search

Azure / enterprise-azure-policy-as-code

Enterprise-ready Azure Policy-as-Code (PaC) solution (includes Az DevOps pipeline)
https://azure.github.io/enterprise-azure-policy-as-code/
MIT License
436 stars 243 forks source link

Plan does not catch missing `nonComplianceMessage\policyDefinitionReferenceId` in policyAssignments #753

Closed o-l-a-v closed 1 month ago

o-l-a-v commented 2 months ago

Describe the bug

Plan does not validate/catch missing/non-existing nonComplianceMessage\policyDefinitionReferenceId in policyAssignments.

Deploy then crashes when EPAC calls Set-AzPolicyAssignmentRestMethod with error:

{
  "error": {
    "code": "InvalidCreatePolicyAssignmentRequest",
    "message": "The policy assignment request is invalid. The following policy definition reference IDs used in non-compliance messages do not exist in the assigned policy set definition: '<redacted>'."
  }
}

Would be great if EPAC could validate this during plan.

To Reproduce

In a policyAssignments: Create a nonComplianceMessage with policyDefinitionReferenceId to a policyDefinition or a policySetDefinition that does not exist.

Expected behavior

Catch this in plan.

Screenshots

No thanks.

EPAC Version

v10.6.0

anwather commented 2 months ago

Testing in development environment