Policy Set, Enforce-Guardrails-Network Bug Report

Azure / Enterprise-Scale

The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organizations to define their Azure architecture

https://aka.ms/alz

MIT License

1.73k stars 980 forks source link

Policy Set, Enforce-Guardrails-Network Bug Report #1697

Closed MikaelJcSoderberg closed 3 months ago

MikaelJcSoderberg commented 4 months ago

Describe the bug There are wrong values for this parameter : modifyNsgRuleAccess "modifyNsgRuleAccess": { "type": "string", "defaultValue": "Deny", "allowedValues": [ "Audit", "Deny", "Disabled" ] }

It should be "modifyNsgRuleAccess": { "type": "string", "defaultValue": "Deny" "allowedValues": [ "Allow", "Deny" ] } Steps to reproduce Assign Enforce-Guardrails-Network

Screenshots

jtracey93 commented 4 months ago

@Springstone can you take a look at this one please buddy?

Springstone commented 4 months ago

The allowed parameters are indeed incorrect but should not be an issue if you use Deny. To address this issue, we have a PR in to address the correct allowed parameters.

Springstone commented 4 months ago

Have a PR in #1702 that fixes this and ensure built-in policy alignment for parameters.