pilor
commented
2 years ago Will fix in next release
Closed matt-FFFFFF closed 2 years ago
pilor
commented
2 years ago Will fix in next release
matt-FFFFFF
commented
2 years ago Thanks!
pilor
commented
2 years ago This is rolling out now and will be visible in all regions tomorrow morning (US Pacific time)
matt-FFFFFF
commented
2 years ago Hi @pilor
I can see the change here in the GitHub repo, but in my tenant the incorrect type remains (string not bool)
Is there anything I need to do to get this fixed?
matt-FFFFFF
commented
2 years ago Interestingly this is the same on another policy:
az rest --method GET --url /providers/Microsoft.Authorization/policyDefinitions/0db34a60-64f4-4bf6-bd44-f95c16cf34b9?api-version=2021-06-01 | jq .properties.parameters.storageId
{
"metadata": {
"assignPermissions": "true",
"description": "A string with the storage id for the flowlogs to be sent to. It will be used for deployment purposes only. Make sure this storage account is located in the same region as the NSG. The format must be: '/subscriptions/{subscription id}/resourceGroups/{resourceGroup name}/providers/Microsoft.Storage/storageAccounts/{storage account name}",
"displayName": "Storage id"
},
"type": "String"
}@matt-FFFFFF this was fixed in all policies that had this issue. It became effective a few hours after your previous comment
matt-FFFFFF
commented
2 years ago Ahh, thanks. I was waiting and thought there was a deployment issue based on your initial reply. It's working now thank you
I found an issue here, where the
assignPermissionsmetadata property on a policy parameter is set to a string, not a bool. This has caused me an issue trying to read this policy using the Azure SDK for Go.https://github.com/Azure/azure-policy/blob/3e8d7c293826173171066b1ed1c1b0be5d236b2f/built-in-policies/policyDefinitions/Network/NetworkSecurityGroup_FlowLog_TrafficAnalytics_Deploy.json#L34-L38