-
Notifications
You must be signed in to change notification settings - Fork 745
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot easily reference policyDefinition from policySetDefinition #1228
Comments
I think this is only an issue when the policy definition is created at |
@bmoore-msft, @filizt, can either of you think of any way in ARM JSON today to get the current scope of a managementGroup-scoped deployment (e.g. I've not been able to think of anything we could codegen that doesn't require a code change to the deployment service. Note - this is documented in the Bicep codebase here |
You're right you cannot today (this came up a lot with LZs). There is a PR on hold #4451578 that will unblock this scenario - it's creating a You can still codegen the resourceId (using |
Mind clarifying on this a little bit? In the example given, we have: targetScope = 'managementGroup'
resource policy01 'Microsoft.Authorization/policyDefinitions@2020-09-01' = {
name: 'Allowed locations'
...
} I would expect the resulting resourceId of the
What would codegen for the resourceId look like just using the |
the managementGroup() function would give you the name... but it's a fair conversation to say whether we should also have a managementGroupResourceId() function as well (even though it's redundant, it simplifies a bit). |
Either works just fine for Bicep - was just curious if there was a way to do this today - sounds like not until we have |
It's nice to be able to use the |
Thank you, @anthony-c-martin - that change is awesome! |
Bicep version
Bicep CLI version 0.2.212 (a19d66c)
Describe the bug
I cannot find a way to easily reference a policyDefinition from a policySetDefinition. In the policySet, I need to reference a policyDefinition, Here, I have not succeeded using an automated reference, but must compose a string myself. The bicep source now also contains a hardcoded reference to the management group where I will deploy it.
I have to do this:
policyDefinitionId: '/providers/Microsoft.Management/managementGroups/MYMANAGEMENTGROUP/providers/${policy01.id}'
I expected to do this:
policyDefinitionId: policy01.id
To Reproduce
Create
main.bicep
as shown below, and compile. Deploy usingNew-AzManagementGroupDeployment - ManagementGroup MYMANAGEMENTGROUP -TemplateFile main.json -Location westeurope
Additional context
This might easily be me expecting too much. I did look through the documentation, and did
The text was updated successfully, but these errors were encountered: