Microsoft.PolicyInsights/remediations failureThreshold percentage issue #757
Comments
|
Thanks for the issue @sdeguchi, is this with |
|
Re-ran the deployment with preflight_enabled (enable_preflight as of azapi 2.2) and the configuration for the remediation appears to be valid and yes, intended behavior is successful deployment on the resource. Resource is created and persisted to the Terraform state, but the resource is tainted and will always fail on subsequent deployments, |
|
Hi @sdeguchi , Thank you for taking time to report this issue. In the resource's state, Is the |
|
Hi @ms-henglu, I was expecting the resource creation to succeed if failureThreshold is set to 1.0. |
A policy remediation is failing for all the deployments and failing the terraform deployment. Tried to set the failureThreshold.percentage to 1 to allow 100% failure but the resource is still failing the deployment. Expected that all the remediation deployments fail and the Microsoft.PolicyInsights/remediations successfully deploys.
╷
│ Error: Failed to create/update resource
│
│ with module.bootstrap.azapi_resource.policy_remediation_mdfc["migrateToMdeTvm"],
│ on ..\modules\bootstrap\main.tf line 64, in resource "azapi_resource" "policy_remediation_mdfc":
│ 64: resource "azapi_resource" "policy_remediation_mdfc" {
│
│ creating/updating Resource: (ResourceId
│ "/providers/Microsoft.Management/managementGroups/sd115/providers/Microsoft.PolicyInsights/remediations/deploy-mdfc-config-h224-remediation-migrateToMdeTvm"
│ / Api Version "2024-10-01"): GET
│ https://management.azure.com/providers/Microsoft.Management/managementGroups/sd115/providers/Microsoft.PolicyInsights/remediations/deploy-mdfc-config-h224-remediation-migrateToMdeTvm
│ --------------------------------------------------------------------------------
│ RESPONSE 200: 200 OK
│ ERROR CODE UNAVAILABLE
│ --------------------------------------------------------------------------------
│ {
│ "properties": {
│ "policyAssignmentId": "/providers/microsoft.management/managementgroups/sd115/providers/microsoft.authorization/policyassignments/deploy-mdfc-config-h224",
│ "policyDefinitionReferenceId": "migratetomdetvm",
│ "provisioningState": "Failed",
│ "createdOn": "2025-02-11T02:34:50.2177957Z",
│ "lastUpdatedOn": "2025-02-11T02:36:07.3168601Z",
│ "deploymentStatus": {
│ "totalDeployments": 2,
│ "successfulDeployments": 0,
│ "failedDeployments": 2
│ },
│ "resourceDiscoveryMode": "ExistingNonCompliant",
│ "statusMessage": "All remediation deployments failed.",
│ "correlationId": "eb2f5923-3560-1b72-501d-8ff5d5c664d4",
│ "failureThreshold": {
│ "percentage": 1.0
│ }
│ },
│ "id": "/providers/microsoft.management/managementgroups/sd115/providers/microsoft.policyinsights/remediations/deploy-mdfc-config-h224-remediation-migratetomdetvm",
│ "name": "deploy-mdfc-config-h224-remediation-migrateToMdeTvm",
│ "type": "Microsoft.PolicyInsights/remediations",
│ "systemData": {
│ "createdBy": "d18f16e2-a270-4598-952d-782cc1b5b0f1",
│ "createdByType": "Application",
│ "createdAt": "2025-02-11T02:34:49.9066388Z",
│ "lastModifiedBy": "d18f16e2-a270-4598-952d-782cc1b5b0f1",
│ "lastModifiedByType": "Application",
│ "lastModifiedAt": "2025-02-11T02:34:49.9066388Z"
│ }
│ }
│ --------------------------------------------------------------------------------
│
The text was updated successfully, but these errors were encountered: