AzOps icon indicating copy to clipboard operation
AzOps copied to clipboard
verified publisher icon Azure

RP Microsoft.Management missing from Subscription during Initialize

Open SebastianClaesson opened this issue 1 year ago • 2 comments

Describe the bug Unable to list Management groups if the resource provider "Microsoft.Management" is not registered in the subscription where AzOps is initialized.

This is only a bug due to the way we have decided to use AzOps, where we set it up in a Reader mode only.

The AzOps engine provides an error message that indicates it could be a permission issue, however, the issue is due to the resource provider not being registered in the subscription where the engine is initialized.

Steps to reproduce

  1. Set a subscription that does not have the resource provider "Microsoft.Management" registered in the credential variables.
  2. Fire off the AzOps Pull pipeline.

Screenshots Not registered: image

After registration: image

SebastianClaesson avatar Mar 15 '24 15:03 SebastianClaesson

Hi @SebastianClaesson, thanks for reaching out. This scenario/situation and the given outcome is expected.

AzOps requires the management group resource provider registered in the Azure subscription designated during initialization.

To move forward please ensure to register the management group resource provider in the designated Azure subscription used during initialization and re-run the pipeline.

Jefajers avatar Mar 20 '24 16:03 Jefajers

Hi @Jefajers ,

Thanks for the response!

I guess the wiki could be updated here or added to the FAQ (to help anyone else implementing azops in the same way we've done); https://github.com/azure/azops/wiki/prerequisites#steps With the information box, with information that the "Microsoft.Management" resource provider will be registered (or requires that it's pre-registered).

The Initialize-AzOpsEnviroment function does not output the error from the PowerShell function, instead it provides a customized error message; https://github.com/Azure/AzOps/blob/2451859f4c99708fe387bcafbe42b275ed7005ee/src/functions/Initialize-AzOpsEnvironment.ps1#L121-L124

Seems the Azure PowerShell command itself does have this check; image

So perhaps it wouldn't be a huge code change to implement it!

Exception provided by Get-AzManagementGroup function in Az PowerShell Module; https://github.com/Azure/azure-powershell/blob/8b31f633c9e5e27139a5922847b203819e340714/src/Resources/Resources/ManagementGroups/Common/AzureManagementGroupsCmdletBase.cs#L132-L138

SebastianClaesson avatar Mar 22 '24 11:03 SebastianClaesson

Great idea @SebastianClaesson, lets adopt both of your suggestions by clarifying this requirement in the wiki and in addition to the custom message we could output the generated error code as well to improve clarity.

I will amend this issue as a feature request :)

Would you possibly like to create a PR for these changes for me to review or would you prefer that i implement these suggestions?.

Jefajers avatar Mar 27 '24 17:03 Jefajers

I'll create a PR for these changes during the day for your reviewal.

Thanks a lot @Jefajers !

SebastianClaesson avatar Apr 02 '24 06:04 SebastianClaesson