search

Azure / enterprise-azure-policy-as-code

Enterprise-ready Azure Policy-as-Code (PaC) solution (includes Az DevOps pipeline)
https://azure.github.io/enterprise-azure-policy-as-code/
MIT License
415 stars 220 forks source link

API Levels US Government #566

Closed glsutter closed 4 months ago

glsutter commented 5 months ago

The Azure commercial API levels are not available in AzureUSGovernment.

To reproduce: Try to deploy policy plan in AzureUSGovernment with Microsoft Defender for Cloud.

Expected behavior: Assignment succeeds

Actual behavior: Log from AzureUSGovernment deployment of policy plan. InvalidOperation: The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: definition error 404 -- {"error":{"code":"InvalidResourceType","message":"The resource type 'policySetDefinitions' could not be found in the namespace 'Microsoft.Authorization' for api version '2023-04-01'. The supported api-versions are '2017-06-01-preview,2018-03-01,2018-05-01,2019-01-01,2019-06-01,2019-09-01,2020-03-01,2020-08-01,2020-09-01,2021-06-01'."}}

EPAC Version Select-PacEnvironment.ps1 in current release.

Fixed by updating Select-PacEnvironment.ps1 and adding: if ($pacEnvironment.cloud -eq "AzureUSGovernment") { $apiVersions = @{ policyDefinitions = "2021-06-01" policySetDefinitions = "2021-06-01" policyAssignments = "2022-06-01" policyExemptions = "2022-07-01-preview" roleAssignments = "2022-04-01" } }

The AzureChinaCloud API version seem to work in AzureUSGovernment.

techlake commented 4 months ago

Fixed (we hope)