Cast exception when expanding the union of an array and an AccessPolicyEntry[]
Werewolfkiss opened this issue · comments
Description of the issue
Get a cast exception when trying to union a keyvault access policy.
To Reproduce
Have bicep template trying to add an access policy to a keyvault while preserving existing policies.
In the below bicep if you replace the accessPolicies param with either existingAccessPolicies or newAccessPolicies the expansion works fine.
var newAccessPolicies = [
{
tenantId: azurefunction.outputs.identity.tenantId
objectId: azurefunction.outputs.identity.principalId
permissions: {
keys: [
'Get'
'List'
]
secrets: [
'Get'
'List'
]
certificates: []
}
}
]
resource keyvault 'Microsoft.KeyVault/vaults@2021-11-01-preview' existing = {
scope: resourcegroup
name: vaultName
}
var existingAccessPolicies = keyvault.properties.accessPolicies
var accessPolicies = union(existingAccessPolicies, newAccessPolicies)
@description('Sets the access policies for the OnBoard keyvault')
module ap '../../../features/Security/Key Vault/v1.2/templates/keyvault.accesspolicies.bicep' = {
scope: resourcegroup
name: format(uniqueDeployName, 'keyvaultpolicies')
params: {
accessPolicies: accessPolicies
keyVaultName: vaultName
}
}
Expected behaviour
No issues expanding template
Error output
An error occurred evaluating expression '[parameters('accessPolicies')]' line 1167. Cannot cast Newtonsoft.Json.Linq.JObject to Newtonsoft.Json.Linq.JToken.
Module in use and version:
-
Module: PSRule
-
Version: 2.9.0
-
Module: PSRule.Rules.Azure
-
Version: 1.31.0
Captured output from $PSVersionTable
:
Name Value
---- -----
PSVersion 5.1.19041.3570
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.19041.3570
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
Thanks for raising your first issue, the team appreciates the time you have taken 😉
Thanks for reporting the issue @Werewolfkiss.
Are you able to provide a sample implementation of ../../../vdl-ets-backoffice/features/Security/Key Vault/v1.2/templates/keyvault.accesspolicies.bicep
that we can use to reproduce the issue?
Doesn't need to be your full internal implementation, just enough of it that fails similarly to the issue you've report. Thanks.
@BernieWhite
Yea no problem its just a module because of scope nothing else so
param keyVaultName string
param accessPolicies array
resource ap 'Microsoft.KeyVault/vaults/accessPolicies@2022-07-01' = {
name: '${keyVaultName}/add'
properties: {
accessPolicies: accessPolicies
}
}
Hi @Werewolfkiss. This should be fixed in PSRule for Azure v1.32.1.