microsoftgraph / msgraph-sdk-powershell

Powershell SDK for Microsoft Graph
https://www.powershellgallery.com/packages/Microsoft.Graph
Other
696 stars 168 forks source link

Most Assignment cmdlets don't work and throw "error": { "code": "No method match route template", #2985

Open stevejmonk opened 3 weeks ago

stevejmonk commented 3 weeks ago

Describe the bug

All these both v1 and Beta fail with the same error "error": { "code": "No method match route template", it seems they are blocked by the Graph API gateway, there is one that works that i have listed at the bottom

Microsoft support can reproduce it and have provided a very cumbersome workaround to use Invoke-restmethod https://graph.microsoft.com/beta/deviceAppManagement/mobileAppConfigurations//microsoft.graph.managedDeviceMobileAppConfiguration/assign

Not working New-MgBetaDeviceManagementDeviceCompliancePolicyAssignment New-MgBetaDeviceAppManagementiOSManagedAppProtectionAssignment New-MgBetaDeviceAppManagementAndroidManagedAppProtectionAssignment New-MgBetaDeviceAppManagementMobileAppConfigurationAssignment New-MgBetaDeviceAppManagementMobileAppAsIoVppAppAssignment New-MgBetaDeviceAppManagementMobileAppAsiOSLobAppAssignment New-MgBetaDeviceAppManagementMobileAppAsManagediOSLobAppAssignment Get-MgBetaDeviceAppManagementMobileAppAsIoVppAppAssignment Get-MgBetaDeviceAppManagementMobileAppAsiOSLobAppAssignment Get-MgBetaDeviceAppManagementMobileAppAsManagediOSLobAppAssignment New-MgBetaDeviceAppManagementiOSManagedAppProtectionAssignment New-MgBetaDeviceAppManagementAndroidManagedAppProtectionAssignment Get-MgBetaDeviceAppManagementiOSManagedAppProtectionAssignment Get-MgBetaDeviceAppManagementAndroidManagedAppProtectionAssignment Get-MgBetaDeviceAppManagementMobileAppConfigurationAssignment Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment

This one works ok New-MgBetaDeviceManagementDeviceConfigurationAssignment

Expected behavior

Groups should be assigned to policies or apps, without wiping out the existing assignments

How to reproduce

$TargetGroupObject = @{ '@odata.type' = '#microsoft.graph.groupAssignmentTarget' deviceAndAppManagementAssignmentFilterId = $Filters.Id deviceAndAppManagementAssignmentFilterType = $FilterTypeInput groupId = $group.Id }

    $Script:Devpolicies | ForEach-Object {
New-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $_.Id -Target $TargetGroupObject
    }

Error No OData route exists that match template

SDK Version

2.23.0

Latest version known to work for scenario above?

No response

Known Workarounds

use Invoke-restmethod https://graph.microsoft.com/beta/deviceAppManagement/mobileAppConfigurations//microsoft.graph.managedDeviceMobileAppConfiguration/assign

Debug output

DEBUG: [CmdletBeginProcessing]: - New-MgBetaDeviceManagementDeviceCompliancePolicyAssignment begin processing with parameterSet 'CreateExpanded'. DEBUG: [Authentication]: - AuthType: 'Delegated', TokenCredentialType: 'InteractiveBrowser', ContextScope: 'CurrentUser', AppName: 'Microsoft Graph Command Line Tools'. DEBUG: [Authentication]: - Scopes: [Agreement.ReadWrite.All, Application.Read.All, Application.ReadWrite.All, AppRoleAssignment.ReadWrite.All, CloudPC.ReadWrite.All, DelegatedPermissionGrant.ReadWrite.All, Device.Read.All, DeviceManagementApps.Read.All, DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementManagedDevices.Read.All, DeviceManagementManagedDevices.ReadWrite.All, DeviceManagementRBAC.ReadWrite.All, DeviceManagementServiceConfig.Read.All, DeviceManagementServiceConfig.ReadWrite.All, Directory.AccessAsUser.All, Directory.Read.All, Directory.ReadWrite.All, Domain.Read.All, Domain.ReadWrite.All, email, Group.Read.All, Group.ReadWrite.All, openid, Organization.ReadWrite.All, Policy.Read.All, Policy.ReadWrite.ConditionalAccess, PrivilegedEligibilitySchedule.ReadWrite.AzureADGroup, profile, RoleAssignmentSchedule.Read.Directory, RoleAssignmentSchedule.ReadWrite.Directory, RoleManagement.Read.All, RoleManagement.Read.Directory, User.Read, User.Read.All, User.ReadWrite.All, UserAuthenticationMethod.Read.All].

Confirm Are you sure you want to perform this action? Performing the operation "New-MgBetaDeviceManagementDeviceCompliancePolicyAssignment_CreateExpanded" on target "Call remote 'POST /deviceManagement/deviceCompliancePolicies/{deviceCompliancePolicy-id}/assignments' operation". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y DEBUG: ============================ HTTP REQUEST ============================

HTTP Method: POST

Absolute Uri: [https://graph.microsoft.com/beta/deviceManagement/deviceCompliancePolicies/PolicyIDguid/assignments]

Headers: FeatureFlag : 00000043 Cache-Control : no-store, no-cache User-Agent : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.19045; en-US),PowerShell/2024.2.2 Accept-Encoding : gzip SdkVersion : graph-powershell-beta/2.23.0 client-request-id : fd73aae8-1467-4183-bcc6-92d6ea284a32

Body: {}

DEBUG: ============================ HTTP RESPONSE ============================

Status Code: BadRequest

Headers: Vary : Accept-Encoding Strict-Transport-Security : max-age=31536000 request-id : e72bcf99-1b94-410c-8a38-fe72590b2171 client-request-id : fd73aae8-1467-4183-bcc6-92d6ea284a32 x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"UK South","Slice":"E","Ring":"5","ScaleUnit":"004","RoleInstance":"LO1PEPF00003248"}} Date : Thu, 03 Oct 2024 10:28:18 GMT

Body: { "error": { "code": "No method match route template", "message": "No OData route exists that match template ~/singleton/navigation/key/navigation with http verb POST for request /DeviceConfiguration_2409/StatelessDeviceConfigurationFEService/deviceManagement/deviceCompliancePolicies('5517726c-e0e8-4afc-9087-0380ea6bbc94')/assignments.", "innerError": { "date": "2024-10-03T10:28:18", "request-id": "e72bcf99-1b94-410c-8a38-fe72590b2171", "client-request-id": "fd73aae8-1467-4183-bcc6-92d6ea284a32" } } }

New-MgBetaDeviceManagementDeviceCompliancePolicyAssignment_CreateExpanded: Line | 13 | … ch-Object { New-MgBetaDeviceManagementDeviceCompliancePolicyAssignmen … | ~~~~~~~~~~~~~ | No OData route exists that match template ~/singleton/navigation/key/navigation with http verb POST for request /DeviceConfiguration_2409/StatelessDeviceConfigurationFEService/deviceManagement/deviceCompliancePolicies(‘policyIDguid’)/assignments.

Status: 400 (BadRequest) ErrorCode: No method match route template Date: 2024-10-03T10:28:18

Headers: Vary : Accept-Encoding Strict-Transport-Security : max-age=31536000 request-id : e72bcf99-1b94-410c-8a38-fe72590b2171 client-request-id : fd73aae8-1467-4183-bcc6-92d6ea284a32 x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"UK South","Slice":"E","Ring":"5","ScaleUnit":"004","RoleInstance":"LO1PEPF00003248"}} Date : Thu, 03 Oct 2024 10:28:18 GMT

DEBUG: [CmdletEndProcessing]: - New-MgBetaDeviceManagementDeviceCompliancePolicyAssignment end processing.

Configuration

PSVersion 7.4.3 PSedition Core Gitcommit ID 7.4.3 OS Microsoft Windows 10.0.19045 Platform Win32Int PSCompatableVersions 1,2,3,4 PS remotingprotocolversion 2.3 Serializationversion 1.1.0.1 WSManStackversion 3.0

Other information

No response

timayabi2020 commented 1 week ago

Hi @stevejmonk did the support team acknowledge that there is an issue with the endpoints called by the cmdlets? Please note that the cmdlets are generated based on the paths provided by the service owner.