techlake
commented
4 months ago Fixed in v10.2.3
Closed FalconJeff closed 4 months ago
techlake
commented
4 months ago Fixed in v10.2.3
techlake
commented
4 months ago Accidental close
techlake
commented
4 months ago I will look at this either today or Monday
Describe the bug The Desired state exclude scopes seems to be ignored in the code logic.
To Reproduce Add in global settings in DesiredState.excludedScope a management group child to the deployment root scope. "desiredState": { "strategy": "ownedOnly", "keepDfcSecurityAssignments": false, "excludedScopes": [ "/providers/Microsoft.Management/managementGroups/MGChild" ] }
The assignment in excluded scopes are still being evaluated.
Expected behavior EPAC should not include the Definitions and assignment from that Management Groups or Subscription.
EPAC Version EPAC v10.1.11.
In Get-GlobalSettings.ps1, at line 270: else { $null = $globalNotScopesSubscriptionsList.Add($excludedScope) } should be else { $null = $globalExcludedScopesSubscriptionsList.Add($excludedScope) }
Also in Build-ScopeTableForManagementGroup.ps1 and Build-ScopeTableForSubscription.ps1, when we refer to excluded scope variable, it should point to desiredstate. Ex. $PacEnvironment.globalExcludedScopesManagementGroups should be $PacEnvironment.desiredState.globalExcludedScopesManagementGroups