Filtering block throwing errors for Entra commands

microsoftgraph / entra-powershell

Microsoft Entra PowerShell

https://aka.ms/entraps

MIT License

53 stars 10 forks source link

Filtering block throwing errors for Entra commands #732

Open SteveMutungi254 opened 4 months ago

SteveMutungi254 commented 4 months ago

Customer feedback:

Error: Get-EntraUser: Cannot evaluate parameter 'Filter' because its argument is specified as a script block and there is no input. A script block cannot be evaluated without input.

Example:

PS C:\Program Files\PowerShell\Modules> get-entrauser -Filter {mail eq 'user@contoso'} | select-object userprincipalname Get-EntraUser: Cannot evaluate parameter 'Filter' because its argument is specified as a script block and there is no input. A script block cannot be evaluated without input.

Working example:

PS C:\Program Files\PowerShell\Modules> get-entrauser -Filter "mail eq 'user@contoso.com'" | select-object userprincipalname

UserPrincipalName
----
user@contoso.com

Microsoft Graph PowerShell cmdlet example:

PS C:\Program Files\PowerShell\Modules> get-mguser -filter {mail eq 'user@contoso.com'} -property userprincipalname | select-object userprincipalname

UserPrincipalName
----
user@contoso

Contributor: @brvr-esko

alexandair commented 4 months ago

What is the issue here?

-Filter parameter accepts a string value not a script block.

Get-MgUser
 [-ExpandProperty <String[]>]
 [-Property <String[]>] 
[-Filter <String>]
...
...

brvr-esko commented 4 months ago

Hello, the issue is standardization. I'm not clear why it would work with get-mguser and not with get-entrauser. Having no standardization will make it harder to port existing code to the new entra graph module. Using a scriptblock works with get-aduser and get-mguser, so I would expect it to work with get-entrauser as well.

snehalkotwal commented 4 months ago

@SteveMutungi254 Thanks for raising the bug we are looking into it.

alexandair commented 4 months ago

There is no standard in PowerShell to make a parameter that expects a string to work with a script block.

# this works
PS> Get-Service -Name winrm
# this fails
PS> Get-Service -Name {winrm}
Get-Service: Cannot evaluate parameter 'Name' because its argument is specified as a script block and there is no input. A script block cannot be evaluated without input.

It's true that Get-MgUser and Get-AzAdUser work when you pass the script block to the -Filter parameter, but Get-AzureAdUser doesn't. Get-AzureAdUser gives you the same error as Get-EntraUser.

SteveMutungi254 commented 4 months ago

Hello, @brvr-esko. We recognize the importance of standardization and are committed to maintaining as much consistency as possible.

However, our primary goal is to adopt a forward-looking approach, prioritizing alignment with Microsoft Graph platform standards. While we strive to ensure backward compatibility with older modules like AzureAD, our focus on a forward-looking posture will take precedence.

cc: @alexandair.

alexandair commented 4 months ago

@SteveMutungi254 @brvr-esko

After some research...

It's all about delay-bind script blocks: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_script_blocks?view=powershell-7.4#using-delay-bind-script-blocks-with-parameters

-Filter parameter for Get-AzADUser and Get-MgUser doesn't accept a pipeline input, that's why script block is just converted to string and cmdlets work.

-Filter parameter for Get-AzureADUser and Get-EntraUser DOES ACCEPT pipeline input and delay-bind script blocks. However, input is not coming through the pipeline, so cmdlets fail with the error: "Cannot evaluate parameter 'Filter' because its argument is specified as a script block and there is no input. A script block cannot be evaluated without input."

That's the reason why: Get-AzADUser -Filter {...} works Get-MgUser -Filter {...} works Get-AzureADUser -Filter {...} fails Get-EntraUser -Filter {...} fails