Open jinkang23 opened 4 weeks ago
Hi @jinkang23,
Thank you for raising this, unfortunately I cannot see how this will be beneficial when one can set assignment_name
to give unique values at runtime.
Perhaps you could consider creating the random_id
in a for_each loop instead and parsing the key/value mapping to the assignment, thus populating assignment_name
to meet your requirements.
Hope this helps
Hello @gettek - Thank you for your response.
I have considered that workaround and will technically work in this case. However, I raised this issue in hoping that the modules can be updated to support randomly generating the assignment_name
natively as I believe it would be a more elegant approach to solving this issue instead of trying to track the random_id
key/value mapping external to the module. That degree of overhead can become a bit complex once we start to manage many Policy assignments at management group scopes and would hope that you would reconsider adding this as a QoL enhancement. Thank you!
When deploying the same Policy initiative to multiple Azure regions scoped at Management group (i.e. Tenant Root Group), this creates a duplicate Assignment Id causing the deployment to fail. This can be worked around by generating a globally unique guid and passing that in as
assignment_name
value, but I would like to ask that bothdef_assignment
andset_assignment
sub-modules support generating a random value usingrandom_id
resource instead.Expected Behavior
Policy Set Assignments for
module.asgmt_root_mg_platform_resource_diagnostics_to_storage_this
should successfully create two assignments, one per each region specified using thefor_each
:centralus
,eastus2
.Current Behavior
First Policy Set Assignment is created succesfully (i.e.
centralus
), however, the second Policy Set Assignment fails with 400 Bad Request due to duplicate Policy set Assignment ID.Possible Solution
Update
set_assignment
anddef_assignment
sub-modules with following changes: