Terraform-provider-azurerm: azurerm_policy_assignment policy_definition_id fails validation in 2.6, for built in policy_set expects scope to be prepended #6

Created on 28 Apr 2020  ·  4Comments  ·  Source: terraform-providers/terraform-provider-azurerm

Terraform (and AzureRM Provider) Version

Terraform v0.12.24
AzureRM 2.7.0

Affected Resource(s)

  • azurerm_policy_assignment

    Terraform Configuration Files

resource "azurerm_policy_assignment" "CIS_1_1" {
  name                 = "CIS_1_1"
  policy_definition_id = "/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d"
  scope                = local.subscription_id

  parameters = <<PARAMETERS
{
  "listOfRegionsWhereNetworkWatcherShouldBeEnabled": {
    "value": [ 
        "centralus",
        "eastus",
        "eastus2",
    ]
  }
}
PARAMETERS
}

Expected Behavior

Policy Set Assignment should be created (this worked fine in 2.5)
This issue was recently fixed for Policy assignments, but the Policy Set Assignment validation is still broken

Actual Behavior

Error: cannot parse "policy_definition_id" as a Policy Definition ID: unable to parse Policy Definition ID "/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d"

Steps to Reproduce

  1. terraform apply

References

  • #6523
bug servicpolicy
Source
picture jarmbruster74
👍2

Most helpful comment

@ArcturusZhang - would it be possible to add the same logic for the policy set defintion?

picture jarmbruster74 on 28 Apr 2020
👍2

All 4 comments

@ArcturusZhang - would it be possible to add the same logic for the policy set defintion?

jarmbruster74 picture jarmbruster74 on 28 Apr 2020
👍2

Hi @jarmbruster74 no problem. I am working on this.

ArcturusZhang picture ArcturusZhang on 29 Apr 2020

This has been released in version 2.9.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.9.0"
}
# ... other configuration ...
hashibot[bot] picture hashibot[bot] on 8 May 2020

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

hashibot[bot] picture hashibot[bot] on 7 Jun 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

rolandjohann picture rolandjohann  ·  3Comments
jansepke picture jansepke  ·  3Comments
mikemorris picture mikemorris  ·  3Comments
Kanikamiglani31 picture Kanikamiglani31  ·  3Comments
Lachlan-White picture Lachlan-White  ·  3Comments