Closed AzureStackNerd closed 1 month ago
I've assigned this to myself @AzureStackNerd - Looking into it.
@AzureStackNerd - We have decided to update the way EPAC is determining if an Azure Policy is "Deprecated". Moving forward we are only checking to see if the policy is deprecated based on the version in the metadata. If the version ends with "deprecated", then we will consider that a deprecated policy and EPAC will continue to either disable or not disable the policy effect based on the "doNotDisableDeprecatedPolicies" property in global-settings.
This will be updated in v10.5.1
Describe the bug We had a working pipeline with version 10.4.1 and suddenly our pipeline was failing with an error
I could not understand what was happening, my PolicyAssignment had the parameter value: "deployIfNotExists". However the plan file had a value of "Disabled". After a lot of searching It seems you fixed something in the deprecation-code and it started working as intended. EPAC is now replacing my value with "Disabled". However the allowed value in our policy is "disabled" (lowercase) and the deployment fails.
To Reproduce
Expected behavior I would expect that this feature would only work for built-in policies, not for custom policies with the word "deprecated" in their description. With the built-in policies you are 100% sure you can replace the configured value with "Disabled". With custom policies you cannot.
It would be nice if
Build-DeploymentPlans
fails if in this case one of the Parameter values is not in the Allowed Values.WorkAround put the following setting in the pacselector as documented:
"doNotDisableDeprecatedPolicies": true
However this will disable all policies which are "deprecated"
Screenshots If applicable, add screenshots to help explain your problem.
EPAC Version Pipeline always uses the latest installed module. Reproduced it with local installation v10.4.2