Search code examples
azurepowershellazure-functionskqlazure-resource-graph

Unexpected search result from Azure Search Graph Search-AzGraph vs Azure Resource Graph Explorer

I'm facing a weird behaviour (bug?) using the PowerShell command "Search-AzGraph".

When I use "Azure Resource Graph Explorer", I don't get this issue.

resourcecontainers
 | where type =~ 'microsoft.resources/subscriptions/resourcegroups'
 | join kind=leftouter (resources | project ResourceId=id, ResourceName=name, ResourceType=type, resourceGroup) on resourceGroup

(You can copy paste this KQL query directly on your Azure Resource Graph Explorer, it's to display all Azure resources with their Azure respective subscriptionId

With "Azure Resource Graph Explorer", after the "project" keyword to display the columns that I look for, I set "ResourceId" to display the Id of the resource. It works fine. I can see on the result that the column name changed.

But when using "Search-AzGraph", "ResourceId" values contain the value id from "resourcecontainers" instead of "resources". If I remove the "ResourceId=", I got the same (correct) result as "Azure Resource Graph Explorer" but to access to it, I need to use the property "id1". It's not a big deal but I wish to be able to use my own naming column.

Anyone got this experience or I miss something to get the result result on both cases? Thanks

Solution

  • I finally found a workaround:

    resourcecontainers
| where type =~ 'microsoft.resources/subscriptions/resourcegroups'
| join kind=leftouter (resources | project ResourceId=id, ResourceName=name, ResourceType=type, resourceGroup) on resourceGroup
| project ResourceGroupId=id, ResourceId, ResourceGroupName=name, ResourceName, tags

    I added a "project" after my "join" to explicitly give a name to column "id" from "resourcecontainers", so the result don't mess up result (values) between "resourcecontainers" and "resource".

    Here my full example of my PowerShell code, in case someone is interested:

    $resources = Search-AzGraph -Subscription $subscriptionId -Query "resourcecontainers
| where type =~ 'microsoft.resources/subscriptions/resourcegroups'
| join kind=leftouter (resources | project ResourceId=id, ResourceName=name, ResourceType=type, resourceGroup) on resourceGroup
| project ResourceGroupId=id, ResourceId, ResourceGroupName=name, ResourceName, ResourceType, tags"

foreach ($resource in $resources) {
  Write-Host "Resource Group Id: " $resource.ResourceGroupId
  Write-Host "  Resource Group Name: " $resource.ResourceGroupName
  Write-Host "  Resource Id: " $resource.ResourceId
  Write-Host "  Resource Name: " $resource.ResourceName
  Write-Host "  Resource Type: " $resource.ResourceType
}