search

Azure / enterprise-azure-policy-as-code

Enterprise-ready Azure Policy-as-Code (PaC) solution (includes Az DevOps pipeline)
https://azure.github.io/enterprise-azure-policy-as-code/
MIT License
410 stars 216 forks source link

Failure running Build-ScopeTableForDeploymentRootScope.ps1 #604

Closed KennethBess closed 4 months ago

KennethBess commented 4 months ago

Describe the bug When the pipeline run Plan Prod (release flow) we get the below error (Plan nonprod is working fine)

=================================================================================================== Get scope tree for EPAC environment 'prod' at root scope /managementGroups/EMEA.prod

Write-Error: /home/vsts/.local/share/powershell/Modules/EnterprisePolicyAsCode/10.2.0/internal/functions/Build-ScopeTableForDeploymentRootScope.ps1:39 Line | 39 | $resourceGroups = Search-AzGraphAllItems ` | ~~~~~~~~ | Search-AzGraph REST error for '' 403 -- { "error": { "code": | "AccessDenied", "message": "Please provide below info when asking | for support: timestamp = 2024-05-01T15:41:35.9464438Z, correlationId = | 25135f3c-eb53-4b7e-8018-0b151ac1c954.", "details": [ {
| "code": "AccessDenied", "message": "Access is denied to the | requested resource. The user might not have enough permission." } | ] } }

[error]PowerShell exited with code '1'.

Screenshots image

EPAC Version Version of EPAC module is 10.2.0.

techlake commented 4 months ago

The error message seems to indicate a missing RBAC role for the service connection. I have this code running in multiple environments. Azure directly generates this error, EPAC simply displays it.

KennethBess commented 4 months ago

The error message seems to indicate a missing RBAC role for the service connection. I have this code running in multiple environments. Azure directly generates this error, EPAC simply displays it.

Yes, you are absolutely right. It is fixed