[Azure Policy] - Update to Policy Definition breaks Enforce-Encryption-CMK Policy Set #959
Open
2 tasks done
Labels
Area: Policy 📝
Issues / PR's related to Policy
Needs: Upstream Policy Changes 🔃
Upstream ESLZ repo policy changes required
Status: In PR 👉
This is when an issue is due to be fixed in an open PR
Comments
|
Hi @tulpy, thanks for calling this out and for including all of the details! I have included the update in #957 FYI: @Springstone |
oZakari
added
Area: Policy 📝
This was referenced Feb 18, 2025
microsoft-github-policy-service
bot
added
the
Status: In PR 👉
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What happened? Provide a clear and concise description of the bug, including deployment details.
Looks like there was a major version update to Policy Definition Azure AI Search services should use customer-managed keys to encrypt data at rest (76a56461-9dc0-40f0-82f5-2453283afa2f) from 1.0.0 to 2.0.0
https://www.azadvertizer.net/azpolicyadvertizer/76a56461-9dc0-40f0-82f5-2453283afa2f.html
There is a change to the default value and allowed values for the definition that now breaks the PolicySet definition.
Line 227 - https://github.com/Azure/ALZ-Bicep/blob/main/infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/policy_set_definition_es_Enforce-Encryption-CMK.json
Please provide the correlation id associated with your error or bug.
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
What was the expected outcome?
The policy set definition should deploy but fails as the "Deny" default value isn't an allowed value.
Relevant log output
Check previous GitHub issues
Code of Conduct
The text was updated successfully, but these errors were encountered: