Definition creation fails
mezzofix opened this issue · comments
- Module Version:
- Terraform Version: 3.3.1
- AzureRM Provider Version: 3.34.0
# Error: Error in function call
│
│ on ..\modules\definition\variables.tf line 107, in locals:
│ 107: parameters = coalesce(var.policy_parameters, try((local.policy_object).properties.parameters, null))
│ ├────────────────
│ │ while calling coalesce(vals...)
│ │ local.policy_object is object with 5 attributes
│ │ var.policy_parameters is "../policies/Network/deny_private_dns_zones.json"
│
│ Call to function "coalesce" failed: all arguments must have the same type.
Expected Behavior
Definition gets created.
Current Behavior
Terraform deployment fails with the above code.
Link to the private dns policy from Azure Enterprise Scale that I'm trying to deploy https://raw.githubusercontent.com/Azure/Enterprise-Scale/main/src/resources/Microsoft.Authorization/policyDefinitions/Deny-Private-DNS-Zones.json
The definition.tf I'm using:
module "deny_nic_public_ip" {
source = "../modules/definition"
policy_name = "deny-private-dns-zones"
display_name = "Deny the creation of private DNS"
policy_category = "Network"
file_path = "../policies/Network/deny_private_dns_zones.json"
policy_parameters = "../policies/Network/deny_private_dns_zones.json"
policy_rule = "../policies/Network/deny_private_dns_zones.json"
}
I've tested the same with one of the included policies in the repo, and got the same results.
Any advice please ? Thank you.
No need to add explicit Params or Rule references if they exist in the same file:
module "deny_nic_public_ip" {
source = "../modules/definition"
policy_name = "deny_private_dns_zones"
display_name = "Deny the creation of private DNS"
policy_category = "Network"
}
The module should pick those up automatically
Nice find on the effect syntax. var.policy_name
only reflects whatever the filename is called, which can also be in the form of Deny-Private-DNS-Zones
. The module will attempt to locate the file at different directories based on this logic
This is not a recommendation but the actual "name" property in the json object can be removed as the module also populates this from var.policy_name
if missing. See here