You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am in the process of automating our Azure Policy deployments with EPAC. Such an awesome tool and thank you for your contributions.
I have gotten it working to deploy to a test Management Group for some policy assignments and policy set definitions. All good.
An issue I am running into is using the Feature branches. I cannot, for the life of me, figure out what I am doing wrong or missing, and this is a hail mary. I know your time is valuable, but am looking for some guidance on what I may be missing.
I will say that if I merge the feature set to main branch, and deploy from there, it works. Is the idea that feature branches must be merged to main branch in order for this to work? And I cannot set the feature branch in the pipeline?
So, here is a snippet of globalsettings.jsonc for the management group in question:
variables:
This pipeline is used to deploy Policies, Initiative definitions and Assignments into Azure.
PAC_OUTPUT_FOLDER: ./Output
PAC_DEFINITIONS_FOLDER: ./Definitions
Use the plain text name of each service connection as a reference
planServiceConnection: CICD-XXX-EPAC-Tenant-Plan
deployServiceConnection: CICD-XXXX-EPAC-Deploy
rolesServiceConnection: CICD-XXXXX-EPAC-Roles
set the environment selector
pacEnvironmentSelector: XX-MG
Here is a snippet of the policy showing it is scoped appropriately:
Good morning and happy holidays,
I am in the process of automating our Azure Policy deployments with EPAC. Such an awesome tool and thank you for your contributions.
I have gotten it working to deploy to a test Management Group for some policy assignments and policy set definitions. All good.
An issue I am running into is using the Feature branches. I cannot, for the life of me, figure out what I am doing wrong or missing, and this is a hail mary. I know your time is valuable, but am looking for some guidance on what I may be missing.
I will say that if I merge the feature set to main branch, and deploy from there, it works. Is the idea that feature branches must be merged to main branch in order for this to work? And I cannot set the feature branch in the pipeline?
So, here is a snippet of globalsettings.jsonc for the management group in question:
Here is a snippet from the pipeline yml:
variables:
This pipeline is used to deploy Policies, Initiative definitions and Assignments into Azure.
PAC_OUTPUT_FOLDER: ./Output
PAC_DEFINITIONS_FOLDER: ./Definitions
Use the plain text name of each service connection as a reference
planServiceConnection: CICD-XXX-EPAC-Tenant-Plan
deployServiceConnection: CICD-XXXX-EPAC-Deploy
rolesServiceConnection: CICD-XXXXX-EPAC-Roles
set the environment selector
pacEnvironmentSelector: XX-MG
Here is a snippet of the policy showing it is scoped appropriately:
{
"$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-assignment-schema.json",
"nodeName": "/root",
"definitionEntry": {
"policySetName": "XX",
"displayName": "XX"
},
"assignment": {
"name": "XX",
"displayName": "XX",
"description": ""
},
"metadata": {
"parameterScopes": {}
},
"overrides": [],
"resourceSelectors": [],
"enforcementMode": "DoNotEnforce",
"scope": {
"XX-MG": [
"/providers/Microsoft.Management/managementGroups/XX_Mgmt_Group"
]
}
}
Here is the Plan output showing it's identified roles/policies to be assigned:
2024-12-20T14:24:31.0021215Z Summary
2024-12-20T14:24:31.0031373Z ===================================================================================================
2024-12-20T14:24:31.0032994Z Policy counts:
2024-12-20T14:24:31.0035126Z 0 unchanged
2024-12-20T14:24:31.0037708Z 4 changes:
2024-12-20T14:24:31.0050652Z new = 4
2024-12-20T14:24:31.0061811Z update = 0
2024-12-20T14:24:31.0064665Z replace = 0
2024-12-20T14:24:31.0076444Z delete = 0
2024-12-20T14:24:31.0078490Z Policy Set counts:
2024-12-20T14:24:31.0080635Z 0 unchanged
2024-12-20T14:24:31.0082696Z 4 changes:
2024-12-20T14:24:31.0085418Z new = 4
2024-12-20T14:24:31.0088299Z update = 0
2024-12-20T14:24:31.0090988Z replace = 0
2024-12-20T14:24:31.0093617Z delete = 0
2024-12-20T14:24:31.0095457Z Policy Assignment counts:
2024-12-20T14:24:31.0097461Z 0 unchanged
2024-12-20T14:24:31.0099552Z 4 changes:
2024-12-20T14:24:31.0102177Z new = 4
2024-12-20T14:24:31.0104766Z update = 0
2024-12-20T14:24:31.0107291Z replace = 0
2024-12-20T14:24:31.0109880Z delete = 0
2024-12-20T14:24:31.0111776Z Role Assignment counts:
2024-12-20T14:24:31.0113703Z 16 changes:
2024-12-20T14:24:31.0144275Z add = 16
2024-12-20T14:24:31.0147265Z update = 0
2024-12-20T14:24:31.0150241Z remove = 0
2024-12-20T14:24:31.0153375Z Policy Exemption counts:
2024-12-20T14:24:31.0155827Z 0 unchanged
2024-12-20T14:24:31.0166916Z 0 orphaned
2024-12-20T14:24:31.0188996Z 0 expired
2024-12-20T14:24:31.0191293Z 0 changes
2024-12-20T14:24:31.0193305Z ---------------------------------------------------------------------------------------------------
2024-12-20T14:24:31.0195023Z Output plan(s); if any, will be written to the following file(s):
2024-12-20T14:24:31.0211051Z Policy resource deployment required; writing Policy plan file 'XX'
And here is a screenshot showing it just skips the Deploy entirely:
I've tried to glance additional information by enabling System Diagnostics, but there's not much additional information provided.
Any guidance would be greatly appreciated, and thank you for your time.
The text was updated successfully, but these errors were encountered: