From 5035c7415368c8a1f63e2d77a0ad6ee63c6055fa Mon Sep 17 00:00:00 2001 From: borondy <43640134+borondy@users.noreply.github.com> Date: Thu, 12 Dec 2024 20:50:10 +0100 Subject: [PATCH] Added retry capability for pulling PIM resources (#900) * Added retry capability * Update --------- Co-authored-by: Jesper Fajers --- ...et-AzOpsRoleEligibilityScheduleRequest.ps1 | 21 +++++++++++++++++-- src/localized/en-us/Strings.psd1 | 1 + 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/src/internal/functions/Get-AzOpsRoleEligibilityScheduleRequest.ps1 b/src/internal/functions/Get-AzOpsRoleEligibilityScheduleRequest.ps1 index 51aaed7c..7b34bb64 100644 --- a/src/internal/functions/Get-AzOpsRoleEligibilityScheduleRequest.ps1 +++ b/src/internal/functions/Get-AzOpsRoleEligibilityScheduleRequest.ps1 @@ -26,12 +26,29 @@ # Process RoleEligibilitySchedule which is used to construct AzOpsRoleEligibilityScheduleRequest Write-AzOpsMessage -LogLevel Debug -LogString 'Get-AzOpsRoleEligibilityScheduleRequest.Processing' -LogStringValues $ScopeObject.Scope -Target $ScopeObject - $roleEligibilitySchedules = Get-AzRoleEligibilitySchedule -Scope $ScopeObject.Scope -WarningAction SilentlyContinue | Where-Object {$_.Scope -eq $ScopeObject.Scope} + try { + $parameters = @{ + Scope = $ScopeObject.Scope + } + $roleEligibilitySchedules = Invoke-AzOpsScriptBlock -ArgumentList $parameters -ScriptBlock { + Get-AzRoleEligibilitySchedule @parameters -WarningAction SilentlyContinue -ErrorAction Stop | Where-Object { $_.Scope -eq $parameters.Scope } + } -RetryCount 3 -RetryWait 5 -RetryType Exponential -ErrorAction Stop + } + catch { + Write-AzOpsMessage -LogLevel Warning -LogString 'Get-AzOpsRoleEligibilityScheduleRequest.Processing.Failed' -LogStringValues $_ + return + } if ($roleEligibilitySchedules) { foreach ($roleEligibilitySchedule in $roleEligibilitySchedules) { # Process roleEligibilitySchedule together with RoleEligibilityScheduleRequest + $parameters = @{ + Scope = $ScopeObject.Scope + Name = $roleEligibilitySchedule.Name + } $roleEligibilityScheduleRequest = $null - $roleEligibilityScheduleRequest = Get-AzRoleEligibilityScheduleRequest -Scope $ScopeObject.Scope -Name $roleEligibilitySchedule.Name -ErrorAction SilentlyContinue + $roleEligibilityScheduleRequest = Invoke-AzOpsScriptBlock -ArgumentList $parameters -ScriptBlock { + Get-AzRoleEligibilityScheduleRequest @parameters -ErrorAction SilentlyContinue + } -RetryCount 3 -RetryWait 5 -RetryType Exponential -ErrorAction SilentlyContinue if ($roleEligibilityScheduleRequest) { Write-AzOpsMessage -LogLevel Debug -LogString 'Get-AzOpsRoleEligibilityScheduleRequest.Assignment' -LogStringValues $roleEligibilitySchedule.Name -Target $ScopeObject # Construct AzOpsRoleEligibilityScheduleRequest by combining information from roleEligibilitySchedule and roleEligibilityScheduleRequest diff --git a/src/localized/en-us/Strings.psd1 b/src/localized/en-us/Strings.psd1 index cadaeb11..98193377 100644 --- a/src/localized/en-us/Strings.psd1 +++ b/src/localized/en-us/Strings.psd1 @@ -132,6 +132,7 @@ 'Get-AzOpsRoleDefinition.Definition' = 'Processing object {0}' # $roleDefinition.id 'Get-AzOpsRoleEligibilityScheduleRequest.Processing' = 'Retrieving Privileged Identity Management RoleEligibilitySchedule at [{0}]' # $ScopeObject.Scope + 'Get-AzOpsRoleEligibilityScheduleRequest.Processing.Failed' = 'Failed retrieving Privileged Identity Management RoleEligibilitySchedule [{0}]' # $_ 'Get-AzOpsRoleEligibilityScheduleRequest.Processing.NotFound' = 'No RoleEligibilityScheduleRequest found at [{0}] for RoleEligibilitySchedule [{1}], creating template based on RoleEligibilitySchedule' # $ScopeObject.Scope, $roleEligibilitySchedule.Name 'Get-AzOpsRoleEligibilityScheduleRequest.Assignment' = 'Found Privileged Identity Management RoleEligibilityScheduleRequest assignment [{0}]' # $roleEligibilitySchedule.Name