Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove-MgBetaEntitlementManagementAccessPackageAssignment results in 404 error #2493

Open
quentinmarois opened this issue Dec 14, 2023 · 4 comments
Open

Remove-MgBetaEntitlementManagementAccessPackageAssignment results in 404 error #2493

quentinmarois opened this issue Dec 14, 2023 · 4 comments
Labels
Dependency: metadata-issue

Comments

@quentinmarois
Copy link

Describe the bug
When attempting to use the Remove-MgBetaEntitlementManagementAccessPackageAssignment cmdlet with a valid AccessPackageAssignmentId, the azurewebsites API endpoint results in a 404 error.

To Reproduce
Steps to reproduce the behavior:

Remove-MgBetaEntitlementManagementAccessPackageAssignment -AccessPackageAssignmentId 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx'

Debug Output

============================ HTTP REQUEST ============================

HTTP Method:
DELETE

Absolute Uri:
https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignments/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx

Headers:

Body:

============================ HTTP RESPONSE ============================

Status Code:
NotFound

Headers:
Transfer-Encoding             : chunked
Vary                          : Accept-Encoding
Strict-Transport-Security     : max-age=31536000
request-id                    : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
client-request-id             : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
x-ms-ags-diagnostic           : {"ServerInfo":{"DataCenter":"Germany West Central","Slice":"E","Ring":"5","ScaleUnit":"002","RoleInstance":"FR3PEPF0000016D"}}
Date                          : Thu, 14 Dec 2023 12:57:12 GMT

Body:
{
  "error": {
    "code": "",
    "message": "No HTTP resource was found that matches the request URI
'https://igaelm-asev3-ecapi-neu.igaelm-asev3-environment-neu.p.azurewebsites.net/api/v1/accessPackageAssignments('xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx')'.",
    "innerError": {
      "date": "2023-12-14T12:57:12",
      "request-id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx",
      "client-request-id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx"
    }
  }
}

Module Version
Microsoft.Graph.Beta.Identity.Governance version 2.11.1
@timayabi2020
Copy link
Contributor

Hi @quentinmarois from the debug information this seems like a service issue. You can also confirm that this issue is not only specific to the Microsoft PowerShell SDK by making use of this tool https://developer.microsoft.com/en-us/graph/graph-explorer. by picking the request uri from the debug information and running it on the tool. For API related issues/questions we are not best placed to give an answer. Kindly raise an issue here https://developer.microsoft.com/en-us/graph/support so that the API owner can respond to it.

@quentinmarois
Copy link
Author

So I did a bit more research on the issue, but I'm getting more confused.
The API actually seems to behave as expected: In this page and this page of the documentation, it is mentioned that to delete an access package assignment, we need to create a new request with the corresponding type of the initial assignment request.

So for example, if the original assignment request was of requestType AdminAdd, we create a new request of type AdminRemove

So, it would make sense that the API return an error, because the DELETE method doesn't exist (although the error status code is a bit misleading as the endpoint does exist, but not the method. A 405 error would make more sense).

The thing that I'm having difficulty understanding now is that, if this is the intended process, wouldn't this mean that the Remove-MgBetaEntitlementManagementAccessPackageAssignement command should not exist in the first place ?

@o-l-a-v
Copy link

o-l-a-v commented Jan 4, 2024
edited
Loading

Thanks for the info @quentinmarois.

I got removal working with New-MgEntitlementManagementAssignmentRequest.

What's also not.. legit.. with Graph is that I successfully could create the remove request without any write permissions in the scope when I authenticated. I authenticated with:

do {$Disconnected = [bool](-not$(Try{$null = Disconnect-MgGraph 2>$null; $?}Catch{$false}))} until ($Disconnected)
Connect-MgGraph -UseDeviceCode -Scopes ('AuditLog.Read.All','EntitlementManagement.Read.All','User.Read.All') -NoWelcome -ContextScope 'Process'

And the delete request went through, no questions asked.

After that it takes some minutes before the request is "delivered", as in assignment is actually deleted. Then the assignment status is "expired".

@timayabi2020
Copy link
Contributor

This issue is being tracked here microsoftgraph/msgraph-metadata#677

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Dependency: metadata-issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@o-l-a-v @timayabi2020 @quentinmarois