Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to assign app permissions to a managed identity resource. #18412

Closed
josefehse opened this issue Jun 6, 2022 · 11 comments
Closed

Unable to assign app permissions to a managed identity resource. #18412

josefehse opened this issue Jun 6, 2022 · 11 comments
Assignees
@NoriZC
Labels
AAD AzAd cmdlets in Az.Resources feature-request This issue requires a new behavior in the product in order be resolved. Tracking We will track status and follow internally

Comments

@josefehse
Copy link

Description

Trying to assing microsoft graph permissions to a managed identify azure function.
The old method (AzureAD) works fine. With the new module, here's the issue:
I can get application ID and object ID of the MI using Get-azadServicePrincipal.
When trying to use Add-AzADPermission it fails:
image
You can see the module uses get-azadapplication:
image
However, get-azadapplication won't find service principals for Managed Identities, only Enterprise Applications.
Am I missing something or is it a gap?

Thank you.

Issue script & Debug output

DEBUG: [CmdletBeginProcessing]: Starting command
DEBUG: CmdletBeginProcessing: 
DEBUG: CmdletProcessRecordStart: 
DEBUG: CmdletGetPipeline: 
DEBUG: CmdletBeforeAPICall: 
DEBUG: URLCreated: /applications/976b8749-70bf-4465-84b1-06a6169ee419
DEBUG: RequestCreated: /v1.0/applications/976b8749-70bf-4465-84b1-06a6169ee419
DEBUG: HeaderParametersAdded: 
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://graph.microsoft.com/v1.0/applications/976b8749-70bf-4465-84b1-06a6169ee419

Headers:
x-ms-unique-id                : 39,40,41
x-ms-client-request-id        : f2e56275-ae54-46f1-ac81-d8be8a0876ef
CommandName                   : Az.MSGraph.internal\Get-AzADApplication
FullCommandName               : Get-AzADApplication_Get
ParameterSetName              : __AllParameterSets
User-Agent                    : AzurePowershell/v8.0.0,PSVersion/v7.2.3,Az.MSGraph/6.0.0

Body:



DEBUG: BeforeCall: 
DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
NotFound

Headers:
Cache-Control                 : no-cache
Transfer-Encoding             : chunked
Strict-Transport-Security     : max-age=31536000
request-id                    : 1fa1e6e6-c513-49bc-b97f-09d499da202a
client-request-id             : 1fa1e6e6-c513-49bc-b97f-09d499da202a
x-ms-ags-diagnostic           : {"ServerInfo":{"DataCenter":"Canada East","Slice":"E","Ring":"2","ScaleUnit":"000","RoleInstance":"QB1PEPF00002184"}}
x-ms-resource-unit            : 1
Date                          : Mon, 06 Jun 2022 22:27:40 GMT

Body:
{
  "error": {
    "code": "Request_ResourceNotFound",
    "message": "Resource '976b8749-70bf-4465-84b1-06a6169ee419' does not exist or one of its queried reference-property objects are not present.",
    "innerError": {
      "date": "2022-06-06T22:27:41",
      "request-id": "1fa1e6e6-c513-49bc-b97f-09d499da202a",
      "client-request-id": "1fa1e6e6-c513-49bc-b97f-09d499da202a"
    }
  }
}


DEBUG: ResponseCreated: 
DEBUG: BeforeResponseDispatch: 
Get-AzADApplication_Get: /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPermission.ps1:103:17
Line |
 103 |$app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBou|                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Resource '976b8749-70bf-4465-84b1-06a6169ee419' does not exist or one of its queried reference-property
     | objects are not present.

DEBUG: [Finally]: Getting exception 'Microsoft.Azure.Commands.Common.Exceptions.AzPSResourceNotFoundCloudException: InternalException' from response
DEBUG: Finally: 
DEBUG: CmdletAfterAPICall: 
DEBUG: [CmdletProcessRecordAsyncEnd]: Finish HTTP process
DEBUG: CmdletProcessRecordAsyncEnd: 
DEBUG: CmdletProcessRecordEnd: 
Add-AzADAppPermission: /home/jofehse/git/grfunc/setup/test.ps1:20:17
Line |
  20 |Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id|                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Cannot find application by ObjectId 976b8749-70bf-4465-84b1-06a6169ee419

Environment data

Name                           Value
----                           -----
PSVersion                      7.2.3
PSEdition                      Core
GitCommitId                    7.2.3
OS                             Linux 5.15.0-33-generic #34-Ubuntu SMP Wed May 18 13:34:26 UTC 2022
Platform                       Unix
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Module versions

ModuleType Version    PreRelease Name                                ExportedCommands
---------- -------    ---------- ----                                ----------------
Script     8.0.0                 Az                                  
Script     2.8.0                 Az.Accounts                         {Add-AzEnvironment, Clear-AzConfig, Clear-AzContext,…
Script     1.1.2                 Az.Advisor                          {Disable-AzAdvisorRecommendation, Enable-AzAdvisorRe…
Script     4.1.0                 Az.Aks                              {Disable-AzAksAddOn, Enable-AzAksAddOn, Get-AzAksClu…
Script     1.1.4                 Az.AnalysisServices                 {Add-AzAnalysisServicesAccount, Export-AzAnalysisSer…
Script     3.0.0                 Az.ApiManagement                    {Add-AzApiManagementApiToGateway, Add-AzApiManagemen…
Script     1.1.0                 Az.AppConfiguration                 {Get-AzAppConfigurationStore, Get-AzAppConfiguration…
Script     2.0.0                 Az.ApplicationInsights              {Get-AzApplicationInsights, Get-AzApplicationInsight…
Script     1.0.0                 Az.Attestation                      {Add-AzAttestationPolicySigner, Get-AzAttestation, G…
Script     1.7.3                 Az.Automation                       {Export-AzAutomationDscConfiguration, Export-AzAutom…
Script     3.2.0                 Az.Batch                            {Disable-AzBatchAutoScale, Disable-AzBatchComputeNod…
Script     2.0.0                 Az.Billing                          {Get-AzBillingAccount, Get-AzBillingInvoice, Get-AzB…
Script     2.1.0                 Az.Cdn                              {Clear-AzCdnEndpointContent, Clear-AzFrontDoorCdnEnd…
Script     1.1.0                 Az.CloudService                     {Get-AzCloudService, Get-AzCloudServiceInstanceView,…
Script     1.11.0                Az.CognitiveServices                {Add-AzCognitiveServicesAccountNetworkRule, Get-AzCo…
Script     4.27.0                Az.Compute                          {Add-AzImageDataDisk, Add-AzVhd, Add-AzVMAdditionalU…
Script     3.1.0                 Az.ContainerInstance                {Add-AzContainerInstanceOutput, Get-AzContainerGroup…
Script     3.0.0                 Az.ContainerRegistry                {Connect-AzContainerRegistry, Get-AzContainerRegistr…
Script     1.8.0                 Az.CosmosDB                         {Get-AzCosmosDBAccount, Get-AzCosmosDBAccountKey, Ge…
Script     1.1.0                 Az.DataBoxEdge                      {Get-AzDataBoxEdgeBandwidthSchedule, Get-AzDataBoxEd…
Script     1.2.0                 Az.Databricks                       {Get-AzDatabricksOutboundNetworkDependenciesEndpoint…
Script     1.16.7                Az.DataFactory                      {Add-AzDataFactoryV2DataFlowDebugSessionPackage, Add…
Script     1.0.2                 Az.DataLakeAnalytics                {Add-AzDataLakeAnalyticsDataSource, Add-AzDataLakeAn…
Script     1.3.0                 Az.DataLakeStore                    {Add-AzDataLakeStoreFirewallRule, Add-AzDataLakeStor…
Script     1.0.1                 Az.DataShare                        {Get-AzDataShare, Get-AzDataShareAccount, Get-AzData…
Script     1.1.0                 Az.DeploymentManager                {Get-AzDeploymentManagerArtifactSource, Get-AzDeploy…
Script     3.1.0                 Az.DesktopVirtualization            {Disconnect-AzWvdUserSession, Expand-AzWvdMsixImage,…
Script     1.0.2                 Az.DevTestLabs                      {Get-AzDtlAllowedVMSizesPolicy, Get-AzDtlAutoShutdow…
Script     1.1.2                 Az.Dns                              {Add-AzDnsRecordConfig, Get-AzDnsRecordSet, Get-AzDn…
Script     1.3.0                 Az.EventGrid                        {Get-AzEventGridDomain, Get-AzEventGridDomainKey, Ge…
Script     2.0.0                 Az.EventHub                         {Add-AzEventHubIPRule, Add-AzEventHubVirtualNetworkR…
Script     1.9.0                 Az.FrontDoor                        {Disable-AzFrontDoorCustomDomainHttps, Enable-AzFron…
Script     4.0.3                 Az.Functions                        {Get-AzFunctionApp, Get-AzFunctionAppAvailableLocati…
Script     5.0.1                 Az.HDInsight                        {Add-AzHDInsightClusterIdentity, Add-AzHDInsightComp…
Script     2.0.0                 Az.HealthcareApis                   {Get-AzHealthcareApisService, Get-AzHealthcareApisWo…
Script     2.7.4                 Az.IotHub                           {Add-AzIotHubCertificate, Add-AzIotHubConfiguration,…
Script     4.5.0                 Az.KeyVault                         {Add-AzKeyVaultCertificate, Add-AzKeyVaultCertificat…
Script     2.1.0                 Az.Kusto                            {Add-AzKustoClusterLanguageExtension, Add-AzKustoDat…
Script     1.5.0                 Az.LogicApp                         {Get-AzIntegrationAccount, Get-AzIntegrationAccountA…
Script     1.1.3                 Az.MachineLearning                  {Add-AzMlWebServiceRegionalProperty, Export-AzMlWebS…
Script     1.2.0                 Az.Maintenance                      {Get-AzApplyUpdate, Get-AzConfigurationAssignment, G…
Script     1.0.0                 Az.ManagedServiceIdentity           {Get-AzSystemAssignedIdentity, Get-AzUserAssignedIde…
Script     3.0.0                 Az.ManagedServices                  {Get-AzManagedServicesAssignment, Get-AzManagedServi…
Script     1.0.2                 Az.MarketplaceOrdering              {Get-AzMarketplaceTerms, Set-AzMarketplaceTerms}
Script     1.1.1                 Az.Media                            {Get-AzMediaService, Get-AzMediaServiceKey, Get-AzMe…
Script     1.1.2                 Az.Migrate                          {Get-AzMigrateDiscoveredServer, Get-AzMigrateJob, Ge…
Script     3.0.1                 Az.Monitor                          {Add-AzAutoscaleSetting, Add-AzLogProfile, Add-AzMet…
Script     1.0.0                 Az.MySql                            {Get-AzMySqlConfiguration, Get-AzMySqlConnectionStri…
Script     4.17.0                Az.Network                          {Add-AzApplicationGatewayAuthenticationCertificate, …
Script     1.1.1                 Az.NotificationHubs                 {Get-AzNotificationHub, Get-AzNotificationHubAuthori…
Script     3.1.0                 Az.OperationalInsights              {Disable-AzOperationalInsightsIISLogCollection, Disa…
Script     1.5.0                 Az.PolicyInsights                   {Get-AzPolicyEvent, Get-AzPolicyMetadata, Get-AzPoli…
Script     1.1.0                 Az.PostgreSql                       {Get-AzPostgreSqlConfiguration, Get-AzPostgreSqlConn…
Script     1.1.2                 Az.PowerBIEmbedded                  {Get-AzPowerBIEmbeddedCapacity, Get-AzPowerBIWorkspa…
Script     1.0.3                 Az.PrivateDns                       {Add-AzPrivateDnsRecordConfig, Get-AzPrivateDnsRecor…
Script     5.4.0                 Az.RecoveryServices                 {Add-AzRecoveryServicesAsrReplicationProtectedItemDi…
Script     1.6.0                 Az.RedisCache                       {Export-AzRedisCache, Get-AzRedisCache, Get-AzRedisC…
Script     1.0.0                 Az.RedisEnterpriseCache             {Export-AzRedisEnterpriseCache, Get-AzRedisEnterpris…
Script     1.0.3                 Az.Relay                            {Get-AzRelayAuthorizationRule, Get-AzRelayHybridConn…
Script     1.1.0                 Az.ResourceMover                    {Add-AzResourceMoverMoveResource, Get-AzResourceMove…
Script     6.0.0                 Az.Resources                        {Export-AzResourceGroup, Export-AzTemplateSpec, Get-…
Script     1.3.0                 Az.Security                         {Add-AzSecurityAdaptiveNetworkHardening, Add-AzSecur…
Script     1.1.0                 Az.SecurityInsights                 {Get-AzSentinelAlertRule, Get-AzSentinelAlertRuleAct…
Script     1.9.0                 Az.ServiceBus                       {Add-AzServiceBusIPRule, Add-AzServiceBusVirtualNetw…
Script     3.0.2                 Az.ServiceFabric                    {Add-AzServiceFabricClientCertificate, Add-AzService…
Script     1.4.1                 Az.SignalR                          {Get-AzSignalR, Get-AzSignalRKey, Get-AzSignalRUsage…
Script     3.9.0                 Az.Sql                              {Add-AzSqlDatabaseToFailoverGroup, Add-AzSqlElasticJ…
Script     1.1.0                 Az.SqlVirtualMachine                {Get-AzAvailabilityGroupListener, Get-AzSqlVM, Get-A…
Script     1.1.1                 Az.StackHCI                         {Add-AzStackHCIVMAttestation, Disable-AzStackHCIAtte…
Script     4.6.0                 Az.Storage                          {Add-AzRmStorageContainerLegalHold, Add-AzStorageAcc…
Script     1.7.0                 Az.StorageSync                      {Get-AzStorageSyncCloudEndpoint, Get-AzStorageSyncGr…
Script     2.0.0                 Az.StreamAnalytics                  {Get-AzStreamAnalyticsCluster, Get-AzStreamAnalytics…
Script     1.0.0                 Az.Support                          {Get-AzSupportProblemClassification, Get-AzSupportSe…
Script     1.4.0                 Az.Synapse                          {Add-AzSynapseDataFlowDebugSessionPackage, Add-AzSyn…
Script     1.1.0                 Az.TrafficManager                   {Add-AzTrafficManagerCustomHeaderToEndpoint, Add-AzT…
Script     2.11.2                Az.Websites                         {Add-AzWebAppAccessRestrictionRule, Add-AzWebAppTraf

Error output

Resolve-AzError
DEBUG: 6:29:39 p.m. - ResolveError begin processing with ParameterSet 'AnyErrorParameterSet'.
DEBUG: 6:29:39 p.m. - using account id '[email protected]'...
DEBUG: 6:29:39 p.m. - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
WARNING: Upcoming breaking changes in the cmdlet 'Resolve-AzError' :
The `Resolve-Error` alias will be removed in a future release.  Please change any scripts that use this alias to use `Resolve-AzError` instead.
Note : Go to https://aka.ms/azps-changewarnings for steps to suppress this breaking change warning, and other information on breaking changes in Azure PowerShell.

   HistoryId: 13

Message        : Cannot bind argument to parameter 'InputObject' because it is null.
StackTrace     :    at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext 
                 funcContext, Exception exception)
                    at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)
                    at System.Management.Automation.PSScriptCmdlet.RunClause(Action`1 clause, Object dollarUnderbar, 
                 Object inputToProcess)
                    at System.Management.Automation.PSScriptCmdlet.DoProcessRecord()
                    at System.Management.Automation.CommandProcessor.ProcessRecord()
Exception      : System.Management.Automation.ParameterBindingValidationException
InvocationInfo : {Update-AzADApplication}
Line           :         $null = Update-AzADApplication -InputObject $app -RequiredResourceAccess 
                 $newRequiredResourceAccess
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:150 char:53
                 +         $null = Update-AzADApplication -InputObject $app -RequiredRes …
                 +                                                     ~~~~
HistoryId      : 13

Message        : Cannot find application by ObjectId 976b8749-70bf-4465-84b1-06a6169ee419
StackTrace     : 
Exception      : Microsoft.PowerShell.Commands.WriteErrorException
InvocationInfo : {Add-AzADAppPermission}
Line           :                 Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id -PermissionId $approleid
                 
Position       : At /home/jofehse/git/grfunc/setup/test.ps1:20 char:17
                 +Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id+               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 13

Message        : [Request_ResourceNotFound] : Resource '976b8749-70bf-4465-84b1-06a6169ee419' does not exist or one of 
                 its queried reference-property objects are not present.
StackTrace     : 
Exception      : System.Exception
InvocationInfo : {Get-AzADApplication_Get}
Line           :                 $app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBoundParameters['ObjectId']
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:103 char:17
                 +$app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBou+               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 13

Message        : Cannot bind argument to parameter 'InputObject' because it is null.
StackTrace     :    at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext 
                 funcContext, Exception exception)
                    at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)
                    at System.Management.Automation.PSScriptCmdlet.RunClause(Action`1 clause, Object dollarUnderbar, 
                 Object inputToProcess)
                    at System.Management.Automation.PSScriptCmdlet.DoProcessRecord()
                    at System.Management.Automation.CommandProcessor.ProcessRecord()
Exception      : System.Management.Automation.ParameterBindingValidationException
InvocationInfo : {Update-AzADApplication}
Line           :         $null = Update-AzADApplication -InputObject $app -RequiredResourceAccess 
                 $newRequiredResourceAccess
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:150 char:53
                 +         $null = Update-AzADApplication -InputObject $app -RequiredRes …
                 +                                                     ~~~~
HistoryId      : 13

Message        : Cannot find application by ObjectId 976b8749-70bf-4465-84b1-06a6169ee419
StackTrace     : 
Exception      : Microsoft.PowerShell.Commands.WriteErrorException
InvocationInfo : {Add-AzADAppPermission}
Line           :                 Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id -PermissionId $approleid
                 
Position       : At /home/jofehse/git/grfunc/setup/test.ps1:20 char:17
                 +Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id+               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 13

Message        : [Request_ResourceNotFound] : Resource '976b8749-70bf-4465-84b1-06a6169ee419' does not exist or one of 
                 its queried reference-property objects are not present.
StackTrace     : 
Exception      : System.Exception
InvocationInfo : {Get-AzADApplication_Get}
Line           :                 $app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBoundParameters['ObjectId']
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:103 char:17
                 +$app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBou+               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 13

Message        : Cannot bind argument to parameter 'InputObject' because it is null.
StackTrace     :    at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext 
                 funcContext, Exception exception)
                    at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)
                    at System.Management.Automation.PSScriptCmdlet.RunClause(Action`1 clause, Object dollarUnderbar, 
                 Object inputToProcess)
                    at System.Management.Automation.PSScriptCmdlet.DoProcessRecord()
                    at System.Management.Automation.CommandProcessor.ProcessRecord()
Exception      : System.Management.Automation.ParameterBindingValidationException
InvocationInfo : {Update-AzADApplication}
Line           :         $null = Update-AzADApplication -InputObject $app -RequiredResourceAccess 
                 $newRequiredResourceAccess
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:150 char:53
                 +         $null = Update-AzADApplication -InputObject $app -RequiredRes …
                 +                                                     ~~~~
HistoryId      : 13

Message        : Cannot find application by ObjectId 976b8749-70bf-4465-84b1-06a6169ee419
StackTrace     : 
Exception      : Microsoft.PowerShell.Commands.WriteErrorException
InvocationInfo : {Add-AzADAppPermission}
Line           :                 Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id -PermissionId $approleid
                 
Position       : At /home/jofehse/git/grfunc/setup/test.ps1:20 char:17
                 +Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id+               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 13

Message        : [Request_ResourceNotFound] : Resource '976b8749-70bf-4465-84b1-06a6169ee419' does not exist or one of 
                 its queried reference-property objects are not present.
StackTrace     : 
Exception      : System.Exception
InvocationInfo : {Get-AzADApplication_Get}
Line           :                 $app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBoundParameters['ObjectId']
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:103 char:17
                 +$app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBou+               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 13

Message        : Cannot bind argument to parameter 'InputObject' because it is null.
StackTrace     :    at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext 
                 funcContext, Exception exception)
                    at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)
                    at System.Management.Automation.PSScriptCmdlet.RunClause(Action`1 clause, Object dollarUnderbar, 
                 Object inputToProcess)
                    at System.Management.Automation.PSScriptCmdlet.DoProcessRecord()
                    at System.Management.Automation.CommandProcessor.ProcessRecord()
Exception      : System.Management.Automation.ParameterBindingValidationException
InvocationInfo : {Update-AzADApplication}
Line           :         $null = Update-AzADApplication -InputObject $app -RequiredResourceAccess 
                 $newRequiredResourceAccess
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:150 char:53
                 +         $null = Update-AzADApplication -InputObject $app -RequiredRes …
                 +                                                     ~~~~
HistoryId      : 13

Message        : Cannot find application by ObjectId 976b8749-70bf-4465-84b1-06a6169ee419
StackTrace     : 
Exception      : Microsoft.PowerShell.Commands.WriteErrorException
InvocationInfo : {Add-AzADAppPermission}
Line           :                 Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id -PermissionId $approleid
                 
Position       : At /home/jofehse/git/grfunc/setup/test.ps1:20 char:17
                 +Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id+               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 13

Message        : [Request_ResourceNotFound] : Resource '976b8749-70bf-4465-84b1-06a6169ee419' does not exist or one of 
                 its queried reference-property objects are not present.
StackTrace     : 
Exception      : System.Exception
InvocationInfo : {Get-AzADApplication_Get}
Line           :                 $app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBoundParameters['ObjectId']
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:103 char:17
                 +$app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBou+               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 13


   HistoryId: 11

Message        : Cannot bind argument to parameter 'InputObject' because it is null.
StackTrace     :    at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext 
                 funcContext, Exception exception)
                    at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)
                    at System.Management.Automation.PSScriptCmdlet.RunClause(Action`1 clause, Object dollarUnderbar, 
                 Object inputToProcess)
                    at System.Management.Automation.PSScriptCmdlet.DoProcessRecord()
                    at System.Management.Automation.CommandProcessor.ProcessRecord()
Exception      : System.Management.Automation.ParameterBindingValidationException
InvocationInfo : {Update-AzADApplication}
Line           :         $null = Update-AzADApplication -InputObject $app -RequiredResourceAccess 
                 $newRequiredResourceAccess
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:150 char:53
                 +         $null = Update-AzADApplication -InputObject $app -RequiredRes …
                 +                                                     ~~~~
HistoryId      : 11

Message        : Cannot find application by ObjectId 976b8749-70bf-4465-84b1-06a6169ee419
StackTrace     : 
Exception      : Microsoft.PowerShell.Commands.WriteErrorException
InvocationInfo : {Add-AzADAppPermission}
Line           :                 Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id -PermissionId $approleid
                 
Position       : At /home/jofehse/git/grfunc/setup/test.ps1:20 char:17
                 +Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id+               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 11

Message        : [Request_ResourceNotFound] : Resource '976b8749-70bf-4465-84b1-06a6169ee419' does not exist or one of 
                 its queried reference-property objects are not present.
StackTrace     : 
Exception      : System.Exception
InvocationInfo : {Get-AzADApplication_Get}
Line           :                 $app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBoundParameters['ObjectId']
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:103 char:17
                 +$app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBou+               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 11

Message        : Cannot bind argument to parameter 'InputObject' because it is null.
StackTrace     :    at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext 
                 funcContext, Exception exception)
                    at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)
                    at System.Management.Automation.PSScriptCmdlet.RunClause(Action`1 clause, Object dollarUnderbar, 
                 Object inputToProcess)
                    at System.Management.Automation.PSScriptCmdlet.DoProcessRecord()
                    at System.Management.Automation.CommandProcessor.ProcessRecord()
Exception      : System.Management.Automation.ParameterBindingValidationException
InvocationInfo : {Update-AzADApplication}
Line           :         $null = Update-AzADApplication -InputObject $app -RequiredResourceAccess 
                 $newRequiredResourceAccess
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:150 char:53
                 +         $null = Update-AzADApplication -InputObject $app -RequiredRes …
                 +                                                     ~~~~
HistoryId      : 11

Message        : Cannot find application by ObjectId 976b8749-70bf-4465-84b1-06a6169ee419
StackTrace     : 
Exception      : Microsoft.PowerShell.Commands.WriteErrorException
InvocationInfo : {Add-AzADAppPermission}
Line           :                 Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id -PermissionId $approleid
                 
Position       : At /home/jofehse/git/grfunc/setup/test.ps1:20 char:17
                 +Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id+               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 11

Message        : [Request_ResourceNotFound] : Resource '976b8749-70bf-4465-84b1-06a6169ee419' does not exist or one of 
                 its queried reference-property objects are not present.
StackTrace     : 
Exception      : System.Exception
InvocationInfo : {Get-AzADApplication_Get}
Line           :                 $app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBoundParameters['ObjectId']
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:103 char:17
                 +$app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBou+               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 11

Message        : Cannot bind argument to parameter 'InputObject' because it is null.
StackTrace     :    at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext 
                 funcContext, Exception exception)
                    at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)
                    at System.Management.Automation.PSScriptCmdlet.RunClause(Action`1 clause, Object dollarUnderbar, 
                 Object inputToProcess)
                    at System.Management.Automation.PSScriptCmdlet.DoProcessRecord()
                    at System.Management.Automation.CommandProcessor.ProcessRecord()
Exception      : System.Management.Automation.ParameterBindingValidationException
InvocationInfo : {Update-AzADApplication}
Line           :         $null = Update-AzADApplication -InputObject $app -RequiredResourceAccess 
                 $newRequiredResourceAccess
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:150 char:53
                 +         $null = Update-AzADApplication -InputObject $app -RequiredRes …
                 +                                                     ~~~~
HistoryId      : 11

Message        : Cannot find application by ObjectId 976b8749-70bf-4465-84b1-06a6169ee419
StackTrace     : 
Exception      : Microsoft.PowerShell.Commands.WriteErrorException
InvocationInfo : {Add-AzADAppPermission}
Line           :                 Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id -PermissionId $approleid
                 
Position       : At /home/jofehse/git/grfunc/setup/test.ps1:20 char:17
                 +Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id+               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 11

Message        : [Request_ResourceNotFound] : Resource '976b8749-70bf-4465-84b1-06a6169ee419' does not exist or one of 
                 its queried reference-property objects are not present.
StackTrace     : 
Exception      : System.Exception
InvocationInfo : {Get-AzADApplication_Get}
Line           :                 $app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBoundParameters['ObjectId']
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:103 char:17
                 +$app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBou+               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 11

Message        : Cannot bind argument to parameter 'InputObject' because it is null.
StackTrace     :    at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext 
                 funcContext, Exception exception)
                    at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                 frame)
                    at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)
                    at System.Management.Automation.PSScriptCmdlet.RunClause(Action`1 clause, Object dollarUnderbar, 
                 Object inputToProcess)
                    at System.Management.Automation.PSScriptCmdlet.DoProcessRecord()
                    at System.Management.Automation.CommandProcessor.ProcessRecord()
Exception      : System.Management.Automation.ParameterBindingValidationException
InvocationInfo : {Update-AzADApplication}
Line           :         $null = Update-AzADApplication -InputObject $app -RequiredResourceAccess 
                 $newRequiredResourceAccess
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:150 char:53
                 +         $null = Update-AzADApplication -InputObject $app -RequiredRes …
                 +                                                     ~~~~
HistoryId      : 11

Message        : Cannot find application by ObjectId 976b8749-70bf-4465-84b1-06a6169ee419
StackTrace     : 
Exception      : Microsoft.PowerShell.Commands.WriteErrorException
InvocationInfo : {Add-AzADAppPermission}
Line           :                 Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id -PermissionId $approleid
                 
Position       : At /home/jofehse/git/grfunc/setup/test.ps1:20 char:17
                 +Add-AzADAppPermission -ObjectId $MSI.Id -apiId $graph.Id+               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 11

Message        : [Request_ResourceNotFound] : Resource '976b8749-70bf-4465-84b1-06a6169ee419' does not exist or one of 
                 its queried reference-property objects are not present.
StackTrace     : 
Exception      : System.Exception
InvocationInfo : {Get-AzADApplication_Get}
Line           :                 $app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBoundParameters['ObjectId']
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Resources/6.0.0/MSGraph.Autorest/custom/Add-AzADAppPe
                 rmission.ps1:103 char:17
                 +$app = Az.MSGraph.internal\Get-AzADApplication -Id $PSBou+               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 11


   HistoryId: 6

Message        : Cannot find a variable with the name 'DefaultFunctionsVersion'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 +if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'RequiredStorageEndpoints'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 +if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'AllowedStorageTypes'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 +if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'RuntimeToFormattedName'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 +if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'SetDefaultValueParameterWarningMessage'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 +if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'ReservedFunctionAppSettingNames'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 +if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'SupportedFunctionsVersion'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 +if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'FunctionsNoV2Version'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 +if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'RuntimeToDefaultOSType'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 +if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'DefaultFunctionsVersion'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 +if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'RequiredStorageEndpoints'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 +if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'AllowedStorageTypes'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 +if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'RuntimeToFormattedName'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 +if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'SetDefaultValueParameterWarningMessage'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 +if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'ReservedFunctionAppSettingNames'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 +if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'SupportedFunctionsVersion'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 +if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'FunctionsNoV2Version'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 +if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6

Message        : Cannot find a variable with the name 'RuntimeToDefaultOSType'.
StackTrace     : 
Exception      : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line           :     if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue))
                 
Position       : At /home/jofehse/.local/share/powershell/Modules/Az.Functions/4.0.3/custom/HelperFunctions.ps1:49 char:15
                 +if (-not (Get-Variable $variableName -ErrorAction SilentlyContinue) …
                 +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 6


The Azure PowerShell team is listening, please let us know how we are doing: https://aka.ms/azpssurvey?Q_CHL=ERROR.

DEBUG: 6:29:39 p.m. - [ConfigManager] Got [True] from [EnableDataCollection], Module = [], Cmdlet = [].
DEBUG: AzureQoSEvent: Module: Az.Accounts:2.8.0; CommandName: Resolve-AzError; PSVersion: 7.2.3; IsSuccess: True; Duration: 00:00:00.1120815
DEBUG: Finish sending metric.
DEBUG: 6:29:39 p.m. - ResolveError end processing.
@josefehse josefehse added bug This issue requires a change to an existing behavior in the product in order to be resolved. needs-triage This is a new issue that needs to be triaged to the appropriate team. labels Jun 6, 2022
@ghost ghost removed the needs-triage This is a new issue that needs to be triaged to the appropriate team. label Jun 6, 2022
@dingmeng-xue
Copy link
Member

dingmeng-xue commented Jun 8, 2022
edited
Loading

Hi @josefehse , AzureAD object has 2 ids. For instance, Ad app has one id called applicationId and another one called objectid. Both are GUID. Add-AzADPermission needs application id. If you cannot tell which id type it is, the easy way is to visit its properties on portal to get it. The snapshot you provided is different from your log. If you still have problem, please share the result of Get-AzAdApplication and Add-AzADPermission both

@dingmeng-xue dingmeng-xue added AAD AzAd cmdlets in Az.Resources needs-author-feedback More information is needed from author to address the issue. labels Jun 8, 2022
@josefehse
Copy link
Author

Hi @josefehse , AzureAD object has 2 ids. For instance, Ad app has one id called applicationId and another one called objectid. Both are GUID. Add-AzADPermission needs application id. If you cannot tell which id type it is, the easy way is to visit its properties on portal to get it. The snapshot you provided is different from your log. If you still have problem, please share the result of Get-AzAdApplication and Add-AzADPermission both

Hi @dingmeng-xue , I am aware of Object Id and App Id. The problem is as follows:
My application is an Azure Function, with Managed Identity. I can get its IDs with Get-AzADServicePrincipal only:
image

Get-AzADApplication can't find it:
image
The complete list only shows applications configured in Azure AD as EnterpriseApplications, not Managed Identities:
image

Therefore, Add-azaddapppermision won't work, since it is using get-azadapplication, as per the previous screenshot.
Thank you.

@ghost ghost added needs-team-attention This issue needs attention from Azure service team or SDK team and removed needs-author-feedback More information is needed from author to address the issue. labels Jun 8, 2022
@dingmeng-xue
Copy link
Member

@josefehse , current API permission setting is only on Ad App. It likes what user can do on Portal.

@Francisco-Gamino , could you help to look into this question? How can user grant API permission of MSGraph to Functions app?

@josefehse
Copy link
Author

@josefehse , current API permission setting is only on Ad App. It likes what user can do on Portal.

@Francisco-Gamino , could you help to look into this question? How can user grant API permission of MSGraph to Functions app?
Thank you @dingmeng-xue. Understood. However, it can be done today with the previous modules (AzureAD) and that is exactly the need at the moment. You can see the code I use today in this repo: https://github.com/Azure/GuardrailsSolutionAccelerator/blob/main/setup/setup.ps1 (line 234 and on). Looking forward to know when this will be available.

@Francisco-Gamino
Copy link
Contributor

Hello @josefehse -- What AD module you are using? And where are you installing it from?

@josefehse
Copy link
Author

Hello @Francisco-Gamino, you can see the code in the link I've sent. I just import it as per below. The code is normally run from the Cloud Shell.
image

@Francisco-Gamino
Copy link
Contributor

Adding @maertendMSFT from the CloudShell team.

Hello @josefehse -- I had a sync with @maertendMSFT offline and it looks like the AzureAD.Standard.Preview module is not officially supported. The recommendation is to use the AzureAD module instead.

@josefehse
Copy link
Author

Hello @Francisco-Gamino, we seem to have a disconnection. This is the module I use today and it works. I am only using the preview because of an issue with the cloud shell. What I need to work is the new AzAd commands, which don't, as per all the previous communications. You asked me which one AzureAD module I am using and that's what I've sent. What I am trying to use is, which I've just installed using the regular repository.
image
image
And here's the code (again) that fails:
image

I hope that is makes it clear.

@Francisco-Gamino
Copy link
Contributor

Thank you @josefehse for the clarification.

Hi @dingmeng-xue -- This blog talks about how to Grant Graph API Permission to Managed Identity Object using the Azure AD cmdlets. Could you please advice what are the equivalent AzAD cmdlets in Az.Resources to enable this scenario?

/cc @AnatoliB @stefanushinardi @michaelpeng36

@dingmeng-xue dingmeng-xue added feature-request This issue requires a new behavior in the product in order be resolved. and removed bug This issue requires a change to an existing behavior in the product in order to be resolved. needs-team-attention This issue needs attention from Azure service team or SDK team labels Jul 6, 2022
@dingmeng-xue
Copy link
Member

AzureAD cmdlet leverages API POST /servicePrincipals/{}/appRoleAssignments?api-version=1.6. MSGraph corresponding API should be POST /servicePrincipals/{servicePrincipal-id}/appRoleAssignments

It requires new cmdlet to support it. @josefehse , you also can use Invoke-AzRestMethod to send request to MSGraph directly.

@Alex-wdy Alex-wdy added the Tracking We will track status and follow internally label Nov 29, 2022
@NoriZC NoriZC self-assigned this Nov 24, 2023
This was referenced Dec 14, 2023
Merged
Merged
@NoriZC
Copy link
Contributor

NoriZC commented Jan 26, 2024

You can now assign approleassignments to MI resources using New-AzAdServiceprincipalAppRoleAssignment.

@NoriZC NoriZC closed this as completed Jan 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@NoriZC NoriZC

Labels
AAD AzAd cmdlets in Az.Resources feature-request This issue requires a new behavior in the product in order be resolved. Tracking We will track status and follow internally
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Francisco-Gamino @josefehse @dingmeng-xue @Alex-wdy @NoriZC