Please answer these questions when submitting your issue. Thanks!
What is your Terraform version? Run terraform -v to show the version. If you are not running the latest version of Terraform, please upgrade because your issue may have already been fixed.
Which operating system, processor architecture, and Go version are you using (go env)?
Tested on Mac for a Kion v3.8.10 and v3.9.2 and GOVERSION="go1.20.2"
What are the affected resources? For example, kion_aws_iam_policy, kion_compliance_check, etc.
kion_azure_policy
What does your Terraform configuration file look like?
resource "kion_azure_policy" "p1" {
name = "sample-resource"
description = "Accounts with owner permissions on Azure resources should be MFA enabled"
owner_users { id = 1 }
owner_user_groups { id = 1 }
policy = <<EOF
{
"displayName": "Accounts with owner permissions on Azure resources should be MFA enabled",
"description": "Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.",
"policyRule": {
"if": {
"equals": "Microsoft.Resources/subscriptions",
"field": "type"
},
"then": {
"details": {
"existenceCondition": {
"field": "Microsoft.Security/assessments/status.code",
"in": [
"NotApplicable",
"Healthy"
]
},
"name": "6240402e-f77c-46fa-9060-a7ce53997754",
"type": "Microsoft.Security/assessments"
},
"effect": "[parameters('effect')]"
}
},
"metadata": {
"category": "Security Center"
},
"parameters": {
"effect": {
"type": "String",
"defaultValue": "AuditIfNotExists"
}
},
"mode": "All",
"policyType": "BuiltIn"
}
EOF
}
Copy-paste your Terraform configurations here - for large Terraform configs,
please use a service like Dropbox and share a link to the ZIP file. For
security, you can also encrypt the files using our GPG public key.
5. Please provide a link to a GitHub Gist containing the complete debug output: https://www.terraform.io/docs/internals/debugging.html. Please do NOT paste the debug output in the issue; just paste a link to the Gist.
6. If Terraform produced a panic, please provide a link to a GitHub Gist containing the output of the `crash.log`.
7. What did you expect to see?
Expected to see the Azure policy in Kion
8. What did you actually see?
│ Error: Unable to create AzurePolicy
│
│ with kion_azure_policy.p1,
│ on main.tf line 112, in resource "kion_azure_policy" "p1":
│ 112: resource "kion_azure_policy" "p1" {
│
│ Error: url: https://demo3.kion.io/api/v3/azure-policy, method: POST, status: 400, body: {"status":400,"message":"Key: 'AzurePolicyCreate.AzurePolicy.Name' Error:Field validation for 'Name' failed on the
│ 'required' tag\nKey: 'AzurePolicyCreate.AzurePolicy.Policy' Error:Field validation for 'Policy' failed on the 'required' tag"}
│
│ Item: {{ } 0x140003b3d88 0x140003b3dd0}
╵
9. What steps can we run to reproduce the issue?
```bash
# Apply
terraform apply
Is there anything atypical about your accounts that we should know? For example: Running in EC2 Classic? Custom version of OpenStack? Tight ACLs?
Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here?
Please answer these questions when submitting your issue. Thanks!
terraform -v
to show the version. If you are not running the latest version of Terraform, please upgrade because your issue may have already been fixed.Terraform v1.8.3 on darwin_arm64
go env
)?Tested on Mac for a Kion v3.8.10 and v3.9.2 and GOVERSION="go1.20.2"
kion_azure_policy
resource "kion_azure_policy" "p1" { name = "sample-resource" description = "Accounts with owner permissions on Azure resources should be MFA enabled" owner_users { id = 1 } owner_user_groups { id = 1 } policy = <<EOF { "displayName": "Accounts with owner permissions on Azure resources should be MFA enabled", "description": "Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.", "policyRule": { "if": { "equals": "Microsoft.Resources/subscriptions", "field": "type" }, "then": { "details": { "existenceCondition": { "field": "Microsoft.Security/assessments/status.code", "in": [ "NotApplicable", "Healthy" ] }, "name": "6240402e-f77c-46fa-9060-a7ce53997754", "type": "Microsoft.Security/assessments" }, "effect": "[parameters('effect')]" } }, "metadata": { "category": "Security Center" }, "parameters": { "effect": { "type": "String", "defaultValue": "AuditIfNotExists" } }, "mode": "All", "policyType": "BuiltIn" } EOF }
Copy-paste your Terraform configurations here - for large Terraform configs,
please use a service like Dropbox and share a link to the ZIP file. For
security, you can also encrypt the files using our GPG public key.
Is there anything atypical about your accounts that we should know? For example: Running in EC2 Classic? Custom version of OpenStack? Tight ACLs?
Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here?