search

Azure / azure-powershell

Microsoft Azure PowerShell
Other
4.21k stars 3.81k forks source link

AZ Module does not find the class module when trying to execute Update-AzRoleManagementPolicy cmdlet #18781

Open AdamFields1 opened 2 years ago

AdamFields1 commented 2 years ago

Description

I am trying to update Azure PIM role policy settings with Update-AzRoleManagementPolicy since this seems easier than working with ARM templates. However, when I go to execute the examples found here https://docs.microsoft.com/en-us/powershell/module/az.resources/update-azrolemanagementpolicy?view=azps-8.0.0 they do not work and throw an error that the class RoleManagementPolicyExpirationRule cannot be found. I have tried this both in my Azure gov and public tenants with the same results.

Issue script & Debug output

$scope = "/subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d/"
$expirationRule = [RoleManagementPolicyExpirationRule]@{
            isExpirationRequired = "false";
            maximumDuration = "P180D";
            id = "Expiration_Admin_Eligibility";
            ruleType = [RoleManagementPolicyRuleType]("RoleManagementPolicyExpirationRule");
            targetCaller = "Admin";
            targetOperation = @('All');
            targetLevel = "Eligibility";
            targetObject = $null;
            targetInheritableSetting = $null;
            targetEnforcedSetting = $null;
        }
$rules = [IRoleManagementPolicyRule[]]@($expirationRule)
Update-AzRoleManagementPolicy -Scope $scope -Name "33b520ea-3544-4abc-8565-3588deb8e68e" -Rule $rules

Environment data

Name                           Value                                                                                                                                                                                                                                                         
----                           -----                                                                                                                                                                                                                                                         
PSVersion                      5.1.22000.653                                                                                                                                                                                                                                                 
PSEdition                      Desktop                                                                                                                                                                                                                                                       
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}                                                                                                                                                                                                                                       
BuildVersion                   10.0.22000.653                                                                                                                                                                                                                                                
CLRVersion                     4.0.30319.42000                                                                                                                                                                                                                                               
WSManStackVersion              3.0                                                                                                                                                                                                                                                           
PSRemotingProtocolVersion      2.3                                                                                                                                                                                                                                                           
SerializationVersion           1.1.0.1

Module versions

Version Name                     
------- ----                     
8.0.0   Az                       
2.8.0   Az.Accounts              
1.1.2   Az.Advisor               
4.1.0   Az.Aks                   
1.1.4   Az.AnalysisServices      
3.0.0   Az.ApiManagement         
1.1.0   Az.AppConfiguration      
2.0.0   Az.ApplicationInsights   
1.0.0   Az.Attestation           
1.7.3   Az.Automation            
3.2.0   Az.Batch                 
2.0.0   Az.Billing               
2.1.0   Az.Cdn                   
1.1.0   Az.CloudService          
1.11.0  Az.CognitiveServices     
4.27.0  Az.Compute               
3.1.0   Az.ContainerInstance     
3.0.0   Az.ContainerRegistry     
1.8.0   Az.CosmosDB              
1.1.0   Az.DataBoxEdge           
1.2.0   Az.Databricks            
1.16.7  Az.DataFactory           
1.0.2   Az.DataLakeAnalytics     
1.3.0   Az.DataLakeStore         
1.0.1   Az.DataShare             
1.1.0   Az.DeploymentManager     
3.1.0   Az.DesktopVirtualization 
1.0.2   Az.DevTestLabs           
1.1.2   Az.Dns                   
1.3.0   Az.EventGrid             
2.0.0   Az.EventHub              
1.9.0   Az.FrontDoor             
4.0.3   Az.Functions             
5.0.1   Az.HDInsight             
2.0.0   Az.HealthcareApis        
2.7.4   Az.IotHub                
4.5.0   Az.KeyVault              
2.1.0   Az.Kusto                 
1.5.0   Az.LogicApp              
1.1.3   Az.MachineLearning       
1.2.0   Az.Maintenance           
1.0.0   Az.ManagedServiceIdentity
3.0.0   Az.ManagedServices       
1.0.2   Az.MarketplaceOrdering   
1.1.1   Az.Media                 
1.1.2   Az.Migrate               
3.0.1   Az.Monitor               
1.0.0   Az.MySql                 
4.17.0  Az.Network               
1.1.1   Az.NotificationHubs      
3.1.0   Az.OperationalInsights   
1.5.0   Az.PolicyInsights        
1.1.0   Az.PostgreSql            
1.1.2   Az.PowerBIEmbedded       
1.0.3   Az.PrivateDns            
5.4.0   Az.RecoveryServices      
1.6.0   Az.RedisCache            
1.0.0   Az.RedisEnterpriseCache  
1.0.3   Az.Relay                 
1.1.0   Az.ResourceMover         
6.0.0   Az.Resources             
1.3.0   Az.Security              
1.1.0   Az.SecurityInsights      
1.9.0   Az.ServiceBus            
3.0.2   Az.ServiceFabric         
1.4.1   Az.SignalR               
3.9.0   Az.Sql                   
1.1.0   Az.SqlVirtualMachine     
1.1.1   Az.StackHCI              
4.6.0   Az.Storage               
1.7.0   Az.StorageSync           
2.0.0   Az.StreamAnalytics       
1.0.0   Az.Support               
1.4.0   Az.Synapse               
1.1.0   Az.TrafficManager        
2.11.2  Az.Websites

Error output

Message        : Unable to find type [IRoleManagementPolicyRule].
StackTrace     :    at System.Management.Automation.TypeOps.ResolveTypeName(ITypeName typeName, IScriptExtent errorPos)
                    at System.Management.Automation.TypeOps.ResolveTypeName(ITypeName typeName, IScriptExtent errorPos)
                    at System.Management.Automation.Interpreter.FuncCallInstruction`3.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
Exception      : System.Management.Automation.RuntimeException
InvocationInfo : {}
Line           : $rules = [IRoleManagementPolicyRule[]]@($expirationRule)

Position       : At line:14 char:11
                 + $rules = [IRoleManagementPolicyRule[]]@($expirationRule)
                 +           ~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : -1

Message        : Unable to find type [RoleManagementPolicyExpirationRule].
StackTrace     :    at System.Management.Automation.TypeOps.ResolveTypeName(ITypeName typeName, IScriptExtent errorPos)
                    at System.Management.Automation.Interpreter.FuncCallInstruction`3.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
Exception      : System.Management.Automation.RuntimeException
InvocationInfo : {}
Line           : $expirationRule = [RoleManagementPolicyExpirationRule]@{

Position       : At line:2 char:20
                 + $expirationRule = [RoleManagementPolicyExpirationRule]@{
                 +                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : -1
dingmeng-xue commented 2 years ago

@LucasYao93 , please look into this issue.

dolauli commented 2 years ago

I think we will need to add the namespace to make it work.

$expirationRule = [Microsoft.Azure.PowerShell.Cmdlets.Resources.Authorization.Models.Api20201001Preview.RoleManagementPolicyExpirationRule]@{
            isExpirationRequired = "false";
            maximumDuration = "P180D";
            id = "Expiration_Admin_Eligibility";
            ruleType = [Microsoft.Azure.PowerShell.Cmdlets.Resources.Authorization.Support.RoleManagementPolicyRuleType]("RoleManagementPolicyExpirationRule");
            targetCaller = "Admin";
            targetOperation = @('All');
            targetLevel = "Eligibility";
            targetObject = $null;
            targetInheritableSetting = $null;
            targetEnforcedSetting = $null;
        }

$rules = [Microsoft.Azure.PowerShell.Cmdlets.Resources.Authorization.Models.Api20201001Preview.IRoleManagementPolicyRule[]]@($expirationRule)
DexterPOSH commented 2 years ago

Either use the full namespace as mentioned by @dolauli or use the using statement in the PowerShell script (at the top of the script) to use just the shorthand of the class name.

using namespace Microsoft.Azure.PowerShell.Cmdlets.Resources.Authorization.Models.Api20201001Preview;

Note - The module Az.Resources needs to be loaded in the PowerShell session before using the above statement.

kayasax commented 1 year ago

Could we have the documentation updated with @dolauli solution please ?