Terraform-provider-azurerm: `azurerm_policy_set_definition` reports error during update

Created on 14 Oct 2020  ·  5Comments  ·  Source: terraform-providers/terraform-provider-azurerm

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

terraform 0.12.29

Affected Resource(s)

  • azurerm_policy_set_definition

Terraform Configuration Files

provider "azurerm" {
  # whilst the `version` attribute is optional, we recommend pinning to a given version of the Provider
  version = ">=2.31.0"
  features {}
}
data "azurerm_policy_definition" "activity_log_exist_admin_operations" {
  display_name = "An activity log alert should exist for specific Administrative operations"
}
resource "azurerm_policy_set_definition" "cis_custom" {
  name                  = "CIS Custom Effects"
  policy_type           = "Custom"
  display_name          = "CIS Custom Effects"
  policy_definition_reference {
    policy_definition_id = data.azurerm_policy_definition.activity_log_exist_admin_operations.id
    parameter_values = jsonencode({
      operationName = { value = "Microsoft.Sql/servers/firewallRules/delete" }
    })
  }
}

Debug Output

Panic Output

Expected Behavior

The policy set definition could be updated successfully

Actual Behavior

An error occurs:

Error: expanding `policy_definition_reference`: cannot set both `parameters` and `parameter_values`

Steps to Reproduce

  1. terraform apply with the config above
  2. change the display name and terraform apply again

Important Factoids

References

  • #0000
bug servicpolicy
Source
picture ArcturusZhang
👍3

All 5 comments

Also Related

parameter_values now expects a string but should be an object map:

Inappropriate value for attribute "parameter_values": string required.

gettek picture gettek on 15 Oct 2020

Also Related

parameter_values now expects a string but should be an object map:

Inappropriate value for attribute "parameter_values": string required.

Actually parameters is an object map (and deprecated), parameter_values is a JSON string with the same format as the parameters in azurerm_policy_assignment.

Please note the jsonencode function in the config I posted in the description.

ArcturusZhang picture ArcturusZhang on 16 Oct 2020
👍1

Also Related

parameter_values now expects a string but should be an object map:
Inappropriate value for attribute "parameter_values": string required.

Actually parameters is an object map (and deprecated), parameter_values is a JSON string with the same format as the parameters in azurerm_policy_assignment.

Please note the jsonencode function in the config I posted in the description.

The docs should be updated to avoid confusion:
parameter_values - (Optional) Parameter values for the referenced policy rule. This field is a json object that allows you to assign parameters to this policy rule.

gettek picture gettek on 16 Oct 2020

Hi @gettek I also include the doc update in my fix for this issue.

ArcturusZhang picture ArcturusZhang on 19 Oct 2020
👍1

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

hashibot[bot] picture hashibot[bot] on 18 Nov 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

MMollyy picture MMollyy  ·  3Comments
steffencircle picture steffencircle  ·  3Comments
hashibot picture hashibot  ·  3Comments
mlazowik picture mlazowik  ·  3Comments
Faaux picture Faaux  ·  3Comments