[BUG] Able to backup Management Intents, but not update about intunecd HOT 12 CLOSED

Ahh, based on that line it seems like it only checks for the key to be present and not having any value so when I changed line 149 locally here to:

for key, val in list.items() if 'templateId' in key and val != None]

It actually worked and created the policy without issue this time!

from intunecd.

Interesting, I will add those changes and run some tests as well. If I don't see any issues I will add it to the next update!

Thank you for testing and reporting back ☺️

from intunecd.

Hi,

I tried with the configuration you sent as an example and it was created as a new configuration just fine in my environment and I was able to update the configuration.

In what scenario do you get this error? i.e. is it when trying to deploy to a new env without any configs or updating the config in a current env where it exists?

from intunecd.

Hi there,

Thanks for checking it out :)

The scenario I am testing in has a pure dev tenant and a test tenant that as of now do not have the config (this test tenant is safe to delete any all policies as needed by testing, so I usually clean it up first and test on a clean slate).

The error has me a bit stumped at the moment since it gives so few details on what actually failed where all the other policy types I tested worked really well. I also tried renaming the policy and testing if the name had any impact on the error but not really any difference, it always fails out on that one error.

During testing I also removed all other policy types from the backup folder to narrow it down to this category as well.
It does not seem to matter much which of the subtypes of management intent it is I try to upload, they all backed up fine but refuse to run through the update process

from intunecd.

Interesting, I just published 5 encryption manifests as new configs to test and it worked 🤔

Can you verify the permissions the Azure AD app registrations have in your test env you are trying to publish to?

from intunecd.

I just double checked all the permissions now and also verified I was able to import back to the dev environment too, so that narrowed it down to simply this other test tenant.

I did find something really strange when digging further using the graph API, as in this test tenant I get back lots of response objects that are not visible in the management portal at Microsoft. And they all lack a proper value for template id so it makes sense with the none error:

Example:

id : 98b3d3c2-adc5-44bb-ac2f-9df8d3bd54b9
displayName : My-Policy-Name-Here
description : Application control
isAssigned : False
lastModifiedDateTime : 15.08.2022 18:33:16
templateId :
roleScopeTagIds : {0, 1}

If entries without a template id could be ignored I wonder if this would most likely work in such cases too.

(I verified I could query out all these using the same application id and secret I am trying to use for the update)

from intunecd.

I ran into that myself some time ago and did add a check for null template id here:

I'm trying to figure out a way I can replicate this and implement a fix for the scenario :)

from intunecd.

Nice catch, I'll add that fix as part of some other updates due to be pushed tomorrow ☺️

from intunecd.

Thanks for all the help in putting me on the right track here and making this wonderful project too! 😊

from intunecd.

When testing to see if there could be any more issues, I found that if I run it once more, so it has to try to overwrite it gives the following error:

Traceback (most recent call last):
File "C:\Python\lib\runpy.py", line 196, in _run_module_as_main
return _run_code(code, main_globals, None,
File "C:\Python\lib\runpy.py", line 86, in run_code
exec(code, run_globals)
File "C:\Python\Scripts\IntuneCD-startupdate.exe_main.py", line 7, in
File "C:\Python\lib\site-packages\IntuneCD\run_update.py", line 207, in start
run_update(args.path, token, args.u, exclude)
File "C:\Python\lib\site-packages\IntuneCD\run_update.py", line 152, in run_update
diff_count += update(path, token, assignment)
File "C:\Python\lib\site-packages\IntuneCD\update_managementIntents.py", line 39, in update
intent_responses = batch_intents(intents, token)
File "C:\Python\lib\site-packages\IntuneCD\graph_batch.py", line 166, in batch_intents
settings_ids = [val for list in categories_responses if intent['templateId'] in list['@odata.context']
File "C:\Python\lib\site-packages\IntuneCD\graph_batch.py", line 166, in
settings_ids = [val for list in categories_responses if intent['templateId'] in list['@odata.context']
TypeError: 'in ' requires string as left operand, not NoneType

from intunecd.

I deliberately forced a None value on the template Id but even then I don't get this error. Would really like to be able to replicate and narrow down what is happening

from intunecd.

It is definitely a very strange error indeed, after trying and failing a bit more here I got it to work by changing line 160 as well to the following:

settings_ids = [val for list in categories_responses if intent['templateId'] != None and intent['templateId'] in list['@odata.context']

Not sure if that is the cleanest way to write this, but now it successfully both creates the item if missing and updated the setting just fine too. Tested editing it in the test environment and running a new update and it forced back the proper value from the backup as expected 😊

from intunecd.