Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: Table data must not contain control characters - Policy assignment deployment #79

Closed
WilliamDahlen opened this issue Nov 8, 2021 · 3 comments
Closed

Error: Table data must not contain control characters - Policy assignment deployment #79

WilliamDahlen opened this issue Nov 8, 2021 · 3 comments
Labels
idle Inactive for 14 days

Comments

@WilliamDahlen
Copy link

I cant seem to get the attached policy assignment deployed in my tenant. The file is json valid and as far as i can tell correctly defined.

The error i get from the action is like the issue topic says: Error: Table data must not contain control characters.
All other assignments seem to work as expected.

I cannot find any control characters, please let me know if i can do anything to help.

Attached is the policy and assignment file. The policy got deployed fine.

Policy Assignment

{
  "sku": {
    "name": "A0",
    "tier": "Free"
  },
  "identity": {
    "type": "None"
  },
  "properties": {
    "displayName": "Deploy-Budget",
    "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/gitopslab/providers/Microsoft.Authorization/policyDefinitions/Deploy-Budget",
    "scope": "/providers/Microsoft.Management/managementGroups/gitopslab",
    "notScopes": [
      "/providers/Microsoft.Management/managementGroups/gitopslab/lab"
    ],
    "parameters": {
      "amount": {
        "value": "50000"
      },
      "timeGrain": {
        "value": "Monthly"
      },
      "firstThreshold": {
        "value": "75"
      },
      "secondThreshold": {
        "value": "90"
      },
      "contactRoles": [
        "Owner",
        "Contributor"
      ],
      "contactEmails": [
        "test@example.com"
      ],
      "contactGroups": []
    },
    "description": "Deploy a default budget on all subscriptions under the assigned scope",
    "metadata": {
      "assignedBy": "test team"
    },
    "enforcementMode": "Default"
  },
  "id": "/providers/Microsoft.Management/managementGroups/gitopslab/providers/Microsoft.Authorization/policyAssignments/Deploy-Budget",
  "type": "Microsoft.Authorization/policyAssignments",
  "name": "Deploy-Budget",
  "location": "norwayeast"
}

Policy object

{
  "name": "Deploy-Budget",
  "type": "Microsoft.Authorization/policyDefinitions",
  "properties": {
    "policyType": "Custom",
    "mode": "All",
    "displayName": "Deploy a default budget on all subscriptions under the assigned scope",
    "description": "Deploy a default budget on all subscriptions under the assigned scope",
    "metadata": {
      "version": "1.0.0",
      "category": "Budget"
    },
    "parameters": {
      "amount": {
        "type": "String",
        "defaultValue": "1000",
        "metadata": {
          "description": "The total amount of cost or usage to track with the budget"
        }
      },
      "timeGrain": {
        "type": "String",
        "defaultValue": "Monthly",
        "allowedValues": [
          "Monthly",
          "Quarterly",
          "Annually",
          "BillingMonth",
          "BillingQuarter",
          "BillingAnnual"
        ],
        "metadata": {
          "description": "The time covered by a budget. Tracking of the amount will be reset based on the time grain."
        }
      },
      "firstThreshold": {
        "type": "String",
        "defaultValue": "90",
        "metadata": {
          "description": "Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000."
        }
      },
      "secondThreshold": {
        "type": "String",
        "defaultValue": "100",
        "metadata": {
          "description": "Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000."
        }
      },
      "contactRoles": {
        "type": "Array",
        "defaultValue": [
          "Owner",
          "Contributor"
        ],
        "metadata": {
          "description": "The list of contact RBAC roles, in an array, to send the budget notification to when the threshold is exceeded."
        }
      },
      "contactEmails": {
        "type": "Array",
        "defaultValue": [],
        "metadata": {
          "description": "The list of email addresses, in an array, to send the budget notification to when the threshold is exceeded."
        }
      },
      "contactGroups": {
        "type": "Array",
        "defaultValue": [],
        "metadata": {
          "description": "The list of action groups, in an array, to send the budget notification to when the threshold is exceeded. It accepts array of strings."
        }
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Resources/subscriptions"
          }
        ]
      },
      "then": {
        "effect": "DeployIfNotExists",
        "details": {
          "type": "Microsoft.Consumption/budgets",
          "deploymentScope": "Subscription",
          "existenceScope": "Subscription",
          "existenceCondition": {
            "allOf": [
              {
                "field": "Microsoft.Consumption/budgets/amount",
                "equals": "[parameters('amount')]"
              },
              {
                "field": "Microsoft.Consumption/budgets/timeGrain",
                "equals": "[parameters('timeGrain')]"
              },
              {
                "field": "Microsoft.Consumption/budgets/category",
                "equals": "Cost"
              }
            ]
          },
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
          ],
          "deployment": {
            "location": "norwayeast",
            "properties": {
              "mode": "Incremental",
              "parameters": {
                "amount": {
                  "value": "[parameters('amount')]"
                },
                "timeGrain": {
                  "value": "[parameters('timeGrain')]"
                },
                "firstThreshold": {
                  "value": "[parameters('firstThreshold')]"
                },
                "secondThreshold": {
                  "value": "[parameters('secondThreshold')]"
                },
                "contactEmails": {
                  "value": "[parameters('contactEmails')]"
                },
                "contactRoles": {
                  "value": "[parameters('contactRoles')]"
                },
                "contactGroups": {
                  "value": "[parameters('contactGroups')]"
                }
              },
              "template": {
                "$schema": "http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "amount": {
                    "type": "String"
                  },
                  "timeGrain": {
                    "type": "String"
                  },
                  "firstThreshold": {
                    "type": "String"
                  },
                  "secondThreshold": {
                    "type": "String"
                  },
                  "contactEmails": {
                    "type": "Array"
                  },
                  "contactRoles": {
                    "type": "Array"
                  },
                  "contactGroups": {
                    "type": "Array"
                  },
                  "startDate": {
                    "type": "String",
                    "defaultValue": "[concat(utcNow('MM'), '/01/', utcNow('yyyy'))]"
                  }
                },
                "resources": [
                  {
                    "type": "Microsoft.Consumption/budgets",
                    "apiVersion": "2019-10-01",
                    "name": "default-sandbox-budget",
                    "properties": {
                      "timePeriod": {
                        "startDate": "[parameters('startDate')]"
                      },
                      "timeGrain": "[parameters('timeGrain')]",
                      "amount": "[parameters('amount')]",
                      "category": "Cost",
                      "notifications": {
                        "NotificationForExceededBudget1": {
                          "enabled": true,
                          "operator": "GreaterThan",
                          "threshold": "[parameters('firstThreshold')]",
                          "contactEmails": "[parameters('contactEmails')]",
                          "contactRoles": "[parameters('contactRoles')]",
                          "contactGroups": "[parameters('contactGroups')]"
                        },
                        "NotificationForExceededBudget2": {
                          "enabled": true,
                          "operator": "GreaterThan",
                          "threshold": "[parameters('secondThreshold')]",
                          "contactEmails": "[parameters('contactEmails')]",
                          "contactRoles": "[parameters('contactRoles')]",
                          "contactGroups": "[parameters('contactGroups')]"
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Management/managementGroups/gitopslab/providers/Microsoft.Authorization/policyDefinitions/Deploy-Budget"
}

Debug output from the Github Action "Create or Update Azure Policies" step.

##[debug]Evaluating condition for step: 'Create or Update Azure Policies'
##[debug]Evaluating: success()
##[debug]Evaluating success:
##[debug]=> true
##[debug]Result: true
##[debug]Starting: Create or Update Azure Policies
##[debug]Loading inputs
##[debug]Loading env
Run azure/manage-azure-policy@v0
##[debug]Looking for policy definition paths to include...
##[debug]Policy file pattern: policies/**/policy.json
##[debug] Matching policy paths: policies/allowed_locations/policy.json,policies/append_appservice_httpsonly/policy.json,policies/append_appservice_latesttls/policy.json,policies/deny_appserviceapiapp_http/policy.json,policies/deny_appservicefunctionapp_http/policy.json,policies/deny_appservicewebapp_http/policy.json,policies/deny_publicip/policy.json,policies/deploy_budget/policy.json
##[debug]Looking for policy definition paths to ignore...
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Found the following policy paths that match the given path filters:
##[debug]
##[debug]policies/allowed_locations
##[debug]policies/append_appservice_httpsonly
##[debug]policies/append_appservice_latesttls
##[debug]policies/deny_appserviceapiapp_http
##[debug]policies/deny_appservicefunctionapp_http
##[debug]policies/deny_appservicewebapp_http
##[debug]policies/deny_publicip
##[debug]policies/deploy_budget
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Looking for policy initiative paths to include...
##[debug]Policy file pattern: policies/**/policyset.json
##[debug] Matching policy paths: 
##[debug]Looking for policy initiative paths to ignore...
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Found no policy initiatives that match the given path filters.
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Looking for policy assignment paths to include...
##[debug]Assignment pattern: policies/**/assign.*.json
##[debug] Matching assignment paths: policies/allowed_locations/assign.allowed_locations.json,policies/append_appservice_httpsonly/assign.append_appservice_httpsonly_root.json,policies/append_appservice_latesttls/assign.append_appservice_latesttls_root.json,policies/deny_appserviceapiapp_http/assign.deny_appserviceapiapp_http_root.json,policies/deny_appservicefunctionapp_http/assign.deny_appservicefunctionapp_http_root.json,policies/deny_appservicewebapp_http/assign.deny_appservicewebapp_http_root.json,policies/deny_publicip/assign.deny_publicip.json,policies/deploy_budget/assign.deploy_budget_root.json
##[debug]Looking for policy assignment paths to ignore...
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Found the following policy assignment paths that match the given path filters:
##[debug]
##[debug]policies/allowed_locations/assign.allowed_locations.json
##[debug]policies/append_appservice_httpsonly/assign.append_appservice_httpsonly_root.json
##[debug]policies/append_appservice_latesttls/assign.append_appservice_latesttls_root.json
##[debug]policies/deny_appserviceapiapp_http/assign.deny_appserviceapiapp_http_root.json
##[debug]policies/deny_appservicefunctionapp_http/assign.deny_appservicefunctionapp_http_root.json
##[debug]policies/deny_appservicewebapp_http/assign.deny_appservicewebapp_http_root.json
##[debug]policies/deny_publicip/assign.deny_publicip.json
##[debug]policies/deploy_budget/assign.deploy_budget_root.json
##[debug]----------------------------------------------------------------------------------------------------
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Ignoring policy with BuiltIn type. Id : /providers/Microsoft.Management/managementGroups/gitopslab/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c, path : policies/allowed_locations
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Checking if assignment path 'policies/allowed_locations/assign.allowed_locations.json' is set to do not enforce
##[debug]Checking if assignment path 'policies/allowed_locations/assign.allowed_locations.json' is set to enforce
##[debug]Checking if assignment path 'policies/append_appservice_httpsonly/assign.append_appservice_httpsonly_root.json' is set to do not enforce
##[debug]Checking if assignment path 'policies/append_appservice_httpsonly/assign.append_appservice_httpsonly_root.json' is set to enforce
##[debug]Checking if assignment path 'policies/append_appservice_latesttls/assign.append_appservice_latesttls_root.json' is set to do not enforce
##[debug]Checking if assignment path 'policies/append_appservice_latesttls/assign.append_appservice_latesttls_root.json' is set to enforce
##[debug]Checking if assignment path 'policies/deny_appserviceapiapp_http/assign.deny_appserviceapiapp_http_root.json' is set to do not enforce
##[debug]Checking if assignment path 'policies/deny_appserviceapiapp_http/assign.deny_appserviceapiapp_http_root.json' is set to enforce
##[debug]Checking if assignment path 'policies/deny_appservicefunctionapp_http/assign.deny_appservicefunctionapp_http_root.json' is set to do not enforce
##[debug]Checking if assignment path 'policies/deny_appservicefunctionapp_http/assign.deny_appservicefunctionapp_http_root.json' is set to enforce
##[debug]Checking if assignment path 'policies/deny_appservicewebapp_http/assign.deny_appservicewebapp_http_root.json' is set to do not enforce
##[debug]Checking if assignment path 'policies/deny_appservicewebapp_http/assign.deny_appservicewebapp_http_root.json' is set to enforce
##[debug]Checking if assignment path 'policies/deny_publicip/assign.deny_publicip.json' is set to do not enforce
##[debug]Checking if assignment path 'policies/deny_publicip/assign.deny_publicip.json' is set to enforce
##[debug]Checking if assignment path 'policies/deploy_budget/assign.deploy_budget_root.json' is set to do not enforce
##[debug]Checking if assignment path 'policies/deploy_budget/assign.deploy_budget_root.json' is set to enforce
##[debug]"/usr/bin/az" cloud show
##[debug]"/usr/bin/az" account get-access-token --resource=https://management.azure.com
::add-mask::***
##[debug][POST]https://management.azure.com/batch?api-version=2020-09-01
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Status of batch calls:
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Name : 0. Status : 200
##[debug]Name : 1. Status : 200
##[debug]Name : 2. Status : 200
##[debug]Name : 3. Status : 200
##[debug]Name : 4. Status : 200
##[debug]Name : 5. Status : 200
##[debug]Name : 6. Status : 200
##[debug]Name : 7. Status : 200
##[debug]Name : 8. Status : 200
##[debug]Name : 9. Status : 200
##[debug]Name : 10. Status : 200
##[debug]Name : 11. Status : 200
##[debug]Name : 12. Status : 200
##[debug]Name : 13. Status : 200
##[debug]Name : 14. Status : 404
##[debug]----------------------------------------------------------------------------------------------------
##[debug]End
##[debug]----------------------------------------------------------------------------------------------------
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Comparing Hash for policy id : /providers/Microsoft.Management/managementGroups/gitopslab/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly : true
##[debug]----------------------------------------------------------------------------------------------------
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Comparing Hash for policy id : /providers/Microsoft.Management/managementGroups/gitopslab/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS : true
##[debug]----------------------------------------------------------------------------------------------------
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Comparing Hash for policy id : /providers/Microsoft.Management/managementGroups/gitopslab/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http : true
##[debug]----------------------------------------------------------------------------------------------------
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Comparing Hash for policy id : /providers/Microsoft.Management/managementGroups/gitopslab/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http : true
##[debug]----------------------------------------------------------------------------------------------------
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Comparing Hash for policy id : /providers/Microsoft.Management/managementGroups/gitopslab/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http : true
##[debug]----------------------------------------------------------------------------------------------------
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Comparing Hash for policy id : /providers/Microsoft.Management/managementGroups/gitopslab/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicIP : true
##[debug]----------------------------------------------------------------------------------------------------
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Comparing Hash for policy id : /providers/Microsoft.Management/managementGroups/gitopslab/providers/Microsoft.Authorization/policyDefinitions/Deploy-Budget : true
##[debug]----------------------------------------------------------------------------------------------------
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Comparing Hash for policy id : /providers/Microsoft.Management/managementGroups/gitopslab/providers/Microsoft.Authorization/policyAssignments/GO-Allowed-Locations : true
##[debug]----------------------------------------------------------------------------------------------------
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Comparing Hash for policy id : /providers/Microsoft.Management/managementGroups/gitopslab/providers/Microsoft.Authorization/policyAssignments/Append-AppServ-httpson : true
##[debug]----------------------------------------------------------------------------------------------------
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Comparing Hash for policy id : /providers/Microsoft.Management/managementGroups/gitopslab/providers/Microsoft.Authorization/policyAssignments/Append-AppServ-latestT : true
##[debug]----------------------------------------------------------------------------------------------------
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Comparing Hash for policy id : /providers/Microsoft.Management/managementGroups/gitopslab/providers/Microsoft.Authorization/policyAssignments/Deny-AppSvcAPIApp-http : true
##[debug]----------------------------------------------------------------------------------------------------
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Comparing Hash for policy id : /providers/Microsoft.Management/managementGroups/gitopslab/providers/Microsoft.Authorization/policyAssignments/Deny-AppSvcFuncApp-http : true
##[debug]----------------------------------------------------------------------------------------------------
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Comparing Hash for policy id : /providers/Microsoft.Management/managementGroups/gitopslab/providers/Microsoft.Authorization/policyAssignments/Deny-AppSvcWebApp-http : true
##[debug]----------------------------------------------------------------------------------------------------
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Comparing Hash for policy id : /providers/Microsoft.Management/managementGroups/gitopslab/providers/Microsoft.Authorization/policyAssignments/GO-Deny-PublicIP : true
##[debug]----------------------------------------------------------------------------------------------------
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Policy with id : /providers/Microsoft.Management/managementGroups/gitopslab/providers/Microsoft.Authorization/policyAssignments/Deploy-Budget, path : policies/deploy_budget/assign.deploy_budget_root.json does not exist in azure. A new policy will be created.
##[debug]----------------------------------------------------------------------------------------------------
##[debug]"/usr/bin/az" account get-access-token --resource=https://management.azure.com
::add-mask::***
##[debug][POST]https://management.azure.com/batch?api-version=2020-09-01
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Status of batch calls:
##[debug]----------------------------------------------------------------------------------------------------
##[debug]Name : 0. Status : 400
##[debug]----------------------------------------------------------------------------------------------------
##[debug]End
##[debug]----------------------------------------------------------------------------------------------------
##[debug]"/usr/bin/az" account get-access-token --resource=https://management.azure.com
::add-mask::***
##[debug]----------------------------------------------------------------------------------------------------
##[debug]No role assignments needs to be created
##[debug]----------------------------------------------------------------------------------------------------
Error: Table data must not contain control characters.
----------------------------------------------------------------------------------------------------
Error : Error: Table data must not contain control characters.
----------------------------------------------------------------------------------------------------
Error: Found '1' failure(s) while deploying policies.
##[debug]Node Action run completed with exit code 1
##[debug]AZURE_HTTP_USER_AGENT='**'
##[debug]Finishing: Create or Update Azure Policies
@WilliamDahlen
Copy link
Author

I have not been able to get this working yet. Feedback would be greatly appriciated.

@github-actions
Copy link

github-actions bot commented Dec 1, 2021

This issue is idle because it has been open for 14 days with no activity.

@github-actions github-actions bot added the idle Inactive for 14 days label Dec 1, 2021
@tauhid621
Copy link
Contributor

Fixed with #85

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
idle Inactive for 14 days
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tauhid621 @WilliamDahlen