Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing parameterScopes policy assignment parameter metadata #882

Closed
matt-FFFFFF opened this issue Dec 21, 2021 · 4 comments
Closed

Missing parameterScopes policy assignment parameter metadata #882

matt-FFFFFF opened this issue Dec 21, 2021 · 4 comments
Labels
bug Something isn't working Needs: Triage 🔍 Needs triaging by the team policy
Milestone
policy-refresh-fy...

Comments

@matt-FFFFFF
Copy link
Member

matt-FFFFFF commented Dec 21, 2021
edited by jtracey93
Loading

Describe the bug

When the reference architecture is deployed, certain policy assignment parameters that use strongTypes, have resourceIds set. E.g. Deploy-VM-Monitoring.

We do not currently set the parameterScopes metadata value, making the parameter value not visible in the Azure Portal.

Including the parameterScopes metadata property and setting this to the Resource Group of the Log Analytics workspace would fix this.

Steps to reproduce

  1. Deploy reference architecture
  2. In the portal, examine the Deploy-VM-Monitoring policy assignment

Screenshots

image

But parameter is set and viewable in ARM: 

❯ az rest --method GET --uri /providers/Microsoft.Management/managementGroups/issue244/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Monitoring?api-version=2021-06-01 | jq .properties.parameters
{
  "logAnalytics_1": {
    "value": "/subscriptions/814a2d9d-752d-4ecb-bb2a-fc0321152d4b/resourceGroups/issue244-mgmt/providers/Microsoft.OperationalInsights/workspaces/issue244-la"
  }
}

References

https://docs.microsoft.com/en-us/azure/governance/policy/concepts/assignment-structure#common-metadata-properties
@matt-FFFFFF matt-FFFFFF added the bug Something isn't working label Dec 21, 2021
This was referenced Dec 21, 2021
Closed
Closed
@jtracey93 jtracey93 added Needs: Triage 🔍 Needs triaging by the team and removed triage labels Jan 11, 2022
@jtracey93
Copy link
Collaborator

Trigger ADO Sync 1

@jtracey93
Copy link
Collaborator

Trigger ADO Sync 2

@krowlandson
Copy link
Contributor

@matt-FFFFFF ... based on a recent test, it looks like this might no longer be needed:

image

As you can see, the ... Private DNS Zone Ids parameters from this assignment are populated as expected without any user interaction.

Below is an example of one of the parameters within the initiative:

      "microsoft_servicebus_namespaces_privateDnsZoneIds": {
        "type": "Array",
        "metadata": {
          "displayName": "Microsoft.ServiceBus/namespaces Private DNS Zone Ids",
          "description": "Specifies the list of private DNS zones IDs to configure for private endpoints associated to Microsoft.ServiceBus/namespaces resources.",
          "strongType": "Microsoft.Network/privateDnsZones"
        },
        "defaultValue": []
      },

And within the definition:

      "privateDnsZoneIds": {
        "type": "Array",
        "metadata": {
          "description": "Specifies the list of private DNS zones IDs to configure for the private endpoint.",
          "displayName": "Private DNS zone IDs",
          "strongType": "Microsoft.Network/privateDnsZones"
        }
      },

If we can validate this for other scenarios we may be able to close this issue as not required.

@jtracey93 jtracey93 added this to the policy-refresh-fy23-q4 milestone Apr 25, 2023
@Springstone
Copy link
Member

Springstone commented Oct 4, 2023
edited
Loading

@matt-FFFFFF closing this as I cannot reproduce and suspect the issue has been resolved:
image
Let me know if you feel this is still an issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working Needs: Triage 🔍 Needs triaging by the team policy
Projects
None yet
Milestone
policy-refresh-fy24-q1
Development

No branches or pull requests
4 participants
@Springstone @krowlandson @matt-FFFFFF @jtracey93