Open
Description
Description
When running a Search-AzGraph in some instances a Null SkipToken is returned making it impossible to correctly pull all records when rowcount >1000.
Specifically with this query SkipToken == Null
securityresources
| where type == "microsoft.security/pricings"
| extend tier = properties.pricingTier
| extend PlanEnabled = iff(tier=='Free', "No", "Yes")
| project subscriptionId, name, PlanEnabled
| join kind=leftouter(
resourcecontainers
| where type == "microsoft.resources/subscriptions"
| extend SubscriptionName = name
) on $left.subscriptionId == $right.subscriptionId
| project subscriptionId, SubscriptionName, name, PlanEnabled
| sort by subscriptionId asc, SubscriptionName asc, name asc
Issue script & Debug output
PS > $DebugPreference='Continue'
PS > $KQuery = @"
>> securityresources
>> | where type == "microsoft.security/pricings"
>> | extend tier = properties.pricingTier
>> | extend PlanEnabled = iff(tier=='Free', "No", "Yes")
>> | project subscriptionId, name, PlanEnabled
>> | join kind=leftouter(
>> resourcecontainers
>> | where type == "microsoft.resources/subscriptions"
>> | extend SubscriptionName = name
>> ) on `$left.subscriptionId == `$right.subscriptionId
>> | project subscriptionId, SubscriptionName, name, PlanEnabled
>> | sort by subscriptionId asc, SubscriptionName asc, name asc
>> "@
PS >
PS > $Return = Search-AzGraph -ManagementGroup $ManagementGroup -Query $KQuery -First 10
DEBUG: 15:00:05 - SearchAzureRmGraph begin processing with ParameterSet 'TenantScopedQuery'.
DEBUG: 15:00:05 - using account id '**USER REMOVED**'...
DEBUG: [Common.Authentication]: Authenticating using Account: '**USER REMOVED**', environment: 'AzureCloud', tenant: '**TENANTID REMOVED**'
DEBUG: 15:00:05 - [SilentAuthenticator] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'**TENANTID REMOVED**', Scopes:'https://management.core.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'**USER REMOVED**'
DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId:
DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [12/16/2021 15:00:05 - ] Azure region was not configured or could not be discovered. Not using a regional authority.
DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [12/16/2021 15:00:05] Found 2 cache accounts and 0 broker accounts
DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [12/16/2021 15:00:05] Returning 2 accounts
DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [12/16/2021 15:00:05 - ] MSAL MSAL.NetCore with assembly version '4.30.1.0'. CorrelationId(c7b804bc-ee0b-429a-95bf-5c0f1e474ed9)
DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [12/16/2021 15:00:05 - ] === AcquireTokenSilent Parameters ===
DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [12/16/2021 15:00:05 - ] LoginHint provided: False
DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [12/16/2021 15:00:05 - ] Account provided: True
DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [12/16/2021 15:00:05 - ] ForceRefresh: False
DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [12/16/2021 15:00:05 - ]
=== Request Data ===
Authority Provided? - True
Scopes - https://management.core.windows.net//.default
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenSilent
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - c7b804bc-ee0b-429a-95bf-5c0f1e474ed9
DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [12/16/2021 15:00:05 - ] === Token Acquisition (SilentRequest) started:
Authority Host: login.microsoftonline.com
DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [12/16/2021 15:00:05 - ] Azure region was not configured or could not be discovered. Not using a regional authority.
DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [12/16/2021 15:00:05 - ] Access token is not expired. Returning the found cache entry. [Current time (12/16/2021 15:00:05) - Expiration Time (12/16/2021 15:38:02 +00:00) - Extended Expiration Time (12/16/2021 15:38:02 +00:00)]
DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [12/16/2021 15:00:05 - ] Returning access token found in cache. RefreshOn exists ? False
DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [12/16/2021 15:00:05 - ] Fetched access token from host login.microsoftonline.com.
DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [12/16/2021 15:00:05 - ] === Token Acquisition finished successfully. An access token was returned with Expiration Time: 12/16/2021 15:38:02 +00:00 and Scopes https://management.core.windows.net//user_impersonation https://management.core.windows.net//.default
DEBUG: SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: ExpiresOn: 2021-12-16T15:38:02.0000000+00:00
DEBUG: [Common.Authentication]: Received token with LoginType 'User', Tenant: '**TENANTID REMOVED**', UserId: '**USER REMOVED**'
DEBUG: ============================ HTTP REQUEST ============================
HTTP Method:
POST
Absolute Uri:
https://management.azure.com/providers/Microsoft.ResourceGraph/resources?api-version=2021-03-01
Headers:
x-ms-client-request-id : bd6a0d59-e4a3-44e6-a21b-0d05f5ff77b8
Accept-Language : en-US
Body:
{
"managementGroups": [
"**MANAGEMENTGROUPID REMOVED**"
],
"query": "securityresources \n| where type == \"microsoft.security/pricings\" \n| extend tier = properties.pricingTier \n| extend PlanEnabled = iff(tier=='Free', \"No\", \"Yes\")\n| project subscriptionId, name, PlanEnabled\n| join kind=leftouter(\n resourcecontainers\n | where type == \"microsoft.resources/subscriptions\"\n | extend SubscriptionName = name\n) on $left.subscriptionId == $right.subscriptionId\n| project subscriptionId, SubscriptionName, name, PlanEnabled\n| sort by subscriptionId asc, SubscriptionName asc, name asc",
"options": {
"$top": 10,
"$skip": 0,
"resultFormat": "objectArray",
"allowPartialScopes": false
}
}
DEBUG: ============================ HTTP RESPONSE ============================
Status Code:
OK
Headers:
Cache-Control : no-cache
Pragma : no-cache
Strict-Transport-Security : max-age=31536000; includeSubDomains
x-ms-ratelimit-remaining-tenant-resource-requests: 14
x-ms-user-quota-remaining : 14
x-ms-user-quota-resets-after : 00:00:05
Server : Kestrel
x-ms-ratelimit-remaining-tenant-reads: 11997
x-ms-request-id : ad38bd7e-5cfc-4598-a3b4-82f90659ae18
x-ms-correlation-request-id : ad38bd7e-5cfc-4598-a3b4-82f90659ae18
x-ms-routing-request-id : UKSOUTH:20211216T150005Z:ad38bd7e-5cfc-4598-a3b4-82f90659ae18
X-Content-Type-Options : nosniff
Date : Thu, 16 Dec 2021 15:00:05 GMT
Body:
{
"totalRecords": 624,
"count": 10,
"data": [
**DATA REMOVED**
],
"facets": [],
"resultTruncated": "true"
}
DEBUG: AzureQoSEvent: Module: Az.ResourceGraph:0.11.0; CommandName: Search-AzGraph; PSVersion: 7.2.0-preview.7; IsSuccess: True; Duration: 00:00:00.9699561
DEBUG: Finish sending metric.
DEBUG: 15:00:07 - SearchAzureRmGraph end processing.
PS >
PS > # Get the Return.SkipToken
PS > $Return.SkipToken
PS >Environment data
PS >$PSVersionTable
Name Value
---- -----
PSVersion 7.2.0-preview.7
PSEdition Core
GitCommitId 7.2.0-preview.7
OS Microsoft Windows 10.0.22000
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0Module versions
PS> Get-Module Az*
ModuleType Version PreRelease Name ExportedCommands
---------- ------- ---------- ---- ----------------
Script 2.6.2 Az.Accounts {Add-AzEnvironment, Clear-AzContext, Clear-AzDefault, Connect-AzAccount…}
Script 0.11.0 Az.ResourceGraph {Search-AzGraph, Get-AzResourceGraphQuery, New-AzResourceGraphQuery, Remove-AzResourceGraphQuery…}Error output
DEBUG: 15:09:22 - ResolveError begin processing with ParameterSet 'AnyErrorParameterSet'.
DEBUG: 15:09:22 - using account id '**USER REMOVED**'...
WARNING: Upcoming breaking changes in the cmdlet 'Resolve-AzError' :
The `Resolve-Error` alias will be removed in a future release. Please change any scripts that use this alias to use `Resolve-AzError` instead.
Note : Go to https://aka.ms/azps-changewarnings for steps to suppress this breaking change warning, and other information on breaking changes in Azure PowerShell.
The Azure PowerShell team is listening, please let us know how we are doing: https://aka.ms/azpssurvey?Q_CHL=ERROR.
DEBUG: AzureQoSEvent: Module: Az.Accounts:2.6.2; CommandName: Resolve-AzError; PSVersion: 7.2.0-preview.7; IsSuccess: True; Duration: 00:00:00.0040736
DEBUG: Finish sending metric.
DEBUG: 15:09:22 - ResolveError end processing.Metadata
Metadata
Assignees
Labels
Type
Projects
Milestone
Relationships
Development
No branches or pull requests
Participants
Activity
dingmeng-xue commentedon Dec 20, 2021
@dolauli , please help to look into this question.
dolauli commentedon Dec 21, 2021
According to swagger https://github.com/Azure/azure-rest-api-specs/blob/main/specification/resourcegraph/resource-manager/Microsoft.ResourceGraph/stable/2021-03-01/resourcegraph.json#L307, there will be an optional property "$skipToken" in the response. And the issue is that there is no "$skipToken" returned from service (See above response for details) So it should be a service issue.
I also try the same query with my own account, but it works with $skipToken returned. Highlight different http responses as below.
User's http response, no "$skipToken" returned
Http response in my test.
ghost commentedon Dec 21, 2021
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @chiragg4u.
Issue Details
Description
When running a Search-AzGraph in some instances a Null SkipToken is returned making it impossible to correctly pull all records when rowcount >1000.
Specifically with this query SkipToken == Null
securityresources
| where type == "microsoft.security/pricings"
| extend tier = properties.pricingTier
| extend PlanEnabled = iff(tier=='Free', "No", "Yes")
| project subscriptionId, name, PlanEnabled
| join kind=leftouter(
resourcecontainers
| where type == "microsoft.resources/subscriptions"
| extend SubscriptionName = name
) on
$left.subscriptionId ==$right.subscriptionId| project subscriptionId, SubscriptionName, name, PlanEnabled
| sort by subscriptionId asc, SubscriptionName asc, name asc
Issue script & Debug output
Environment data
Module versions
Error output
Service Attention,Resource Graph,bug,question,customer-reporteddolauli commentedon Dec 21, 2021
Add service team
AndyS117 commentedon Jan 5, 2022
Is there any indication on when the back end service for this will be fixed. It's occasionally working but with it being hit and miss it's pretty hard to build anything against it.
dhu5432 commentedon Nov 14, 2022
@AndyS117 Are you still experiencing this issue?
dabbabi-zayani commentedon Mar 31, 2023
Issue is not fixed. I tested all available api versions and none is working, $skipToken is never returned in the response payload.
Here is the list of api versions I tested :
dhu5432 commentedon Apr 6, 2023
Is there a correlation ID and timestamp you can include for these requests so we can dig into it on our end?
quintok commentedon Jan 17, 2024
My query was significantly simpler, just looking at some resources but I could reproduce the symptom. My response x-ms-correlation-request-id was f7281392-ee10-4b44-87f4-e43f024ed39b at Wed, 17 Jan 2024 05:37:17 GMT @dhu5432
ChristopheLux commentedon Jul 31, 2024
Hello
are you able to retrieve the value of totalRecords and resultTruncated?
with $Return.totalRecords and $Return.resultTruncated ?
purushn-daimler commentedon May 22, 2025
I was able retrieve the $skipToken property by not using the 'project' function
example:
working query:
not working query:
@AndyS117 lemme know if this fixes your issue
the API endpoint I used https://management.azure.com/providers/Microsoft.ResourceGraph/resources?api-version=2024-04-01
I also verified with other api versions as well 😉