resync (#548)

Azure · Apr 10, 2024 · 84e3a4e · 84e3a4e
1 parent 684b99c
commit 84e3a4e
Show file tree

Hide file tree

Showing 6 changed files with 17 additions and 17 deletions.
diff --git a/Scripts/Helpers/Get-GlobalSettings.ps1 b/Scripts/Helpers/Get-GlobalSettings.ps1
@@ -237,6 +237,7 @@ function Get-GlobalSettings {
                 $keepDfcSecurityAssignments = $desired.keepDfcSecurityAssignments
                 if ($null -eq $keepDfcSecurityAssignments) {
                     Write-Host -ForegroundColor Red "Error in global-settings.jsonc: pacEnvironment $pacSelector does not contain required desiredState.keepDfcSecurityAssignments field."
+                    $hasErrors = $true
                 }
                 else {
                     if ($keepDfcSecurityAssignments -is [bool]) {
@@ -248,7 +249,7 @@ function Get-GlobalSettings {
                     }
                 }
                 $excludedScopes = $desired.excludedScopes
-                if ($null -ne $excluded) {
+                if ($null -ne $excludedScopes) {
                     if ($excludedScopes -isnot [array]) {
                         Write-Host -ForegroundColor Red "Error in global-settings.jsonc: pacEnvironment $pacSelector field desiredState.excludedScopes must be an array of strings."
                         $hasErrors = $true
@@ -307,10 +308,12 @@ function Get-GlobalSettings {
                 $deleteExpired = $desired.deleteExpiredExemptions
                 if ($null -ne $deleteExpired) {
                     Write-Host -ForegroundColor Red "Error in global-settings.jsonc: pacEnvironment $pacSelector field desiredState.deleteExpiredExemptions is deprecated. Remove it!"
+                    $hasErrors = $true
                 }
                 $deleteOrphaned = $desired.deleteOrphanedExemptions
                 if ($null -ne $deleteOrphaned) {
                     Write-Host -ForegroundColor Red "Error in global-settings.jsonc: pacEnvironment $pacSelector field desiredState.deleteOrphanedExemptions is deprecated. Remove it!"
+                    $hasErrors = $true
                 }
             }
 

diff --git a/Scripts/Helpers/RestMethods/Set-AzPolicyExemptionRestMethod.ps1 b/Scripts/Helpers/RestMethods/Set-AzPolicyExemptionRestMethod.ps1
@@ -39,7 +39,7 @@ function Set-AzPolicyExemptionRestMethod {
             Write-Warning "Ignoring scope locked error: $($statusCode) -- $($content)"
         }
         else {
-            Write-Error "Policy Exemption error $($statusCode) -- $($content)"
+            Write-Error "Policy Exemption error $($statusCode) -- $($content)" -ErrorAction Continue
         }
     }
 }
diff --git a/Scripts/Helpers/RestMethods/Set-AzRoleAssignmentRestMethod.ps1 b/Scripts/Helpers/RestMethods/Set-AzRoleAssignmentRestMethod.ps1
@@ -7,21 +7,20 @@ function Set-AzRoleAssignmentRestMethod {
 
     $properties = $RoleAssignment.properties
     $path = $null
+    $scope = $RoleAssignment.scope
     if ($null -ne $RoleAssignment.id) {
         # update existing role assignment
         $path = "$($RoleAssignment.id)?api-version=$ApiVersion"
-        $scope = $RoleAssignment.scope
     }
     else {
         # create new role assignment
         $guid = New-Guid
-        $scope = $RoleAssignment.scope
         $path = "$scope/providers/Microsoft.Authorization/roleAssignments/$($guid.ToString())?api-version=$ApiVersion"
     }
     $body = @{
         properties = $RoleAssignment.properties
     }
-    Write-Information "Assignment '$($RoleAssignment.assignmentDisplayName)', principalId $($properties.principalId), role '$($RoleAssignment.roleDisplayName)' at $($RoleAssignment.scope)"
+    Write-Information "Assignment '$($RoleAssignment.assignmentDisplayName)', principalId $($properties.principalId), role '$($RoleAssignment.roleDisplayName)' at $($scope)"
 
     # Invoke the REST API
     $bodyJson = ConvertTo-Json $body -Depth 100 -Compress
@@ -36,7 +35,7 @@ function Set-AzRoleAssignmentRestMethod {
             Write-Information $errorBody.error.message
         }
         else {
-            Write-Error "Role Assignment error $($statusCode) -- $($content)" -ErrorAction Stop
+            Write-Error "Role Assignment error $($statusCode) -- $($content)" -ErrorAction Continue
         }
     }
 }
diff --git a/Scripts/Helpers/Split-ArrayIntoChunks.ps1 b/Scripts/Helpers/Split-ArrayIntoChunks.ps1
@@ -13,8 +13,7 @@ function Split-ArrayIntoChunks {
     # split array into chunks
     $count = $Array.Count
     if ($count -le $MinChunkingSize) {
-        [array] $chunks = [array]::CreateInstance([array], 1)
-        $chunks[0] = $Array
+        $chunks = @( $Array )
         return , $chunks
     }
     else {
@@ -23,13 +22,12 @@ function Split-ArrayIntoChunks {
             $NumberOfChunks = [math]::Ceiling($count / $MinChunkingSize)
             $chunkingSize = [math]::Ceiling($count / $NumberOfChunks)
         }
-        [array] $chunks = [array]::CreateInstance([array], $NumberOfChunks)
         if ($NumberOfChunks -eq 1) {
-            Write-Error "Coding error: NumberOfChunks is 1" -ErrorAction Continue
-            $chunks[0] = $Array
+            $chunks = @( $Array )
             return , $chunks
         }
         else {
+            [array] $chunks = [array]::CreateInstance([array], $NumberOfChunks)
             for ($i = 0; $i -lt $NumberOfChunks; $i++) {
                 $start = $i * $chunkingSize
                 $end = $start + $chunkingSize - 1

diff --git a/Scripts/Helpers/Split-HashtableIntoChunks.ps1 b/Scripts/Helpers/Split-HashtableIntoChunks.ps1
@@ -13,8 +13,7 @@ function Split-HashtableIntoChunks {
     # split definition array into chunks
     $count = $Table.Count
     if ($count -le $MinChunkingSize) {
-        [array] $chunks = [array]::CreateInstance([array], 1)
-        $chunks[0] = $Table
+        $chunks = @( $Table )
         return , $chunks
     }
     else {
@@ -23,13 +22,12 @@ function Split-HashtableIntoChunks {
             $NumberOfChunks = [math]::Ceiling($count / $MinChunkingSize)
             $chunkingSize = [math]::Ceiling($count / $NumberOfChunks)
         }
-        [array] $chunks = [array]::CreateInstance([array], $NumberOfChunks)
         if ($NumberOfChunks -eq 1) {
-            Write-Error "Coding error: NumberOfChunks is 1" -ErrorAction Continue
-            $chunks[0] = $Table
+            $chunks = @( $Table )
             return , $chunks
         }
         else {
+            [array] $chunks = [array]::CreateInstance([array], $NumberOfChunks)
             $chunk = @{}
             $itemCount = 0
             $i = 0

diff --git a/Scripts/Operations/New-AzPolicyReaderRole.ps1 b/Scripts/Operations/New-AzPolicyReaderRole.ps1
@@ -72,7 +72,9 @@ $perms = @(
     "Microsoft.Authorization/roleAssignments/read",
     "Microsoft.PolicyInsights/*",
     "Microsoft.Management/register/action",
-    "Microsoft.Management/managementGroups/read"
+    "Microsoft.Management/managementGroups/read",
+    "Microsoft.Resources/subscriptions/read",
+    "Microsoft.Resources/subscriptions/resourceGroups/read"
 )
 
 $role.Actions = $perms