Bug report: "effect" parameter ID for "Deploy VM backup" policy; case sensitive for Identity management group.

[peter-mogaka]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Versions

terraform: "1.7.1"

azure provider: "3.99.0"

module: "5.2.1"

Description

Describe the bug

I'm trying to set the "effect" parameter on the "Deploy-vm-backup" policy assignment on the Identity Management group(MG).

Setting the value as "Effect" does not work on identity MG. It will instead set "Effect" parameter. The "effect" parameter is not set/overridden. The default parameter "effect" value stays in place.

Setting "Effect" on landing-zone, decommissioned, sandbox will set the "effect" parameter. The default parameter "effect" value will be set/updated.

This means that the same config gives different results - case sensitivity depending on the MG. Other MG tested are able to handle/interpret case sensitivity for the "effect" parameter except the Identity MG.

Setting the "effect" parameter will update all MGs according to custom value set.

terraform apply screenshot below shows the issue. In summary: Identity MG = 2 parameter: Effect and effect Landing-zone, connectivity, decommissioned MGs = 1 parameter: Effect/effect

I

Steps to Reproduce

option 1: archetype extend

1. step 1 - create archetype extension files for connectivity MG, and Landing-zone MG. Congiure
2. step 2 - in settings.core.tf, archetype_config_overrides add config to change "Effect" parameter for "Deploy-vm-backup" policy assignment to "auditIfNotExists"
3. step 3 - add config to change "Effect" parameter for "Deploy-vm-backup" policy assignment to "auditIfNotExists"; apply to the identity MG, connectivity MG, and Landing-zone MG files.
4. you get it... Policy parameters "effect" is still set to "deployIfNotExists" for Identiy MG. Policy parameter "Effect" is set to "auditIfNotExists". Policy parameters is still set to "auditIfNotExists" for landing zone MG, connectivity MG etc.

Screenshots

Tf plan

archetype extend files

Additional context

Allowed values for the parameter are; "allowedValues": [ "auditIfNotExists", "AuditIfNotExists", "deployIfNotExists", "DeployIfNotExists", "disabled", "Disabled"

Screenshots

Additional context

[peter-mogaka]

in addition, The "Effect" parameter on the Identity MG doesn't show up on the portal or config files afaik and checked.