Set-AzPolicyDefinition - white spaces are removed for all provided string values #20444
Assignees
Labels
ARM
bug
This issue requires a change to an existing behavior in the product in order to be resolved.
customer-reported
issue-addressed
Service Attention
This issue is responsible by Azure service team.
Milestone
Comments
haui07
added
bug
ghost
added
customer-reported
and removed
needs-triage
|
It should be the same problem as #20386 |
dingmeng-xue
added
ARM
Service Attention
|
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @josephkwchan, @jennyhunter-msft. Issue DetailsDescriptionNew Bug within Az-Resource 6.5 version.
Look at the spaces in -Description. All other parameters are built beforhand, and are irrelevant for this showcase. When looking at the PUT REQUEST in the Debug output, the following description is shown: DEBUG: ============================ HTTP REQUEST ============================ HTTP Method: Headers: Body: So all spaces are removed. This happens for every provided parameter/property/JSON-fragment to Set-AzPolicyDefinition. Tested with allmost every combination. This issue may be related to #20386: Issue script & Debug output# pls. provde a valid policy object and set $name, $mgmtGroupName, $policy, $parameters, $metadata accordingly
Set-AzPolicyDefinition -Name $name `
-DisplayName $displayName `
-Description **"This policy creates a Resource Group to subscription for RSVs."** `
-ManagementGroupName $mgmtGroupName `
-Mode $mode `
-Policy $policy `
-Parameter $parameters `
-Metadata $metadata `
-Debug
DEBUG OUTPUT (I had to remove all sensitive information):
DEBUG: 16:24:19 - SetAzurePolicyDefinitionCmdlet begin processing with ParameterSet 'ManagementGroupNameParameterSet'.
DEBUG: 16:24:19 - using account id '<accountname>'...
DEBUG: 16:24:19 - [ConfigManager] Got [False] from [DisplayBreakingChangeWarning], Module = [], Cmdlet = [].
DEBUG: [Common.Authentication]: Authenticating using Account: '<accountname>', environment: 'AzureCloud', tenant: '<id>'
DEBUG: 16:24:19 - [SilentAuthenticator] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'<id>', Scopes:'https://management.core.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'<account>'
DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId:
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - a9069589-bba4-4a58-890b-bc4c16ab5c44] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - a9069589-bba4-4a58-890b-bc4c16ab5c44] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - a9069589-bba4-4a58-890b-bc4c16ab5c44] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - a9069589-bba4-4a58-890b-bc4c16ab5c44] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - a9069589-bba4-4a58-890b-bc4c16ab5c44] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - a9069589-bba4-4a58-890b-bc4c16ab5c44] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z] Found 2 cache accounts and 0 broker accounts
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z] Returning 2 accounts
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] MSAL MSAL.NetCore with assembly version '4.46.2.0'. CorrelationId(42cd9b14-3655-4117-8b8f-b2e723e910fd)
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] === AcquireTokenSilent Parameters ===
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] LoginHint provided: False
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] Account provided: True
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] ForceRefresh: False
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd]
=== Request Data ===
Authority Provided? - True
Scopes - https://management.core.windows.net//.default
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenSilent
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - 42cd9b14-3655-4117-8b8f-b2e723e910fd
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] === Token Acquisition (SilentRequest) started:
Scopes: https://management.core.windows.net//.default
Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] Access token has expired or about to expire. [Current time (12/14/2022 15:24:19) - Expiration Time (12/14/2022 14:52:29 +00:00) - Extended Expiration Time (12/14/2022 14:52:29 +00:00)]
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] [FindRefreshTokenAsync] Refresh token found in the cache? - True
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:19Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] Fetching instance discovery from the network from host login.microsoftonline.com.
DEBUG: Request [8e931ce2-b92b-4ac9-9375-2e59b7a48abc] GET https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=REDACTED
x-client-SKU:REDACTED
x-client-Ver:REDACTED
x-client-CPU:REDACTED
x-client-OS:REDACTED
client-request-id:REDACTED
return-client-request-id:REDACTED
x-app-name:REDACTED
x-app-ver:REDACTED
x-ms-client-request-id:8e931ce2-b92b-4ac9-9375-2e59b7a48abc
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.6.1,(.NET 7.0.0; Microsoft Windows 10.0.22000)
client assembly: Azure.Identity
DEBUG: Response [8e931ce2-b92b-4ac9-9375-2e59b7a48abc] 200 OK (00.3s)
Cache-Control:max-age=86400, private
Strict-Transport-Security:REDACTED
X-Content-Type-Options:REDACTED
Access-Control-Allow-Origin:REDACTED
Access-Control-Allow-Methods:REDACTED
P3P:REDACTED
client-request-id:REDACTED
x-ms-request-id:327265c4-98ff-4492-b187-58ccb1848900
x-ms-ests-server:REDACTED
X-XSS-Protection:REDACTED
Set-Cookie:REDACTED
Date:Wed, 14 Dec 2022 15:24:19 GMT
Content-Type:application/json; charset=utf-8
Content-Length:980
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] Authority validation enabled? True.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] Authority validation - is known env? True.
DEBUG: Request [ce62bc5b-e44b-447d-b03d-a2e2b4f20a17] POST https://login.microsoftonline.com/<id>/oauth2/v2.0/token
x-client-SKU:REDACTED
x-client-Ver:REDACTED
x-client-CPU:REDACTED
x-client-OS:REDACTED
x-anchormailbox:REDACTED
x-client-current-telemetry:REDACTED
x-client-last-telemetry:REDACTED
x-ms-lib-capability:REDACTED
client-request-id:REDACTED
return-client-request-id:REDACTED
x-app-name:REDACTED
x-app-ver:REDACTED
x-ms-client-request-id:ce62bc5b-e44b-447d-b03d-a2e2b4f20a17
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.6.1,(.NET 7.0.0; Microsoft Windows 10.0.22000)
Content-Type:application/x-www-form-urlencoded
client assembly: Azure.Identity
DEBUG: Response [ce62bc5b-e44b-447d-b03d-a2e2b4f20a17] 200 OK (00.2s)
Cache-Control:no-store, no-cache
Pragma:no-cache
Strict-Transport-Security:REDACTED
X-Content-Type-Options:REDACTED
P3P:REDACTED
client-request-id:REDACTED
x-ms-request-id:3e724063-a045-40ee-83d4-fc481188d200
x-ms-ests-server:REDACTED
x-ms-clitelem:REDACTED
X-XSS-Protection:REDACTED
Set-Cookie:REDACTED
Date:Wed, 14 Dec 2022 15:24:19 GMT
Content-Type:application/json; charset=utf-8
Expires:-1
Content-Length:6278
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] Checking client info returned from the server..
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] Saving token response to cache..
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] [SaveTokenResponseAsync] Saving AT in cache and removing overlapping ATs...
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] Looking for scopes for the authority in the cache which intersect with https://management.core.windows.net//.default
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] Intersecting scope entries count - 1
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] Matching entries after filtering by user - 1
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] [SaveTokenResponseAsync] Saving Id Token and Account in cache ...
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] [SaveTokenResponseAsync] Saving RT in cache...
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] Not writing FRT in ADAL legacy cache.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd]
=== Token Acquisition finished successfully:
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] AT expiration time: 14.12.2022 16:43:05 +00:00, scopes: https://management.core.windows.net//user_impersonation https://management.core.windows.net//.default. source: IdentityProvider
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 42cd9b14-3655-4117-8b8f-b2e723e910fd] Fetched access token from host login.microsoftonline.com.
DEBUG: SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: ExpiresOn: 2022-12-14T16:43:05.3631445+00:00
DEBUG: [Common.Authentication]: Received token with LoginType 'User', Tenant: '<id>', UserId: '<account>'
DEBUG: [Common.Authentication]: Authenticating using Account: '<account>', environment: 'AzureCloud', tenant: '<id>'
DEBUG: 16:24:20 - [SilentAuthenticator] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'<id>', Scopes:'https://management.core.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'<account>'
DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId:
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - d7510a03-9e4f-492a-b2ab-64fc0961db59] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - d7510a03-9e4f-492a-b2ab-64fc0961db59] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - d7510a03-9e4f-492a-b2ab-64fc0961db59] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - d7510a03-9e4f-492a-b2ab-64fc0961db59] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - d7510a03-9e4f-492a-b2ab-64fc0961db59] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - d7510a03-9e4f-492a-b2ab-64fc0961db59] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z] Found 2 cache accounts and 0 broker accounts
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z] Returning 2 accounts
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db] MSAL MSAL.NetCore with assembly version '4.46.2.0'. CorrelationId(5dfd53c3-b511-4672-a862-504a494c30db)
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db] === AcquireTokenSilent Parameters ===
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db] LoginHint provided: False
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db] Account provided: True
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db] ForceRefresh: False
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db]
=== Request Data ===
Authority Provided? - True
Scopes - https://management.core.windows.net//.default
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenSilent
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - 5dfd53c3-b511-4672-a862-504a494c30db
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db] === Token Acquisition (SilentRequest) started:
Scopes: https://management.core.windows.net//.default
Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db] Access token is not expired. Returning the found cache entry. [Current time (12/14/2022 15:24:20) - Expiration Time (12/14/2022 16:43:05 +00:00) - Extended Expiration Time (12/14/2022 16:43:05 +00:00)]
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db] Returning access token found in cache. RefreshOn exists ? False
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db]
=== Token Acquisition finished successfully:
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:20Z - 5dfd53c3-b511-4672-a862-504a494c30db] AT expiration time: 14.12.2022 16:43:05 +00:00, scopes: https://management.core.windows.net//user_impersonation https://management.core.windows.net//.default. source: Cache
DEBUG: SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: ExpiresOn: 2022-12-14T16:43:05.0000000+00:00
DEBUG: [Common.Authentication]: Received token with LoginType 'User', Tenant: '<id>', UserId: '<account>'
DEBUG: ============================ HTTP REQUEST ============================
HTTP Method:
GET
Absolute Uri:
https://management.azure.com/providers/Microsoft.Management/managementGroups/<groupname>/providers/Microsoft.Authorization/policydefinitions/dine-vmaas-backupvault-rg?api-version=2021-06-01
Headers:
User-Agent : Az.Resources/6.5.0,PSVersion/v7.3.0,AzurePowershell/v9.2.0
ParameterSetName : ManagementGroupNameParameterSet
CommandName : Set-AzPolicyDefinition
Body:
DEBUG: ============================ HTTP RESPONSE ============================
Status Code:
OK
Headers:
Cache-Control : no-cache
Pragma : no-cache
Strict-Transport-Security : max-age=31536000; includeSubDomains
Server : Kestrel
x-ms-ratelimit-remaining-tenant-reads: 11999
x-ms-request-id : 88af0f68-c1ba-4b0e-b1fb-e692dd8cd82c
x-ms-correlation-request-id : 88af0f68-c1ba-4b0e-b1fb-e692dd8cd82c
x-ms-routing-request-id : GERMANYNORTH:20221214T152420Z:88af0f68-c1ba-4b0e-b1fb-e692dd8cd82c
X-Content-Type-Options : nosniff
Date : Wed, 14 Dec 2022 15:24:19 GMT
Body:
{
"properties": {
"displayName": "dine-vmaas-backupvault-rg",
"policyType": "Custom",
"mode": "All",
"description": "ThispolicycreatesaResourceGrouptosubscriptionforRSVs.()",
"metadata": {
"createdBy": "9223d10b-9415-40b9-85e3-acd39f51d237",
"createdOn": "2022-06-07T10:30:23.5028101Z",
"updatedBy": "9223d10b-9415-40b9-85e3-acd39f51d237",
"updatedOn": "2022-12-14T11:53:35.7731819Z"
},
"parameters": {},
"policyRule": {
"if": {
"equals": "Microsoft.Resources/subscriptions",
"field": "type"
},
"then": {
"effect": "deployIfNotExists",
"details": {
"DeploymentScope": "subscription",
"ExistenceScope": "subscription",
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"contentVersion": "1.0.0.1",
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"parameters": {},
"resources": [
{
"properties": {},
"location": "westeurope",
"tags": {},
"apiVersion": "2018-05-01",
"name": "dcserver-backupVaults-rg",
"type": "Microsoft.Resources/resourceGroups"
}
]
},
"parameters": {}
},
"location": "westeurope"
},
"name": "dcserver-backupVaults-rg",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Resources/subscriptions/resourceGroups"
}
}
}
},
"id": "/providers/Microsoft.Management/managementGroups/<groupname>/providers/Microsoft.Authorization/policyDefinitions/dine-vmaas-backupvault-rg",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "dine-vmaas-backupvault-rg",
"systemData": {
"createdBy": "<account>",
"createdByType": "User",
"createdAt": "2022-06-07T10:30:23.4719617Z",
"lastModifiedBy": "<account>",
"lastModifiedByType": "User",
"lastModifiedAt": "2022-12-14T11:53:35.7040992Z"
}
}
DEBUG: ============================ HTTP REQUEST ============================
HTTP Method:
PUT
Absolute Uri:
https://management.azure.com/providers/Microsoft.Management/managementGroups/<groupname>/providers/Microsoft.Authorization/policydefinitions/dine-vmaas-backupvault-rg?api-version=2021-06-01
Headers:
User-Agent : Az.Resources/6.5.0,PSVersion/v7.3.0,AzurePowershell/v9.2.0
ParameterSetName : ManagementGroupNameParameterSet
CommandName : Set-AzPolicyDefinition
Body:
{
"name": "dine-vmaas-backupvault-rg",
"properties": {
"description": "**ThispolicycreatesaResourceGrouptosubscriptionforRSVs.**",
"displayName": "dine-vmaas-backupvault-rg",
"policyRule": {
"if": {
"equals": "Microsoft.Resources/subscriptions",
"field": "type"
},
"then": {
"effect": "deployIfNotExists",
"details": {
"DeploymentScope": "subscription",
"ExistenceScope": "subscription",
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"contentVersion": "1.0.0.1",
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"parameters": {},
"resources": [
{
"properties": {},
"location": "westeurope",
"tags": {},
"apiVersion": "2018-05-01",
"name": "dcserver-backupVaults-rg",
"type": "Microsoft.Resources/resourceGroups"
}
]
},
"parameters": {}
},
"location": "westeurope"
},
"name": "dcserver-backupVaults-rg",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Resources/subscriptions/resourceGroups"
}
}
},
"metadata": {},
"parameters": {},
"mode": "All",
"policyType": "Custom"
}
}
DEBUG: ============================ HTTP RESPONSE ============================
Status Code:
Created
Headers:
Cache-Control : no-cache
Pragma : no-cache
Strict-Transport-Security : max-age=31536000; includeSubDomains
Server : Kestrel
x-ms-ratelimit-remaining-tenant-writes: 1199
x-ms-request-id : 1556c2d7-4522-4ebd-b34d-8b8578cf3074
x-ms-correlation-request-id : 1556c2d7-4522-4ebd-b34d-8b8578cf3074
x-ms-routing-request-id : GERMANYNORTH:20221214T152421Z:1556c2d7-4522-4ebd-b34d-8b8578cf3074
X-Content-Type-Options : nosniff
Date : Wed, 14 Dec 2022 15:24:21 GMT
Body:
{
"properties": {
"displayName": "dine-vmaas-backupvault-rg",
"policyType": "Custom",
"mode": "All",
"description": "ThispolicycreatesaResourceGrouptosubscriptionforRSVs.",
"metadata": {
"createdBy": "9223d10b-9415-40b9-85e3-acd39f51d237",
"createdOn": "2022-06-07T10:30:23.5028101Z",
"updatedBy": "9223d10b-9415-40b9-85e3-acd39f51d237",
"updatedOn": "2022-12-14T15:24:21.7332995Z"
},
"parameters": {},
"policyRule": {
"if": {
"equals": "Microsoft.Resources/subscriptions",
"field": "type"
},
"then": {
"effect": "deployIfNotExists",
"details": {
"DeploymentScope": "subscription",
"ExistenceScope": "subscription",
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"contentVersion": "1.0.0.1",
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"parameters": {},
"resources": [
{
"properties": {},
"location": "westeurope",
"tags": {},
"apiVersion": "2018-05-01",
"name": "dcserver-backupVaults-rg",
"type": "Microsoft.Resources/resourceGroups"
}
]
},
"parameters": {}
},
"location": "westeurope"
},
"name": "dcserver-backupVaults-rg",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Resources/subscriptions/resourceGroups"
}
}
}
},
"id": "/providers/Microsoft.Management/managementGroups/<groupname>/providers/Microsoft.Authorization/policyDefinitions/dine-vmaas-backupvault-rg",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "dine-vmaas-backupvault-rg",
"systemData": {
"createdBy": "<account>",
"createdByType": "User",
"createdAt": "2022-06-07T10:30:23.4719617Z",
"lastModifiedBy": "<account>",
"lastModifiedByType": "User",
"lastModifiedAt": "2022-12-14T15:24:21.6016531Z"
}
}
DEBUG: [Common.Authentication]: Authenticating using Account: '<account>', environment: 'AzureCloud', tenant: '<id>'
DEBUG: 16:24:21 - [SilentAuthenticator] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'<id>', Scopes:'https://management.core.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'<account>'
DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId:
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 8da4d3e7-7e1d-4196-ba5f-6b2e64ba24db] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 8da4d3e7-7e1d-4196-ba5f-6b2e64ba24db] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 8da4d3e7-7e1d-4196-ba5f-6b2e64ba24db] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 8da4d3e7-7e1d-4196-ba5f-6b2e64ba24db] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 8da4d3e7-7e1d-4196-ba5f-6b2e64ba24db] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 8da4d3e7-7e1d-4196-ba5f-6b2e64ba24db] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z] Found 2 cache accounts and 0 broker accounts
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z] Returning 2 accounts
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 6384c39f-5b09-4c4b-bb72-da6eb4f1a3ee] MSAL MSAL.NetCore with assembly version '4.46.2.0'. CorrelationId(6384c39f-5b09-4c4b-bb72-da6eb4f1a3ee)
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 6384c39f-5b09-4c4b-bb72-da6eb4f1a3ee] === AcquireTokenSilent Parameters ===
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 6384c39f-5b09-4c4b-bb72-da6eb4f1a3ee] LoginHint provided: False
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 6384c39f-5b09-4c4b-bb72-da6eb4f1a3ee] Account provided: True
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 6384c39f-5b09-4c4b-bb72-da6eb4f1a3ee] ForceRefresh: False
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 6384c39f-5b09-4c4b-bb72-da6eb4f1a3ee]
=== Request Data ===
Authority Provided? - True
Scopes - https://management.core.windows.net//.default
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenSilent
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - 6384c39f-5b09-4c4b-bb72-da6eb4f1a3ee
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 6384c39f-5b09-4c4b-bb72-da6eb4f1a3ee] === Token Acquisition (SilentRequest) started:
Scopes: https://management.core.windows.net//.default
Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 6384c39f-5b09-4c4b-bb72-da6eb4f1a3ee] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.46.2.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 10.0.22000 [2022-12-14 15:24:21Z - 6384c39f-5b09-4c4b-bb72-da6eb4f1a3ee] Access token is not expired. Returning the found cacName : dine-vmaas-backupvault-rg
ResourceId : /providers/Microsoft.Management/managementGroups/<groupname>/providers/Microsoft.Authorization/policyDefinitions/dine-vmaas-backupvault-rgResourceName : dine-vmaas-backupvault-rg
ResourceType : Microsoft.Authorization/policyDefinitions
SubscriptionId :
Properties : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.Policy.PsPolicyDefinitionProperties
PolicyDefinitionId : /providers/Microsoft.Management/managementGroups/<groupname>/providers/Microsoft.Authorization/policyDefinitions/dine-vmaas-backupvault-rg
DEBUG: AzureQoSEvent: Module: Az.Resources:6.5.0; CommandName: Set-AzPolicyDefinition; PSVersion: 7.3.0; IsSuccess: True; Duration: 00:00:02.2504643
DEBUG: 16:24:22 - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 16:24:22 - SetAzurePolicyDefinitionCmdlet end processing.Environment dataName Value
---- -----
PSVersion 7.3.0
PSEdition Core
GitCommitId 7.3.0
OS Microsoft Windows 10.0.22000
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0Module versionsGet-Module Az*
ModuleType Version PreRelease Name ExportedCommands
---------- ------- ---------- ---- ----------------
Script 2.10.4 Az.Accounts {Add-AzEnvironment, Clear-AzConfig, Clear-AzContext, Clear-AzDefault…}
Script 6.5.0 Az.Resources {Export-AzResourceGroup, Export-AzTemplateSpec, Get-AzDenyAssignment, Get-AzDeployment…}Error outputNo response
|
|
Hi @haui07. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text “ |
|
Hi @haui07, since you haven’t asked that we “ |
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
New Bug within Az-Resource 6.5 version.
When calling Set-AzPolicyDefinition, all (!) spaces are removed for all properties. It's very easy to reproduce. The spaces can be provided for every parameter.
For example:
Set-AzPolicyDefinition -Name $name `
Look at the spaces in -Description. All other parameters are built beforhand, and are irrelevant for this showcase.
When looking at the PUT REQUEST in the Debug output, the following description is shown:
DEBUG: ============================ HTTP REQUEST ============================
HTTP Method:
PUT
Absolute Uri:
https://management.azure.com/providers/Microsoft.Management/managementGroups/RBHQ/providers/Microsoft.Authorization/policydefinitions/dine-vmaas-backupvault-rg?api-version=2021-06-01
Headers:
User-Agent : Az.Resources/6.5.0,PSVersion/v7.3.0,AzurePowershell/v9.2.0
ParameterSetName : ManagementGroupNameParameterSet
CommandName : Set-AzPolicyDefinition
Body:
{
"name": "dine-vmaas-backupvault-rg",
"properties": {
"description": "ThispolicycreatesaResourceGrouptosubscriptionforRSVs.",
So all spaces are removed. This happens for every provided parameter/property/JSON-fragment to Set-AzPolicyDefinition. Tested with allmost every combination.
Under Az CmdLet v < 6.5 this was definitely not an issue.
This issue may be related to #20386:
#20386
Issue script & Debug output
Environment data
Module versions
Error output
No response
The text was updated successfully, but these errors were encountered: