Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Enforce-Encryption-CMK.json #1927

Merged
merged 3 commits into from
Feb 18, 2025
Merged

Update Enforce-Encryption-CMK.json #1927

merged 3 commits into from
Feb 18, 2025

Conversation

oZakari
Copy link
Contributor

@oZakari oZakari commented Feb 18, 2025

Overview/Summary

This pull request includes a small but important change to the Enforce-Encryption-CMK.json file. The change corrects a typo in the "supersededBy" metadata field.

Breaking Changes

  1. None

Testing Evidence

Please provide any testing evidence to show that your Pull Request works/fixes as described and planned (include screenshots, if appropriate).

Testing URLs

The below URLs can be updated where the placeholders are, look for {YOUR GITHUB BRANCH NAME HERE - Remove Curly Brackets Also} & {YOUR GITHUB BRANCH NAME HERE - Remove Curly Brackets Also}, to allow you to test your portal deployment experience.

Please also replace the curly brackets on the placeholders {}

Azure Public

[Deploy To Azure](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2F{YOUR GITHUB ORG/ACCOUNT HERE - Remove Curly Brackets Also}%2FEnterprise-Scale%2F{YOUR GITHUB BRANCH NAME HERE - Remove Curly Brackets Also}%2FeslzArm%2FeslzArm.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2F{YOUR GITHUB ORG/ACCOUNT HERE - Remove Curly Brackets Also}%2FEnterprise-Scale%2F{YOUR GITHUB BRANCH NAME HERE - Remove Curly Brackets Also}%2FeslzArm%2Feslz-portal.json)

Azure US Gov (Fairfax)

[Deploy To Azure](https://portal.azure.us/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2F{YOUR GITHUB ORG/ACCOUNT HERE - Remove Curly Brackets Also}%2FEnterprise-Scale%2F{YOUR GITHUB BRANCH NAME HERE - Remove Curly Brackets Also}%2FeslzArm%2FeslzArm.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2F{YOUR GITHUB ORG/ACCOUNT HERE - Remove Curly Brackets Also}%2FEnterprise-Scale%2F{YOUR GITHUB BRANCH NAME HERE - Remove Curly Brackets Also}%2FeslzArm%2Ffairfaxeslz-portal.json)

As part of this Pull Request I have

  • Checked for duplicate Pull Requests
  • Associated it with relevant issues, for tracking and closure.
  • Ensured my code/branch is up-to-date with the latest changes in the main branch
  • Performed testing and provided evidence.
  • Ensured contribution guidance is followed.
  • Updated relevant and associated documentation.
  • Updated the "What's New?" wiki page (located: /docs/wiki/whats-new.md)

@oZakari oZakari requested a review from a team as a code owner February 18, 2025 21:09
jaredfholgate
jaredfholgate previously approved these changes Feb 18, 2025
View reviewed changes
Copy link
Member

@jaredfholgate jaredfholgate left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

jaredfholgate
jaredfholgate approved these changes Feb 18, 2025
View reviewed changes
Copy link
Member

@jaredfholgate jaredfholgate left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

arjenhuitema
arjenhuitema approved these changes Feb 18, 2025
View reviewed changes
Copy link
Contributor

@arjenhuitema arjenhuitema left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@arjenhuitema arjenhuitema merged commit 4116df1 into main Feb 18, 2025
4 of 5 checks passed
@arjenhuitema arjenhuitema deleted the oZakari-patch-1 branch February 18, 2025 21:17
@nickchaperon
Copy link

Hi

I have been testing the ALZ platform deployment (ADO & TF) and as of this morning am receiving the following error ..


│ Error: Failed to create/update resource

│ with module.management_groups.module.management_groups.azapi_resource.policy_set_definitions["alz/Enforce-Encryption-CMK"],
│ on .terraform/modules/management_groups.management_groups/main.policy_set_definitions.tf line 1, in resource "azapi_resource" "policy_set_definitions":
│ 1: resource "azapi_resource" "policy_set_definitions" {

│ creating/updating Resource: (ResourceId
│ "/providers/Microsoft.Management/managementGroups/alz/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK"
│ / Api Version "2023-04-01"): PUT
https://management.azure.com/providers/Microsoft.Management/managementGroups/alz/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK
│ --------------------------------------------------------------------------------
│ RESPONSE 400: 400 Bad Request
│ ERROR CODE: InvalidPolicyParameters
│ --------------------------------------------------------------------------------
│ {
│ "error": {
│ "code": "InvalidPolicyParameters",
│ "message": "The policy set 'Enforce-Encryption-CMK' could not be parameterized because the default value of a policy set parameter referenced by policy definition 76a56461-9dc0-40f0-82f5-2453283afa2f was not valid for that policy definition. Please verify that the default values of all policy set parameters are valid in the context of the policy definitions referencing them. The inner exception 'The value 'Deny' is not allowed for policy parameter 'effect' in policy definition '76a56461-9dc0-40f0-82f5-2453283afa2f'. The allowed values are 'AuditIfNotExists, Disabled'.'."
│ }
│ }
│ --------------------------------------------------------------------------------

@jtracey93
Copy link
Collaborator

Thanks @nickchaperon we are aware and this PR is part of the fix. We expect to have a fix out today for terraform for this 👍

@nickchaperon
Copy link

thanks @jtracey93 .. apologies, wasn't certain there was a connection but noticed there had been a change. Thanks for the update

@jaredfholgate
Copy link
Member

thanks @jtracey93 .. apologies, wasn't certain there was a connection but noticed there had been a change. Thanks for the update

Accelerator update is now released. See here for the diff if you have already deployed: https://github.com/Azure/alz-terraform-accelerator/releases/tag/v5.1.0

Our intention is to fix this permanently with policy version pinning, but missing a feature in the SDK to implement. Hoping to have a fix in the next few weeks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jaredfholgate jaredfholgate jaredfholgate approved these changes

@arjenhuitema arjenhuitema arjenhuitema approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@oZakari @nickchaperon @jtracey93 @jaredfholgate @arjenhuitema