Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove hardcoded location, fix minor typos #1408

Closed
wants to merge 2 commits into from

Conversation

sshockley
Copy link

We tried deploying this in GCC High, but it failed since "West Central US" is hardcoded. (This also answers my curiosity why our Azure Public Senitnel instance has a deployment in West Central US even though we don't have anything else in that region.)

I've tested this change in usgovvirginia and it works. Let me know if this is the best way to fix this and I can create a PR for the rest of the hardcoded locations.

Fixes Azure/Enterprise-Scale#1858, #960.

@robga
Copy link
Collaborator

robga commented Dec 6, 2024

The built-ins in the folder https://github.com/Azure/azure-policy/tree/master/built-in-policies/policyDefinitions/Azure%20Government are the built-ins available for FairFax cloud. The rest of built-ins are for public cloud.

It's OK to hardcode the location for the deployment template. I don't think that is bug. The deployment location will be changed to a location available in FairFax cloud when the team create the built-in policies there. E.g.

The built-in policies on this repo are for document reference purpose. The built-in policies are managed in internal repo. We don't take changes on this repo.

@robga robga closed this Dec 6, 2024
@sshockley
Copy link
Author

If this builtin policy isn't for US Gov, then why is it available in US Gov?
image
(Screenshot from portal.azure.us)

image
(Screenshot showing the hard-coded value in the US portal)

Second, why have two separate sets of policies when the same policy would work in both?

Third, for Azure Public, why require policies to go in a specific region? One of the linked issues above was someone who had a policy where all objects needed to be in a specific location.

@robga
Copy link
Collaborator

robga commented Dec 12, 2024

For 1 and 2, you are right. The built-in is available for Fairfax. I will create an internal ticket to the team that owns this built-in to fix it.
For 3, it's not the built-in policy requires the location. The deployment section will be transformed to a deployment template request. The deployment request requires location to store the deployment https://learn.microsoft.com/en-us/rest/api/resources/deployments/create-or-update?view=rest-resources-2021-04-01&tabs=HTTP. Typically, the built-in author will hardcode a location which is available in the cloud.
Thanks again for addressing the bug and providering valuable feedback

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Log Analytics policy has hardcoded location of West Central US
2 participants