search

Azure / enterprise-azure-policy-as-code

Enterprise-ready Azure Policy-as-Code (PaC) solution (includes Az DevOps pipeline)
https://azure.github.io/enterprise-azure-policy-as-code/
MIT License
436 stars 243 forks source link

jsonc not supported during Deploy-PolicyPlan #791

Closed nicholaslanger closed 1 month ago

nicholaslanger commented 1 month ago

Hi EPAC,

I'm attempting to run EPAC deploy policy / roles scripts after running the build deployment plans script in an ADO pipeline. The plan step seems to work fine and I'm able to view the plan files in the Output directory. However, once we attempt to run scripts Deploy-PolicyPlan.ps1 we receive the error "the request content was invalid and could not be deserialized: Unexpected character encountered while parsing value ... "

Many of our definitions are in format .jsonc which I believe is causing this error. For example, all of our policy assignments are in jsonc format with comments.

I believe this error is being thrown at one of the Set-AzPolicy[Definition/Set/Assignment]RestMethod.ps1 script calls in Deploy-PolicyPlan.ps1 when they attempt to make the request to deploy the policy resource. It fails due to not being able to parse the comments within the jsonc files. For example, were erroring out at Scripts/Helpers/RestMethods/Set-AzPolicyAssignmentRestMethod.ps1 here https://github.com/Azure/enterprise-azure-policy-as-code/blob/da1f7351b56afa3c9531c76c0823f6429dd3d5c1/Scripts/Helpers/RestMethods/Set-AzPolicyAssignmentRestMethod.ps1#L60

Does this repo no longer support jsonc? I dont think I want to update any scripts in the Scripts directory so I dont receive conflicts in future versions of EPAC. I'm also using the most recent version.

nicholaslanger commented 1 month ago

UPDATE: I actually found that the definition files with jsonc format with comments is actually not the issue. Rather the issue I'm facing is setting the location field to managedIdentityLocation from the global-settings.jsonc file in a policy assignment here https://github.com/Azure/enterprise-azure-policy-as-code/blob/da1f7351b56afa3c9531c76c0823f6429dd3d5c1/Scripts/Helpers/RestMethods/Set-AzPolicyAssignmentRestMethod.ps1#L36. Which then fails to send with the invalid json error when attempting to send the request here https://github.com/Azure/enterprise-azure-policy-as-code/blob/da1f7351b56afa3c9531c76c0823f6429dd3d5c1/Scripts/Helpers/RestMethods/Set-AzPolicyAssignmentRestMethod.ps1#L53

The json isnt valid when the key of the object in the location field is "*" since our managedIdentityLocation leverages https://github.com/Azure/enterprise-azure-policy-as-code/blob/da1f7351b56afa3c9531c76c0823f6429dd3d5c1/Docs/settings-global-setting-file.md?plain=1#L110C337-L111C1

Has this been seen before?

nicholaslanger commented 1 month ago

This was the error. I was using the * notation for managedIdentityLocations within an individual pacEnvironment, fixed by simply specifying managedIdentityLocation as a string value of the region to deploy the managed identity to