Merge pull request #586 from Azure/585-error-when-retrieving-assignme…

…nts-if-an-assignment-has-a-uami 585 error when retrieving assignments if an assignment has a uami
Azure · Apr 24, 2024 · 8134a9a · 8134a9a
2 parents 7092b09 + 45318e3
commit 8134a9a
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 14 deletions.
diff --git a/Scripts/Helpers/Build-AssignmentDefinitionAtLeaf.ps1 b/Scripts/Helpers/Build-AssignmentDefinitionAtLeaf.ps1
@@ -48,7 +48,7 @@ function Build-AssignmentDefinitionAtLeaf {
     $nonComplianceMessages = $AssignmentDefinition.nonComplianceMessages
     $hasPolicySets = $AssignmentDefinition.hasPolicySets
     $perEntryNonComplianceMessages = $AssignmentDefinition.perEntryNonComplianceMessages
-
+    $flatPolicyList = $AssignmentDefinition.flatPolicyList
     $thisPacOwnerId = $PacEnvironment.pacOwnerId
 
     #endregion cache frequently used fields
@@ -516,10 +516,6 @@ function Build-AssignmentDefinitionAtLeaf {
 
         $parameterObject = $null
         $parametersInPolicyDefinition = @{}
-        if ($displayName -eq "Allowed Locations") {
-            $null = $null
-        }
-
         if ($isPolicySet) {
             $parametersInPolicyDefinition = $policySetDetails.parameters
             if ($useCsv) {
@@ -591,9 +587,9 @@ function Build-AssignmentDefinitionAtLeaf {
                     if ($RoleDefinitions.ContainsKey($roleDefinitionId)) {
                         $roleDisplayName = $RoleDefinitions.$roleDefinitionId
                     }
-                    else {
-                        $null = $null
-                    }
+                    # else {
+                    #     $null = $null
+                    # }
                     $requiredRoleAssignment = @{
                         scope            = $scopeEntry.scope
                         roleDefinitionId = $roleDefinitionId

diff --git a/Scripts/Helpers/Confirm-PolicyResourceExclusions.ps1 b/Scripts/Helpers/Confirm-PolicyResourceExclusions.ps1
@@ -33,10 +33,10 @@ function Confirm-PolicyResourceExclusions {
         if ($null -ne $PolicyResourceTable) {
             $PolicyResourceTable.counters.excluded += 1
         }
-        if ($resourceIdParts.kind -eq "policyAssignments") {
-            $excludedScope = $ExcludedScopesTable.$scope
-            $null = $null
-        }
+        # if ($resourceIdParts.kind -eq "policyAssignments") {
+        #     $excludedScope = $ExcludedScopesTable.$scope
+        #     $null = $null
+        # }
         return $false, $resourceIdParts
     }
     foreach ($testExcludedId in $ExcludedIds) {

diff --git a/Scripts/Helpers/Get-AzPolicyAssignments.ps1 b/Scripts/Helpers/Get-AzPolicyAssignments.ps1
@@ -47,8 +47,7 @@ function Get-AzPolicyAssignments {
                         $principalId = $policyResource.identity.principalId
                     }
                     else {
-                        $userAssignedIdentityId = $policyResource.identity.userAssignedIdentities.PSObject.Properties.Name
-                        $principalId = $policyResource.identity.userAssignedIdentities.$userAssignedIdentityId.principalId
+                        $principalId = $policyResource.identity.userAssignedIdentities.Values.principalId
                     }
                     $uniquePrincipalIds[$principalId] = $true
                     $policyResourcesTable.counters.withIdentity += 1