Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Getting error for Private link DNS #36

Closed
Nikhleshk opened this issue Jul 13, 2022 · 3 comments
Closed

Getting error for Private link DNS #36

Nikhleshk opened this issue Jul 13, 2022 · 3 comments
Labels
stale

Comments

@Nikhleshk
Copy link

Nikhleshk commented Jul 13, 2022
edited by gettek
Loading 

{
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "PrivateLinkAzureServiceBusArecordtoprivateDNSZone",
  "properties": {
    "displayName": "Private Link Azure IoT Hubdev servicebus A-record to private DNS Zone",
    "policyType": "Custom",
    "mode": "Indexed",
    "description": "DeployIfNotExists policy to automatically create the required DNS record in the central private DNS zone.\nhttps://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/private-link-and-dns-integration-at-scale#configuration-required-by-platform-team",
    "metadata": {
      "category": "Private Link"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "defaultValue": "DeployIfNotExists",
        "allowedValues": [
          "DeployIfNotExists",
          "Disabled"
        ],
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        }
      },
      "PrivateLinkAzureServiceBusArecordtoprivateDNSZone_privateDnsZoneId": {
        "type": "String",
        "metadata": {
          "displayName": "privateDnsZoneId",
          "description": null,
          "strongType": "Microsoft.Network/privateDnsZones"
        }
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Network/privateEndpoints"
          },
          {
            "count": {
              "field": "Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]",
              "where": {
                "field": "Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]",
                "equals": "iotHub"
              }
            },
            "greaterOrEquals": 1
          }
        ]
      },
      "then": {
        "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
          "existenceCondition": {
            "count": {
              "field": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups.privateDnsZoneConfigs[*]",
              "where": {
                "field": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups.privateDnsZoneConfigs[*].privateDnsZoneId",
                "equals": "[parameters('PrivateLinkAzureServiceBusArecordtoprivateDNSZone_privateDnsZoneId')]"
              }
            },
            "greater": 0
          },
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/befefa01-2a29-4197-83a8-272ff33ce314",
            "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7"
          ],
          "deployment": {
            "properties": {
              "mode": "incremental",
              "template": {
                "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "PrivateLinkAzureServiceBusArecordtoprivateDNSZone_privateDnsZoneId": {
                    "type": "string"
                  },
                  "privateEndpointName": {
                    "type": "string"
                  },
                  "location": {
                    "type": "string"
                  }
                },
                "resources": [
                  {
                    "name": "[concat(parameters('privateEndpointName'), '/deployedByPolicy1')]",
                    "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
                    "apiVersion": "2020-03-01",
                    "location": "[parameters('location')]",
                    "properties": {
                      "privateDnsZoneConfigs": [
                        {
                          "name": "iotHub-privateDnsZone",
                          "properties": {
                            "privateDnsZoneId": "[parameters('PrivateLinkAzureServiceBusArecordtoprivateDNSZone_privateDnsZoneId')]"
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "parameters": {
                "PrivateLinkAzureServiceBusArecordtoprivateDNSZone_privateDnsZoneId": {
                  "value": "[parameters('PrivateLinkAzureServiceBusArecordtoprivateDNSZone_privateDnsZoneId')]"
                },
                "privateEndpointName": {
                  "value": "[field('name')]"
                },
                "location": {
                  "value": "[field('location')]"
                }
              }
            }
          }
        }
      }
    }
  }
}

For above policy i am getting error as below

 Error: updating Policy Set Definition "Private-link_initiative": policy.SetDefinitionsClient#CreateOrUpdateAtManagementGroup: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="InvalidPolicySetParameterUpdate" Message="The policy contains new parameter(s) 'PrivateLinkAzureServiceBusArecordtoprivateDNSZone_privateDnsZoneId' which are not present in the existing policy and have no default value. New parameters may be added to a policy only if they have a default value."
│ 
│   with module.Private-link_initiative.azurerm_policy_set_definition.set,
│   on ..\..\modules\initiative\main.tf line 1, in resource "azurerm_policy_set_definition" "set":
│    1: resource azurerm_policy_set_definition set {

No idea why for 2-3 private link policies giving same error.
For others it is working finr in initiative
@gettek
Copy link
Owner

gettek commented Jul 14, 2022

The clue is: New parameters may be added to a policy only if they have a default value

You will need to add the defaultValue key when adding new parameters:

"PrivateLinkAzureServiceBusArecordtoprivateDNSZone_privateDnsZoneId": {
      "type": "String",
      "defaultValue": "",
      "metadata": {
        "displayName": "privateDnsZoneId",
        "description": null,
        "strongType": "Microsoft.Network/privateDnsZones"
      }
    }

@github-actions
Copy link

This issue is stale because it has been open for 30 days with no activity.

@github-actions github-actions bot added the stale label Aug 20, 2022
@github-actions
Copy link

github-actions bot commented Sep 3, 2022

This issue was closed because it has been inactive for 14 days since being marked as stale.

@github-actions github-actions bot closed this as completed Sep 3, 2022
@gettek gettek mentioned this issue Sep 27, 2022
Closed
3 tasks
@gettek gettek mentioned this issue Feb 16, 2024
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gettek @Nikhleshk