From 414d91f1c6dca595b8fee8486122f5496678a0d3 Mon Sep 17 00:00:00 2001 From: borondy <43640134+borondy@users.noreply.github.com> Date: Wed, 16 Oct 2024 13:34:44 +0200 Subject: [PATCH 1/2] Added retry capability --- ...et-AzOpsRoleEligibilityScheduleRequest.ps1 | 30 +++++++++++++------ 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/src/internal/functions/Get-AzOpsRoleEligibilityScheduleRequest.ps1 b/src/internal/functions/Get-AzOpsRoleEligibilityScheduleRequest.ps1 index ba32e11d..2936a376 100644 --- a/src/internal/functions/Get-AzOpsRoleEligibilityScheduleRequest.ps1 +++ b/src/internal/functions/Get-AzOpsRoleEligibilityScheduleRequest.ps1 @@ -26,16 +26,28 @@ # Process RoleEligibilitySchedule which is used to construct AzOpsRoleEligibilityScheduleRequest Write-AzOpsMessage -LogLevel Debug -LogString 'Get-AzOpsRoleEligibilityScheduleRequest.Processing' -LogStringValues $ScopeObject.Scope -Target $ScopeObject - $roleEligibilitySchedules = Get-AzRoleEligibilitySchedule -Scope $ScopeObject.Scope -WarningAction SilentlyContinue | Where-Object {$_.Scope -eq $ScopeObject.Scope} + + $roleEligibilitySchedules = Invoke-AzOpsScriptBlock -ArgumentList @($ScopeObject) -ScriptBlock { + Get-AzRoleEligibilitySchedule -Scope $ScopeObject.Scope -WarningAction SilentlyContinue -ErrorAction Stop | Where-Object { $_.Scope -eq $ScopeObject.Scope } + } -RetryCount 3 -RetryWait 5 -RetryType Exponential -ErrorAction Stop + if ($roleEligibilitySchedules) { - foreach ($roleEligibilitySchedule in $roleEligibilitySchedules) { - # Process roleEligibilitySchedule together with RoleEligibilityScheduleRequest - $roleEligibilityScheduleRequest = Get-AzRoleEligibilityScheduleRequest -Scope $ScopeObject.Scope -Name $roleEligibilitySchedule.Name -ErrorAction SilentlyContinue - if ($roleEligibilityScheduleRequest) { - Write-AzOpsMessage -LogLevel Debug -LogString 'Get-AzOpsRoleEligibilityScheduleRequest.Assignment' -LogStringValues $roleEligibilitySchedule.Name -Target $ScopeObject - # Construct AzOpsRoleEligibilityScheduleRequest by combining information from roleEligibilitySchedule and roleEligibilityScheduleRequest - [AzOpsRoleEligibilityScheduleRequest]::new($roleEligibilitySchedule, $roleEligibilityScheduleRequest) - } + $roleEligibilityScheduleRequests = Invoke-AzOpsScriptBlock -ArgumentList @($ScopeObject) -ScriptBlock { + Get-AzRoleEligibilityScheduleRequest -Scope $ScopeObject.Scope -ErrorAction Stop + } -RetryCount 3 -RetryWait 5 -RetryType Exponential -ErrorAction Stop + } + + if (-not $roleEligibilityScheduleRequests) { + return + } + + foreach ($roleEligibilitySchedule in $roleEligibilitySchedules) { + # Process roleEligibilitySchedule together with RoleEligibilityScheduleRequest + $roleEligibilityScheduleRequest = $roleEligibilityScheduleRequests.Where{ $_.TargetRoleEligibilityScheduleId -eq $roleEligibilitySchedule.Id } + if ($roleEligibilityScheduleRequest -and $roleEligibilityScheduleRequest.Count -eq 1) { + Write-AzOpsMessage -LogLevel Debug -LogString 'Get-AzOpsRoleEligibilityScheduleRequest.Assignment' -LogStringValues $roleEligibilitySchedule.Name -Target $ScopeObject + # Construct AzOpsRoleEligibilityScheduleRequest by combining information from roleEligibilitySchedule and roleEligibilityScheduleRequest + [AzOpsRoleEligibilityScheduleRequest]::new($roleEligibilitySchedule, $roleEligibilityScheduleRequest) } } } From a1a2944a7acf6b78aebc4f4b5983b6932be6cc59 Mon Sep 17 00:00:00 2001 From: Jesper Fajers Date: Thu, 12 Dec 2024 16:17:44 +0000 Subject: [PATCH 2/2] Update --- ...et-AzOpsRoleEligibilityScheduleRequest.ps1 | 49 ++++++++++++------- src/localized/en-us/Strings.psd1 | 2 + 2 files changed, 32 insertions(+), 19 deletions(-) diff --git a/src/internal/functions/Get-AzOpsRoleEligibilityScheduleRequest.ps1 b/src/internal/functions/Get-AzOpsRoleEligibilityScheduleRequest.ps1 index 2936a376..7b34bb64 100644 --- a/src/internal/functions/Get-AzOpsRoleEligibilityScheduleRequest.ps1 +++ b/src/internal/functions/Get-AzOpsRoleEligibilityScheduleRequest.ps1 @@ -26,28 +26,39 @@ # Process RoleEligibilitySchedule which is used to construct AzOpsRoleEligibilityScheduleRequest Write-AzOpsMessage -LogLevel Debug -LogString 'Get-AzOpsRoleEligibilityScheduleRequest.Processing' -LogStringValues $ScopeObject.Scope -Target $ScopeObject - - $roleEligibilitySchedules = Invoke-AzOpsScriptBlock -ArgumentList @($ScopeObject) -ScriptBlock { - Get-AzRoleEligibilitySchedule -Scope $ScopeObject.Scope -WarningAction SilentlyContinue -ErrorAction Stop | Where-Object { $_.Scope -eq $ScopeObject.Scope } - } -RetryCount 3 -RetryWait 5 -RetryType Exponential -ErrorAction Stop - - if ($roleEligibilitySchedules) { - $roleEligibilityScheduleRequests = Invoke-AzOpsScriptBlock -ArgumentList @($ScopeObject) -ScriptBlock { - Get-AzRoleEligibilityScheduleRequest -Scope $ScopeObject.Scope -ErrorAction Stop + try { + $parameters = @{ + Scope = $ScopeObject.Scope + } + $roleEligibilitySchedules = Invoke-AzOpsScriptBlock -ArgumentList $parameters -ScriptBlock { + Get-AzRoleEligibilitySchedule @parameters -WarningAction SilentlyContinue -ErrorAction Stop | Where-Object { $_.Scope -eq $parameters.Scope } } -RetryCount 3 -RetryWait 5 -RetryType Exponential -ErrorAction Stop - } - - if (-not $roleEligibilityScheduleRequests) { + } + catch { + Write-AzOpsMessage -LogLevel Warning -LogString 'Get-AzOpsRoleEligibilityScheduleRequest.Processing.Failed' -LogStringValues $_ return } - - foreach ($roleEligibilitySchedule in $roleEligibilitySchedules) { - # Process roleEligibilitySchedule together with RoleEligibilityScheduleRequest - $roleEligibilityScheduleRequest = $roleEligibilityScheduleRequests.Where{ $_.TargetRoleEligibilityScheduleId -eq $roleEligibilitySchedule.Id } - if ($roleEligibilityScheduleRequest -and $roleEligibilityScheduleRequest.Count -eq 1) { - Write-AzOpsMessage -LogLevel Debug -LogString 'Get-AzOpsRoleEligibilityScheduleRequest.Assignment' -LogStringValues $roleEligibilitySchedule.Name -Target $ScopeObject - # Construct AzOpsRoleEligibilityScheduleRequest by combining information from roleEligibilitySchedule and roleEligibilityScheduleRequest - [AzOpsRoleEligibilityScheduleRequest]::new($roleEligibilitySchedule, $roleEligibilityScheduleRequest) + if ($roleEligibilitySchedules) { + foreach ($roleEligibilitySchedule in $roleEligibilitySchedules) { + # Process roleEligibilitySchedule together with RoleEligibilityScheduleRequest + $parameters = @{ + Scope = $ScopeObject.Scope + Name = $roleEligibilitySchedule.Name + } + $roleEligibilityScheduleRequest = $null + $roleEligibilityScheduleRequest = Invoke-AzOpsScriptBlock -ArgumentList $parameters -ScriptBlock { + Get-AzRoleEligibilityScheduleRequest @parameters -ErrorAction SilentlyContinue + } -RetryCount 3 -RetryWait 5 -RetryType Exponential -ErrorAction SilentlyContinue + if ($roleEligibilityScheduleRequest) { + Write-AzOpsMessage -LogLevel Debug -LogString 'Get-AzOpsRoleEligibilityScheduleRequest.Assignment' -LogStringValues $roleEligibilitySchedule.Name -Target $ScopeObject + # Construct AzOpsRoleEligibilityScheduleRequest by combining information from roleEligibilitySchedule and roleEligibilityScheduleRequest + [AzOpsRoleEligibilityScheduleRequest]::new($roleEligibilitySchedule, $roleEligibilityScheduleRequest) + } + else { + Write-AzOpsMessage -LogLevel Verbose -LogString 'Get-AzOpsRoleEligibilityScheduleRequest.Processing.NotFound' -LogStringValues $ScopeObject.Scope, $roleEligibilitySchedule.Name -Target $ScopeObject + # Construct AzOpsRoleEligibilityScheduleRequest from roleEligibilitySchedule since no AzRoleEligibilityScheduleRequest was found + [AzOpsRoleEligibilityScheduleRequest]::new($roleEligibilitySchedule) + } } } } diff --git a/src/localized/en-us/Strings.psd1 b/src/localized/en-us/Strings.psd1 index aa992207..98193377 100644 --- a/src/localized/en-us/Strings.psd1 +++ b/src/localized/en-us/Strings.psd1 @@ -132,6 +132,8 @@ 'Get-AzOpsRoleDefinition.Definition' = 'Processing object {0}' # $roleDefinition.id 'Get-AzOpsRoleEligibilityScheduleRequest.Processing' = 'Retrieving Privileged Identity Management RoleEligibilitySchedule at [{0}]' # $ScopeObject.Scope + 'Get-AzOpsRoleEligibilityScheduleRequest.Processing.Failed' = 'Failed retrieving Privileged Identity Management RoleEligibilitySchedule [{0}]' # $_ + 'Get-AzOpsRoleEligibilityScheduleRequest.Processing.NotFound' = 'No RoleEligibilityScheduleRequest found at [{0}] for RoleEligibilitySchedule [{1}], creating template based on RoleEligibilitySchedule' # $ScopeObject.Scope, $roleEligibilitySchedule.Name 'Get-AzOpsRoleEligibilityScheduleRequest.Assignment' = 'Found Privileged Identity Management RoleEligibilityScheduleRequest assignment [{0}]' # $roleEligibilitySchedule.Name 'Get-AzOpsSubscription.Excluded.Offers' = 'Excluded subscription offers: {0}' # ($ExcludedOffers -join ',')