search

JulianHayward / Azure-MG-Sub-Governance-Reporting

Azure Governance Visualizer aka AzGovViz is a PowerShell script that captures Azure Governance related information such as Azure Policy, RBAC (a lot more) by polling Azure ARM, Storage and Microsoft Graph APIs.
MIT License
814 stars 293 forks source link

Exception raised when "Caching built-in Policy and RBAC Role definitions" step #198

Closed RodrigoBrCr closed 1 year ago

RodrigoBrCr commented 1 year ago

AzGovViz version 6.2.1

CodeRunPlatform Visual Studio Code Version: 1.78.2 (system setup) Commit: b3e4e68a0bc097f0ae7907b217c1119af9e03435 Date: 2023-05-10T14:39:26.248Z Electron: 22.5.2 Chromium: 108.0.5359.215 Node.js: 16.17.1 V8: 10.8.168.25-electron.0 OS: Windows_NT x64 10.0.20348 Sandboxed: Yes

Describe the bug When I run the script , it starts gathering information from the root management group of my Azure tenant but it stops at this point:

Getting orphaned/unused resources (ARG) processing duration: 0.0894643483333333 minutes (5.3678609 seconds) Caching built-in Policy and RBAC Role definitions

!Please report at aka.ms/AzGovViz and provide the following dump [AzAPICallErrorHandler 1.1.72] Caching built-in Role definitions try #1; return: (StatusCode: '400' (BadRequest)) <.code: ''> <.error.code: 'InvalidSubscriptionId'> | <.message: ''> <.error.message: 'The provided subscription identifier 'providers' is malformed or invalid.'> - (plain : @{error=}) - AzAPICall: Stop Parameters: accountType:ServicePrincipal azAccountsVersion:2.12.3 azAPICallModuleVersion:1.1.72 codeRunPlatform:Console debugAzAPICall:False debugWriteMethod:Host DoAzureConsumption:False DoNotIncludeResourceGroupsAndResourcesOnRBAC:False DoNotIncludeResourceGroupsOnPolicy:False DoNotShowRoleAssignmentsUserData:False DoPSRule:False GitHubActionsOIDC:False gitHubRepository:aka.ms/AzGovViz HierarchyMapOnly:False LargeTenant:False ManagementGroupsOnly:False NoALZPolicyVersionChecker:False NoJsonExport:False NoMDfCSecureScore:False NoNetwork:False NoPolicyComplianceStates:False NoResourceProvidersAtAll:False NoResourceProvidersDetailed:False NoResources:False NoStorageAccountAccessAnalysis:False onAzureDevOps:False onAzureDevOpsOrGitHubActions:False onGitHubActions:False PolicyAtScopeOnly:False ProductVersion:6.2.1 PSRuleFailedOnly:False psVersion:7.3.5 RBACAtScopeOnly:False ThrottleLimit:10 userType:n/a writeMethod:Host [AzAPICallErrorHandler 1.1.72] Caching built-in Role definitions try #1; return: (StatusCode: '400' (BadRequest)) <.code: ''> <.error.code: 'InvalidSubscriptionId'> | <.message: ''> <.error.message: 'The provided subscription identifier 'providers' is malformed or invalid.'> - unhandledErrorAction: Stop Exception: C:\Users\UsuarioAdmin\Desktop\Repos\Nueva carpeta\Azure-MG-Sub-Governance-Reporting\pwsh\AzGovVizParallel.ps1:1846:5 Line | 1846 | $arrayBuiltInCaching | ForEach-Object -Parallel { | ~~~~~~~~~~~~~ | Error - check the last console output for details

Additional context I have tried to execute different parameters with the same result. It's an environment with less than 500 subscription and I am pointing to the root management group of my Azure tenant.

.\AzGovVizParallel.ps1 -ManagementGroupId -OutputPath "C:\AuditResults" .\AzGovVizParallel.ps1 -ManagementGroupId -OutputPath "C:\AuditResults" -DoTranscript -DoAzureConsumption -ShowMemoryUsage .\AzGovVizParallel.ps1 -ManagementGroupId -OutputPath "C:\AuditResults" -AzureConsumptionPeriod 7 .\AzGovVizParallel.ps1 -ManagementGroupId -OutputPath "C:\AuditResults" -AzureConsumptionPeriod 30

JulianHayward commented 1 year ago

@RodrigoBrCrIntm thanks for reporting. This sounds odd.. Can you try using the parameter -SubscriptionId4AzContext passing in a subscription id? (just to make sure: the parameter -ManagementGroupId expects a value)

e.g. .\pwsh\azGovVizParallel.ps1 -ManagementGroupId '<managementGroupId>' -SubscriptionId4AzContext '<subScriptionId>'

RodrigoBrCr commented 1 year ago

@JulianHayward thanks for the help! It finally worked after passing the parameter you mentioned me.