Hydration Kit Fails when account does not have rights at the root (+doc bug)

[ktremain]

Describe the bug Running Install-HydrationEpac when logged in using an account that only has rights at an intermediate management group results in a failure, even if that group is where EPAC policies are intended to be.

To Reproduce 1) Have account signed in that has rights to an intermediate management group 2) run Install-HydrationEpac

Expected behavior Expected to be able to create answer file/hydrationKit when trying to run epac against an intermediate group.

Additional Detail This fault occurs due to the function New-HydrationAnswerFile line 111 trying to run Get-AzManagementGroupRestMethod against the root, and not handling the resulting failure cleanly.

Doc bug: the Hydration docs refer to required permissions "Accounts with access to Azure for testing as outlined in Deployment Scripts Section of the Index" however, this links to detail about the Build/Deploy scripts, and makes no reference to requiring reader permissions at the root in order to run the hydration kit.

EPAC Version v10.7.1

[jeremiahhoward]

Greetings,

That is a flaw in the initial prototype, and we think that we have addressed that in the revision that will be released this week. The new approach is to execute tests to confirm whether or not sufficient rights are available to provide some of the automated guidance. If not, it will display a warning, but will not fail. Much of the later guidance will be unavailable, but the install can continue.