search

Azure / deployment-stacks

Contains Deployment Stacks CLI scripts and releases
MIT License
87 stars 6 forks source link

You can configure DenySettingsExcludedPrincipals, DenySettingsExcludedActions and DenySettingsApplyToChildScopes but you cannot see what is currently configured #83

Closed slavizh closed 1 year ago

slavizh commented 1 year ago

Is your feature request related to a problem? Please describe. You can configure DenySettingsExcludedPrincipals but you cannot see what is currently configured. For example in the output after deployment I did not find DenySettingsExcludedPrincipals exposed. Also if you do Get operation on the stack is not visible. Same applies to DenySettingsExcludedActions and DenySettingsApplyToChildScopes.

Describe the solution you'd like You should be able to see what is configured in the returned output

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

Additional context Add any other context or screenshots about the feature request here.

dantedallag commented 1 year ago

If you reference the DenySettings property of the of the returned stack object from a Get, New, or Set, you should see these values. The output of the stack object itself is meant to be a partial viewing of important values. We can discuss adding these values (when populated) to the output of the stack, though depending on how many are supplied for the Actions (there is max 200), we may only show a subset.

slavizh commented 1 year ago

You can have default view that outputs the most important properties but have additional properties that can be viewed if you use explicit calling like:

$foo = Get-AzSubscriptionDeploymentStack -Name stack1
$foo.DenySettingsExcludedActions

if you do not add those properties there will be no way that we can see them and see what is our configuration. Same if you allow just partial information.

dantedallag commented 1 year ago

Ah, ok. I think what you want is this:

$foo = Get-AzSubscriptionDeploymentStack -Name stack1 $foo.DenySettings.ExcludedActions

We have decided to make DenySettings a nested object rather than have all the DenySettings properties be stored directly on the stack object.

If you do:

$foo.DenySettings

you should be able to see them all. Let me know if this works for you.

slavizh commented 1 year ago

ok. good. You can close this than.