search

gettek / terraform-azurerm-policy-as-code

Terraform modules that simplify the workflow of custom and built-in Azure Policies
https://learn.microsoft.com/en-us/azure/governance/policy/concepts/policy-as-code
MIT License
146 stars 68 forks source link

Initiative module does not handle empty definition parameters #46

Closed gettek closed 1 year ago

gettek commented 2 years ago

Some policy definitions (Built-In or Custom) may have empty parameters which the initiative module does not handle correctly

See PR #45

toby-p9 commented 1 year ago

Hi there, first of all: thanks for fixing this! The fix works for policy definitions. However, I still have similar issues in the following two cases: 1) when assigning a policy initiative that has parameters, but you don't assign any (so the initiative will use defaults only. Prime example: the Azure Security Benchmark). This results in the following change at every apply: screen_1 Workaround: take a random parameter and assign the default value. This will apply the parameter, change nothing but prevent the change at every Terraform apply. 2) when including policies that do not have any parameters in an initiative. This will happen: screen_2 Workaround: I modified line 23 in modules > initiative > main.tf and included a length check. Instead of parameter_values = jsonencode({ I wrote parameter_values = (length(policy_definition_reference.value.parameters) == 0) ? "" : jsonencode({

Both of these seem like provider issues at heart, similar to this one. My workarounds work, but you might be able to handle them in a better way in case you are interested. I just required a quick & dirty fix...

gettek commented 1 year ago

@toby-p9 thanks for bringing this to light, I will run some tests and raise a fix soon