Enterprise-Scale icon indicating copy to clipboard operation
Enterprise-Scale copied to clipboard

Published 20 hours ago verified publisher icon Azure

Missing `parameterScopes` policy assignment parameter metadata

Open matt-FFFFFF opened this issue 3 years ago • 2 comments

Describe the bug

When the reference architecture is deployed, certain policy assignment parameters that use strongTypes, have resourceIds set. E.g. Deploy-VM-Monitoring.

We do not currently set the parameterScopes metadata value, making the parameter value not visible in the Azure Portal.

Including the parameterScopes metadata property and setting this to the Resource Group of the Log Analytics workspace would fix this.

Steps to reproduce

  1. Deploy reference architecture
  2. In the portal, examine the Deploy-VM-Monitoring policy assignment

Screenshots

image

But parameter is set and viewable in ARM: 

❯ az rest --method GET --uri /providers/Microsoft.Management/managementGroups/issue244/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Monitoring?api-version=2021-06-01 | jq .properties.parameters
{
  "logAnalytics_1": {
    "value": "/subscriptions/814a2d9d-752d-4ecb-bb2a-fc0321152d4b/resourceGroups/issue244-mgmt/providers/Microsoft.OperationalInsights/workspaces/issue244-la"
  }
}

References

https://docs.microsoft.com/en-us/azure/governance/policy/concepts/assignment-structure#common-metadata-properties

matt-FFFFFF avatar Dec 21 '21 15:12 matt-FFFFFF

Trigger ADO Sync 1

jtracey93 avatar Sep 11 '22 07:09 jtracey93

Trigger ADO Sync 2

jtracey93 avatar Sep 11 '22 07:09 jtracey93

@matt-FFFFFF ... based on a recent test, it looks like this might no longer be needed:

image

As you can see, the ... Private DNS Zone Ids parameters from this assignment are populated as expected without any user interaction.

Below is an example of one of the parameters within the initiative:

      "microsoft_servicebus_namespaces_privateDnsZoneIds": {
        "type": "Array",
        "metadata": {
          "displayName": "Microsoft.ServiceBus/namespaces Private DNS Zone Ids",
          "description": "Specifies the list of private DNS zones IDs to configure for private endpoints associated to Microsoft.ServiceBus/namespaces resources.",
          "strongType": "Microsoft.Network/privateDnsZones"
        },
        "defaultValue": []
      },

And within the definition:

      "privateDnsZoneIds": {
        "type": "Array",
        "metadata": {
          "description": "Specifies the list of private DNS zones IDs to configure for the private endpoint.",
          "displayName": "Private DNS zone IDs",
          "strongType": "Microsoft.Network/privateDnsZones"
        }
      },

If we can validate this for other scenarios we may be able to close this issue as not required.

krowlandson avatar Nov 01 '22 13:11 krowlandson

@matt-FFFFFF closing this as I cannot reproduce and suspect the issue has been resolved: image Let me know if you feel this is still an issue.

Springstone avatar Oct 04 '23 05:10 Springstone