facing error while adding parameters in Azure Policy Definition. #5781
Comments
|
It looks like the parameter expressions inside the @miqm -- do you know if anything changed recently? I'm seeing the same behavior with v0.4.1008. Here's the template after being transpiled by bicep: {
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.4.1008.15138",
"templateHash": "14924330309872542773"
}
},
"functions": [],
"variables": {
"copy": [
{
"name": "policies",
"count": "[length(range(0, length(variables('policyarray'))))]",
"input": "[json('{\r\n \"properties\": {\r\n \"displayName\": \"Storage accounts should be limited by allowed SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Restrict the set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"version\": \"1.1.0\",\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect_STO\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"Enable or disable the execution of the audit policy\",\r\n \"displayName\": \"effect_STO-001\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"listOfAllowedSKUs_STO\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"listOfAllowedSKUs_STO-001\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"defaultValue\": [\r\n \"Standard_LRS\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters(''listOfAllowedSKUs_STO'')]\"\r\n \r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters(''effect_STO'')]\"\r\n }\r\n }\r\n }\r\n}')]"
}
],
"policyarray": [
"./policystg-01.json"
]
},
"resources": [
{
"copy": {
"name": "policyDefinition",
"count": "[length(variables('policies'))]"
},
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2020-09-01",
"name": "[format('{0}', variables('policies')[copyIndex()].properties.displayName)]",
"properties": {
"displayName": "[variables('policies')[copyIndex()].properties.displayName]",
"policyType": "[variables('policies')[copyIndex()].properties.policyType]",
"mode": "[variables('policies')[copyIndex()].properties.mode]",
"metadata": "[variables('policies')[copyIndex()].properties.metadata]",
"parameters": "[variables('policies')[copyIndex()].properties.parameters]",
"policyRule": "[variables('policies')[copyIndex()].properties.policyRule]"
}
}
]
}And here are the changes I needed to make: {
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.4.1008.15138",
"templateHash": "14924330309872542773"
}
},
"functions": [],
"variables": {
"copy": [
{
"name": "policies",
"count": "[length(range(0, length(variables('policyarray'))))]",
"input": "[json('{\r\n \"properties\": {\r\n \"displayName\": \"Storage accounts should be limited by allowed SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Restrict the set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"version\": \"1.1.0\",\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect_STO\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"Enable or disable the execution of the audit policy\",\r\n \"displayName\": \"effect_STO-001\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"listOfAllowedSKUs_STO\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"listOfAllowedSKUs_STO-001\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"defaultValue\": [\r\n \"Standard_LRS\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[[parameters(''listOfAllowedSKUs_STO'')]\"\r\n \r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters(''effect_STO'')]\"\r\n }\r\n }\r\n }\r\n}')]"
}
],
"policyarray": [
"./policystg-01.json"
]
},
"resources": [
{
"copy": {
"name": "policyDefinition",
"count": "[length(variables('policies'))]"
},
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2020-09-01",
"name": "[format('{0}', variables('policies')[copyIndex()].properties.displayName)]",
"properties": {
"displayName": "[variables('policies')[copyIndex()].properties.displayName]",
"policyType": "[variables('policies')[copyIndex()].properties.policyType]",
"mode": "[variables('policies')[copyIndex()].properties.mode]",
"metadata": "[variables('policies')[copyIndex()].properties.metadata]",
"parameters": "[variables('policies')[copyIndex()].properties.parameters]",
"policyRule": "[variables('policies')[copyIndex()].properties.policyRule]"
}
}
]
} |
|
@alex-frankel also uploaded an code files for reference Definition.zip |
|
@alex-frankel I don't recall any change in that area. But my question is - why do we even need to escape there? It's in the middle of a string plus square bracket is a valid string character. Double square bracket is for escaping ARM expressions but it should be only on the beginning of a string property, not in the middle of it. |
|
Good point @miqm. So I don't entirely understand why, but removing the loop allows the bicep code to work. This deployed successfully for me: targetScope = 'subscription'
var policy = json(loadTextContent('./policystg-01.json'))
resource policyDefinition 'Microsoft.Authorization/policyDefinitions@2020-09-01' = {
name: 'foobar'
properties: {
displayName: 'foobar'
policyType: policy.properties.policyType
mode: policy.properties.mode
metadata: policy.properties.metadata
parameters: policy.properties.parameters
policyRule: policy.properties.policyRule
}
}By coincidence, we also got a report (#5766) about this array of strings working with the @Mrunamii218 - given this array strategy would not work with more than one item in the array, and that this does work when not using an array and a |
|
@alex-frankel . Able to parametrize the policy rule in policy definition after removing array and for loop. Thank you |
|
@alex-frankel is there any way to define multiple policy definition through one bicep file. |
ghost
locked as resolved and limited conversation to collaborators
When performing parameterization in Policy Definition its is giving an error "'The template parameter 'listOfA
fAllowedSKUs_STO' is not found"``
When adding static values in Policy rule then this policy definition executes successfull,without adding parametrization
Please help to get this fix.
Policy Definiton-
{ "properties": { "displayName": "Storage accounts should be limited by allowed SKUs", "policyType": "Custom", "mode": "Indexed", "description": "Restrict the set of storage account SKUs that your organization can deploy.", "metadata": { "version": "1.1.0", "category": "Storage" }, "parameters": { "effect_STO": { "type": "String", "metadata": { "description": "Enable or disable the exe cution of the audit policy", "displayName": "effect_STO-001" }, "allowedValues": [ "Audit", "Deny", "Disabled" ], "defaultValue": "Audit" }, "listOfAllowedSKUs_STO": { "type": "Array", "metadata": { "description": "The list of SKUs that can be specified for storage accounts.", "displayName": "listOfAllowedSKUs_STO-001", "strongType": "storageSkus" }, "defaultValue": [ "Standard_LRS" ] } }, "policyRule": { "if": { "allOf": [ { "field": "type", "equals": "Microsoft.Storage/storageAccounts" }, { "not": { "field": "Microsoft.Storage/storageAccounts/sku.name", "in": "[parameters('listOfAllowedSKUs_STO')]" } } ] }, "then": { "effect": "[parameters('effect_STO')]" } } } }Bicep file through which trying to create a definition at subscription level-
Definition.zip
The text was updated successfully, but these errors were encountered: