Closed wdjonz closed 2 months ago
Springstone
commented
2 months ago @wdjonz That policy in question has been deprecated because of a breaking change, which you've run into. As a workaround, in the tenant you are updating, please delete the assignment of Enforce-EncryptTransit, and then delete the initiative. You should then be able to get past this issue. @matt-FFFFFF anything TF specific here?
jtracey93
commented
2 months ago @wdjonz please review the upgrade guides for breaking changes guidance as an example here where this exact issue is called out as well as the steps you must take to resolve 👍 https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BUser-Guide%5D-Upgrade-from-v3.3.0-to-v4.0.0
wdjonz
commented
2 months ago Thanks for the info.. I did find on your site last night that it was deprecated and I did do just what you suggested and it ran like a champ.
I appreciate the response and please consider my issue resolved
Thank you
On Fri, Sep 6, 2024, 1:22 AM Sacha Narinx @.***> wrote:
@wdjonz https://github.com/wdjonz That policy in question has been deprecated because of a breaking change, which you've run into. As a workaround, in the tenant you are updating, please delete the assignment of Enforce-EncryptTransit, and then delete the initiative. You should then be able to get past this issue. @matt-FFFFFF https://github.com/matt-FFFFFF anything TF specific here?
— Reply to this email directly, view it on GitHub https://github.com/Azure/Enterprise-Scale/issues/1757#issuecomment-2333512833, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJNUE2BVSBVVPTTEUTL22GLZVFQ3DAVCNFSM6AAAAABNX2TAX6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMZTGUYTEOBTGM . You are receiving this because you were mentioned.Message ID: @.***>
Greetings, So I am attempting to upgrade the CAF from version 3 something... cannot remember now to version 5.2.1. It upgraded fine on 2 of my tenants minus some subscription registration issues. But when updating my primary production tenant, it is giving an error and stopping
Error: updating Policy Set Definition "Enforce-EncryptTransit": policy.SetDefinitionsClient#CreateOrUpdateAtManagementGroup: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="InvalidPolicySetParameterUpdate" Message="The existing policy has '28' parameter(s) which is greater than the count of parameter(s) '27' in the policy being added. Policy parameters cannot be removed during policy update." │ │ with module.enterprise_scale.azurerm_policy_set_definition.enterprise_scale["/providers/Microsoft.Management/managementGroups/mg/providers/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit"], │ on .terraform\modules\enterprise_scale\resources.policy_set_definitions.tf line 1, in resource "azurerm_policy_set_definition" "enterprise_scale": │ 1: resource "azurerm_policy_set_definition" "enterprise_scale" {
I also tried removing the entire entrerprise module and redoing a terraform init to pull down a fresh copy in case something had changed. But I get the same error
I have played around a bit and tried to find the existing policy on the tenant but having no luck Hoping you can point me in the right direction.