Bug Report: Large number of policies have an extra '['

[rybal06]

Describe the bug

Many policy definitions fail to deploy and give this error message: "The policy has defined parameters 'effect' which are not used in the policy rule. Please either remove these parameters from the definition or ensure that they are used in the policy rule."

Digging into these, there is an extra '[' character; for example: Deny-AppServiceApiApp-http.json -> line 54:

      "then": {
        "effect": "[[parameters('effect')]"
      }

Steps to reproduce Can be reproduced using any deployment method, but for a simple repro:

1. Copy and paste policy definition json file into the azure portal while create a new custom definition.
2. Observe error message.
3. Modify the files to not have extra bracket; i.e.:

     "then": {
       "effect": "[parameters('effect')]"
     }

4. Deploy again. Note that it works.

[jtracey93]

Hey @rybal06 ,

This is not a bug but is the way we need policies to construct the portal experience as we document here in the contribution guide: https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Contribution-Guide#escaping-policy-functions

If you want to copy a policy to manually use/upload to your environment, please use AzAdvertizer to do so, as an example for the Deny-Private-DNS-Zone policy: https://www.azadvertizer.net/azpolicyadvertizer/Deny-Private-DNS-Zones.html This will remove the double [[ escaping that we need for our portal experience

Thanks

[rybal06]

Apologies, I found that shortly after opening the issue, as well as the related powershell function:

    # A number of sources store the required definition in variables
    # which use escaping for ARM functions so they are correctly
    # processed within copy_loops. These may need to be removed when
    # converting to a native ARM template.
    $output = $InputObject |
    ConvertTo-Json -Depth $jsonDepth |
         ForEach-Object { $_ -replace $regex_escapedLeftSquareBrace, "[" } |
    ConvertFrom-Json

Thanks for the quick response.