pipeline (AzGovViz.pipeline.yml) is running fine to the point of "Subscription picking and then it stops.

[LarsVidingSE]

AzGovViz version ProductVersion": "6.5.0

CodeRunPlatform Azure DevOps We are using Workload Identity federations the Service Connections use of the SPN.

Describe the bug I don’t think that this is a bug, it is more likely some misconfiguration of the AzGovViz.variables.yml. The pipeline (AzGovViz.pipeline.yml) is running fine to the point of "Subscription picking". I cannot find out why AzGovVizParallel.ps1 is failing. Is there a way to see all parameters that is injected to AzGovVizParallel.ps1 and maybe try to run this script manually with verbose. We have tried several changes in AzGovViz.variables.yml file, but with no luck.

Screenshots

Additional context Error message in ADO raw log. 2024-08-28T08:30:08.3133025Z Subscription picking 2024-08-28T08:30:08.4777438Z AzGovVizParallel.ps1: /home/vsts/work/_temp/a1f8de43-05ae-4342-ae25-386e40b18c5b.ps1:5 2024-08-28T08:30:08.4778459Z Line | 2024-08-28T08:30:08.4778891Z  5 |  . '/home/vsts/work/1/s/pwsh/AzGovVizParallel.ps1' -SubscriptionId4AzC … 2024-08-28T08:30:08.4779357Z  |  ~~~~~~~~~~~~~~~~~ 2024-08-28T08:30:08.4779751Z  | You cannot call a method on a null-valued expression.

Many thanks in advance

[JulianHayward]

@LarsVidingSE I don´t think that the variables or the sc config is the problem, but some unexpected stuff :). Please try to add some output into the code. If you need help ping me on linkedIn

[LarsVidingSE]

Thanks @JulianHayward I shall give it a try of adding some output and maybe error handling in the code. If I do not able to add output, I will ping you on LinkedIn.

[LarsVidingSE]

@JulianHayward maybe our problem could be that the tenant has in tenant root one legacy Azure Subscription which i presume comes from the old Azure Classic portal Azure Service manager. This Azure subscription QuotaIds starts with AAD_ and this Az Subsc does not have anything within it. Or I cannot see anything within it because it is a legacy from ASM. My theory of our problem is that this Az Subc is resulting in a $null in AzGovVizParallel.ps1.

Therefor we tried, but with no luck, to adjust the AzGovViz.variables.yml

Have we missed some configurations to bee able to filter out the AAD subscription? We have Azure Subsscriptions QuotaIds starts with MSDN EnterpriseAgreement MSDNDevTest

Another question. Can you explain what is the difference between this repo (https://github.com/JulianHayward/Azure-MG-Sub-Governance-Reporting) and https://github.com/Azure/Azure-Governance-Visualizer?

[JulianHayward]

@LarsVidingSE so, you will continue with next step to dump some output/debugging as per my last comment?

[LarsVidingSE]

@JulianHayward I have not been able to add output for debugging. I made a try, but this did mess up everything. So therefore, I started all over with a new repo and just selected the Management group below the Tenant Root MG. And now everything is working as it should. I had to do some adjustment regarding Azure DevOps Repo security and Branch policy that is deployed in this ADO project.

But the problem of using Tenant root MG is still not solved. The plan is to create a support ticket about removing the legacy Az Subscription that has QuotaIds that starts with AAD_

I will ping you on LinkedIn about output for debugging and the possibility that the root case to this problem maybe could be the AAD_ legacy Azure Subscription which comes from ASM.

[mthreer]

@LarsVidingSE @JulianHayward This issue is resolved with the following PR #256

[LarsVidingSE]

Yes, that is correct. Many thanks for all help and engagement in our issue.