PolicyInsights/policyStates/queryResults'."}}This issue needs the service team to investigate the root cause of this error message
HansZimmer5000
commented
2 years ago Since https://github.com/Azure/azure-cli/pull/22043 is merged and addresses this issue, can I test this somehow? Would I need the full dev-setup or is there a dev branch version of the Azure CLI (e.g. that can be installed via brew)?
zhoxing-ms
commented
2 years ago @HansZimmer5000 This PR https://github.com/Azure/azure-cli/pull/22043 has been released. You can install the latest version (2.37.0) of CLI and then try again
BlakeWills
commented
2 years ago This is still an issue.
I'm trying to extract data from the api using the queryResultsUri from the object returned by the az policy state command and I'm running into this exact issue.
$state = az policy state summarize | convertfrom-json
$uri = $state[0].policyAssignments[1].results.queryResultsUri
az rest --url $uriResults in the following error:
Not Found({"error":{"code":"ResourceTypeNotSupported","message":"Unsupported resource type: 'Microsoft.PolicyInsights/policyStates/queryResults'."}})
This also looks like a server side and not a cli issue, as the error is still present even if you bypass the cli and call the url directly.
Just for reference, the url we get back is:
https://management.azure.com/subscriptions/[sub-guid]/providers/Microsoft.PolicyInsights/policyStates/latest/queryResults?api-version=2019-10-01&$from=2022-10-23 16:17:15Z&$to=2022-10-24 16:17:15Z&$filter=PolicyAssignmentId eq '/providers/microsoft.management/managementgroups/[name]/providers/microsoft.authorization/policyassignments/[assignmentId]'
zhoxing-ms
commented
2 years ago @najagasi Could you please take a look at the above issue?
ghost
commented
2 years ago Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @aperezcloud, @kenieva.
| Author: | HansZimmer5000 |
|---|---|
| Assignees: | jiasli, zhoxing-ms |
| Labels: | `Service Attention`, `customer-reported`, `Policy`, `needs-team-attention`, `Auto-Assign` |
| Milestone: | Backlog |
timzhang926
commented
1 year ago I have the same issue:
HansZimmer5000
commented
1 year ago @zhoxing-ms
az policy state list --all works for me now, no problems / warnings. Have az in version 2.42.0.
I didn't check the Rest API yet. Might do it tomorrow, but don't rely on it.
zhoxing-ms
commented
1 year ago @HansZimmer5000 Thank you for your feedback! As we discussed before, this is a REST service-related problem. I guess the service team may have fixed this problem. @najagasi Could you please help confirm it?
HansZimmer5000
commented
1 year ago @zhoxing-ms
Just checked via az rest, same error as reported by @BlakeWills earlier: Not Found({"error":{"code":"ResourceTypeNotSupported","message":"Unsupported resource type: 'Microsoft.PolicyInsights/policyStates/queryResults'."}})
Exact command used (executed once with "default", once with "latest"):
az rest --url "https://management.azure.com/subscriptions/{subscription id}/providers/Microsoft.PolicyInsights/policyStates/{"default" or "latest"}/queryResults?api-version=2019-10-01"
Tealons
commented
1 year ago We are also hitting this error completely out of the blue after using az policy state for several months now. Also, no idea how to solve this issue? Using the REST api directly also gives back the same error. Seeing this thread does not make us hopeful for fix soon :(
CarstenHS
commented
1 year ago @zhoxing-ms, I'm trying to apply some policy_definitions via terraform wrapped in an initiative. I'm also getting this error with latest version of terraform 1.4.6. Could you be so kind and verify with your colleague you tagged whether or not this is solved?
│ Error: creating/updating Policy Definition "no_inbound_private_endpoint_cross_subscription_Microsoft.Batch/batchAccounts": policy.DefinitionsClient#CreateOrUpdateAtManagementGroup: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="ResourceTypeNotSupported" Message="Unsupported resource type: 'Microsoft.Authorization/policyDefinitions/batchAccounts'." │ │ with module.policies.module.private_endpoint_initiative_definition.azurerm_policy_definition.policy_definition_no_inbound_pe["Microsoft.Batch/batchAccounts"], │ on policies/initiatives/private_endpoints/main.tf line 55, in resource "azurerm_policy_definition" "policy_definition_no_inbound_pe": │ 55: resource "azurerm_policy_definition" "policy_definition_no_inbound_pe" { │ ╵
╷ │ Error: creating/updating Policy Definition "no_inbound_private_endpoint_cross_subscription_Microsoft.Search/searchServices": policy.DefinitionsClient#CreateOrUpdateAtManagementGroup: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="ResourceTypeNotSupported" Message="Unsupported resource type: 'Microsoft.Authorization/policyDefinitions/searchServices'." │ │ with module.policies.module.private_endpoint_initiative_definition.azurerm_policy_definition.policy_definition_no_inbound_pe["Microsoft.Search/searchServices"], │ on policies/initiatives/private_endpoints/main.tf line 55, in resource "azurerm_policy_definition" "policy_definition_no_inbound_pe": │ 55: resource "azurerm_policy_definition" "policy_definition_no_inbound_pe"
zhoxing-ms
commented
1 year ago @CarstenHS I'm not sure if this is a service issue or Terraform usage related issue. @mybayern1974 Could you please let the right person help with the above issue?
mybayern1974
commented
1 year ago @CarstenHS with acknowledging I did not read through this long thread, if you believe this is Terraform AzureRM related, please file an issue to that repo thus TF specific engineers from either Hashicorp or Microsoft or the community could chime in there.
CarstenHS
commented
1 year ago I figured out it was not so beneficial to have “/“ in the name as this goes into the resource id. Obvious thing, terraform ought to validate that input.
xchotard-talentsoft
commented
1 year ago I'm trying to monitor Azure policies by REST API:
az rest --url "https://management.azure.com/subscriptions/{my_subscription_id}/providers/Microsoft.PolicyInsights/policyStates/latest/queryResults?api-version=2019-10-01"Returns:
Not Found({"error":{"code":"ResourceTypeNotSupported","message":"Unsupported resource type: 'Microsoft.PolicyInsights/policyStates/queryResults'."}})EDIT: Added --method post and it works now. I guess I got confused by the message and by the fact that I tested with different languages.
gulycka
commented
9 months ago Any update regarding issue after longer time? I can see the issue is still unresolved. Environment: Windows 11, Python 3.12.1. Some subscriptions work, some trigger below stated error.
Sample code:
from azure.mgmt.resource import PolicyClient
policy_states = policy_insights_client.policy_states.list_query_results_for_subscription(
policy_states_resource='latest',
subscription_id=subscription_id
)
for policy_state_for_resource in policy_states:
print(policy_state_for_resource)Error:
azure.core.exceptions.ResourceNotFoundError: (ResourceTypeNotSupported) Unsupported resource type: 'Microsoft.PolicyInsights/policyStates/queryResults'.
Code: ResourceTypeNotSupported
Message: Unsupported resource type: 'Microsoft.PolicyInsights/policyStates/queryResults'.
mmulhearn
commented
5 months ago Still seeing this today. I'm not sure how anyone is using this as it appears to be a bug within the pagination logic (goes to retrieve the next page and errors).
azure-common==1.1.28
azure-core==1.30.1
azure-identity==1.16.0
azure-mgmt-core==1.4.0
azure-mgmt-policyinsights==1.0.0FYI, issue seems to be resolved in beta 1.1.0b4
sneha896
commented
5 months ago Still seeing this today. I'm not sure how anyone is using this as it appears to be a bug within the pagination logic (goes to retrieve the next page and errors).
azure-common==1.1.28 azure-core==1.30.1 azure-identity==1.16.0 azure-mgmt-core==1.4.0 azure-mgmt-policyinsights==1.0.0
@mmulhearn Can you share the pagination logic?
Good day! On the way to look for noncompliant resources I executed 'az policy state list --all' which ended up in an error see below. I get the same error when I execute 'az rest' with the uri described here Azure Doc (of course with adjusted values, e.g. subscription id)
Describe the bug
Command Name
az policy state listErrors:
To Reproduce:
az policy state list --allExpected Behavior
Environment Summary
Additional Context