Fixes to remove old assignment and 10 char limit #15
Conversation
- cleanup script - Description and metadata addition to DINE-* policy files - Added known issue about subsequent deployment to different locations - Removing 10 chars limitation for enterpriseScaleCompanyPrefix
There was a problem hiding this comment.
Looks good, thank you Bruno. Just one comment about the metadata/description.
Also, can you provide some evidence with these changes. For example, screenshot of a successful deployment, successful cleanup, deployment to a management group that has more than 10 characters, etc. Thanks!
| @@ -135,7 +135,7 @@ ForEach ($identity in $policyAssignmentIdentities) { | |||
|
|
|||
| ForEach ($roleAssignment in $identityRoleAssignments) { | |||
|
|
|||
| If ($roleAssignment.Description -like '*_deployed_by_amba*') { | |||
| If ($roleAssignment.Description -eq '_deployed_by_amba') { | |||
There was a problem hiding this comment.
I see "_deployed_by_amba" was added in the metadata of the role assignment, however here the if statement the evaluations is done on ".Description" can you validate whether that is correct?
There was a problem hiding this comment.
As far as the script line goes, I made the change to look for exact value (case insensitive). Wildcard in this case can lead to something different added by the customer ... very unlikely but possible.
Here they are the screenshots:
-
Successful deployment with a pseudoMG name which is more than 10 chars
-
Description for role assignment correctly populated
-
Successful cleanup
- Successful deployment
Overview/Summary
Replace this with a brief description of what this Pull Request fixes, changes, etc.
This PR fixes/adds/changes/removes
Breaking Changes
As part of this Pull Request I have
mainbranch