Gajush
Reputation: 66
'Could not find member 'type' on object of type 'PolicyParameter'
I having hard time with those Polcies and deployment through Azure Pipelines. Now it is expecting defined type when it is already defined.
I using Azure Policies Deploy Template (Create and assign task both have version 3) Error message:
InvalidRequestContent : The request content was invalid and could not be deserialized: 'Could not find member 'type' on object of type 'PolicyParameter'. Path 'properties.parameters.envValue.type', line 9, position 15.'.
Prof
What is wrong with my parameres file?
{
"envValue": {
"type": "String",
"metadata": {
"displayName": "Tag Value",
"description": "Deployment Environment of the resource"
},
"defaultValue": "Dev",
"allowedValues": [
"Dev",
"Qas",
"prd"
]
}
}
My assignment task:
# Input variables: set these values in the variables section of the release pipeline
# AssignmentName - [required] Policy assignment name
# AssignmentDisplayName - [optional] Policy assignment display name
# AssignmentDescription - [optional] Policy assignment description
# PolicyName - [optional] Name of policy definition to assign
# PolicySetName - [optional] Name of policy set definition to assign
# ResourceGroupName - [optional] Name of resource group the policy [set] definition will be applied to
# SubscriptionId - [optional] Id of subscription the policy [set] definition will be applied to
# ManagementGroupName - [optional] Name of management group the policy [set] definition will be applied to
# PolicyParameters - [optional] Policy parameter values in JSON string format
# Notes:
# Refer to https://learn.microsoft.com/en-us/azure/azure-policy/ for documentation on the Powershell cmdlets and the JSON input formats
$assignmentName = "$(AssignmentName)"
$assignmentDisplayName = "$(AssignmentDisplayName)"
$assignmentDescription = "$(AssignmentDescription)"
$policyName = "$(PolicyName)"
$policySetName = "$(PolicySetName)"
$resourceGroupName = "$(ResourceGroupName)"
$subscriptionId = "$(SubscriptionId)"
$managementGroupName = "$(managementGroupName)"
$policyParameters = "$(PolicyParameters)"
if (!$assignmentName)
{
throw "Unable to create policy assignment: required input variable value `$(AssignmentName) was not provided"
}
if (!$policyName -and !$policySetName)
{
throw "Unable to create policy assignment: neither `$(PolicyName) nor `$(PolicySetName) was provided. One or the other must be provided."
}
if ($policyName -and $policySetName)
{
throw "Unable to create policy assignment: `$(PolicyName) '$policyName' and `$(PolicySetName) '$policySetName' were both provided. Either may be provided, but not both."
}
if ($subscriptionId -and $managementGroupName)
{
throw "Unable to create policy assignment: `$(SubscriptionId) '$subscriptionId' and `$(ManagementGroupName) '$managementGroupName' were both provided. Either may be provided, but not both."
}
if ($managementGroupName -and $resourceGroupName)
{
throw "Unable to create policy assignment: `$(ManagementGroupName) '$managementGroupName' and `$(ResourceGroupName) '$resourceGroupName' were both provided. Either may be provided, but not both."
}
if ($managementGroupName)
{
$scope = "/providers/Microsoft.Management/managementGroups/$managementGroupName"
$searchParameters = @{ManagementGroupName=$managementGroupName}
}
else
{
if (!$subscriptionId)
{
$subscription = Get-AzureRmContext | Select-Object -Property Subscription
$subscriptionId = $subscription.Id
}
$scope = "/subscriptions/$subscriptionId"
$searchParameters = @{SubscriptionId=$subscriptionId}
if ($resourceGroupName)
{
$scope += "/resourceGroups/$resourceGroupName"
}
}
$cmdletParameters = @{Name=$assignmentName; Scope=$scope}
if ($assignmentDisplayName)
{
$cmdletParameters += @{DisplayName=$assignmentDisplayName}
}
if ($assignmentDescription)
{
$cmdletParameters += @{Description=$assignmentDescription}
}
if ($policyName)
{
$policyDefinition = Get-AzureRmPolicyDefinition @searchParameters | Where-Object { $_.Name -eq $policyName }
if (!$policyDefinition)
{
throw "Unable to create policy assignment: policy definition $policyName does not exist"
}
$cmdletParameters += @{PolicyDefinition=$policyDefinition}
}
if ($policySetName)
{
$policySetDefinition = Get-AzureRmPolicySetDefinition @searchParameters | Where-Object { $_.Name -eq $policySetName }
if (!$policySetDefinition)
{
throw "Unable to create policy assignment: policy set definition $policySetName does not exist"
}
$cmdletParameters += @{PolicySetDefinition=$policySetDefinition}
}
if ($policyParameters)
{
$cmdletParameters += @{PolicyParameter=$policyParameters}
}
&New-AzureRmPolicyAssignment @cmdletParameters
Upvotes: 2
Views: 10267
Answers (2)
Horaciodev
Reputation: 13
Kinda of late but I bumped into this today. Your parameters file for the assignment should be like this:
{
"envValue":{
"value": "Dev"
}
}
What you are passing is the parameter definition, not the actual parameter. Follow the same pattern as an ARM template.
Upvotes: 1
Kemley
Reputation: 204
It looks like creating your policy definition task succeeded meaning that your parameters and rule should be already established. The issue is at assignment time meaning that you are probably sending the policy parameter not in a string format to the pipeline.
Upvotes: 0
Related Questions
- Resource was disallowed by policy
- Why is Az powershell returning this error on a simple "show policy definition" command?
- Unable to apply a policy inside of the my deployed Azure api manager
- Azure Error "The template deployment failed because of policy violation. Please see details for more information."
- Error in policy definition deployment "parameter not found"
- The term 'Get-AzureRmPolicyDefinition' is not recognized as the name of a cmdlet, function, script file, or operable program
- why is this azure apim policy expression failing?
- Deploying Azure policy ARM template using Azure Devops fails
- How to integrate Azure Policy with Azure DevOps?
- Azure policy deployment using visual studio