search

Azure / enterprise-azure-policy-as-code

Enterprise-ready Azure Policy-as-Code (PaC) solution (includes Az DevOps pipeline)
https://azure.github.io/enterprise-azure-policy-as-code/
MIT License
403 stars 206 forks source link

Get Existing AzureChinaCloud Exemptions not Returning Non-Management Group Scoped Exemptions #691

Closed ahsulli closed 3 weeks ago

ahsulli commented 3 weeks ago

Describe the bug When getting existing exemptions within an AzureChinaCloud tenant, only management group level exemptions are included in the final returned list of existing exemptions.

To Reproduce

  1. Run an Export-AzPolicyResources or Build-DeploymentPlans using a pacSelector whose type is AzureChinaCloud.

Expected behavior All exemptions scoped to management groups, subscriptions, resource groups, and individual resources within the specified pacSelector configuration should be included in the list of existing exemptions that are factored into the final output.

Screenshots N/A

EPAC Version 10.3.5

anwather commented 3 weeks ago

Closing as issue is defined in #692

ahsulli commented 1 week ago

@anwather, just to further clarify, you can also reproduce this issue by running Build-DeploymentPlans as well. However, this version of the repro steps produces an erroneous output that is less obvious to see but is still flawed for the same reason.

ahsulli commented 1 week ago

@anwather, issue is still present. Please fix. Cannot run deployment plans against China tenants as a result.

anwather commented 1 week ago

OK you mentioned you had code to fix this can you please submit a PR. I don't have access to a China tenant to run this against.

Get Outlook for Androidhttps://aka.ms/AAb9ysg

From: ahsulli @.> Sent: Wednesday, July 10, 2024 4:29:59 AM To: Azure/enterprise-azure-policy-as-code @.> Cc: Mention @.>; Comment @.>; Assign @.>; State change @.>; Subscribed @.***> Subject: Re: [Azure/enterprise-azure-policy-as-code] Get Existing AzureChinaCloud Exemptions not Returning Non-Management Group Scoped Exemptions (Issue #691)

@anwatherhttps://github.com/anwather, issue is still present. Please fix. Cannot run deployment plans against China tenants as a result.

— Reply to this email directly, view it on GitHubhttps://github.com/Azure/enterprise-azure-policy-as-code/issues/691#issuecomment-2218382113 or unsubscribehttps://github.com/notifications/unsubscribe-auth/ACWCJVTCXOIN6EEU5MCZFW3ZLQT2RBFKMF2HI4TJMJ2XIZLTSWBKK5TBNR2WLJDUOJ2WLJDOMFWWLO3UNBZGKYLEL5YGC4TUNFRWS4DBNZ2F6YLDORUXM2LUPGBKK5TBNR2WLJDUOJ2WLJDOMFWWLLTXMF2GG2C7MFRXI2LWNF2HTAVFOZQWY5LFUVUXG43VMWSG4YLNMWVXI2DSMVQWIX3UPFYGLAVFOZQWY5LFVIZDOMRVHE4DSNBXHCSG4YLNMWUWQYLTL5WGCYTFNSBKK5TBNR2WLKRSG4ZDKOJYHE2DQMVENZQW2ZNJNBQXGX3MMFRGK3FMON2WE2TFMN2F65DZOBS2YSLTON2WKQ3PNVWWK3TUUZ2G64DJMNZZJAVEOR4XAZNKOJSXA33TNF2G64TZUV3GC3DVMWUTGMZXGE3DEOBTHCBKI5DZOBS2K2LTON2WLJLWMFWHKZNKGIZTOMZXGA2DONJUQKSHI6LQMWSWYYLCMVWKK5TBNR2WLKRSG4ZDKOJYHE2DOOECUR2HS4DFUVWGCYTFNSSXMYLMOVS2UMRXGI2TSOBZGQ4DFJ3UOJUWOZ3FOKTGG4TFMF2GK. You are receiving this email because you were mentioned.

Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

ahsulli commented 1 week ago

@anwather, can someone please grant me access to create a branch and PR? I have the code already prepared on my local. The code has been successfully tested numerous times against my organization's China and Commercial tenants. Hopefully that helps too.

anwather commented 1 week ago

Just fork the repo, create a branch on the fork, make changes and create a pull request please.

Get Outlook for Androidhttps://aka.ms/AAb9ysg

From: ahsulli @.> Sent: Friday, July 12, 2024 2:24:41 AM To: Azure/enterprise-azure-policy-as-code @.> Cc: Mention @.>; Comment @.>; Assign @.>; State change @.>; Subscribed @.***> Subject: Re: [Azure/enterprise-azure-policy-as-code] Get Existing AzureChinaCloud Exemptions not Returning Non-Management Group Scoped Exemptions (Issue #691)

@anwatherhttps://github.com/anwather, can someone please grant me access to create a branch and PR? I have the code already prepared on my local. The code has been successfully tested numerous times against my organization's China and Commercial tenants. Hopefully that helps too.

— Reply to this email directly, view it on GitHubhttps://github.com/Azure/enterprise-azure-policy-as-code/issues/691#issuecomment-2223363883 or unsubscribehttps://github.com/notifications/unsubscribe-auth/ACWCJVQGKYJNQZHP25XC2DTZL2WUTBFKMF2HI4TJMJ2XIZLTSWBKK5TBNR2WLJDUOJ2WLJDOMFWWLO3UNBZGKYLEL5YGC4TUNFRWS4DBNZ2F6YLDORUXM2LUPGBKK5TBNR2WLJDUOJ2WLJDOMFWWLLTXMF2GG2C7MFRXI2LWNF2HTAVFOZQWY5LFUVUXG43VMWSG4YLNMWVXI2DSMVQWIX3UPFYGLAVFOZQWY5LFVIZDOMRVHE4DSNBXHCSG4YLNMWUWQYLTL5WGCYTFNSBKK5TBNR2WLKRSG4ZDKOJYHE2DQMVENZQW2ZNJNBQXGX3MMFRGK3FMON2WE2TFMN2F65DZOBS2YSLTON2WKQ3PNVWWK3TUUZ2G64DJMNZZJAVEOR4XAZNKOJSXA33TNF2G64TZUV3GC3DVMWUTGMZXGE3DEOBTHCBKI5DZOBS2K2LTON2WLJLWMFWHKZNKGIZTOMZXGA2DONJUQKSHI6LQMWSWYYLCMVWKK5TBNR2WLKRSG4ZDKOJYHE2DOOECUR2HS4DFUVWGCYTFNSSXMYLMOVS2UMRXGI2TSOBZGQ4DFJ3UOJUWOZ3FOKTGG4TFMF2GK. You are receiving this email because you were mentioned.

Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

ahsulli commented 3 days ago

@anwather, I have created PR: https://github.com/Azure/enterprise-azure-policy-as-code/pull/702