search

Azure / azure-powershell

Microsoft Azure PowerShell
Other
4.21k stars 3.82k forks source link

Unable to assign app permissions to a managed identity resource. #18412

Closed josefehse closed 7 months ago

josefehse commented 2 years ago

Description

Trying to assing microsoft graph permissions to a managed identify azure function. The old method (AzureAD) works fine. With the new module, here's the issue: I can get application ID and object ID of the MI using Get-azadServicePrincipal. When trying to use Add-AzADPermission it fails: image You can see the module uses get-azadapplication: image However, get-azadapplication won't find service principals for Managed Identities, only Enterprise Applications. Am I missing something or is it a gap?

Thank you.

Issue script & Debug output

DEBUG: [CmdletBeginProcessing]: Starting command
DEBUG: CmdletBeginProcessing: 
DEBUG: CmdletProcessRecordStart: 
DEBUG: CmdletGetPipeline: 
DEBUG: CmdletBeforeAPICall: 
DEBUG: URLCreated: /applications/976b8749-70bf-4465-84b1-06a6169ee419
DEBUG: RequestCreated: /v1.0/applications/976b8749-70bf-4465-84b1-06a6169ee419
DEBUG: HeaderParametersAdded: 
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://graph.microsoft.com/v1.0/applications/976b8749-70bf-4465-84b1-06a6169ee419

Headers:
x-ms-unique-id                : 39,40,41
x-ms-client-request-id        : f2e56275-ae54-46f1-ac81-d8be8a0876ef
CommandName                   : Az.MSGraph.internal\Get-AzADApplication
FullCommandName               : Get-AzADApplication_Get
ParameterSetName              : __AllParameterSets
User-Agent                    : AzurePowershell/v8.0.0,PSVersion/v7.2.3,Az.MSGraph/6.0.0

Body:

DEBUG: BeforeCall: 
DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
NotFound

Headers:
Cache-Control                 : no-cache
Transfer-Encoding             : chunked
Strict-Transport-Security     : max-age=31536000
request-id                    : 1fa1e6e6-c513-49bc-b97f-09d499da202a
client-request-id             : 1fa1e6e6-c513-49bc-b97f-09d499da202a
x-ms-ags-diagnostic           : {"ServerInfo":{"DataCenter":"Canada East","Slice":"E","Ring":"2","ScaleUnit":"000","RoleInstance":"QB1PEPF00002184"}}
x-ms-resource-unit            : 1
Date                          : Mon, 06 Jun 2022 22:27:40 GMT

Body:
{
  "error": {
    "code": "Request_ResourceNotFound",
    "message": "Resource '976b8749-70bf-4465-84b1-06a6169ee419' does not exist or one of its queried reference-property objects are not present.",
    "innerError": {
      "date": "2022-06-06T22:27:41",
      "request-id": "1fa1e6e6-c513-49bc-b97f-09d499da202a",
      "client-request-id": "1fa1e6e6-c513-49bc-b97f-09d499da202a"
    }
  }
}

DEBUG: ResponseCreated: 
DEBUG: BeforeResponseDispatch: 
Get-AzADApplication_Get: /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPermission.ps1:103:17
Line |
 103 |  …             $app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBou …
     |                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Resource '976b8749-70bf-4465-84b1-06a6169ee419' does not exist or one of its queried reference-property
     | objects are not present.

DEBUG: [Finally]: Getting exception 'Microsoft.Azure.Commands.Common.Exceptions.AzPSResourceNotFoundCloudException: InternalException' from response
DEBUG: Finally: 
DEBUG: CmdletAfterAPICall: 
DEBUG: [CmdletProcessRecordAsyncEnd]: Finish HTTP process
DEBUG: CmdletProcessRecordAsyncEnd: 
DEBUG: CmdletProcessRecordEnd: 
Add-AzADAppPermission: /home/jofehse/git/grfunc/setup/test.ps1:20:17
Line |
  20 |  …             Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id  …
     |                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Cannot find application by ObjectId 976b8749-70bf-4465-84b1-06a6169ee419

Environment data

Name                           Value
----                           -----
PSVersion                      7.2.3
PSEdition                      Core
GitCommitId                    7.2.3
OS                             Linux 5.15.0-33-generic #34-Ubuntu SMP Wed May 18 13:34:26 UTC 2022
Platform                       Unix
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Module versions

ModuleType Version    PreRelease Name                                ExportedCommands
---------- -------    ---------- ----                                ----------------
Script     8.0.0                 Az                                  
Script     2.8.0                 Az.Accounts                         {Add-AzEnvironment, Clear-AzConfig, Clear-AzContext,…
Script     1.1.2                 Az.Advisor                          {Disable-AzAdvisorRecommendation, Enable-AzAdvisorRe…
Script     4.1.0                 Az.Aks                              {Disable-AzAksAddOn, Enable-AzAksAddOn, Get-AzAksClu…
Script     1.1.4                 Az.AnalysisServices                 {Add-AzAnalysisServicesAccount, Export-AzAnalysisSer…
Script     3.0.0                 Az.ApiManagement                    {Add-AzApiManagementApiToGateway, Add-AzApiManagemen…
Script     1.1.0                 Az.AppConfiguration                 {Get-AzAppConfigurationStore, Get-AzAppConfiguration…
Script     2.0.0                 Az.ApplicationInsights              {Get-AzApplicationInsights, Get-AzApplicationInsight…
Script     1.0.0                 Az.Attestation                      {Add-AzAttestationPolicySigner, Get-AzAttestation, G…
Script     1.7.3                 Az.Automation                       {Export-AzAutomationDscConfiguration, Export-AzAutom…
Script     3.2.0                 Az.Batch                            {Disable-AzBatchAutoScale, Disable-AzBatchComputeNod…
Script     2.0.0                 Az.Billing                          {Get-AzBillingAccount, Get-AzBillingInvoice, Get-AzB…
Script     2.1.0                 Az.Cdn                              {Clear-AzCdnEndpointContent, Clear-AzFrontDoorCdnEnd…
Script     1.1.0                 Az.CloudService                     {Get-AzCloudService, Get-AzCloudServiceInstanceView,…
Script     1.11.0                Az.CognitiveServices                {Add-AzCognitiveServicesAccountNetworkRule, Get-AzCo…
Script     4.27.0                Az.Compute                          {Add-AzImageDataDisk, Add-AzVhd, Add-AzVMAdditionalU…
Script     3.1.0                 Az.ContainerInstance                {Add-AzContainerInstanceOutput, Get-AzContainerGroup…
Script     3.0.0                 Az.ContainerRegistry                {Connect-AzContainerRegistry, Get-AzContainerRegistr…
Script     1.8.0                 Az.CosmosDB                         {Get-AzCosmosDBAccount, Get-AzCosmosDBAccountKey, Ge…
Script     1.1.0                 Az.DataBoxEdge                      {Get-AzDataBoxEdgeBandwidthSchedule, Get-AzDataBoxEd…
Script     1.2.0                 Az.Databricks                       {Get-AzDatabricksOutboundNetworkDependenciesEndpoint…
Script     1.16.7                Az.DataFactory                      {Add-AzDataFactoryV2DataFlowDebugSessionPackage, Add…
Script     1.0.2                 Az.DataLakeAnalytics                {Add-AzDataLakeAnalyticsDataSource, Add-AzDataLakeAn…
Script     1.3.0                 Az.DataLakeStore                    {Add-AzDataLakeStoreFirewallRule, Add-AzDataLakeStor…
Script     1.0.1                 Az.DataShare                        {Get-AzDataShare, Get-AzDataShareAccount, Get-AzData…
Script     1.1.0                 Az.DeploymentManager                {Get-AzDeploymentManagerArtifactSource, Get-AzDeploy…
Script     3.1.0                 Az.DesktopVirtualization            {Disconnect-AzWvdUserSession, Expand-AzWvdMsixImage,…
Script     1.0.2                 Az.DevTestLabs                      {Get-AzDtlAllowedVMSizesPolicy, Get-AzDtlAutoShutdow…
Script     1.1.2                 Az.Dns                              {Add-AzDnsRecordConfig, Get-AzDnsRecordSet, Get-AzDn…
Script     1.3.0                 Az.EventGrid                        {Get-AzEventGridDomain, Get-AzEventGridDomainKey, Ge…
Script     2.0.0                 Az.EventHub                         {Add-AzEventHubIPRule, Add-AzEventHubVirtualNetworkR…
Script     1.9.0                 Az.FrontDoor                        {Disable-AzFrontDoorCustomDomainHttps, Enable-AzFron…
Script     4.0.3                 Az.Functions                        {Get-AzFunctionApp, Get-AzFunctionAppAvailableLocati…
Script     5.0.1                 Az.HDInsight                        {Add-AzHDInsightClusterIdentity, Add-AzHDInsightComp…
Script     2.0.0                 Az.HealthcareApis                   {Get-AzHealthcareApisService, Get-AzHealthcareApisWo…
Script     2.7.4                 Az.IotHub                           {Add-AzIotHubCertificate, Add-AzIotHubConfiguration,…
Script     4.5.0                 Az.KeyVault                         {Add-AzKeyVaultCertificate, Add-AzKeyVaultCertificat…
Script     2.1.0                 Az.Kusto                            {Add-AzKustoClusterLanguageExtension, Add-AzKustoDat…
Script     1.5.0                 Az.LogicApp                         {Get-AzIntegrationAccount, Get-AzIntegrationAccountA…
Script     1.1.3                 Az.MachineLearning                  {Add-AzMlWebServiceRegionalProperty, Export-AzMlWebS…
Script     1.2.0                 Az.Maintenance                      {Get-AzApplyUpdate, Get-AzConfigurationAssignment, G…
Script     1.0.0                 Az.ManagedServiceIdentity           {Get-AzSystemAssignedIdentity, Get-AzUserAssignedIde…
Script     3.0.0                 Az.ManagedServices                  {Get-AzManagedServicesAssignment, Get-AzManagedServi…
Script     1.0.2                 Az.MarketplaceOrdering              {Get-AzMarketplaceTerms, Set-AzMarketplaceTerms}
Script     1.1.1                 Az.Media                            {Get-AzMediaService, Get-AzMediaServiceKey, Get-AzMe…
Script     1.1.2                 Az.Migrate                          {Get-AzMigrateDiscoveredServer, Get-AzMigrateJob, Ge…
Script     3.0.1                 Az.Monitor                          {Add-AzAutoscaleSetting, Add-AzLogProfile, Add-AzMet…
Script     1.0.0                 Az.MySql                            {Get-AzMySqlConfiguration, Get-AzMySqlConnectionStri…
Script     4.17.0                Az.Network                          {Add-AzApplicationGatewayAuthenticationCertificate, …
Script     1.1.1                 Az.NotificationHubs                 {Get-AzNotificationHub, Get-AzNotificationHubAuthori…
Script     3.1.0                 Az.OperationalInsights              {Disable-AzOperationalInsightsIISLogCollection, Disa…
Script     1.5.0                 Az.PolicyInsights                   {Get-AzPolicyEvent, Get-AzPolicyMetadata, Get-AzPoli…
Script     1.1.0                 Az.PostgreSql                       {Get-AzPostgreSqlConfiguration, Get-AzPostgreSqlConn…
Script     1.1.2                 Az.PowerBIEmbedded                  {Get-AzPowerBIEmbeddedCapacity, Get-AzPowerBIWorkspa…
Script     1.0.3                 Az.PrivateDns                       {Add-AzPrivateDnsRecordConfig, Get-AzPrivateDnsRecor…
Script     5.4.0                 Az.RecoveryServices                 {Add-AzRecoveryServicesAsrReplicationProtectedItemDi…
Script     1.6.0                 Az.RedisCache                       {Export-AzRedisCache, Get-AzRedisCache, Get-AzRedisC…
Script     1.0.0                 Az.RedisEnterpriseCache             {Export-AzRedisEnterpriseCache, Get-AzRedisEnterpris…
Script     1.0.3                 Az.Relay                            {Get-AzRelayAuthorizationRule, Get-AzRelayHybridConn…
Script     1.1.0                 Az.ResourceMover                    {Add-AzResourceMoverMoveResource, Get-AzResourceMove…
Script     6.0.0                 Az.Resources                        {Export-AzResourceGroup, Export-AzTemplateSpec, Get-…
Script     1.3.0                 Az.Security                         {Add-AzSecurityAdaptiveNetworkHardening, Add-AzSecur…
Script     1.1.0                 Az.SecurityInsights                 {Get-AzSentinelAlertRule, Get-AzSentinelAlertRuleAct…
Script     1.9.0                 Az.ServiceBus                       {Add-AzServiceBusIPRule, Add-AzServiceBusVirtualNetw…
Script     3.0.2                 Az.ServiceFabric                    {Add-AzServiceFabricClientCertificate, Add-AzService…
Script     1.4.1                 Az.SignalR                          {Get-AzSignalR, Get-AzSignalRKey, Get-AzSignalRUsage…
Script     3.9.0                 Az.Sql                              {Add-AzSqlDatabaseToFailoverGroup, Add-AzSqlElasticJ…
Script     1.1.0                 Az.SqlVirtualMachine                {Get-AzAvailabilityGroupListener, Get-AzSqlVM, Get-A…
Script     1.1.1                 Az.StackHCI                         {Add-AzStackHCIVMAttestation, Disable-AzStackHCIAtte…
Script     4.6.0                 Az.Storage                          {Add-AzRmStorageContainerLegalHold, Add-AzStorageAcc…
Script     1.7.0                 Az.StorageSync                      {Get-AzStorageSyncCloudEndpoint, Get-AzStorageSyncGr…
Script     2.0.0                 Az.StreamAnalytics                  {Get-AzStreamAnalyticsCluster, Get-AzStreamAnalytics…
Script     1.0.0                 Az.Support                          {Get-AzSupportProblemClassification, Get-AzSupportSe…
Script     1.4.0                 Az.Synapse                          {Add-AzSynapseDataFlowDebugSessionPackage, Add-AzSyn…
Script     1.1.0                 Az.TrafficManager                   {Add-AzTrafficManagerCustomHeaderToEndpoint, Add-AzT…
Script     2.11.2                Az.Websites                         {Add-AzWebAppAccessRestrictionRule, Add-AzWebAppTraf…

Error output

Resolve-AzError
DEBUG: 6:29:39 p.m. - ResolveError begin processing with ParameterSet 'AnyErrorParameterSet'.
DEBUG: 6:29:39 p.m. - using account id 'jose@fehse.ca'...
DEBUG: 6:29:39 p.m. - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
WARNING: Upcoming breaking changes in the cmdlet 'Resolve-AzError' :
The `Resolve-Error` alias will be removed in a future release.  Please change any scripts that use this alias to use `Resolve-AzError` instead.
Note : Go to https://aka.ms/azps-changewarnings for steps to suppress this breaking change warning, and other information on breaking changes in Azure PowerShell.

   HistoryId: 13

Message        : Cannot bind argument to parameter 'InputObject' because it is null.
StackTrace     :    at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext 
                 funcContext, Exception exception)
                    at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)
                    at System.Management.Automation.PSScriptCmdlet.RunClause(Action`1 clause, Object dollarUnderbar, 
                 Object inputToProcess)
                    at System.Management.Automation.PSScriptCmdlet.DoProcessRecord()
                    at System.Management.Automation.CommandProcessor.ProcessRecord()
Exception      : System.Management.Automation.ParameterBindingValidationException
InvocationInfo : {Update-AzADApplication}
Line           :         $null = Update-AzADApplication -InputObject $app -RequiredResourceAccess 
                 $newRequiredResourceAccess

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:150 char:53
                 +         $null = Update-AzADApplication -InputObject $app -RequiredRes …
                 +                                                     ~~~~
HistoryId      : 13

Message        : Cannot find application by ObjectId 976b8749-70bf-4465-84b1-06a6169ee419
StackTrace     : 
Exception      : Microsoft.PowerShell.Commands.WriteErrorException
InvocationInfo : {Add-AzADAppPermission}
Line           :                 Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id -PermissionId $approleid

Position       : At /home/jofehse/git/grfunc/setup/test.ps1:20 char:17
                 + …             Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id  …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 13

Message        : [Request_ResourceNotFound] : Resource '976b8749-70bf-4465-84b1-06a6169ee419' does not exist or one of 
                 its queried reference-property objects are not present.
StackTrace     : 
Exception      : System.Exception
InvocationInfo : {Get-AzADApplication_Get}
Line           :                 $app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBoundParameters['ObjectId']

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:103 char:17
                 + …             $app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBou …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 13

Message        : Cannot bind argument to parameter 'InputObject' because it is null.
StackTrace     :    at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext 
                 funcContext, Exception exception)
                    at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)
                    at System.Management.Automation.PSScriptCmdlet.RunClause(Action`1 clause, Object dollarUnderbar, 
                 Object inputToProcess)
                    at System.Management.Automation.PSScriptCmdlet.DoProcessRecord()
                    at System.Management.Automation.CommandProcessor.ProcessRecord()
Exception      : System.Management.Automation.ParameterBindingValidationException
InvocationInfo : {Update-AzADApplication}
Line           :         $null = Update-AzADApplication -InputObject $app -RequiredResourceAccess 
                 $newRequiredResourceAccess

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:150 char:53
                 +         $null = Update-AzADApplication -InputObject $app -RequiredRes …
                 +                                                     ~~~~
HistoryId      : 13

Message        : Cannot find application by ObjectId 976b8749-70bf-4465-84b1-06a6169ee419
StackTrace     : 
Exception      : Microsoft.PowerShell.Commands.WriteErrorException
InvocationInfo : {Add-AzADAppPermission}
Line           :                 Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id -PermissionId $approleid

Position       : At /home/jofehse/git/grfunc/setup/test.ps1:20 char:17
                 + …             Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id  …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 13

Message        : [Request_ResourceNotFound] : Resource '976b8749-70bf-4465-84b1-06a6169ee419' does not exist or one of 
                 its queried reference-property objects are not present.
StackTrace     : 
Exception      : System.Exception
InvocationInfo : {Get-AzADApplication_Get}
Line           :                 $app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBoundParameters['ObjectId']

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:103 char:17
                 + …             $app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBou …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 13

Message        : Cannot bind argument to parameter 'InputObject' because it is null.
StackTrace     :    at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext 
                 funcContext, Exception exception)
                    at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)
                    at System.Management.Automation.PSScriptCmdlet.RunClause(Action`1 clause, Object dollarUnderbar, 
                 Object inputToProcess)
                    at System.Management.Automation.PSScriptCmdlet.DoProcessRecord()
                    at System.Management.Automation.CommandProcessor.ProcessRecord()
Exception      : System.Management.Automation.ParameterBindingValidationException
InvocationInfo : {Update-AzADApplication}
Line           :         $null = Update-AzADApplication -InputObject $app -RequiredResourceAccess 
                 $newRequiredResourceAccess

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:150 char:53
                 +         $null = Update-AzADApplication -InputObject $app -RequiredRes …
                 +                                                     ~~~~
HistoryId      : 13

Message        : Cannot find application by ObjectId 976b8749-70bf-4465-84b1-06a6169ee419
StackTrace     : 
Exception      : Microsoft.PowerShell.Commands.WriteErrorException
InvocationInfo : {Add-AzADAppPermission}
Line           :                 Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id -PermissionId $approleid

Position       : At /home/jofehse/git/grfunc/setup/test.ps1:20 char:17
                 + …             Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id  …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 13

Message        : [Request_ResourceNotFound] : Resource '976b8749-70bf-4465-84b1-06a6169ee419' does not exist or one of 
                 its queried reference-property objects are not present.
StackTrace     : 
Exception      : System.Exception
InvocationInfo : {Get-AzADApplication_Get}
Line           :                 $app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBoundParameters['ObjectId']

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:103 char:17
                 + …             $app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBou …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 13

Message        : Cannot bind argument to parameter 'InputObject' because it is null.
StackTrace     :    at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext 
                 funcContext, Exception exception)
                    at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)
                    at System.Management.Automation.PSScriptCmdlet.RunClause(Action`1 clause, Object dollarUnderbar, 
                 Object inputToProcess)
                    at System.Management.Automation.PSScriptCmdlet.DoProcessRecord()
                    at System.Management.Automation.CommandProcessor.ProcessRecord()
Exception      : System.Management.Automation.ParameterBindingValidationException
InvocationInfo : {Update-AzADApplication}
Line           :         $null = Update-AzADApplication -InputObject $app -RequiredResourceAccess 
                 $newRequiredResourceAccess

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:150 char:53
                 +         $null = Update-AzADApplication -InputObject $app -RequiredRes …
                 +                                                     ~~~~
HistoryId      : 13

Message        : Cannot find application by ObjectId 976b8749-70bf-4465-84b1-06a6169ee419
StackTrace     : 
Exception      : Microsoft.PowerShell.Commands.WriteErrorException
InvocationInfo : {Add-AzADAppPermission}
Line           :                 Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id -PermissionId $approleid

Position       : At /home/jofehse/git/grfunc/setup/test.ps1:20 char:17
                 + …             Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id  …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 13

Message        : [Request_ResourceNotFound] : Resource '976b8749-70bf-4465-84b1-06a6169ee419' does not exist or one of 
                 its queried reference-property objects are not present.
StackTrace     : 
Exception      : System.Exception
InvocationInfo : {Get-AzADApplication_Get}
Line           :                 $app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBoundParameters['ObjectId']

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:103 char:17
                 + …             $app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBou …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 13

   HistoryId: 11

Message        : Cannot bind argument to parameter 'InputObject' because it is null.
StackTrace     :    at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext 
                 funcContext, Exception exception)
                    at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)
                    at System.Management.Automation.PSScriptCmdlet.RunClause(Action`1 clause, Object dollarUnderbar, 
                 Object inputToProcess)
                    at System.Management.Automation.PSScriptCmdlet.DoProcessRecord()
                    at System.Management.Automation.CommandProcessor.ProcessRecord()
Exception      : System.Management.Automation.ParameterBindingValidationException
InvocationInfo : {Update-AzADApplication}
Line           :         $null = Update-AzADApplication -InputObject $app -RequiredResourceAccess 
                 $newRequiredResourceAccess

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:150 char:53
                 +         $null = Update-AzADApplication -InputObject $app -RequiredRes …
                 +                                                     ~~~~
HistoryId      : 11

Message        : Cannot find application by ObjectId 976b8749-70bf-4465-84b1-06a6169ee419
StackTrace     : 
Exception      : Microsoft.PowerShell.Commands.WriteErrorException
InvocationInfo : {Add-AzADAppPermission}
Line           :                 Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id -PermissionId $approleid

Position       : At /home/jofehse/git/grfunc/setup/test.ps1:20 char:17
                 + …             Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id  …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 11

Message        : [Request_ResourceNotFound] : Resource '976b8749-70bf-4465-84b1-06a6169ee419' does not exist or one of 
                 its queried reference-property objects are not present.
StackTrace     : 
Exception      : System.Exception
InvocationInfo : {Get-AzADApplication_Get}
Line           :                 $app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBoundParameters['ObjectId']

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:103 char:17
                 + …             $app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBou …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 11

Message        : Cannot bind argument to parameter 'InputObject' because it is null.
StackTrace     :    at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext 
                 funcContext, Exception exception)
                    at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)
                    at System.Management.Automation.PSScriptCmdlet.RunClause(Action`1 clause, Object dollarUnderbar, 
                 Object inputToProcess)
                    at System.Management.Automation.PSScriptCmdlet.DoProcessRecord()
                    at System.Management.Automation.CommandProcessor.ProcessRecord()
Exception      : System.Management.Automation.ParameterBindingValidationException
InvocationInfo : {Update-AzADApplication}
Line           :         $null = Update-AzADApplication -InputObject $app -RequiredResourceAccess 
                 $newRequiredResourceAccess

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:150 char:53
                 +         $null = Update-AzADApplication -InputObject $app -RequiredRes …
                 +                                                     ~~~~
HistoryId      : 11

Message        : Cannot find application by ObjectId 976b8749-70bf-4465-84b1-06a6169ee419
StackTrace     : 
Exception      : Microsoft.PowerShell.Commands.WriteErrorException
InvocationInfo : {Add-AzADAppPermission}
Line           :                 Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id -PermissionId $approleid

Position       : At /home/jofehse/git/grfunc/setup/test.ps1:20 char:17
                 + …             Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id  …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 11

Message        : [Request_ResourceNotFound] : Resource '976b8749-70bf-4465-84b1-06a6169ee419' does not exist or one of 
                 its queried reference-property objects are not present.
StackTrace     : 
Exception      : System.Exception
InvocationInfo : {Get-AzADApplication_Get}
Line           :                 $app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBoundParameters['ObjectId']

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:103 char:17
                 + …             $app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBou …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 11

Message        : Cannot bind argument to parameter 'InputObject' because it is null.
StackTrace     :    at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext 
                 funcContext, Exception exception)
                    at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)
                    at System.Management.Automation.PSScriptCmdlet.RunClause(Action`1 clause, Object dollarUnderbar, 
                 Object inputToProcess)
                    at System.Management.Automation.PSScriptCmdlet.DoProcessRecord()
                    at System.Management.Automation.CommandProcessor.ProcessRecord()
Exception      : System.Management.Automation.ParameterBindingValidationException
InvocationInfo : {Update-AzADApplication}
Line           :         $null = Update-AzADApplication -InputObject $app -RequiredResourceAccess 
                 $newRequiredResourceAccess

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:150 char:53
                 +         $null = Update-AzADApplication -InputObject $app -RequiredRes …
                 +                                                     ~~~~
HistoryId      : 11

Message        : Cannot find application by ObjectId 976b8749-70bf-4465-84b1-06a6169ee419
StackTrace     : 
Exception      : Microsoft.PowerShell.Commands.WriteErrorException
InvocationInfo : {Add-AzADAppPermission}
Line           :                 Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id -PermissionId $approleid

Position       : At /home/jofehse/git/grfunc/setup/test.ps1:20 char:17
                 + …             Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id  …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 11

Message        : [Request_ResourceNotFound] : Resource '976b8749-70bf-4465-84b1-06a6169ee419' does not exist or one of 
                 its queried reference-property objects are not present.
StackTrace     : 
Exception      : System.Exception
InvocationInfo : {Get-AzADApplication_Get}
Line           :                 $app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBoundParameters['ObjectId']

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:103 char:17
                 + …             $app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBou …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 11

Message        : Cannot bind argument to parameter 'InputObject' because it is null.
StackTrace     :    at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext 
                 funcContext, Exception exception)
                    at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)
                    at System.Management.Automation.PSScriptCmdlet.RunClause(Action`1 clause, Object dollarUnderbar, 
                 Object inputToProcess)
                    at System.Management.Automation.PSScriptCmdlet.DoProcessRecord()
                    at System.Management.Automation.CommandProcessor.ProcessRecord()
Exception      : System.Management.Automation.ParameterBindingValidationException
InvocationInfo : {Update-AzADApplication}
Line           :         $null = Update-AzADApplication -InputObject $app -RequiredResourceAccess 
                 $newRequiredResourceAccess

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:150 char:53
                 +         $null = Update-AzADApplication -InputObject $app -RequiredRes …
                 +                                                     ~~~~
HistoryId      : 11

Message        : Cannot find application by ObjectId 976b8749-70bf-4465-84b1-06a6169ee419
StackTrace     : 
Exception      : Microsoft.PowerShell.Commands.WriteErrorException
InvocationInfo : {Add-AzADAppPermission}
Line           :                 Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id -PermissionId $approleid

Position       : At /home/jofehse/git/grfunc/setup/test.ps1:20 char:17
                 + …             Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id  …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 11

Message        : [Request_ResourceNotFound] : Resource '976b8749-70bf-4465-84b1-06a6169ee419' does not exist or one of 
                 its queried reference-property objects are not present.
StackTrace     : 
Exception      : System.Exception
InvocationInfo : {Get-AzADApplication_Get}
Line           :                 $app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBoundParameters['ObjectId']

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:103 char:17
                 + …             $app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBou …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 11

   HistoryId: 6

Message        : Cannot find a variable with the name 'DefaultFunctionsVersion'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 + …   if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'RequiredStorageEndpoints'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 + …   if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'AllowedStorageTypes'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 + …   if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'RuntimeToFormattedName'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 + …   if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'SetDefaultValueParameterWarningMessage'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 + …   if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'ReservedFunctionAppSettingNames'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 + …   if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'SupportedFunctionsVersion'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 + …   if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'FunctionsNoV2Version'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 + …   if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'RuntimeToDefaultOSType'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 + …   if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'DefaultFunctionsVersion'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 + …   if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'RequiredStorageEndpoints'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 + …   if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'AllowedStorageTypes'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 + …   if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'RuntimeToFormattedName'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 + …   if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'SetDefaultValueParameterWarningMessage'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 + …   if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'ReservedFunctionAppSettingNames'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 + …   if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'SupportedFunctionsVersion'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 + …   if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'FunctionsNoV2Version'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 + …   if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'RuntimeToDefaultOSType'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))

Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 + …   if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

The Azure PowerShell team is listening, please let us know how we are doing: https://aka.ms/azpssurvey?Q_CHL=ERROR.

DEBUG: 6:29:39 p.m. - [ConfigManager] Got [True] from [EnableDataCollection], Module = [], Cmdlet = [].
DEBUG: AzureQoSEvent: Module: Az.Accounts:2.8.0; CommandName: Resolve-AzError; PSVersion: 7.2.3; IsSuccess: True; Duration: 00:00:00.1120815
DEBUG: Finish sending metric.
DEBUG: 6:29:39 p.m. - ResolveError end processing.
dingmeng-xue commented 2 years ago

Hi @josefehse , AzureAD object has 2 ids. For instance, Ad app has one id called applicationId and another one called objectid. Both are GUID. Add-AzADPermission needs application id. If you cannot tell which id type it is, the easy way is to visit its properties on portal to get it. The snapshot you provided is different from your log. If you still have problem, please share the result of Get-AzAdApplication and Add-AzADPermission both

josefehse commented 2 years ago

Hi @josefehse , AzureAD object has 2 ids. For instance, Ad app has one id called applicationId and another one called objectid. Both are GUID. Add-AzADPermission needs application id. If you cannot tell which id type it is, the easy way is to visit its properties on portal to get it. The snapshot you provided is different from your log. If you still have problem, please share the result of Get-AzAdApplication and Add-AzADPermission both

Hi @dingmeng-xue , I am aware of Object Id and App Id. The problem is as follows: My application is an Azure Function, with Managed Identity. I can get its IDs with Get-AzADServicePrincipal only: image

Get-AzADApplication can't find it: image The complete list only shows applications configured in Azure AD as EnterpriseApplications, not Managed Identities: image

Therefore, Add-azaddapppermision won't work, since it is using get-azadapplication, as per the previous screenshot. Thank you.

dingmeng-xue commented 2 years ago

@josefehse , current API permission setting is only on Ad App. It likes what user can do on Portal.

@Francisco-Gamino , could you help to look into this question? How can user grant API permission of MSGraph to Functions app?

josefehse commented 2 years ago

@josefehse , current API permission setting is only on Ad App. It likes what user can do on Portal.

@Francisco-Gamino , could you help to look into this question? How can user grant API permission of MSGraph to Functions app? Thank you @dingmeng-xue. Understood. However, it can be done today with the previous modules (AzureAD) and that is exactly the need at the moment. You can see the code I use today in this repo: https://github.com/Azure/GuardrailsSolutionAccelerator/blob/main/setup/setup.ps1 (line 234 and on). Looking forward to know when this will be available.

Francisco-Gamino commented 2 years ago

Hello @josefehse -- What AD module you are using? And where are you installing it from?

josefehse commented 2 years ago

Hello @Francisco-Gamino, you can see the code in the link I've sent. I just import it as per below. The code is normally run from the Cloud Shell. image

Francisco-Gamino commented 2 years ago

Adding @maertendMSFT from the CloudShell team.

Hello @josefehse -- I had a sync with @maertendMSFT offline and it looks like the AzureAD.Standard.Preview module is not officially supported. The recommendation is to use the AzureAD module instead.

josefehse commented 2 years ago

Hello @Francisco-Gamino, we seem to have a disconnection. This is the module I use today and it works. I am only using the preview because of an issue with the cloud shell. What I need to work is the new AzAd commands, which don't, as per all the previous communications. You asked me which one AzureAD module I am using and that's what I've sent. What I am trying to use is, which I've just installed using the regular repository. image image And here's the code (again) that fails: image

I hope that is makes it clear.

Francisco-Gamino commented 2 years ago

Thank you @josefehse for the clarification.

Hi @dingmeng-xue -- This blog talks about how to Grant Graph API Permission to Managed Identity Object using the Azure AD cmdlets. Could you please advice what are the equivalent AzAD cmdlets in Az.Resources to enable this scenario?

/cc @AnatoliB @stefanushinardi @michaelpeng36

dingmeng-xue commented 2 years ago

AzureAD cmdlet leverages API POST /servicePrincipals/{}/appRoleAssignments?api-version=1.6. MSGraph corresponding API should be POST /servicePrincipals/{servicePrincipal-id}/appRoleAssignments

It requires new cmdlet to support it. @josefehse , you also can use Invoke-AzRestMethod to send request to MSGraph directly.

NoriZC commented 7 months ago

You can now assign approleassignments to MI resources using New-AzAdServiceprincipalAppRoleAssignment.