Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Enforce-Encryption-CMK default value #1255

Closed
wants to merge 1 commit into from
Closed

Fix Enforce-Encryption-CMK default value #1255

wants to merge 1 commit into from

Conversation

meesvw
Copy link

@meesvw meesvw commented Feb 24, 2025

Overview/Summary

This pull request has been created in order to fix the 'Enforce-Encryption-CMK' could not be parameterized error when running the module. This error seems to pop up on old and new deployments and currently requires the user to overwrite the policy_set_definition_es_enforce_encryption_cmk.tmpl.json file manually. Here the value deny must be removed. This error probably appeared because of a change on Azure.

This PR fixes

  1. "The policy set 'Enforce-Encryption-CMK' could not be parameterized because the default value of a policy set parameter referenced by policy definition 76a56461-9dc0-40f0-82f5-2453283afa2f was not valid for that policy definition. error message when deploying using the level 100 caf model.

Breaking Changes

This pull request solves a breaking change. However if for some reason old Deny value was used and is still working this pull request will break it (However I highly doubt it when looking at the error message).

Testing Evidence

When this file is run with Terraform the above mentioned error that the definition 76a56461-9dc0-40f0-82f5-2453283afa2f (cognitiveSearchCmk) cannot have the value Deny will not show up and will show a succesfull plan as usual.

As part of this Pull Request I have

  • Checked for duplicate Pull Requests
  • Associated it with relevant issues, for tracking and closure.
  • Ensured my code/branch is up-to-date with the latest changes in the main branch
  • Performed testing and provided evidence.
  • Updated relevant and associated documentation.

@meesvw
Copy link
Author

meesvw commented Feb 24, 2025
edited
Loading

I did not have the option to link issues, but they can be found here:

@briantaylor87
Copy link

Any update on this? I imagine this is actively blocking some people from deploying, which is my case as well. I'd rather not have to make any hard coded changes to the module to work around this issue. Looks like this proposed change is just waiting for an approval. Is there someone we can tag here to get that approval?

@matt-FFFFFF
Copy link
Member

Hi,

We will fix this in #1261 as the policies are sync'd from upstream

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@meesvw @briantaylor87 @matt-FFFFFF