Error while running getpim from a Hosted Agent in release pipeline with SPN #369
Description
I ensured SPN has privileges' to assign roles at the resource level.
Release Pipeline:
- Task 1: (PowerShell Script)
Install-Module -Name AzSK -SkipPublisherCheck -Force -AllowClobber
Import-Module AzSK
Set-AzSKPrivacyNoticeResponse -AcceptPrivacyNotice yes
- Task 2: (Azure PowerShell Script)
Import-Module AzSK
getpim -ListPIMAssignments -SubscriptionId 00000000-0000-0000-0000-00000000000 -ResourceName dt-ddd-dd -DoNotOpenOutputFolder -ResourceGroupName ddd-preview
- subscription ids and resource names are masked.
Log:
================================================================================
2020-09-25T20:30:43.5088746Z AzSK Version: 4.13.0
2020-09-25T20:30:43.5092229Z ================================================================================
2020-09-25T20:30:43.5319782Z Method Name: getpim
2020-09-25T20:30:43.5326510Z Input Parameters:
2020-09-25T20:30:43.5330945Z Key Value
2020-09-25T20:30:43.5338287Z --- -----
2020-09-25T20:30:43.5342158Z ListPIMAssignments True
2020-09-25T20:30:43.5349845Z SubscriptionId 00000000-0000-0000-0000-00000000000
2020-09-25T20:30:43.5353463Z ResourceName dt-ddd-dd
2020-09-25T20:30:43.5362228Z DoNotOpenOutputFolder True
2020-09-25T20:30:43.5366410Z ResourceGroupName ddd-preview
2020-09-25T20:30:43.5370999Z ================================================================================
2020-09-25T20:30:43.5375519Z Running AzSK cmdlet using a generic (org-neutral) policy...
2020-09-25T20:30:44.5166543Z WARNING: Found multiple versions of Azure PowerShell (Az.Accounts) modules loaded in the session. (Az.Accounts versions found: 1.7.1, 1.9.3)
2020-09-25T20:30:44.5175210Z WARNING: This will lead to issues when running AzSK cmdlets.
2020-09-25T20:30:44.5177582Z Recommendation: Please start a fresh PowerShell session and run "Import-Module AzSK" first to avoid getting into this situation.
2020-09-25T20:30:45.4099852Z WARNING: Found multiple versions of Azure PowerShell (Az.Accounts) modules loaded in the session. (Az.Accounts versions found: 1.7.1, 1.9.3)
2020-09-25T20:30:45.4106912Z WARNING: This will lead to issues when running AzSK cmdlets.
2020-09-25T20:30:45.4109294Z Recommendation: Please start a fresh PowerShell session and run "Import-Module AzSK" first to avoid getting into this situation.
2020-09-25T20:30:46.0906174Z WARNING: Found multiple versions of Azure PowerShell (Az.Accounts) modules loaded in the session. (Az.Accounts versions found: 1.7.1, 1.9.3)
2020-09-25T20:30:46.0918798Z WARNING: This will lead to issues when running AzSK cmdlets.
2020-09-25T20:30:46.0922771Z Recommendation: Please start a fresh PowerShell session and run "Import-Module AzSK" first to avoid getting into this situation.
2020-09-25T20:30:47.0836676Z VERBOSE: GET https://api.azrbac.mspim.azure.com/api/v2/privilegedAccess/azureResources/resources?$filter=(type ne
2020-09-25T20:30:47.0846759Z 'resourcegroup' and type ne 'subscription' and type ne 'managementgroup') and contains(tolower(displayName),
2020-09-25T20:30:47.0854445Z 'dt-core-b') with 0-byte payload
2020-09-25T20:30:47.6150263Z {"error":{"code":"","message":"An error has occurred."}}
2020-09-25T20:30:47.6924258Z The property 'ResourceName' cannot be found on this object. Verify that the property exists.
2020-09-25T20:30:47.8230719Z ================================================================================
2020-09-25T20:30:47.8267073Z Logs have been exported to: 'C:\Users\VssAdministrator\AppData\Local\Microsoft\AzSKLogs\Sub_MSFT-Employee Benefits-Smart Building\20200925_203042_GetPIM'
2020-09-25T20:30:47.8289537Z ================================================================================