search

Azure / azure-policy

Repository for Azure Resource Policy built-in definitions and samples
MIT License
1.49k stars 1.08k forks source link

CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45) PolicySet - incorrect additionalMetadataId value #1271

Open JulianHayward opened 7 months ago

JulianHayward commented 7 months ago

the additionalMetadataId value under the key policyDefinitionGroups is incorrect, _L2 after CMMC_2.0 needs to be removed in order to retrieve positive response, currently returns 404

Example:

is: "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_2.0_L2_SI.L1-3.14.5 should be: "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_2.0_SI.L1-3.14.5

The issue seems applicable to all additionalMetadataId values in the PolicySet

Details of the scenario you tried and the problem that is occurring

Getting additional metadata information..

image

ref: https://github.com/Azure/azure-policy/blob/51ac1cd964ab59060e39ff264a476c664dfa1517/built-in-policies/policySetDefinitions/Regulatory%20Compliance/CMMC_2_0_L2.json#L439

Verbose logs showing the problem

PS C:\temp> (Invoke-AzRestMethod -Uri "https://management.azure.com/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_2.0_L2_SI.L1-3.14.5?api-version=2019-10-01" -Method 'GET').StatusCode
404

PS C:\temp> (Invoke-AzRestMethod -Uri "https://management.azure.com/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_2.0_SI.L1-3.14.5?api-version=2019-10-01" -Method 'GET').StatusCode
200

Suggested solution to the issue

Remove _L2 after CMMC_2.0 in the value for additionalMetadataId, not sure if the groupNames under the key policyDefinitions require alignment, too..