Can't use a variable on a filter for Get-MgDirectoryRole

[webstean]

Thanks for reporting the bug. Please ensure you've gone through the following checklist before opening an issue:

• Make sure you can reproduce this issue using the latest released version of Microsoft.Graph or Microsoft.Graph.Beta.
• Please search the existing issues to see if there has been a similar issue filed.
• For issues related to authentication and service errors, please refer to our troubleshooting guide. For service issues, please open a question at https://developer.microsoft.com/graph/support.

Describe the bug
Can't use a variable on a filter for Get-MgDirectoryRole

To Reproduce
Steps to reproduce the behavior:
PS C:\Users\andreww> $role = "Global Administrator"
PS C:\Users\andreww> Get-MgDirectoryRole -Filter "DisplayName eq $role"
Get-MgDirectoryRole_List: Invalid filter clause: Syntax error at position 35 in 'DisplayName eq Global Administrator'.

Status: 400 (BadRequest)
ErrorCode: BadRequest
Date: 2023-07-31T10:29:37

Headers:
Transfer-Encoding : chunked
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 1d8c6e96-bfc8-4bf4-8324-e00b9245a4de
client-request-id : 48247b71-88c4-4b45-ac5f-4a388c7fa5fb
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Australia Southeast","Slice":"E","Ring":"4","ScaleUnit":"001","RoleInstance":"ML1PEPF00004AF4"}}
Date : Mon, 31 Jul 2023 10:29:36 GMT

Expected behavior
Returns details of role

Debug Output

Run the problematic command with -Debug and paste the resulting debug stream below.
⚠ ATTENTION: Be sure to remove any sensitive information that may be in the logs.
PS C:\Users\andreww> Get-MgDirectoryRole -Filter "DisplayName eq $role" -debug
DEBUG: [CmdletBeginProcessing]: - Get-MgDirectoryRole begin processing with parameterSet 'List'.
DEBUG: [Authentication]: - AuthType: 'Delegated', TokenCredentialType: 'InteractiveBrowser', ContextScope: 'CurrentUser', AppName: 'Microsoft Graph Command Line Tools'.
DEBUG: [Authentication]: - Scopes: [AccessReview.Read.All, AdministrativeUnit.Read.All, Analytics.Read, AppCatalog.Read.All, Application.Read.All, Application.ReadWrite.All, AuditLog.Read.All, Directory.Read.All, Group.Read.All, openid, People.Read.All, profile, Sites.Read.All, User.Read, User.Read.All, User.ReadWrite.All, email, SecurityEvents.Read.All].
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://graph.microsoft.com/v1.0/directoryRoles?$filter=DisplayName eq Global Administrator

Headers:
FeatureFlag : 00000043
Cache-Control : no-store, no-cache
User-Agent : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.25915; en-AU),PowerShell/7.3.6
Accept-Encoding : gzip
SdkVersion : graph-powershell/2.1.0
client-request-id : 2fa7a2e3-19b8-4fb2-88c6-feab3bc7e966

Body:

Module Version

Please run Get-Module Microsoft.Graph* after cmdlet execution and paste the output below.
If a module cannot be installed or imported, please run Get-Module -ListAvailable and paste the output.
PS C:\Users\andreww> Get-Module Microsoft.Graph*

ModuleType Version PreRelease Name ExportedCommands

---

Script 2.1.0 Microsoft.Graph.Applications {Add-MgApplicationKey, Add-MgApplicationPassword,…
Script 2.1.0 Microsoft.Graph.Authentication {Add-MgEnvironment, Connect-MgGraph, Disconnect-M…
Script 2.1.0 Microsoft.Graph.Identity.Directory… {Confirm-MgContactMemberGroup, Confirm-MgContactM…
Script 2.1.0 Microsoft.Graph.Security {Add-MgSecurityCaseEdiscoveryCaseCustodianHold, A…

Environment Data

Please run $PSVersionTable and paste the output below. If running the Docker container image, indicate the tag of the image used and the version of Docker engine.

Screenshots

If applicable, add screenshots to help explain your problem.

Additional context

Add any other context about the problem here.

[SeniorConsulting]

Gidday,

With the Graph API, your filter syntax normally needs to have your single quotes around them.

Consequently, you'll need to put the same single quotes around your variable
Get-MgDirectoryRole -Filter "DisplayName eq '$role'"

[webstean]

Thanks, but the actual issues is when using variables, for example: -
PS C:\Users\andreww> $role2name = "Groups Administrator"
PS C:\Users\andreww> Get-MgDirectoryRoleTemplate | Where-Object {$.displayName -eq '$role2name'}
PS C:\Users\andreww> Get-MgDirectoryRoleTemplate | Where-Object {$.displayName -eq 'Groups Administrator'}

DeletedDateTime Id Description

---

            fdd7a751-b60b-444a-984c-02652fe8fa1c Members of this role can create/manage groups, create/manage groups settings like naming and ex…

So using the literal works, but using a variable does not

[SeniorConsulting]

OK, so you've moved away from filtering on the Graph API, and instead filtering using PowerShell's Where-Object. These two things act quite differently.
Filtering on Graph API: When using filter query syntax, you'll need to put the single quotes in there. e.g. Get-MgDirectoryRole -Filter "DisplayName eq '$role'"

Filtering on PowerShell with Where-Object: You can use double quotes if you want to use a string, but you can omit these entirely if you're using a variable. e.g.

$Status = "Stopped"
Get-Service | Where-Object { $_.Status -eq $Status }

So far, I've been given a limited picture of what you're trying to acheive, otherwise I could offer up some more advice. In the first example, you've used the Get-MgDirectoryRole cmdlet and in the second one you've used Get-MgDirectoryRoleTemplate.
To try to give just a little bit more though, these things should work:

Filtering via Graph API
$Role = "Global Administrator"
Get-MgDirectoryRole -Filter "DisplayName eq '$role'"

NOTE: You cannot filter Directory Role templates using the Graph API filter parameters, so you'd be better off filtering on the pipeline using Where-Object (See below): https://learn.microsoft.com/en-us/graph/api/directoryroletemplate-list?view=graph-rest-1.0&tabs=http#optional-query-parameters

Filtering the same via Where-Object
$Role = "Global Administrator"
Get-MgDirectoryRole | Where-Object {$_.DisplayName -eq $role}

or

Get-MgDirectoryRoleTemplate | Where-Object {$_.DisplayName -eq $role}

[webstean]

Ok - Thanks my misunderstanding. Thanks for helping me out and the references. Very useful

[SeniorConsulting]

Thanks - all the best to you :)