-
Notifications
You must be signed in to change notification settings - Fork 248
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
global-settings.jsonc desiredState.excludeScopes broken for resource subscription and resourceGroup scopes #835
Comments
I think it is a logic error - can you test by changing the
to
|
When testing, the suggested change breaks the logic for ManagementGroups. In addition, it does not handle scopes ending with a '/' correctly (I assume). $desired = @{excludeSubscriptions = $false }
$excludedScopes = @(
"/subscrips/"
"/subscriptions/"
"/subscriptions/*"
"/subscriptions/*/resourceGroups/rgName"
"/subscriptions/*/resourceGroups/*"
"/providers/Microsoft.Management/managementGroups/mgName"
)
$excludedScopesList = [System.Collections.ArrayList]::new()
$globalExcludedScopesResourceGroupsList = [System.Collections.ArrayList]::new()
$globalExcludedScopesSubscriptionsList = [System.Collections.ArrayList]::new()
$globalExcludedScopesManagementGroupsList = [System.Collections.ArrayList]::new()
if ($null -ne $excludedScopes) {
if ($excludedScopes -isnot [array]) {
Write-Host "Global settings error: pacEnvironment $pacSelector field desiredState.excludedScopes must be an array of strings."
}
foreach ($excludedScope in $excludedScopes) {
if ($null -ne $excludedScope -and $excludedScope -is [string] -and $excludedScope -ne "") {
if ($excludedScope.Contains("/resourceGroupPatterns/", [System.StringComparison]::OrdinalIgnoreCase)) {
Write-Host "Global settings error: pacEnvironment $pacSelector field desiredState.excludedScopes ($excludedScope) must not contain deprecated /resourceGroupPatterns/.`n`r`t`tReplace it with excludedScopes pattern `"/subscriptions/*/resourceGroups/<pattern>`""
}
elseif ($excludedScope.EndsWith("/")) {
Write-Host "Global settings error: pacEnvironment $pacSelector field desiredState.excludedScopes ($excludedScope) must be a valid scope. It must not end with a '/'."
}
else {
$null = $excludedScopesList.Add($excludedScope)
if ($excludedScope.StartsWith("/subscriptions/")) {
if ($desired.excludeSubscriptions -eq $false) {
if ($excludedScope.Contains("/resourceGroups/", [System.StringComparison]::OrdinalIgnoreCase)) {
$null = $globalExcludedScopesResourceGroupsList.Add($excludedScope)
}
else {
$null = $globalExcludedScopesSubscriptionsList.Add($excludedScope)
}
}
}
elseif ($excludedScope.StartsWith("/providers/Microsoft.Management/managementGroups/")) {
$null = $globalExcludedScopesManagementGroupsList.Add($excludedScope)
}
else {
Write-Host "Global settings error: pacEnvironment $pacSelector field desiredState.excludedScopes ($excludedScope) must be a valid scope."
}
}
}
}
}
Write-Host "Reporting:"
Write-Host "---"
Write-Host "excludedScopesList:"
$excludedScopesList
Write-Host "---"
Write-Host "globalExcludedScopesResourceGroupsList:"
$globalExcludedScopesResourceGroupsList
Write-Host "---"
Write-Host "globalExcludedScopesSubscriptionsList:"
$globalExcludedScopesSubscriptionsList
Write-Host "---"
Write-Host "globalExcludedScopesManagementGroupsList:"
$globalExcludedScopesManagementGroupsList |
Thanks - I'll do some testing - we don't support
|
I see. Then it should probably be reflected in the desired state docs. |
Yes so in the case of not wanting to manage subscriptions we have the |
Describe the bug
In 10.7.4 I am unable to add exclusion scopes starting with
/subscriptions
in the excludedScopes property in global-settings.jsonc desiredState.As far as I can see from the new logic in
internal/functions/Get-GlobalSettings.ps1
, global-settings.json.desiredState.excludeSubscriptions boolean value must be set to true unless the scope starts with/providers/Microsoft.Management/managementGroups/
.I assume the excludeSubscriptions setting is a setting to exclude all subscriptions, which might not always be the desired behaviour.
This worked fine in 10.4.4.
To Reproduce
Scopes that fail:
Expected behavior
That all the above examples would work fine, without the need for the desiredState.excludeSubscriptions setting.
EPAC Version
10.7.4
The text was updated successfully, but these errors were encountered: