Describe the bug
The Desired state exclude scopes seems to be ignored in the code logic.
To Reproduce
Add in global settings in DesiredState.excludedScope a management group child to the deployment root scope.
"desiredState": {
"strategy": "ownedOnly",
"keepDfcSecurityAssignments": false,
"excludedScopes": [
"/providers/Microsoft.Management/managementGroups/MGChild"
]
}
The assignment in excluded scopes are still being evaluated.
Expected behavior
EPAC should not include the Definitions and assignment from that Management Groups or Subscription.
EPAC Version
EPAC v10.1.11.
In Get-GlobalSettings.ps1, at line 270:
else {
$null = $globalNotScopesSubscriptionsList.Add($excludedScope)
}
should be
else {
$null = $globalExcludedScopesSubscriptionsList.Add($excludedScope)
}
Also in Build-ScopeTableForManagementGroup.ps1 and Build-ScopeTableForSubscription.ps1, when we refer to excluded scope variable, it should point to desiredstate.
Ex. $PacEnvironment.globalExcludedScopesManagementGroups should be $PacEnvironment.desiredState.globalExcludedScopesManagementGroups
Describe the bug The Desired state exclude scopes seems to be ignored in the code logic.
To Reproduce Add in global settings in DesiredState.excludedScope a management group child to the deployment root scope. "desiredState": { "strategy": "ownedOnly", "keepDfcSecurityAssignments": false, "excludedScopes": [ "/providers/Microsoft.Management/managementGroups/MGChild" ] }
The assignment in excluded scopes are still being evaluated.
Expected behavior EPAC should not include the Definitions and assignment from that Management Groups or Subscription.
EPAC Version EPAC v10.1.11.
In Get-GlobalSettings.ps1, at line 270: else { $null = $globalNotScopesSubscriptionsList.Add($excludedScope) } should be else { $null = $globalExcludedScopesSubscriptionsList.Add($excludedScope) }
Also in Build-ScopeTableForManagementGroup.ps1 and Build-ScopeTableForSubscription.ps1, when we refer to excluded scope variable, it should point to desiredstate. Ex. $PacEnvironment.globalExcludedScopesManagementGroups should be $PacEnvironment.desiredState.globalExcludedScopesManagementGroups