This PR adds error handling for a Permission denied error when invoking the CIM instance creation. This can happen for nested CIM classes that are not available per default, e.g. for AADAuthenticationMethodPolicy resources. It adds a comprehensive error message to the output and terminates the execution, preventing any other error messages to pop up.
The flow logic was updated to reflect the following pattern:
Set the ExecutionPolicy to Stop so that every error is caught
Execute Invoke-DscResource to create the necessary CIM class information
If an error occurs, set the ExecutionPolicy to SilentlyContinue for the next try. If the error is a specific one, exit early. Otherwise, retry the loop once more
Next, set firstTry = $false to prevent future loops
The execution will continue.
The advantage of the new loop behavior is that we can catch permission denied errors specifically and report this back to the caller with throwing an exception. In any other case where the resource didn't yet exist, it will execute Invoke-DscResource two times (which in itself could be a disadvantage, but I don't think it's an issue). For any future call, the CIM class already exists and the Invoke-DscResource block will never be executed again.
@NikCharlebois
This PR adds error handling for a
Permission deniederror when invoking the CIM instance creation. This can happen for nested CIM classes that are not available per default, e.g. forAADAuthenticationMethodPolicyresources. It adds a comprehensive error message to the output and terminates the execution, preventing any other error messages to pop up.The flow logic was updated to reflect the following pattern:
ExecutionPolicytoStopso that every error is caughtInvoke-DscResourceto create the necessary CIM class informationExecutionPolicytoSilentlyContinuefor the next try. If the error is a specific one, exit early. Otherwise, retry the loop once morefirstTry = $falseto prevent future loopsThe advantage of the new loop behavior is that we can catch permission denied errors specifically and report this back to the caller with throwing an exception. In any other case where the resource didn't yet exist, it will execute
Invoke-DscResourcetwo times (which in itself could be a disadvantage, but I don't think it's an issue). For any future call, the CIM class already exists and theInvoke-DscResourceblock will never be executed again.Original issue: https://github.com/microsoft/Microsoft365DSC/issues/5064 (now fixed).