search

Azure / azure-powershell

Microsoft Azure PowerShell
Other
4.26k stars 3.86k forks source link

Failed to Get Role Assignment on All Resources #9798

Open briglx opened 5 years ago

briglx commented 5 years ago

Description

I'm attempting to find all assignments on every resource in a subscription.

The exception, "Scope should have even number of parts.", happens with the call to Get-AzRoleAssignment

Example Scope: "/subscriptions/mysubid/resourceGroups/myrgname/providers/Microsoft.Compute/extensions/confluence/OmsAgentForLinux"

Looks like the problem is found here: azure-powershell/src/Resources/Resources/Models.Authorization/AuthorizationClient.cs

Steps to reproduce

Given a resource exists that creates a scope called "/subscriptions/mysubid/resourceGroups/myrgname/providers/Microsoft.Compute/extensions/confluence/OmsAgentForLinux"

$resources = Get-AzResource -DefaultProfile $context
foreach($resource in $resources) {
    $assignments = Get-AzRoleAssignment -ResourceGroupName $resource.ResourceGroupName -ResourceName $resource.Name -ResourceType $resource.ResourceType -IncludeClassicAdministrators -DefaultProfile $context

Environment data

Name                           Value
----                           -----
PSVersion                      6.2.2
PSEdition                      Core
GitCommitId                    6.2.2
OS                             Microsoft Windows 10.0.17763
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Module versions

ModuleType Version    Name                                PSEdition ExportedCommands
---------- -------    ----                                --------- ----------------
Script     2.4.0      Az                                  Core,Desk
Script     1.6.0      Az.Accounts                         Core,Desk {Disable-AzDataCollection, Disable-AzContextAutosave, Enab…
Script     1.0.0      Az.Advisor                          Core,Desk {Get-AzAdvisorRecommendation, Enable-AzAdvisorRecommendati…
Script     1.0.1      Az.Aks                              Core,Desk {Get-AzAks, New-AzAks, Remove-AzAks, Import-AzAksCredentia…
Script     1.1.0      Az.AnalysisServices                 Core,Desk {Resume-AzAnalysisServicesServer, Suspend-AzAnalysisServic…
Script     1.2.0      Az.ApiManagement                    Core,Desk {Add-AzApiManagementApiToProduct, Add-AzApiManagementProdu…
Script     1.0.0      Az.ApplicationInsights              Core,Desk {Get-AzApplicationInsights, New-AzApplicationInsights, Rem…
Script     1.3.0      Az.Automation                       Core,Desk {Get-AzAutomationHybridWorkerGroup, Remove-AzAutomationHyb…
Script     1.1.0      Az.Batch                            Core,Desk {Remove-AzBatchAccount, Get-AzBatchAccount, Get-AzBatchAcc…
Script     1.0.0      Az.Billing                          Core,Desk {Get-AzBillingInvoice, Get-AzBillingPeriod, Get-AzEnrollme…
Script     1.3.0      Az.Cdn                              Core,Desk {Get-AzCdnProfile, Get-AzCdnProfileSsoUrl, New-AzCdnProfil…
Script     1.1.1      Az.CognitiveServices                Core,Desk {Get-AzCognitiveServicesAccount, Get-AzCognitiveServicesAc…
Script     2.4.0      Az.Compute                          Core,Desk {Remove-AzAvailabilitySet, Get-AzAvailabilitySet, New-AzAv…
Script     1.0.1      Az.ContainerInstance                Core,Desk {New-AzContainerGroup, Get-AzContainerGroup, Remove-AzCont…
Script     1.0.1      Az.ContainerRegistry                Core,Desk {New-AzContainerRegistry, Get-AzContainerRegistry, Update-…
Script     1.1.2      Az.DataFactory                      Core,Desk {Set-AzDataFactoryV2, Update-AzDataFactoryV2, Get-AzDataFa…
Script     1.0.0      Az.DataLakeAnalytics                Core,Desk {Get-AzDataLakeAnalyticsDataSource, New-AzDataLakeAnalytic…
Script     1.2.1      Az.DataLakeStore                    Core,Desk {Get-AzDataLakeStoreTrustedIdProvider, Remove-AzDataLakeSt…
Script     1.0.0      Az.DeploymentManager                Core,Desk {Get-AzDeploymentManagerArtifactSource, New-AzDeploymentMa…
Script     1.0.0      Az.DevTestLabs                      Core,Desk {Get-AzDtlAllowedVMSizesPolicy, Get-AzDtlAutoShutdownPolic…
Script     1.1.1      Az.Dns                              Core,Desk {Get-AzDnsRecordSet, New-AzDnsRecordConfig, Remove-AzDnsRe…
Script     1.2.1      Az.EventGrid                        Core,Desk {New-AzEventGridTopic, Get-AzEventGridTopic, Set-AzEventGr…
Script     1.2.0      Az.EventHub                         Core,Desk {New-AzEventHubNamespace, Get-AzEventHubNamespace, Set-AzE…
Script     1.1.0      Az.FrontDoor                        Core,Desk {New-AzFrontDoor, Get-AzFrontDoor, Set-AzFrontDoor, Remove…
Script     2.0.0      Az.HDInsight                        Core,Desk {Get-AzHDInsightJob, New-AzHDInsightSqoopJobDefinition, Wa…
Script     1.2.0      Az.IotHub                           Core,Desk {Add-AzIotHubKey, Get-AzIotHubEventHubConsumerGroup, Get-A…
Script     1.2.0      Az.KeyVault                         Core,Desk {Add-AzKeyVaultCertificate, Update-AzKeyVaultCertificate, …
Script     1.2.1      Az.LogicApp                         Core,Desk {Get-AzIntegrationAccountAgreement, Get-AzIntegrationAccou…
Script     1.1.0      Az.MachineLearning                  Core,Desk {Move-AzMlCommitmentAssociation, Get-AzMlCommitmentAssocia…
Script     1.0.0      Az.MarketplaceOrdering              Core,Desk {Get-AzMarketplaceTerms, Set-AzMarketplaceTerms}
Script     1.1.0      Az.Media                            Core,Desk {Sync-AzMediaServiceStorageKey, Set-AzMediaServiceKey, Get…
Script     1.2.1      Az.Monitor                          Core,Desk {Get-AzMetricDefinition, Get-AzMetric, Remove-AzLogProfile…
Script     1.11.0     Az.Network                          Core,Desk {Add-AzApplicationGatewayAuthenticationCertificate, Get-Az…
Script     1.1.0      Az.NotificationHubs                 Core,Desk {Get-AzNotificationHub, Get-AzNotificationHubAuthorization…
Script     1.3.1      Az.OperationalInsights              Core,Desk {New-AzOperationalInsightsAzureActivityLogDataSource, New-…
Script     1.1.2      Az.PolicyInsights                   Core,Desk {Get-AzPolicyEvent, Get-AzPolicyState, Get-AzPolicyStateSu…
Script     1.1.0      Az.PowerBIEmbedded                  Core,Desk {Remove-AzPowerBIWorkspaceCollection, Get-AzPowerBIWorkspa…
Script     1.4.2      Az.RecoveryServices                 Core,Desk {Get-AzRecoveryServicesBackupProperty, Get-AzRecoveryServi…
Script     1.1.0      Az.RedisCache                       Core,Desk {Remove-AzRedisCachePatchSchedule, New-AzRedisCacheSchedul…
Script     1.0.1      Az.Relay                            Core,Desk {New-AzRelayNamespace, Get-AzRelayNamespace, Set-AzRelayNa…
Script     1.6.0      Az.Resources                        Core,Desk {Get-AzProviderOperation, Remove-AzRoleAssignment, Get-AzR…
Script     1.2.1      Az.ServiceBus                       Core,Desk {New-AzServiceBusNamespace, Get-AzServiceBusNamespace, Set…
Script     1.1.1      Az.ServiceFabric                    Core,Desk {Add-AzServiceFabricApplicationCertificate, Add-AzServiceF…
Script     1.0.2      Az.SignalR                          Core,Desk {New-AzSignalR, Get-AzSignalR, Get-AzSignalRKey, New-AzSig…
Script     1.13.0     Az.Sql                              Core,Desk {Get-AzSqlDatabaseTransparentDataEncryption, Get-AzSqlData…
Script     1.5.0      Az.Storage                          Core,Desk {Get-AzStorageAccount, Get-AzStorageAccountKey, New-AzStor…
Script     1.1.1      Az.StorageSync                      Core,Desk {Invoke-AzStorageSyncCompatibilityCheck, New-AzStorageSync…
Script     1.0.0      Az.StreamAnalytics                  Core,Desk {Get-AzStreamAnalyticsFunction, Get-AzStreamAnalyticsDefau…
Script     1.0.1      Az.TrafficManager                   Core,Desk {Add-AzTrafficManagerCustomHeaderToEndpoint, Remove-AzTraf…
Script     1.3.0      Az.Websites                         Core,Desk {Get-AzAppServicePlan, Set-AzAppServicePlan, New-AzAppServ…
Manifest   2.0.2      AzTable                             Desk      {Add-AzTableRow, Get-AzTableRow, Get-AzTableRowAll, Get-Az…

    Directory: C:\program files\powershell\6\Modules

ModuleType Version    Name                                PSEdition ExportedCommands
---------- -------    ----                                --------- ----------------
Manifest   6.1.0.0    CimCmdlets                          Core      {Get-CimAssociatedInstance, Get-CimClass, Get-CimInstance,…
Manifest   1.2.3.0    Microsoft.PowerShell.Archive        Desk      {Compress-Archive, Expand-Archive}
Manifest   6.1.0.0    Microsoft.PowerShell.Diagnostics    Core      {Get-WinEvent, New-WinEvent}
Manifest   6.1.0.0    Microsoft.PowerShell.Host           Core      {Start-Transcript, Stop-Transcript}
Manifest   6.1.0.0    Microsoft.PowerShell.Management     Core      {Add-Content, Clear-Content, Clear-ItemProperty, Join-Path…
Manifest   6.1.0.0    Microsoft.PowerShell.Security       Core      {Get-Acl, Set-Acl, Get-PfxCertificate, Get-Credential…}
Manifest   6.1.0.0    Microsoft.PowerShell.Utility        Core      {Export-Alias, Get-Alias, Import-Alias, New-Alias…}
Manifest   6.1.0.0    Microsoft.WSMan.Management          Core      {Disable-WSManCredSSP, Enable-WSManCredSSP, Get-WSManCredS…
Script     1.3.2      PackageManagement                   Desk      {Find-Package, Get-Package, Get-PackageProvider, Get-Packa…
Script     2.1.3      PowerShellGet                       Desk      {Find-Command, Find-DSCResource, Find-Module, Find-RoleCap…
Script     0.0        PSDesiredStateConfiguration         Desk      {Get-InnerMostErrorRecord, Get-PublicKeyFromFile, StrongCo…
Script     6.1.0.0    PSDiagnostics                       Core      {Disable-PSTrace, Disable-PSWSManCombinedTrace, Disable-WS…
Script     2.0.0      PSReadLine                          Desk      {Get-PSReadLineKeyHandler, Set-PSReadLineKeyHandler, Remov…
Binary     1.1.2      ThreadJob                           Desk      Start-ThreadJob

    Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules

ModuleType Version    Name                                PSEdition ExportedCommands
---------- -------    ----                                --------- ----------------
Manifest   2.0.1.0    Appx                                Core,Desk {Add-AppxPackage, Get-AppxPackage, Get-AppxPackageManifest…
Script     1.0.0.0    AssignedAccess                      Core,Desk {Clear-AssignedAccess, Get-AssignedAccess, Set-AssignedAcc…
Manifest   1.0.0.0    BitLocker                           Core,Desk {Unlock-BitLocker, Suspend-BitLocker, Resume-BitLocker, Re…
Manifest   1.0.0.0    BranchCache                         Core,Desk {Add-BCDataCacheExtension, Clear-BCCache, Disable-BC, Disa…
Manifest   1.0        Defender                            Core,Desk {Get-MpPreference, Set-MpPreference, Add-MpPreference, Rem…
Manifest   1.0.0.0    DirectAccessClientComponents        Core,Desk {Disable-DAManualEntryPointSelection, Enable-DAManualEntry…
Manifest   1.0.0.0    DnsClient                           Core,Desk {Resolve-DnsName, Clear-DnsClientCache, Get-DnsClient, Get…
Manifest   1.0.0.0    EventTracingManagement              Core,Desk {Start-EtwTraceSession, New-EtwTraceSession, Get-EtwTraceS…
Manifest   1.0.0.0    HgsDiagnostics                      Core,Desk {New-HgsTraceTarget, Get-HgsTrace, Get-HgsTraceFileData, T…
Binary     2.0.0.0    Hyper-V                             Core,Desk {Add-VMAssignableDevice, Add-VMDvdDrive, Add-VMFibreChanne…
Binary     1.1        Hyper-V                             Core,Desk {Add-VMDvdDrive, Add-VMFibreChannelHba, Add-VMHardDiskDriv…
Manifest   3.0.0.0    Microsoft.PowerShell.Diagnostics    Core,Desk {Get-WinEvent, Get-Counter, Import-Counter, Export-Counter…
Manifest   1.0.0.0    Microsoft.PowerShell.LocalAccounts  Core,Desk {Add-LocalGroupMember, Disable-LocalUser, Enable-LocalUser…
Manifest   3.1.0.0    Microsoft.PowerShell.Management     Core,Desk {Add-Content, Clear-Content, Clear-ItemProperty, Join-Path…
Manifest   1.0        MMAgent                             Core,Desk {Disable-MMAgent, Enable-MMAgent, Set-MMAgent, Get-MMAgent…
Manifest   2.0.0.0    NetAdapter                          Core,Desk {Disable-NetAdapter, Disable-NetAdapterBinding, Disable-Ne…
Manifest   1.0.0.0    NetConnection                       Core,Desk {Get-NetConnectionProfile, Set-NetConnectionProfile}
Manifest   1.0.0.0    NetEventPacketCapture               Core,Desk {New-NetEventSession, Remove-NetEventSession, Get-NetEvent…
Manifest   2.0.0.0    NetLbfo                             Core,Desk {Add-NetLbfoTeamMember, Add-NetLbfoTeamNic, Get-NetLbfoTea…
Manifest   1.0.0.0    NetNat                              Core,Desk {Get-NetNat, Get-NetNatExternalAddress, Get-NetNatStaticMa…
Manifest   2.0.0.0    NetQos                              Core,Desk {Get-NetQosPolicy, Set-NetQosPolicy, Remove-NetQosPolicy, …
Manifest   2.0.0.0    NetSecurity                         Core,Desk {Get-DAPolicyChange, New-NetIPsecAuthProposal, New-NetIPse…
Manifest   1.0.0.0    NetSwitchTeam                       Core,Desk {New-NetSwitchTeam, Remove-NetSwitchTeam, Get-NetSwitchTea…
Manifest   1.0.0.0    NetTCPIP                            Core,Desk {Get-NetIPAddress, Get-NetIPInterface, Get-NetIPv4Protocol…
Manifest   1.0.0.0    NetWNV                              Core,Desk {Get-NetVirtualizationProviderAddress, Get-NetVirtualizati…
Manifest   1.0.0.0    NetworkConnectivityStatus           Core,Desk {Get-DAConnectionStatus, Get-NCSIPolicyConfiguration, Rese…
Manifest   1.0.0.0    NetworkSwitchManager                Core,Desk {Disable-NetworkSwitchEthernetPort, Enable-NetworkSwitchEt…
Manifest   1.0.0.0    NetworkTransition                   Core,Desk {Add-NetIPHttpsCertBinding, Disable-NetDnsTransitionConfig…
Manifest   1.0.0.0    PcsvDevice                          Core,Desk {Get-PcsvDevice, Start-PcsvDevice, Stop-PcsvDevice, Restar…
Manifest   1.0.0.0    PnpDevice                           Core,Desk {Get-PnpDevice, Get-PnpDeviceProperty, Enable-PnpDevice, D…
Manifest   1.0.0.0    ScheduledTasks                      Core,Desk {Get-ScheduledTask, Set-ScheduledTask, Register-ScheduledT…
Manifest   2.0.0.0    SecureBoot                          Core,Desk {Confirm-SecureBootUEFI, Set-SecureBootUEFI, Get-SecureBoo…
Manifest   2.0.0.0    SmbShare                            Core,Desk {Get-SmbShare, Remove-SmbShare, Set-SmbShare, Block-SmbSha…
Manifest   2.0.0.0    SmbWitness                          Core,Desk {Get-SmbWitnessClient, Move-SmbWitnessClient, gsmbw, msmbw…
Manifest   1.0.0.0    StartLayout                         Core,Desk {Export-StartLayout, Import-StartLayout, Export-StartLayou…
Manifest   2.0.0.0    Storage                             Core,Desk {Add-InitiatorIdToMaskingSet, Add-PartitionAccessPath, Add…
Manifest   2.0.0.0    TrustedPlatformModule               Core,Desk {Get-Tpm, Initialize-Tpm, Clear-Tpm, Unblock-Tpm…}
Manifest   2.0.0.0    VpnClient                           Core,Desk {Add-VpnConnection, Set-VpnConnection, Remove-VpnConnectio…
Manifest   1.0.0.0    Wdac                                Core,Desk {Get-OdbcDriver, Set-OdbcDriver, Get-OdbcDsn, Add-OdbcDsn…}
Manifest   1.0.0.0    WindowsDeveloperLicense             Core,Desk {Get-WindowsDeveloperLicense, Unregister-WindowsDeveloperL…
Script     1.0        WindowsErrorReporting               Core,Desk {Enable-WindowsErrorReporting, Disable-WindowsErrorReporti…
Manifest   1.0.0.0    WindowsUpdate                       Core,Desk Get-WindowsUpdateLog
Manifest   1.0.0.2    WindowsUpdateProvider               Core,Desk {Get-WUAVersion, Get-WULastInstallationDate, Get-WULastSca…

    Directory: C:\Users\myuser\.vscode\extensions\ms-vscode.powershell-2019.5.0\modules

ModuleType Version    Name                                PSEdition ExportedCommands
---------- -------    ----                                --------- ----------------
Script     1.1.3      Plaster                             Desk      {Invoke-Plaster, New-PlasterManifest, Get-PlasterTemplate,…
Script     1.12.1     PowerShellEditorServices            Desk      {Start-EditorServicesHost, Get-PowerShellEditorServicesVer…
Script     0.2.0      PowerShellEditorServices.VSCode     Desk      {New-VSCodeHtmlContentView, Show-VSCodeHtmlContentView, Cl…
Script     1.18.0     PSScriptAnalyzer                    Desk      {Get-ScriptAnalyzerRule, Invoke-ScriptAnalyzer, Invoke-For…

Debug output

DEBUG: 9:36:39 AM - GetAzureRoleAssignmentCommand begin processing with ParameterSet 'ResourceParameterSet'.
DEBUG: 9:36:39 AM - using account id 'my@email.com'...
DEBUG: [ADAL]: Information: 2019-08-08T16:36:39.8523571Z: 00000000-0000-0000-0000-000000000000 - LoggerBase.cs: Serializing token cache with 4 items.

Get-AzRoleAssignment : Scope '/subscriptions/mysubscription/resourceGroups/myrg/providers/Microsoft.Compute/extensions/PowerBIReports/IaaSAntimalware' should have even number of parts.
At C:\Users\myuser\OneDrive - Microsoft\src\myproject\scripts\myscript.ps1:171 char:36
+ ... signments = Get-AzRoleAssignment -ResourceGroupName $resource.Resourc ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : CloseError: (:) [Get-AzRoleAssignment], ArgumentException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Resources.GetAzureRoleAssignmentCommand

DEBUG: AzureQoSEvent: CommandName - Get-AzRoleAssignment; IsSuccess - False; Duration - 00:00:00.0341642; Exception - System.ArgumentException: Scope '/subscriptions/mysubscriptionid/resourceGroups/myrg/providers/Microsoft.Compute/extensions/PowerBIReports/IaaSAntimalware' should have even number of parts.
   at Microsoft.Azure.Commands.Resources.Models.Authorization.AuthorizationClient.ValidateScope(String scope, Boolean allowEmpty)
   at Microsoft.Azure.Commands.Resources.GetAzureRoleAssignmentCommand.ExecuteCmdlet()
   at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.<>c__3`1.<ExecuteSynchronouslyOrAsJob>b__3_0(T c)
   at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet, Action`1 executor)
   at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet)
   at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord();
DEBUG: Finish sending metric.
DEBUG: 9:36:40 AM - GetAzureRoleAssignmentCommand end processing.
DEBUG: 9:36:40 AM - GetAzureRoleAssignmentCommand end processing.
DEBUG: 9:36:40 AM - GetAzureRoleAssignmentCommand begin processing with ParameterSet 'ResourceParameterSet'.
DEBUG: 9:36:40 AM - using account id 'my@email.com'...
DEBUG: [ADAL]: Information: 2019-08-08T16:36:40.8505336Z: 00000000-0000-0000-0000-000000000000 - LoggerBase.cs: Serializing token cache with 4 items.

Error output

 HistoryId: 157
Message        : Scope '/subscriptions/mysubid/resourceGroups/myrg/providers/Microsoft.Compu
                 te/extensions/PowerBIReports/MicrosoftMonitoringAgent' should have even number of parts.
StackTrace     :    at Microsoft.Azure.Commands.Resources.Models.Authorization.AuthorizationClient.ValidateScope(String scope,
                 Boolean allowEmpty)
                    at Microsoft.Azure.Commands.Resources.GetAzureRoleAssignmentCommand.ExecuteCmdlet()
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
Exception      : System.ArgumentException
InvocationInfo : {Get-AzRoleAssignment}
Line           : $assignments = Get-AzRoleAssignment -ResourceGroupName "myrg" -ResourceName
                 "PowerBIReports/MicrosoftMonitoringAgent" -ResourceType "Microsoft.Compute/virtualMachines/extensions"
                 -IncludeClassicAdministrators -DefaultProfile $context
Position       : At line:1 char:16
                 + ... signments = Get-AzRoleAssignment -ResourceGroupName "myrg" -Res ...
                 +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 157
briglx commented 5 years ago

This also happens for a scope of

/subscriptions/mysub/resourceGroups/myrg/providers/Microsoft.Sql/databases/mysql/master

markcowl commented 5 years ago

@darshanhs90 Can you take alook?

justSteve commented 4 years ago

Any progress on this? I'm following the steps at https://github.com/rmbolger/Posh-ACME/blob/master/Posh-ACME/DnsPlugins/Azure-Readme.md and hitting:

` New-AzRoleDefinition : Scope '/subscriptions' should have even number of parts. At line:1 char:10

mateipinzaru-avaelgo commented 2 years ago

@markcowl , @darshanhs90 any progress on this?

@briglx , have you found any workarounds for this?

sarah026 commented 2 years ago

any progress please?

aavdberg commented 1 year ago

Have it also on: providers/Microsoft.Network/virtualNetworkLinks/privatelink.vaultcore.azure.net

any solution for this?

@darshanhs90

przlwo commented 1 year ago

I also have this problem, any updates?