Skip to content
This repository has been archived by the owner on Jul 26, 2024. It is now read-only.

[bug] restrict_supported_svc = true returns error #61

Closed
patpicos opened this issue Jul 22, 2020 · 0 comments · Fixed by #62
Closed

[bug] restrict_supported_svc = true returns error #61

patpicos opened this issue Jul 22, 2020 · 0 comments · Fixed by #62
Labels
bug Something isn't working

Comments

@patpicos
Copy link
Contributor

Describe the bug
I am trying out the caf and enabling settings incrementally. When I set restrict_supported_svc = true, the policy deployment fails.
Config File: landingzones/landingzone_caf_foundations/blueprint_foundations.sandpit.auto.tfvars

To Reproduce
Steps to reproduce the behavior:
Set: restrict_supported_svc = true
run plan or apply

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

    restrict_supported_svc = true
    list_of_supported_svc  = ["Microsoft.Network/publicIPAddresses", "Microsoft.Compute/disks"]
    msi_location           = "canadacentral"
  }
}

/*
when i enabled restrict_supported_svc:
Terraform returned errors:

Error: Invalid template interpolation value

  on blueprint_foundations_governance/policies/builtin/allowed_resource_type.tf line 16, in resource "azurerm_policy_assignment" "res_type":
  12: 
  13: 
  14: 
  15: 
  16:                 "value" : "${var.policies_matrix.list_of_supported_svc}"
  17: 
  18: 
  19: 
  20: 
    |----------------
    | var.policies_matrix.list_of_supported_svc is tuple with 2 elements

Cannot include the given value in a string template: string required.
*/

Configuration (please complete the following information):

  • OS and version: [e.g. Windows 10 1909]
  • Version of the rover[e.g. 22]
  • Version of the landing zone[e.g. 11]
              version: aztfmod/rover:2007.0108


mode                          : 'rover'
tf_action                     : 'plan'
tf_command                    : ''
landingzone                   : '/tf/caf/landingzones/landingzone_caf_foundations'
terraform command output file : '' 
level                         : 'level0'
environment                   : 'sandpit'
tfstate                       : 'landingzone_caf_foundations.tfstate'

Additional context
Add any other context about the problem here.

The fix is to replace landingzones/landingzone_caf_foundations/blueprint_foundations_governance/policies/builtin/allowed_resource_type.tf with:

#Definition ID: /providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c
#Name: Allowed resource types

locals {
  supported_svc = "${jsonencode(var.policies_matrix.list_of_supported_svc)}"
}

resource "azurerm_policy_assignment" "res_type" {
  count                = var.policies_matrix.restrict_supported_svc ? 1 : 0
  name                 = "res_svc"
  scope                = var.scope
  policy_definition_id = "/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c"
  description          = "Policy Assignment with Terraform"
  display_name         = "TF Restrict Deployment of specified Azure Resources"

  parameters = <<PARAMETERS
    {
      "listOfResourceTypesAllowed": {
        "value" : ${local.supported_svc}
    }
}
PARAMETERS
}
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant