Hello there appears to be a bug when applying the following policy: modules/archetypes/lib/policy_assignments/policy_assignment_es_enable_aum_checkupdates.tmpl.json
The policy definition clearly states it's an array:
{
"name": "Deploy-AUM-CheckUpdates",
"type": "Microsoft.Authorization/policySetDefinitions",
"apiVersion": "2021-06-01",
"scope": null,
"properties": {
"policyType": "Custom",
"displayName": "Configure periodic checking for missing system updates on azure virtual machines and Arc-enabled virtual machines",
"description": "Configure auto-assessment (every 24 hours) for OS updates. You can control the scope of assignment according to machine subscription, resource group, location or tag. Learn more about this for Windows: https://aka.ms/computevm-windowspatchassessmentmode, for Linux: https://aka.ms/computevm-linuxpatchassessmentmode.",
"metadata": {
"version": "1.0.0",
"category": "Security Center",
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
"AzureCloud"
]
},
"parameters": {
"assessmentMode": {
"type": "String",
"metadata": {
"displayName": "Assessment mode",
"description": "Assessment mode for the machines."
},
"allowedValues": [
"ImageDefault",
"AutomaticByPlatform"
],
"defaultValue": "AutomaticByPlatform"
},
"locations": {
"type": "Array",
"metadata": {
"displayName": "Machines locations",
"description": "The list of locations from which machines need to be targeted.",
"strongType": "location"
},
However, I get an error when applying:
│ The given value is not suitable for var.custom_landing_zones declared at
│ variables.tf:161,1-32: element "rootmgmt": attribute "archetype_config":
│ attribute "parameters": element "Enable-AUM-CheckUpdates": element
│ "locations": attribute "value": string required.
When trying a string it states an array is required.
Hello there appears to be a bug when applying the following policy: modules/archetypes/lib/policy_assignments/policy_assignment_es_enable_aum_checkupdates.tmpl.json
Associated policy definition: modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_aum_checkupdates.tmpl.json
When declaring the policy in custom_landing_zones.tfvars:
The policy definition clearly states it's an array:
However, I get an error when applying:
When trying a string it states an array is required.