Azure / Enterprise-Scale

The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organizations to define their Azure architecture
https://aka.ms/alz
MIT License
1.72k stars 972 forks source link

Guardrail for Key Vault assignment parameter issue #1761

Open jasperpostcn opened 2 months ago

jasperpostcn commented 2 months ago

Community Note

Versions

terraform: 1.9.*

azure provider: v3.114.0

module: CAF version 6.0.0

Description

Describe the bug

After deploying the CAF Enterprise one if the policy assignments that is present by default is the Enforce recommended guardrails for Azure Key Vault. While it is for mostly large initiatives quite hard to map the Policy Texts to the parameter names, in case of the keyvault one it shows multiple parameter with the name Effect. See screenshot for the example.

One improvement I would say is that the Parameter ID can be what it currently is, but the Parameter Name should reflect the names in the assignment so it is easier to map it in code.

Steps to Reproduce

  1. Deploy CAF 6
  2. Go to Policy > Assignments >Enforce recommended guardrails for Azure Key Vault (can be multiple)
  3. Click Edit Assignment and go to Parameters

Screenshots

Edit Mode view: keyvault-guardrails

Assignment view: image

matt-FFFFFF commented 1 month ago

Hi thanks for reporting - passing back to upstream repo for triage by @Springstone

Springstone commented 3 weeks ago

Tracking in AB#37721