search

Azure / terraform-azurerm-caf-enterprise-scale

Azure landing zones Terraform module
https://aka.ms/alz/tf
MIT License
855 stars 562 forks source link

Bug Report Policy enable_aum_checkupdates #1131

Open pcielen opened 1 month ago

pcielen commented 1 month ago

Hello there appears to be a bug when applying the following policy: modules/archetypes/lib/policy_assignments/policy_assignment_es_enable_aum_checkupdates.tmpl.json

Associated policy definition: modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_aum_checkupdates.tmpl.json

When declaring the policy in custom_landing_zones.tfvars:

       Enable-AUM-CheckUpdates = {
          locations = {
            value = ["uksouth", "ukwest"]
            }
        }

The policy definition clearly states it's an array:

{
  "name": "Deploy-AUM-CheckUpdates",
  "type": "Microsoft.Authorization/policySetDefinitions",
  "apiVersion": "2021-06-01",
  "scope": null,
  "properties": {
    "policyType": "Custom",
    "displayName": "Configure periodic checking for missing system updates on azure virtual machines and Arc-enabled virtual machines",
    "description": "Configure auto-assessment (every 24 hours) for OS updates. You can control the scope of assignment according to machine subscription, resource group, location or tag. Learn more about this for Windows: https://aka.ms/computevm-windowspatchassessmentmode, for Linux: https://aka.ms/computevm-linuxpatchassessmentmode.",
    "metadata": {
      "version": "1.0.0",
      "category": "Security Center",
      "source": "https://github.com/Azure/Enterprise-Scale/",
      "alzCloudEnvironments": [
        "AzureCloud"
      ]
    },
    "parameters": {
      "assessmentMode": {
        "type": "String",
        "metadata": {
          "displayName": "Assessment mode",
          "description": "Assessment mode for the machines."
        },
        "allowedValues": [
          "ImageDefault",
          "AutomaticByPlatform"
        ],
        "defaultValue": "AutomaticByPlatform"
      },
      "locations": {
        "type": "Array",
        "metadata": {
          "displayName": "Machines locations",
          "description": "The list of locations from which machines need to be targeted.",
          "strongType": "location"
        },

However, I get an error when applying:

│ The given value is not suitable for var.custom_landing_zones declared at
│ variables.tf:161,1-32: element "rootmgmt": attribute "archetype_config":
│ attribute "parameters": element "Enable-AUM-CheckUpdates": element
│ "locations": attribute "value": string required.

When trying a string it states an array is required.