Getting error for Private link DNS
Nikhleshk opened this issue · comments
{
"type": "Microsoft.Authorization/policyDefinitions",
"name": "PrivateLinkAzureServiceBusArecordtoprivateDNSZone",
"properties": {
"displayName": "Private Link Azure IoT Hubdev servicebus A-record to private DNS Zone",
"policyType": "Custom",
"mode": "Indexed",
"description": "DeployIfNotExists policy to automatically create the required DNS record in the central private DNS zone.\nhttps://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/private-link-and-dns-integration-at-scale#configuration-required-by-platform-team",
"metadata": {
"category": "Private Link"
},
"parameters": {
"effect": {
"type": "String",
"defaultValue": "DeployIfNotExists",
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
}
},
"PrivateLinkAzureServiceBusArecordtoprivateDNSZone_privateDnsZoneId": {
"type": "String",
"metadata": {
"displayName": "privateDnsZoneId",
"description": null,
"strongType": "Microsoft.Network/privateDnsZones"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Network/privateEndpoints"
},
{
"count": {
"field": "Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]",
"where": {
"field": "Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]",
"equals": "iotHub"
}
},
"greaterOrEquals": 1
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"existenceCondition": {
"count": {
"field": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups.privateDnsZoneConfigs[*]",
"where": {
"field": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups.privateDnsZoneConfigs[*].privateDnsZoneId",
"equals": "[parameters('PrivateLinkAzureServiceBusArecordtoprivateDNSZone_privateDnsZoneId')]"
}
},
"greater": 0
},
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/befefa01-2a29-4197-83a8-272ff33ce314",
"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"PrivateLinkAzureServiceBusArecordtoprivateDNSZone_privateDnsZoneId": {
"type": "string"
},
"privateEndpointName": {
"type": "string"
},
"location": {
"type": "string"
}
},
"resources": [
{
"name": "[concat(parameters('privateEndpointName'), '/deployedByPolicy1')]",
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-03-01",
"location": "[parameters('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "iotHub-privateDnsZone",
"properties": {
"privateDnsZoneId": "[parameters('PrivateLinkAzureServiceBusArecordtoprivateDNSZone_privateDnsZoneId')]"
}
}
]
}
}
]
},
"parameters": {
"PrivateLinkAzureServiceBusArecordtoprivateDNSZone_privateDnsZoneId": {
"value": "[parameters('PrivateLinkAzureServiceBusArecordtoprivateDNSZone_privateDnsZoneId')]"
},
"privateEndpointName": {
"value": "[field('name')]"
},
"location": {
"value": "[field('location')]"
}
}
}
}
}
}
}
}
}
For above policy i am getting error as below
Error: updating Policy Set Definition "Private-link_initiative": policy.SetDefinitionsClient#CreateOrUpdateAtManagementGroup: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="InvalidPolicySetParameterUpdate" Message="The policy contains new parameter(s) 'PrivateLinkAzureServiceBusArecordtoprivateDNSZone_privateDnsZoneId' which are not present in the existing policy and have no default value. New parameters may be added to a policy only if they have a default value."
│
│ with module.Private-link_initiative.azurerm_policy_set_definition.set,
│ on ..\..\modules\initiative\main.tf line 1, in resource "azurerm_policy_set_definition" "set":
│ 1: resource azurerm_policy_set_definition set {
No idea why for 2-3 private link policies giving same error.
For others it is working finr in initiative
The clue is: New parameters may be added to a policy only if they have a default value
You will need to add the defaultValue
key when adding new parameters:
"PrivateLinkAzureServiceBusArecordtoprivateDNSZone_privateDnsZoneId": {
"type": "String",
"defaultValue": "",
"metadata": {
"displayName": "privateDnsZoneId",
"description": null,
"strongType": "Microsoft.Network/privateDnsZones"
}
}
This issue is stale because it has been open for 30 days with no activity.
This issue was closed because it has been inactive for 14 days since being marked as stale.