From d93e9c1c68e583e9885a7a675f418b109d95115a Mon Sep 17 00:00:00 2001
From: Jesper Fajers <jesper@fajers.se>
Date: Mon, 5 Feb 2024 18:11:53 +0000
Subject: [PATCH 1/6] Update ErrorAction

---
 src/functions/Initialize-AzOpsEnvironment.ps1       |  6 ++++--
 .../functions/Get-AzOpsCurrentPrincipal.ps1         | 13 +++++++++----
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/src/functions/Initialize-AzOpsEnvironment.ps1 b/src/functions/Initialize-AzOpsEnvironment.ps1
index 1600cae6..bb1204ec 100644
--- a/src/functions/Initialize-AzOpsEnvironment.ps1
+++ b/src/functions/Initialize-AzOpsEnvironment.ps1
@@ -124,8 +124,10 @@
         }
 
         #region Validate root '/' permissions - different methods of getting current context depending on principalType
-        $currentPrincipal = Get-AzOpsCurrentPrincipal -AzContext $currentAzContext
-        $rootPermissions = Get-AzRoleAssignment -ObjectId $currentPrincipal.id -Scope "/" -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
+        $currentPrincipal = Get-AzOpsCurrentPrincipal -AzContext $currentAzContext -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
+        if ($currentPrincipal.id) {
+            $rootPermissions = Get-AzRoleAssignment -ObjectId $currentPrincipal.id -Scope "/" -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
+        }
 
         if (-not $rootPermissions) {
             Write-AzOpsMessage -LogLevel Important -LogString 'Initialize-AzOpsEnvironment.ManagementGroup.NoRootPermissions' -LogStringValues $currentAzContext.Account.Id
diff --git a/src/internal/functions/Get-AzOpsCurrentPrincipal.ps1 b/src/internal/functions/Get-AzOpsCurrentPrincipal.ps1
index 5c37d193..c8833681 100644
--- a/src/internal/functions/Get-AzOpsCurrentPrincipal.ps1
+++ b/src/internal/functions/Get-AzOpsCurrentPrincipal.ps1
@@ -21,15 +21,20 @@
 
         switch ($AzContext.Account.Type) {
             'User' {
-                $principalObject = (Invoke-AzRestMethod -Uri https://graph.microsoft.com/v1.0/me).Content | ConvertFrom-Json
+                $restMethodResult = Invoke-AzRestMethod -Uri https://graph.microsoft.com/v1.0/me -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
+                if ($restMethodResult) {
+                    $principalObject = $restMethodResult.Content | ConvertFrom-Json
+                }
             }
             'ManagedService' {
                 # Get managed identity application id via IMDS (https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token)
-                $applicationId = (Invoke-RestMethod -Uri "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2021-02-01&resource=https%3A%2F%2Fmanagement.azure.com%2F" -Headers @{ Metadata = $true }).client_id
-                $principalObject = Get-AzADServicePrincipal -ApplicationId $applicationId
+                $restMethodResult = Invoke-RestMethod -Uri "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2021-02-01&resource=https%3A%2F%2Fmanagement.azure.com%2F" -Headers @{ Metadata = $true } -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
+                if ($restMethodResult) {
+                    $principalObject = Get-AzADServicePrincipal -ApplicationId $restMethodResult.client_id -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
+                }
             }
             default {
-                $principalObject = Get-AzADServicePrincipal -ApplicationId $AzContext.Account.Id
+                $principalObject = Get-AzADServicePrincipal -ApplicationId $AzContext.Account.Id -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
             }
         }
         Write-AzOpsMessage -LogLevel InternalComment -LogString 'Get-AzOpsCurrentPrincipal.PrincipalId' -LogStringValues $principalObject.Id

From dd072e53170510003bd7bce4803b0fb6250cb605 Mon Sep 17 00:00:00 2001
From: Jesper Fajers <jesper@fajers.se>
Date: Mon, 5 Feb 2024 18:30:20 +0000
Subject: [PATCH 2/6] Update

---
 src/internal/functions/Get-AzOpsCurrentPrincipal.ps1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/internal/functions/Get-AzOpsCurrentPrincipal.ps1 b/src/internal/functions/Get-AzOpsCurrentPrincipal.ps1
index c8833681..66087b4b 100644
--- a/src/internal/functions/Get-AzOpsCurrentPrincipal.ps1
+++ b/src/internal/functions/Get-AzOpsCurrentPrincipal.ps1
@@ -29,7 +29,7 @@
             'ManagedService' {
                 # Get managed identity application id via IMDS (https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token)
                 $restMethodResult = Invoke-RestMethod -Uri "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2021-02-01&resource=https%3A%2F%2Fmanagement.azure.com%2F" -Headers @{ Metadata = $true } -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
-                if ($restMethodResult) {
+                if ($restMethodResult.client_id) {
                     $principalObject = Get-AzADServicePrincipal -ApplicationId $restMethodResult.client_id -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
                 }
             }

From e3928ebd5f39c71671a81463a2b665165bc2aaf7 Mon Sep 17 00:00:00 2001
From: Jesper Fajers <jesper@fajers.se>
Date: Tue, 6 Feb 2024 10:56:52 +0000
Subject: [PATCH 3/6] Update

---
 src/tests/functional/Microsoft.Network/connections/scenario.ps1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tests/functional/Microsoft.Network/connections/scenario.ps1 b/src/tests/functional/Microsoft.Network/connections/scenario.ps1
index 9b6c2014..df86c151 100644
--- a/src/tests/functional/Microsoft.Network/connections/scenario.ps1
+++ b/src/tests/functional/Microsoft.Network/connections/scenario.ps1
@@ -63,7 +63,7 @@ Describe "Scenario - connections" {
         It "Deployment should be successful" {
             $script:functionalTestDeploy.ProvisioningState | Should -Be "Succeeded"
         }
-        It "Resource properties sharedKey should exist" {
+        It "Resource properties sharedKey should exist" -Skip {
             $script:fileContents.resources[0].properties.sharedKey | Should -BeTrue
         }
         #endregion Pull Test

From d2cb4431050c59e2c38ee3ef3dd464b64ffbad96 Mon Sep 17 00:00:00 2001
From: Jesper Fajers <jesper@fajers.se>
Date: Tue, 6 Feb 2024 11:41:51 +0000
Subject: [PATCH 4/6] Update

---
 src/AzOps.psd1 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/AzOps.psd1 b/src/AzOps.psd1
index 3868d7e0..1afe4184 100644
--- a/src/AzOps.psd1
+++ b/src/AzOps.psd1
@@ -3,7 +3,7 @@
 #
 # Generated by: Customer Architecture Team (CAT)
 #
-# Generated on: 01/26/2024
+# Generated on: 2/6/2024
 #
 
 @{
@@ -52,10 +52,10 @@ PowerShellVersion = '7.2'
 
 # Modules that must be imported into the global environment prior to importing this module
 RequiredModules = @(@{ModuleName = 'PSFramework'; RequiredVersion = '1.10.318'; }, 
-               @{ModuleName = 'Az.Accounts'; RequiredVersion = '2.15.0'; }, 
+               @{ModuleName = 'Az.Accounts'; RequiredVersion = '2.15.1'; }, 
                @{ModuleName = 'Az.Billing'; RequiredVersion = '2.0.3'; }, 
                @{ModuleName = 'Az.ResourceGraph'; RequiredVersion = '0.13.0'; }, 
-               @{ModuleName = 'Az.Resources'; RequiredVersion = '6.14.0'; })
+               @{ModuleName = 'Az.Resources'; RequiredVersion = '6.15.0'; })
 
 # Assemblies that must be loaded prior to importing this module
 # RequiredAssemblies = @()

From ca53d71a95abec89c9eac6b7ae786a860d3fa1f6 Mon Sep 17 00:00:00 2001
From: Jesper Fajers <jesper@fajers.se>
Date: Wed, 7 Feb 2024 10:39:24 +0000
Subject: [PATCH 5/6] Update

---
 src/functions/Initialize-AzOpsEnvironment.ps1      | 14 ++++++++++++--
 .../functions/Get-AzOpsCurrentPrincipal.ps1        | 10 +++++-----
 src/localized/en-us/Strings.psd1                   |  2 ++
 3 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/src/functions/Initialize-AzOpsEnvironment.ps1 b/src/functions/Initialize-AzOpsEnvironment.ps1
index bb1204ec..d1931d79 100644
--- a/src/functions/Initialize-AzOpsEnvironment.ps1
+++ b/src/functions/Initialize-AzOpsEnvironment.ps1
@@ -124,9 +124,19 @@
         }
 
         #region Validate root '/' permissions - different methods of getting current context depending on principalType
-        $currentPrincipal = Get-AzOpsCurrentPrincipal -AzContext $currentAzContext -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
+        try {
+            $currentPrincipal = Get-AzOpsCurrentPrincipal -AzContext $currentAzContext -ErrorAction Stop
+        }
+        catch {
+            Write-AzOpsMessage -LogLevel Warning -LogString 'Initialize-AzOpsEnvironment.CurrentPrincipal.Fail' -LogStringValues $_
+        }
         if ($currentPrincipal.id) {
-            $rootPermissions = Get-AzRoleAssignment -ObjectId $currentPrincipal.id -Scope "/" -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
+            try {
+                $rootPermissions = Get-AzRoleAssignment -ObjectId $currentPrincipal.id -Scope "/" -ErrorAction -ErrorAction Stop
+            }
+            catch {
+                Write-AzOpsMessage -LogLevel InternalComment -LogString 'Initialize-AzOpsEnvironment.CurrentPrincipal.RoleAssignmentFail' -LogStringValues $_
+            }
         }
 
         if (-not $rootPermissions) {
diff --git a/src/internal/functions/Get-AzOpsCurrentPrincipal.ps1 b/src/internal/functions/Get-AzOpsCurrentPrincipal.ps1
index 66087b4b..df593672 100644
--- a/src/internal/functions/Get-AzOpsCurrentPrincipal.ps1
+++ b/src/internal/functions/Get-AzOpsCurrentPrincipal.ps1
@@ -21,20 +21,20 @@
 
         switch ($AzContext.Account.Type) {
             'User' {
-                $restMethodResult = Invoke-AzRestMethod -Uri https://graph.microsoft.com/v1.0/me -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
+                $restMethodResult = Invoke-AzRestMethod -Uri https://graph.microsoft.com/v1.0/me -ErrorAction Stop
                 if ($restMethodResult) {
-                    $principalObject = $restMethodResult.Content | ConvertFrom-Json
+                    $principalObject = $restMethodResult.Content | ConvertFrom-Json -ErrorAction Stop
                 }
             }
             'ManagedService' {
                 # Get managed identity application id via IMDS (https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token)
-                $restMethodResult = Invoke-RestMethod -Uri "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2021-02-01&resource=https%3A%2F%2Fmanagement.azure.com%2F" -Headers @{ Metadata = $true } -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
+                $restMethodResult = Invoke-RestMethod -Uri "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2021-02-01&resource=https%3A%2F%2Fmanagement.azure.com%2F" -Headers @{ Metadata = $true } -ErrorAction Stop
                 if ($restMethodResult.client_id) {
-                    $principalObject = Get-AzADServicePrincipal -ApplicationId $restMethodResult.client_id -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
+                    $principalObject = Get-AzADServicePrincipal -ApplicationId $restMethodResult.client_id -ErrorAction Stop
                 }
             }
             default {
-                $principalObject = Get-AzADServicePrincipal -ApplicationId $AzContext.Account.Id -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
+                $principalObject = Get-AzADServicePrincipal -ApplicationId $AzContext.Account.Id -ErrorAction Stop
             }
         }
         Write-AzOpsMessage -LogLevel InternalComment -LogString 'Get-AzOpsCurrentPrincipal.PrincipalId' -LogStringValues $principalObject.Id
diff --git a/src/localized/en-us/Strings.psd1 b/src/localized/en-us/Strings.psd1
index 4f93a81b..c2c47b8c 100644
--- a/src/localized/en-us/Strings.psd1
+++ b/src/localized/en-us/Strings.psd1
@@ -151,6 +151,8 @@
     'Initialize-AzOpsEnvironment.AzureContext.No'                                   = 'No context available in Az PowerShell. Please use Connect-AzAccount and connect before using the command' #
     'Initialize-AzOpsEnvironment.AzureContext.TooMany'                              = 'Unsupported number of tenants in context: {0} TenantIDs TenantIDs: {1} Please reconnect with Connect-AzAccount using an account/service principal that only have access to one tenant' # $azContextTenants.Count, ($azContextTenants -join ',')
     'Initialize-AzOpsEnvironment.Initializing'                                      = 'Starting AzOps environment initialization' #
+    'Initialize-AzOpsEnvironment.CurrentPrincipal.Fail'                             = 'Identifying current principal failed with: {0}' # $_
+    'Initialize-AzOpsEnvironment.CurrentPrincipal.RoleAssignmentFail'               = 'Identifying current principal root scope "/" roleAssignment failed with: {0}' # $_
     'Initialize-AzOpsEnvironment.ManagementGroup.Expanding'                         = 'Expanding management groups under {0}' # $mgmtGroup.Name
     'Initialize-AzOpsEnvironment.ManagementGroup.NoRootPermissions'                 = 'Principal {0} does not have permissions under / in tenant, enabling partial discovery' # $currentAzContext.Account.Id
     'Initialize-AzOpsEnvironment.ManagementGroup.PartialDiscovery'                  = 'Executing partial discovery' #

From 308a339762f1eba3491a27395f65b3014868b7b7 Mon Sep 17 00:00:00 2001
From: Jesper Fajers <jesper@fajers.se>
Date: Wed, 7 Feb 2024 11:08:37 +0000
Subject: [PATCH 6/6] Update

---
 src/functions/Initialize-AzOpsEnvironment.ps1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/functions/Initialize-AzOpsEnvironment.ps1 b/src/functions/Initialize-AzOpsEnvironment.ps1
index d1931d79..d0939a6b 100644
--- a/src/functions/Initialize-AzOpsEnvironment.ps1
+++ b/src/functions/Initialize-AzOpsEnvironment.ps1
@@ -132,7 +132,7 @@
         }
         if ($currentPrincipal.id) {
             try {
-                $rootPermissions = Get-AzRoleAssignment -ObjectId $currentPrincipal.id -Scope "/" -ErrorAction -ErrorAction Stop
+                $rootPermissions = Get-AzRoleAssignment -ObjectId $currentPrincipal.id -Scope "/" -ErrorAction Stop
             }
             catch {
                 Write-AzOpsMessage -LogLevel InternalComment -LogString 'Initialize-AzOpsEnvironment.CurrentPrincipal.RoleAssignmentFail' -LogStringValues $_