Azure
[Doc]: Update-AzRoleManagementPolicy error when running provided sample code : Unable to find type [RoleManagementPolicyExpirationRule]
Description
Hi,
trying to run example 1 from https://learn.microsoft.com/en-us/powershell/module/az.resources/update-azrolemanagementpolicy?view=azps-9.5.0&tryIt=true#code-try-2 et getting the following error (cloudshell or powershell)
InvalidOperation: Unable to find type [RoleManagementPolicyExpirationRule]
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @aperezcloud, @kenieva.
Issue Details
Description
Hi,
trying to run example 1 from https://learn.microsoft.com/en-us/powershell/module/az.resources/update-azrolemanagementpolicy?view=azps-9.5.0&tryIt=true#code-try-2 et getting the following error (cloudshell or powershell)
InvalidOperation: Unable to find type [RoleManagementPolicyExpirationRule]
| Author: | kayasax |
|---|---|
| Assignees: | - |
| Labels: |
|
| Milestone: | - |
Thanks for reporting, @kayasax. Let me route this to the service team.
I encountered the same issue today. Are there any updates?
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @aperezcloud, @kenieva.
![microsoft-github-policy-service[bot] avatar](https://avatars.githubusercontent.com/in/95686?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has also been reported and a workaround provided here: https://github.com/Azure/azure-powershell/issues/18781.
Guys, since the issue is still ongoing i've updated the docs with the workaround.
My PIM script which was working fine for quite some time is now broken with the update to Az PowerShell v15 using Az.Resources v9.x.
@B-Oudehinken the updated docs with the workaround is now broken as well. Won't work with Az PowerShell 15.x.
This whole PIM topic is very frustrating and badly documented.
Found a working solution with Azure PowerShell v15.x / Az.Resources 9.x. Had to remove the preview API parts and no more namespace for ruleType definitions.
Here are a few snippets which should help you get started with the latest release.
This will apply to all kind of Rules. Just change RoleManagementPolicyExpirationRule to whatever you are working on (ExpirationRule, EnablementRule or NotificationRule)
$expirationAdminEligibility = [Microsoft.Azure.PowerShell.Cmdlets.Resources.Authorization.Models.RoleManagementPolicyExpirationRule]@{
isExpirationRequired = "false";
maximumDuration = "P1Y";
id = "Expiration_Admin_Eligibility";
ruleType = ("RoleManagementPolicyExpirationRule");
targetCaller = "Admin";
targetOperation = @('All');
targetLevel = "Eligibility";
targetObject = $null;
targetInheritableSetting = $null;
targetEnforcedSetting = $null;
}
Put all the configured rules together and update the role.
$rules = [Microsoft.Azure.PowerShell.Cmdlets.Resources.Authorization.Models.IRoleManagementPolicyRule[]]@($expirationAdminEligibility,$expirationAdminAssignment,$notificationAdminAdminEligibility,$notificationAdminAdminAssignment,$notificationAdminEndUserAssignment,$expirationEndUserAssignment,$enablementAdminAssignment,$enablementEndUserAssignment)
Update-AzRoleManagementPolicy -Scope $scope -Name $roleName.Name -Rule $rules
Please do some proper testing and update the documentation accordingly. Following the current v15 docs will end up with error messages.