-
Notifications
You must be signed in to change notification settings - Fork 507
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Archetype_config_overrides not working on extended archetype #913
Comments
@nyanhp, looks to me that you are missing to specify the It should a little more like this for you (I guess): archetype_config_overrides = {
"${var.root_id}-platform" = {
archetype_id = "es_platform"
parameters = {}
enforcement_mode = {
Enforce-GR-KeyVault = false
}
}
"${var.root_id}-landing-zones" = {
archetype_id = "es_landing-zones"
parameters = {}
enforcement_mode = {
Deny-Subnet-Without-Nsg = false
}
}
} I do something similar, except that I set the parameter instead to archetype_config_overrides = {
landing-zones = {
archetype_id = "es_landing_zones"
parameters = {
Deny-Subnet-Without-Nsg = {
Effect = "Audit"
}
}
}
} |
Unfortunately that workaround does not work for me. It is ignored as long as I am using both an archetype extension as well as a config override. By the way, regardless of whether the archetype_id is used or not. It's fine if it isn't supposed to work in the first place :) But then I would appreciate some callouts in the documentation. |
Hi! Thanks for all the discussion 馃槉 This is not a scenario we have tested, so do not have a solution at this time. We are somewhat limited by HCL and I can't therefore guarantee we will be able to solve this but we can have a look. |
Community Note
Versions
terraform: 1.7.4
azure provider: 3.95.0
module: ~>5.0.0
Description
Describe the bug
Using archetype_config_overrides, the landing-zones archetype is not overridden with regards to policy assignments. Other archetypes like the platform can be successfully modified. What I suspect is that the extension to the landing zones might be the reason.
Why do both? We use the same project to manage multiple root ids. The extensions are used globally if you will, the overrides are used per root id. I've not found anything in the docs regarding the merging behavior.
Steps to Reproduce
Create an extension archetype_extension_es_landing_zones.tmpl.json in your library folder.
Plan changes, notice that no changes are planned for the landing-zones MG that pertain to changing the enforcement mode of
Deny-Subnet-Without-Nsg
.Screenshots
Additional context
The text was updated successfully, but these errors were encountered: