Update

Azure · Feb 7, 2024 · ca53d71 · ca53d71
1 parent d2cb443
commit ca53d71
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 7 deletions.
diff --git a/src/functions/Initialize-AzOpsEnvironment.ps1 b/src/functions/Initialize-AzOpsEnvironment.ps1
@@ -124,9 +124,19 @@
         }
 
         #region Validate root '/' permissions - different methods of getting current context depending on principalType
-        $currentPrincipal = Get-AzOpsCurrentPrincipal -AzContext $currentAzContext -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
+        try {
+            $currentPrincipal = Get-AzOpsCurrentPrincipal -AzContext $currentAzContext -ErrorAction Stop
+        }
+        catch {
+            Write-AzOpsMessage -LogLevel Warning -LogString 'Initialize-AzOpsEnvironment.CurrentPrincipal.Fail' -LogStringValues $_
+        }
         if ($currentPrincipal.id) {
-            $rootPermissions = Get-AzRoleAssignment -ObjectId $currentPrincipal.id -Scope "/" -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
+            try {
+                $rootPermissions = Get-AzRoleAssignment -ObjectId $currentPrincipal.id -Scope "/" -ErrorAction -ErrorAction Stop
+            }
+            catch {
+                Write-AzOpsMessage -LogLevel InternalComment -LogString 'Initialize-AzOpsEnvironment.CurrentPrincipal.RoleAssignmentFail' -LogStringValues $_
+            }
         }
 
         if (-not $rootPermissions) {

diff --git a/src/internal/functions/Get-AzOpsCurrentPrincipal.ps1 b/src/internal/functions/Get-AzOpsCurrentPrincipal.ps1
@@ -21,20 +21,20 @@
 
         switch ($AzContext.Account.Type) {
             'User' {
-                $restMethodResult = Invoke-AzRestMethod -Uri https://graph.microsoft.com/v1.0/me -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
+                $restMethodResult = Invoke-AzRestMethod -Uri https://graph.microsoft.com/v1.0/me -ErrorAction Stop
                 if ($restMethodResult) {
-                    $principalObject = $restMethodResult.Content | ConvertFrom-Json
+                    $principalObject = $restMethodResult.Content | ConvertFrom-Json -ErrorAction Stop
                 }
             }
             'ManagedService' {
                 # Get managed identity application id via IMDS (https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token)
-                $restMethodResult = Invoke-RestMethod -Uri "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2021-02-01&resource=https%3A%2F%2Fmanagement.azure.com%2F" -Headers @{ Metadata = $true } -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
+                $restMethodResult = Invoke-RestMethod -Uri "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2021-02-01&resource=https%3A%2F%2Fmanagement.azure.com%2F" -Headers @{ Metadata = $true } -ErrorAction Stop
                 if ($restMethodResult.client_id) {
-                    $principalObject = Get-AzADServicePrincipal -ApplicationId $restMethodResult.client_id -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
+                    $principalObject = Get-AzADServicePrincipal -ApplicationId $restMethodResult.client_id -ErrorAction Stop
                 }
             }
             default {
-                $principalObject = Get-AzADServicePrincipal -ApplicationId $AzContext.Account.Id -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
+                $principalObject = Get-AzADServicePrincipal -ApplicationId $AzContext.Account.Id -ErrorAction Stop
             }
         }
         Write-AzOpsMessage -LogLevel InternalComment -LogString 'Get-AzOpsCurrentPrincipal.PrincipalId' -LogStringValues $principalObject.Id

diff --git a/src/localized/en-us/Strings.psd1 b/src/localized/en-us/Strings.psd1
@@ -151,6 +151,8 @@
     'Initialize-AzOpsEnvironment.AzureContext.No'                                   = 'No context available in Az PowerShell. Please use Connect-AzAccount and connect before using the command' #
     'Initialize-AzOpsEnvironment.AzureContext.TooMany'                              = 'Unsupported number of tenants in context: {0} TenantIDs TenantIDs: {1} Please reconnect with Connect-AzAccount using an account/service principal that only have access to one tenant' # $azContextTenants.Count, ($azContextTenants -join ',')
     'Initialize-AzOpsEnvironment.Initializing'                                      = 'Starting AzOps environment initialization' #
+    'Initialize-AzOpsEnvironment.CurrentPrincipal.Fail'                             = 'Identifying current principal failed with: {0}' # $_
+    'Initialize-AzOpsEnvironment.CurrentPrincipal.RoleAssignmentFail'               = 'Identifying current principal root scope "/" roleAssignment failed with: {0}' # $_
     'Initialize-AzOpsEnvironment.ManagementGroup.Expanding'                         = 'Expanding management groups under {0}' # $mgmtGroup.Name
     'Initialize-AzOpsEnvironment.ManagementGroup.NoRootPermissions'                 = 'Principal {0} does not have permissions under / in tenant, enabling partial discovery' # $currentAzContext.Account.Id
     'Initialize-AzOpsEnvironment.ManagementGroup.PartialDiscovery'                  = 'Executing partial discovery' #