-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set-AzPolicyDefinition - white spaces are removed for all provided string values #20444
Comments
It should be the same problem as #20386 |
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @josephkwchan, @jennyhunter-msft. Issue DetailsDescriptionNew Bug within Az-Resource 6.5 version.
Look at the spaces in -Description. All other parameters are built beforhand, and are irrelevant for this showcase. When looking at the PUT REQUEST in the Debug output, the following description is shown: DEBUG: ============================ HTTP REQUEST ============================ HTTP Method: Headers: Body: So all spaces are removed. This happens for every provided parameter/property/JSON-fragment to Set-AzPolicyDefinition. Tested with allmost every combination. This issue may be related to #20386: Issue script & Debug output# pls. provde a valid policy object and set $name, $mgmtGroupName, $policy, $parameters, $metadata accordingly
Set-AzPolicyDefinition -Name $name `
-DisplayName $displayName `
-Description **"This policy creates a Resource Group to subscription for RSVs."** `
-ManagementGroupName $mgmtGroupName `
-Mode $mode `
-Policy $policy `
-Parameter $parameters `
-Metadata $metadata `
-Debug
DEBUG OUTPUT (I had to remove all sensitive information):
DEBUG: 16:24:19 - SetAzurePolicyDefinitionCmdlet begin processing with ParameterSet 'ManagementGroupNameParameterSet'.
DEBUG: 16:24:19 - using account id '<accountname>'...
DEBUG: 16:24:19 - [ConfigManager] Got [False] from [DisplayBreakingChangeWarning], Module = [], Cmdlet = [].
DEBUG: [Common.Authentication]: Authenticating using Account: '<accountname>', environment: 'AzureCloud', tenant: '<id>'
DEBUG: 16:24:19 - [SilentAuthenticator] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'<id>', Scopes:'https://management.core.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'<account>'
DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId:
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - a9069589-bba4-4a58-890b-bc4c16ab5c44] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - a9069589-bba4-4a58-890b-bc4c16ab5c44] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - a9069589-bba4-4a58-890b-bc4c16ab5c44] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - a9069589-bba4-4a58-890b-bc4c16ab5c44] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - a9069589-bba4-4a58-890b-bc4c16ab5c44] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - a9069589-bba4-4a58-890b-bc4c16ab5c44] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z] Found 2 cache accounts and 0 broker accounts
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z] Returning 2 accounts
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] MSAL MSAL.NetCore with assembly version '4.46.2.0'. CorrelationId(42cd9b14-3655-4117-8b8f-b2e723e910fd)
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] === AcquireTokenSilent Parameters ===
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] LoginHint provided: False
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] Account provided: True
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] ForceRefresh: False
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd]
=== Request Data ===
Authority Provided? - True
Scopes - https://management.core.windows.net//.default
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenSilent
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - 42cd9b14-3655-4117-8b8f-b2e723e910fd
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] === Token Acquisition (SilentRequest) started:
Scopes: https://management.core.windows.net//.default
Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] Access token has expired or about to expire. [Current time (12/14/2022 15:24:19) - Expiration Time (12/14/2022 14:52:29 +00:00) - Extended Expiration Time (12/14/2022 14:52:29 +00:00)]
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] [FindRefreshTokenAsync] Refresh token found in the cache? - True
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] Fetching instance discovery from the network from host login.microsoftonline.com.
DEBUG: Request [8e931ce2-b92b-4ac9-9375-2e59b7a48abc] GET https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=REDACTED
x-client-SKU:REDACTED
x-client-Ver:REDACTED
x-client-CPU:REDACTED
x-client-OS:REDACTED
client-request-id:REDACTED
return-client-request-id:REDACTED
x-app-name:REDACTED
x-app-ver:REDACTED
x-ms-client-request-id:8e931ce2-b92b-4ac9-9375-2e59b7a48abc
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.6.1,(.NET 7.0.0; Microsoft Windows 10.0.22000)
client assembly: Azure.Identity
DEBUG: Response [8e931ce2-b92b-4ac9-9375-2e59b7a48abc] 200 OK (00.3s)
Cache-Control:max-age=86400, private
Strict-Transport-Security:REDACTED
X-Content-Type-Options:REDACTED
Access-Control-Allow-Origin:REDACTED
Access-Control-Allow-Methods:REDACTED
P3P:REDACTED
client-request-id:REDACTED
x-ms-request-id:327265c4-98ff-4492-b187-58ccb1848900
x-ms-ests-server:REDACTED
X-XSS-Protection:REDACTED
Set-Cookie:REDACTED
Date:Wed, 14 Dec 2022 15:24:19 GMT
Content-Type:application/json; charset=utf-8
Content-Length:980
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] Authority validation enabled? True.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] Authority validation - is known env? True.
DEBUG: Request [ce62bc5b-e44b-447d-b03d-a2e2b4f20a17] POST https://login.microsoftonline.com/<id>/oauth2/v2.0/token
x-client-SKU:REDACTED
x-client-Ver:REDACTED
x-client-CPU:REDACTED
x-client-OS:REDACTED
x-anchormailbox:REDACTED
x-client-current-telemetry:REDACTED
x-client-last-telemetry:REDACTED
x-ms-lib-capability:REDACTED
client-request-id:REDACTED
return-client-request-id:REDACTED
x-app-name:REDACTED
x-app-ver:REDACTED
x-ms-client-request-id:ce62bc5b-e44b-447d-b03d-a2e2b4f20a17
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.6.1,(.NET 7.0.0; Microsoft Windows 10.0.22000)
Content-Type:application/x-www-form-urlencoded
client assembly: Azure.Identity
DEBUG: Response [ce62bc5b-e44b-447d-b03d-a2e2b4f20a17] 200 OK (00.2s)
Cache-Control:no-store, no-cache
Pragma:no-cache
Strict-Transport-Security:REDACTED
X-Content-Type-Options:REDACTED
P3P:REDACTED
client-request-id:REDACTED
x-ms-request-id:3e724063-a045-40ee-83d4-fc481188d200
x-ms-ests-server:REDACTED
x-ms-clitelem:REDACTED
X-XSS-Protection:REDACTED
Set-Cookie:REDACTED
Date:Wed, 14 Dec 2022 15:24:19 GMT
Content-Type:application/json; charset=utf-8
Expires:-1
Content-Length:6278
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] Checking client info returned from the server..
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] Saving token response to cache..
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] [SaveTokenResponseAsync] Saving AT in cache and removing overlapping ATs...
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] Looking for scopes for the authority in the cache which intersect with https://management.core.windows.net//.default
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] Intersecting scope entries count - 1
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] Matching entries after filtering by user - 1
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] [SaveTokenResponseAsync] Saving Id Token and Account in cache ...
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] [SaveTokenResponseAsync] Saving RT in cache...
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] Not writing FRT in ADAL legacy cache.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd]
=== Token Acquisition finished successfully:
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] AT expiration time: 14.12.2022 16:43:05 +00:00, scopes: https://management.core.windows.net//user_impersonation https://management.core.windows.net//.default. source: IdentityProvider
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] Fetched access token from host login.microsoftonline.com.
DEBUG: SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: ExpiresOn: 2022-12-14T16:43:05.3631445+00:00
DEBUG: [Common.Authentication]: Received token with LoginType 'User', Tenant: '<id>', UserId: '<account>'
DEBUG: [Common.Authentication]: Authenticating using Account: '<account>', environment: 'AzureCloud', tenant: '<id>'
DEBUG: 16:24:20 - [SilentAuthenticator] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'<id>', Scopes:'https://management.core.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'<account>'
DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId:
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - d7510a03-9e4f-492a-b2ab-64fc0961db59] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - d7510a03-9e4f-492a-b2ab-64fc0961db59] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - d7510a03-9e4f-492a-b2ab-64fc0961db59] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - d7510a03-9e4f-492a-b2ab-64fc0961db59] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - d7510a03-9e4f-492a-b2ab-64fc0961db59] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - d7510a03-9e4f-492a-b2ab-64fc0961db59] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z] Found 2 cache accounts and 0 broker accounts
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z] Returning 2 accounts
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db] MSAL MSAL.NetCore with assembly version '4.46.2.0'. CorrelationId(5dfd53c3-b511-4672-a862-504a494c30db)
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db] === AcquireTokenSilent Parameters ===
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db] LoginHint provided: False
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db] Account provided: True
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db] ForceRefresh: False
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db]
=== Request Data ===
Authority Provided? - True
Scopes - https://management.core.windows.net//.default
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenSilent
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - 5dfd53c3-b511-4672-a862-504a494c30db
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db] === Token Acquisition (SilentRequest) started:
Scopes: https://management.core.windows.net//.default
Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db] Access token is not expired. Returning the found cache entry. [Current time (12/14/2022 15:24:20) - Expiration Time (12/14/2022 16:43:05 +00:00) - Extended Expiration Time (12/14/2022 16:43:05 +00:00)]
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db] Returning access token found in cache. RefreshOn exists ? False
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db]
=== Token Acquisition finished successfully:
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db] AT expiration time: 14.12.2022 16:43:05 +00:00, scopes: https://management.core.windows.net//user_impersonation https://management.core.windows.net//.default. source: Cache
DEBUG: SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: ExpiresOn: 2022-12-14T16:43:05.0000000+00:00
DEBUG: [Common.Authentication]: Received token with LoginType 'User', Tenant: '<id>', UserId: '<account>'
DEBUG: ============================ HTTP REQUEST ============================
HTTP Method:
GET
Absolute Uri:
https://management.azure.com/providers/Microsoft.Management/managementGroups/<groupname>/providers/Microsoft.Authorization/policydefinitions/dine-vmaas-backupvault-rg?api-version=2021-06-01
Headers:
User-Agent : Az.Resources/6.5.0,PSVersion/v7.3.0,AzurePowershell/v9.2.0
ParameterSetName : ManagementGroupNameParameterSet
CommandName : Set-AzPolicyDefinition
Body:
DEBUG: ============================ HTTP RESPONSE ============================
Status Code:
OK
Headers:
Cache-Control : no-cache
Pragma : no-cache
Strict-Transport-Security : max-age=31536000; includeSubDomains
Server : Kestrel
x-ms-ratelimit-remaining-tenant-reads: 11999
x-ms-request-id : 88af0f68-c1ba-4b0e-b1fb-e692dd8cd82c
x-ms-correlation-request-id : 88af0f68-c1ba-4b0e-b1fb-e692dd8cd82c
x-ms-routing-request-id : GERMANYNORTH:20221214T152420Z:88af0f68-c1ba-4b0e-b1fb-e692dd8cd82c
X-Content-Type-Options : nosniff
Date : Wed, 14 Dec 2022 15:24:19 GMT
Body:
{
"properties": {
"displayName": "dine-vmaas-backupvault-rg",
"policyType": "Custom",
"mode": "All",
"description": "ThispolicycreatesaResourceGrouptosubscriptionforRSVs.()",
"metadata": {
"createdBy": "9223d10b-9415-40b9-85e3-acd39f51d237",
"createdOn": "2022-06-07T10:30:23.5028101Z",
"updatedBy": "9223d10b-9415-40b9-85e3-acd39f51d237",
"updatedOn": "2022-12-14T11:53:35.7731819Z"
},
"parameters": {},
"policyRule": {
"if": {
"equals": "Microsoft.Resources/subscriptions",
"field": "type"
},
"then": {
"effect": "deployIfNotExists",
"details": {
"DeploymentScope": "subscription",
"ExistenceScope": "subscription",
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"contentVersion": "1.0.0.1",
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"parameters": {},
"resources": [
{
"properties": {},
"location": "westeurope",
"tags": {},
"apiVersion": "2018-05-01",
"name": "dcserver-backupVaults-rg",
"type": "Microsoft.Resources/resourceGroups"
}
]
},
"parameters": {}
},
"location": "westeurope"
},
"name": "dcserver-backupVaults-rg",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Resources/subscriptions/resourceGroups"
}
}
}
},
"id": "/providers/Microsoft.Management/managementGroups/<groupname>/providers/Microsoft.Authorization/policyDefinitions/dine-vmaas-backupvault-rg",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "dine-vmaas-backupvault-rg",
"systemData": {
"createdBy": "<account>",
"createdByType": "User",
"createdAt": "2022-06-07T10:30:23.4719617Z",
"lastModifiedBy": "<account>",
"lastModifiedByType": "User",
"lastModifiedAt": "2022-12-14T11:53:35.7040992Z"
}
}
DEBUG: ============================ HTTP REQUEST ============================
HTTP Method:
PUT
Absolute Uri:
https://management.azure.com/providers/Microsoft.Management/managementGroups/<groupname>/providers/Microsoft.Authorization/policydefinitions/dine-vmaas-backupvault-rg?api-version=2021-06-01
Headers:
User-Agent : Az.Resources/6.5.0,PSVersion/v7.3.0,AzurePowershell/v9.2.0
ParameterSetName : ManagementGroupNameParameterSet
CommandName : Set-AzPolicyDefinition
Body:
{
"name": "dine-vmaas-backupvault-rg",
"properties": {
"description": "**ThispolicycreatesaResourceGrouptosubscriptionforRSVs.**",
"displayName": "dine-vmaas-backupvault-rg",
"policyRule": {
"if": {
"equals": "Microsoft.Resources/subscriptions",
"field": "type"
},
"then": {
"effect": "deployIfNotExists",
"details": {
"DeploymentScope": "subscription",
"ExistenceScope": "subscription",
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"contentVersion": "1.0.0.1",
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"parameters": {},
"resources": [
{
"properties": {},
"location": "westeurope",
"tags": {},
"apiVersion": "2018-05-01",
"name": "dcserver-backupVaults-rg",
"type": "Microsoft.Resources/resourceGroups"
}
]
},
"parameters": {}
},
"location": "westeurope"
},
"name": "dcserver-backupVaults-rg",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Resources/subscriptions/resourceGroups"
}
}
},
"metadata": {},
"parameters": {},
"mode": "All",
"policyType": "Custom"
}
}
DEBUG: ============================ HTTP RESPONSE ============================
Status Code:
Created
Headers:
Cache-Control : no-cache
Pragma : no-cache
Strict-Transport-Security : max-age=31536000; includeSubDomains
Server : Kestrel
x-ms-ratelimit-remaining-tenant-writes: 1199
x-ms-request-id : 1556c2d7-4522-4ebd-b34d-8b8578cf3074
x-ms-correlation-request-id : 1556c2d7-4522-4ebd-b34d-8b8578cf3074
x-ms-routing-request-id : GERMANYNORTH:20221214T152421Z:1556c2d7-4522-4ebd-b34d-8b8578cf3074
X-Content-Type-Options : nosniff
Date : Wed, 14 Dec 2022 15:24:21 GMT
Body:
{
"properties": {
"displayName": "dine-vmaas-backupvault-rg",
"policyType": "Custom",
"mode": "All",
"description": "ThispolicycreatesaResourceGrouptosubscriptionforRSVs.",
"metadata": {
"createdBy": "9223d10b-9415-40b9-85e3-acd39f51d237",
"createdOn": "2022-06-07T10:30:23.5028101Z",
"updatedBy": "9223d10b-9415-40b9-85e3-acd39f51d237",
"updatedOn": "2022-12-14T15:24:21.7332995Z"
},
"parameters": {},
"policyRule": {
"if": {
"equals": "Microsoft.Resources/subscriptions",
"field": "type"
},
"then": {
"effect": "deployIfNotExists",
"details": {
"DeploymentScope": "subscription",
"ExistenceScope": "subscription",
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"contentVersion": "1.0.0.1",
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"parameters": {},
"resources": [
{
"properties": {},
"location": "westeurope",
"tags": {},
"apiVersion": "2018-05-01",
"name": "dcserver-backupVaults-rg",
"type": "Microsoft.Resources/resourceGroups"
}
]
},
"parameters": {}
},
"location": "westeurope"
},
"name": "dcserver-backupVaults-rg",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Resources/subscriptions/resourceGroups"
}
}
}
},
"id": "/providers/Microsoft.Management/managementGroups/<groupname>/providers/Microsoft.Authorization/policyDefinitions/dine-vmaas-backupvault-rg",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "dine-vmaas-backupvault-rg",
"systemData": {
"createdBy": "<account>",
"createdByType": "User",
"createdAt": "2022-06-07T10:30:23.4719617Z",
"lastModifiedBy": "<account>",
"lastModifiedByType": "User",
"lastModifiedAt": "2022-12-14T15:24:21.6016531Z"
}
}
DEBUG: [Common.Authentication]: Authenticating using Account: '<account>', environment: 'AzureCloud', tenant: '<id>'
DEBUG: 16:24:21 - [SilentAuthenticator] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'<id>', Scopes:'https://management.core.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'<account>'
DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId:
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 8da4d3e7-7e1d-4196-ba5f-6b2e64ba24db] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 8da4d3e7-7e1d-4196-ba5f-6b2e64ba24db] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 8da4d3e7-7e1d-4196-ba5f-6b2e64ba24db] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 8da4d3e7-7e1d-4196-ba5f-6b2e64ba24db] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 8da4d3e7-7e1d-4196-ba5f-6b2e64ba24db] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 8da4d3e7-7e1d-4196-ba5f-6b2e64ba24db] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z] Found 2 cache accounts and 0 broker accounts
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z] Returning 2 accounts
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 6384c39f-5b09-4c4b-bb72-da6eb4f1a3ee] MSAL MSAL.NetCore with assembly version '4.46.2.0'. CorrelationId(6384c39f-5b09-4c4b-bb72-da6eb4f1a3ee)
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 6384c39f-5b09-4c4b-bb72-da6eb4f1a3ee] === AcquireTokenSilent Parameters ===
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 6384c39f-5b09-4c4b-bb72-da6eb4f1a3ee] LoginHint provided: False
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 6384c39f-5b09-4c4b-bb72-da6eb4f1a3ee] Account provided: True
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 6384c39f-5b09-4c4b-bb72-da6eb4f1a3ee] ForceRefresh: False
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 6384c39f-5b09-4c4b-bb72-da6eb4f1a3ee]
=== Request Data ===
Authority Provided? - True
Scopes - https://management.core.windows.net//.default
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenSilent
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - 6384c39f-5b09-4c4b-bb72-da6eb4f1a3ee
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 6384c39f-5b09-4c4b-bb72-da6eb4f1a3ee] === Token Acquisition (SilentRequest) started:
Scopes: https://management.core.windows.net//.default
Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 6384c39f-5b09-4c4b-bb72-da6eb4f1a3ee] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 6384c39f-5b09-4c4b-bb72-da6eb4f1a3ee] Access token is not expired. Returning the found cacName : dine-vmaas-backupvault-rg
ResourceId : /providers/Microsoft.Management/managementGroups/<groupname>/providers/Microsoft.Authorization/policyDefinitions/dine-vmaas-backupvault-rgResourceName : dine-vmaas-backupvault-rg
ResourceType : Microsoft.Authorization/policyDefinitions
SubscriptionId :
Properties : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.Policy.PsPolicyDefinitionProperties
PolicyDefinitionId : /providers/Microsoft.Management/managementGroups/<groupname>/providers/Microsoft.Authorization/policyDefinitions/dine-vmaas-backupvault-rg
DEBUG: AzureQoSEvent: Module: Az.Resources:6.5.0; CommandName: Set-AzPolicyDefinition; PSVersion: 7.3.0; IsSuccess: True; Duration: 00:00:02.2504643
DEBUG: 16:24:22 - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 16:24:22 - SetAzurePolicyDefinitionCmdlet end processing. Environment dataName Value
---- -----
PSVersion 7.3.0
PSEdition Core
GitCommitId 7.3.0
OS Microsoft Windows 10.0.22000
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0 Module versionsGet-Module Az*
ModuleType Version PreRelease Name ExportedCommands
---------- ------- ---------- ---- ----------------
Script 2.10.4 Az.Accounts {Add-AzEnvironment, Clear-AzConfig, Clear-AzContext, Clear-AzDefault…}
Script 6.5.0 Az.Resources {Export-AzResourceGroup, Export-AzTemplateSpec, Get-AzDenyAssignment, Get-AzDeployment…} Error outputNo response
|
Hi @haui07. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text “ |
Hi @haui07, since you haven’t asked that we “ |
Description
New Bug within Az-Resource 6.5 version.
When calling Set-AzPolicyDefinition, all (!) spaces are removed for all properties. It's very easy to reproduce. The spaces can be provided for every parameter.
For example:
Set-AzPolicyDefinition -Name $name `
Look at the spaces in -Description. All other parameters are built beforhand, and are irrelevant for this showcase.
When looking at the PUT REQUEST in the Debug output, the following description is shown:
DEBUG: ============================ HTTP REQUEST ============================
HTTP Method:
PUT
Absolute Uri:
https://management.azure.com/providers/Microsoft.Management/managementGroups/RBHQ/providers/Microsoft.Authorization/policydefinitions/dine-vmaas-backupvault-rg?api-version=2021-06-01
Headers:
User-Agent : Az.Resources/6.5.0,PSVersion/v7.3.0,AzurePowershell/v9.2.0
ParameterSetName : ManagementGroupNameParameterSet
CommandName : Set-AzPolicyDefinition
Body:
{
"name": "dine-vmaas-backupvault-rg",
"properties": {
"description": "ThispolicycreatesaResourceGrouptosubscriptionforRSVs.",
So all spaces are removed. This happens for every provided parameter/property/JSON-fragment to Set-AzPolicyDefinition. Tested with allmost every combination.
Under Az CmdLet v < 6.5 this was definitely not an issue.
This issue may be related to #20386:
#20386
Issue script & Debug output
Environment data
Module versions
Error output
No response
The text was updated successfully, but these errors were encountered: