search

microsoft / ARI

Azure Resource Inventory - It's a Powerful tool to create EXCEL inventory from Azure Resources with low effort
MIT License
1.12k stars 397 forks source link

Can't retrieve data from Azure subscription #212

Closed mplogas closed 1 month ago

mplogas commented 2 months ago

Running the module does not trigger the login process, no matter if I'm logged in via az cli or not.

I'm logged in and have set a default subscription according to az cli

PS D:\tools\ARI> az account show
{
  "environmentName": "AzureCloud",
  "homeTenantId": "redacted",
  "id": "redacted",
  "isDefault": true,
  "managedByTenants": [],
  "name": "redacted",
  "state": "Enabled",
  "tenantDefaultDomain": "redacted.onmicrosoft.com",
  "tenantDisplayName": "redacted",
  "tenantId": "redacted",
  "user": {
    "name": "redacted",
    "type": "user"
  }
}

But calling Invoke-ARI gives me nothing

PS D:\tools\ARI> Invoke-ARI
Checking for Powershell Module Updates..
Starting Resource Extraction..
Report Complete. Total Runtime was: .01 Minutes
Total Resources: 0
Total Advisories: 0
Total Policies: 0

Excel file saved at: AzureResourceInventory_Report_2024-09-04_15_46.xlsx

Draw.io Diagram file saved at: AzureResourceInventory_Diagram_2024-09-04_15_46.xml

logging out to maybe force the log in doesn't do anything

PS D:\tools\ARI> az logout
PS D:\tools\ARI> Invoke-ARI
Checking for Powershell Module Updates..
Starting Resource Extraction..
Report Complete. Total Runtime was: .01 Minutes
Total Resources: 0
Total Advisories: 0
Total Policies: 0

Excel file saved at: AzureResourceInventory_Report_2024-09-04_15_53.xlsx

Draw.io Diagram file saved at: AzureResourceInventory_Diagram_2024-09-04_15_53.xml

PS D:\tools\ARI>

Providing TenantId and SubscriptionId yields the same result:

PS D:\tools\ARI> Invoke-ARI -TenantID redacted -SubscriptionID redacted
Checking for Powershell Module Updates..
Starting Resource Extraction..
Report Complete. Total Runtime was: .01 Minutes
Total Resources: 0
Total Advisories: 0
Total Policies: 0

Excel file saved at: AzureResourceInventory_Report_2024-09-04_16_06.xlsx

Draw.io Diagram file saved at: AzureResourceInventory_Diagram_2024-09-04_16_06.xml

PS D:\tools\ARI>
Claudio-Merola commented 2 months ago

Hi @mplogas

az cli is no longer used.

Try using "Connect-AzAccount".

But it should not be required.

Also, run the script with the "-Debug" to see if there is any issues

mplogas commented 2 months ago 
PS D:\tools\ARI-3.5> Invoke-ARI -Debug
DEBUG: 2024-09-04_17_08_19 - Debbuging Mode: On. ErrorActionPreference was set to "Continue", every error will be
presented.
Checking for Powershell Module Updates..
Update-Module : A parameter cannot be found that matches parameter name 'AcceptLicense'.
At D:\tools\ARI-3.5\AzureResourceInventory.psm1:172 char:52
+         Update-Module -Name AzureResourceInventory -AcceptLicense
+                                                    ~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Update-Module], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Update-Module

Test-ARIPS : The term 'Test-ARIPS' is not recognized as the name of a cmdlet, function, script file, or operable
program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At D:\tools\ARI-3.5\AzureResourceInventory.psm1:174 char:19
+         $PlatOS = Test-ARIPS -Debug $Debug
+                   ~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Test-ARIPS:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

Connect-ARILoginSession : The term 'Connect-ARILoginSession' is not recognized as the name of a cmdlet, function,
script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is
correct and try again.
At D:\tools\ARI-3.5\AzureResourceInventory.psm1:178 char:29
+                 $TenantID = Connect-ARILoginSession -AzureEnvironment ...
+                             ~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Connect-ARILoginSession:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

Get-ARISubscriptions : The term 'Get-ARISubscriptions' is not recognized as the name of a cmdlet, function, script
file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct
and try again.
At D:\tools\ARI-3.5\AzureResourceInventory.psm1:195 char:26
+         $Subscriptions = Get-ARISubscriptions -TenantID $TenantID -Su ...
+                          ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Get-ARISubscriptions:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

DEBUG: 2024-09-04_17_08_19 - Checking report folder:
Test-Path : Cannot bind argument to parameter 'Path' because it is null.
At D:\tools\ARI-3.5\AzureResourceInventory.psm1:262 char:30
+         if ((Test-Path -Path $DefaultPath -PathType Container) -eq $f ...
+                              ~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Test-Path], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.TestPathCom
   mand

Test-Path : Cannot bind argument to parameter 'Path' because it is null.
At D:\tools\ARI-3.5\AzureResourceInventory.psm1:265 char:30
+         if ((Test-Path -Path $DiagramCache -PathType Container) -eq $ ...
+                              ~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Test-Path], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.TestPathCom
   mand

Starting Resource Extraction..
Start-AzureResourceDataPull : The term 'Start-AzureResourceDataPull' is not recognized as the name of a cmdlet,
function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the
path is correct and try again.
At D:\tools\ARI-3.5\AzureResourceInventory.psm1:271 char:27
+         $ExtractionData = Start-AzureResourceDataPull -ManagementGrou ...
+                           ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Start-AzureResourceDataPull:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

Clear-Variable : Cannot find a variable with the name 'ExtractionData'.
At D:\tools\ARI-3.5\AzureResourceInventory.psm1:279 char:9
+         Clear-Variable -Name ExtractionData
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (ExtractionData:String) [Clear-Variable], ItemNotFoundException
    + FullyQualifiedErrorId : VariableNotFound,Microsoft.PowerShell.Commands.ClearVariableCommand

Get-ARIAPIResources : The term 'Get-ARIAPIResources' is not recognized as the name of a cmdlet, function, script file,
or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and
try again.
At D:\tools\ARI-3.5\AzureResourceInventory.psm1:287 char:31
+                 $APIResults = Get-ARIAPIResources -Subscriptions $Sub ...
+                               ~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Get-ARIAPIResources:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

DEBUG: 2024-09-04_17_08_19 - Excel file: AzureResourceInventory_Report_2024-09-04_17_08.xlsx
DEBUG: 2024-09-04_17_08_19 - Starting Default Jobs.
Start-ARIExtraJobs : The term 'Start-ARIExtraJobs' is not recognized as the name of a cmdlet, function, script file,
or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and
try again.
At D:\tools\ARI-3.5\AzureResourceInventory.psm1:317 char:13
+             Start-ARIExtraJobs -SkipDiagram $SkipDiagram -SkipAdvisor ...
+             ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Start-ARIExtraJobs:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

DEBUG: 2024-09-04_17_08_19 - Starting Resources Report Function.
Build-AzureResourceReport : The term 'Build-AzureResourceReport' is not recognized as the name of a cmdlet, function,
script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is
correct and try again.
At D:\tools\ARI-3.5\AzureResourceInventory.psm1:321 char:13
+             Build-AzureResourceReport -Subscriptions $Subscriptions - ...
+             ~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Build-AzureResourceReport:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

Report Complete. Total Runtime was: .01 Minutes
Total Resources: 0
Total Advisories: 0
Total Policies: 0

Excel file saved at: AzureResourceInventory_Report_2024-09-04_17_08.xlsx

Draw.io Diagram file saved at: AzureResourceInventory_Diagram_2024-09-04_17_08.xml

PS D:\tools\ARI-3.5>

ARI 3.1.16 works perfectly fine.

Claudio-Merola commented 2 months ago

@mplogas

did you installed the module?

Just run: "Install-module -name AzureResourceInventory"

you don't need to download the repository anymore

fepere commented 2 months ago

Hello @Claudio-Merola Also I have installed the latest version/module, then connect to Azure using Connect-AzAccount, and then try to run Invoke-ARI and always try to connect to Azure, do not using the existing connection that was setup. We need to connect to Azure due the Invoke-ARI to not have -AppID / -Secret anymore. Can you please validate this ?

Claudio-Merola commented 2 months ago

@fepere

Yes, we removed the -AppID -Secret.

Can't you use the "-DeviceLogin" ?

fepere commented 2 months ago

Hi @Claudio-Merola , No I can't due we have a SPN to use. Can you please re-add the -AppId and -Secret and allow to use -StorageAccount -StorageContainer with the SPN ? this will help us to save the reports into a Storage Account that the same SPN has the role allowing the save of the files.

Claudio-Merola commented 2 months ago

H @fepere,

I'll include these in the next week's update.

But keep in mind that we have changed from az cli to powershell and some features might work differently from the pervious version.

I will update you here as soon as the next version is out.

Claudio-Merola commented 2 months ago

@fepere

I just published the version 3.5.1 of the module and the SPN should work again. Can you try to upgrade your version of the module and try again?

Thanks

fepere commented 2 months ago

Hi @Claudio-Merola

I updated to version 3.5.1 but using the options Invoke-ARI -TenantID $TenantId -AppId $ApplicationId -Secret $SecurePassword but is not working, the module is asking to connect to login. Can you please review it?

also the Invoke-ARI -help is not showing the usage and it's closing the powershell.

Diagram -Debug DEBUG: 2024-09-12_17_32_19 - Debbuging Mode: On. ErrorActionPreference was set to "Continue", every error will be presented. Checking for Powershell Module Updates.. DEBUG: 2024-09-12_17_32_24 - Starting Test-ARIPS function PowerShell Desktop Identified. AzureCloud Please select the account you want to login with.

Extracting Subscriptions from Tenant xxxxxxxxxxxx Get-AzSubscription: Run Connect-AzAccount to login.

Claudio-Merola commented 2 months ago

hi @fepere Are you passing the secret as a "secure string"?

The only thing I can think of is the script is expecting a "secure string" and is receiving a plain text for the secret...

Can you try this?

$SecurePassword = Read-Host -Prompt 'Enter a Password' -AsSecureString Invoke-ARI -TenantID $TenantId -AppId $ApplicationId -Secret $SecurePassword