PSRule icon indicating copy to clipboard operation
PSRule copied to clipboard
verified publisher icon microsoft

[BUG] Azure.Log.Replication - location not recognized properly

Open krbar opened this issue 7 months ago • 2 comments

Description of the issue

Issue

When validating an AVM module using PSRule, the validation for Log Analytics Workspace fails if the properties.replication.location property is supplied at runtime. In this scenario, workspace replication is enabled, but the replication location is determined dynamically - specifically, it is set as the output from another deployment that identifies the paired region for the workspace.

Expected Behavior

PSRule should accept values for properties.replication.location that are provided at runtime.

Actual Behavior

Validation fails when the replication location is not supplied as a fixed parameter but instead is set dynamically at runtime. The error message returned is: • Path properties.replication.location: Is set to '' Despite this, deploying the resource with the same parameter successfully configures replication as expected.

Error messages

    ____  _____ ____        __
   / __ \/ ___// __ \__  __/ /__
  / /_/ /\__ \/ /_/ / / / / / _ \
 / ____/___/ / _, _/ /_/ / /  __/
/_/    /____/_/ |_|\__,_/_/\___/

Using PSRule v2.9.0
Using PSRule.Rules.Azure v1.44.0

----------------------------
Explore documentation: https://aka.ms/ps-rule
Contribute and find source: https://github.com/microsoft/PSRule
Report issues: https://github.com/microsoft/PSRule/issues
PSRule.Rules.Azure: https://aka.ms/ps-rule-azure
----------------------------

From repository: https://github.com/krbar/bicep-registry-modules
  on : users/krbar/lawReplication
  at : 9533a5c2e3882a2ce7376392f77aafb6b0ff5c6d

 -> ***oiwwaf001 : Microsoft.OperationalInsights/workspaces [0/1]

    [FAIL] Azure.Log.Replication (AZR-000425)
    | Template: avm/res/operational-insights/workspace/tests/e2e/waf-aligned/main.test.bicep:1823:38

    | RECOMMEND:
    | Consider replicating Log Analytics workspaces across regions to improve access
    | to monitoring data in the event of a regional service disruption.

    | REASON:
    | - Path properties.replication.location: Is set to ''.

    | HELP:
    | - https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.Log.Replication/

Error: AZR-000425: ***oiwwaf001 failed Azure.Log.Replication. Log Analytics workspaces should have workspace replication enabled to improve service availability.

Reproduction

GitHub Action with the failing test: https://github.com/krbar/bicep-registry-modules/actions/runs/15589383912/job/43904190780

Commit high adding the replication to the deployment, showing used inputs: https://github.com/Azure/bicep-registry-modules/commit/287c1e3bb59750e44c9100dff2a70c0416148d18

Version of PSRule

2.9.0

How are you running PSRule

GitHub Actions

Additional context

No response

krbar avatar Jun 11 '25 16:06 krbar

Thanks for raising your first issue, the team appreciates the time you have taken 😉

github-actions[bot] avatar Jun 11 '25 16:06 github-actions[bot]

Hi @krbar. Thanks for reporting the issue. Runtime values are supported, however the output is from a PowerShell deployment script, so this is not going to work because PSRule doesn't deploy anything to Azure and therefore the script will never be run.

Let's find a better solution for this. I'm going to revert the discussion to the internal chat for now but let's keep this open while we work on an outcome.

BernieWhite avatar Jun 12 '25 18:06 BernieWhite

Fixed with PSRule.Rules.Azure v1.44.1.

BernieWhite avatar Jun 19 '25 10:06 BernieWhite

Thanks @BernieWhite!

krbar avatar Jul 08 '25 20:07 krbar