Bug Report: Issue in using policy Deny-MgmtPorts-From-Internet policy

[jain-ranjith]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

• Policy Name: Deny-MgmtPorts-From-Internet
• Policy definition - Deny-MgmtPorts-From-Internet.json

{
  "field": "Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange",
  "in": "[[parameters('ports')]"
 },

This is resulting in error The inner exception 'Evaluation result of language expression '[[parameters('ports')]' is type 'String', expected type is 'Array'.'. at policy creation.

[jtracey93]

Hey @jain-ranjith, thanks for the issue.

How did you deploy this policy? As if you copied it from this repo and didn't use one of our implementation options (portal, bicep or terraform modules) you will have some extra escaping characters present that you dont need.

If you just want the definition, use the "copy definition" button via AzAdvertizer here for this policy and it will remove the escaping characters https://www.azadvertizer.net/azpolicyadvertizer/Deny-MgmtPorts-From-Internet.html

details on the escaping is here: https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Contribution-Guide#escaping-policy-functions

[jain-ranjith]

Hi @jtracey93 , Thanks for the explanation.
I tried to "copy" the definition and used it Terraform. My bad that I did not read the instructions. I will close the issue :)