-
Notifications
You must be signed in to change notification settings - Fork 517
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TeamsGroupPolicyAssignment Exported configuration cannot be used because of duplicated key value #3054
Comments
This is related to #2006. |
Thanks Sandro, out of curiosity, why are you folks naming two different policies the same? I am trying to understand what the business need behind having multiple items with the same name is. Thanks |
There is no name for this, the only information are Groupid, Policyname, Policytype, Rank. All attributes can appear doubled. |
I did a quick test. It is not possible to have more than one policy with the same name. It is also not possible to select a group twice in the group policy admin interface. Looks like the GroupID has to be the key parameter for this resource. Right now Priority (Rank) is the key - this makes no sense at all. |
You are right, but the groupid as key is not the solution, the same group can be used for different policy/policy types. Get-CsGroupPolicyAssignment | fl * CreatedBy : d37cec8b-ad61-4a2f-a424-c6f59428ac88 CreatedBy : d37cec8b-ad61-4a2f-a424-c6f59428ac88 CreatedBy : d37cec8b-ad61-4a2f-a424-c6f59428ac88 CreatedBy : d37cec8b-ad61-4a2f-a424-c6f59428ac88 |
…use of duplicated key value Fixes microsoft#3054
Just want to start the discussion about the best set of keys for this resource. We need a composite key consisting of two key parameters. In #3057 i introduced the following combination:
which would guarantee the uniqueness of the resource, but would not work in tenant migrations that would depend on the group display name. Which is on the other hand not a unique element in the tenant. In #3060 @sandrola introduced the following keys:
the policy name is unique in one category (PolicyType). The modified implementation of the handling of group is and name would allow for various scenarios in export and import and within a tenant. What I did not test and see as a challenge right now, it will not be possible to assign the same policy to several groups. We should search for a solution that would work in all scenarios |
What would solve the problem is to introduce an "Id" (numeric incremental generated in export) wich is used only by DSC for compiling. This Id would be the Key. |
We do have this discussion in #2006 and are looking for a way to get around it. |
Just to be a bit more specific as in my previous answer: We need a solution that would fit either use case:
In Export we could easily add any number to the resource. It would still require the resource to have an additional key that would only be used for the compilation and uniqueness of a resource. As soon as someone would create an export, we would not be aware of the original ID to make a meaningful comparison of both configurations. Even in the case of Test-TargetResource, this could cause troubles. |
The code first checks if the specified GroupId exists and when it does not, uses the DisplayName to retrieve the group based on name. This allowed the export to be applied to a different tenant, where the group has a different ID but the same name. In the Intune resource, we have the same issue. There we specified the Id as key parameter and the DisplayName as required. That way we always have the needed information at available. I would suggest that we do the same here. Maybe not the ideal solution, but the best we have available now and can implement before Wednesdays release. @andikrueger Can you please update you PR, update it with Dev and set it to final. Then I can merge it into Dev and include this in our upcoming release. |
@ykuijs Just set the PR to active. Looks like there are no conflicts... Will update the code to add the GroupID check. |
The exported configuration of TeamsGroupPolicyAssignment cannot be used for dirftdetection because of the key attribute "rank" used by DSC.
Details of the scenario you tried and the problem that is occurring
Every Grouppolicyassignment starts with Rank 1, If there are multiple groups, also multiple ranks "1" are present. This exported configuration cannot be compiled because of the Key attribute "Rank".
Verbose logs showing the problem
Suggested solution to the issue
As Get-CsGroupPolicyAssignment doesen't generate unique Key in the case above, I suges to Add a unique Key in the Export, and use it as "key" in DSC. (Guid or incremet digit). This was proposed but discarded at the initial Release. We don't thinked about the drift detection. If this is ok, I would implement the solution.
The DSC configuration that is used to reproduce the issue (as detailed as possible)
The text was updated successfully, but these errors were encountered: