Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] Export-AzPolicyAssignmentRuleData unable to export Azure policy as PSRule (The function "field" was not found) [Custom policy: DDoS Alert Rules For PublicIP] #2736

Open
Marc013 opened this issue Mar 5, 2024 · 0 comments
Labels
bug Something isn't working feature: policy-as-rules Issues that related to exporting policy as rules.

Comments

@Marc013
Copy link

Marc013 commented Mar 5, 2024

Existing rule

No response

Description of the issue

Unable to export policy assignment data to PSRule.

{
    "Name": "00000000-0000-0000-0000-000000000000",
    "ResourceId": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/00000000-0000-0000-0000-000000000000",
    "ResourceName": "00000000-0000-0000-0000-000000000000",
    "ResourceType": "Microsoft.Authorization/policyDefinitions",
    "SubscriptionId": null,
    "Properties": {
        "Description": "This policy deploys alert rules for Azure Public IP Addresses if not exist.",
        "DisplayName": "DDoS Alert Rules For PublicIP",
        "Metadata": {
            "version": "0.0.1",
            "category": "Monitoring",
            "status": "Active",
            "Control": "ABC1, ABC2, ABC3, ABC4, ABC5",
            "purpose": "This policy deploys alert rules for Azure Public IP Addresses if not exist.",
            "tags": [
                {
                    "managedpolicy": "true"
                }
            ],
            "createdBy": "00000000-0000-0000-0000-000000000000",
            "createdOn": "2023-06-14T14:15:52.8625112Z",
            "updatedBy": null,
            "updatedOn": null
        },
        "Mode": "Indexed",
        "Parameters": {
            "resourceTags": {
                "type": "object",
                "metadata": {
                    "displayName": "Alert Tags",
                    "description": "Tags to be added in alerts"
                }
            },
            "alertDescription": {
                "type": "String",
                "metadata": {
                    "displayName": "Alert Description",
                    "description": "Description of alert"
                },
                "defaultValue": "DDOS"
            },
            "alertSeverity": {
                "type": "String",
                "metadata": {
                    "displayName": "Alert Severity",
                    "description": "Severity of alert {0,1,2,3,4}"
                },
                "allowedValues": [
                    "0",
                    "1",
                    "2",
                    "3",
                    "4"
                ],
                "defaultValue": "0"
            },
            "metricName": {
                "type": "String",
                "metadata": {
                    "displayName": "Metric Name",
                    "description": "Name of the metric used in the comparison to activate the alert."
                },
                "defaultValue": "IfUnderDDoSAttack"
            },
            "operator": {
                "type": "String",
                "metadata": {
                    "displayName": "Operator",
                    "description": "Operator comparing the current value with the threshold value."
                },
                "allowedValues": [
                    "Equals",
                    "NotEquals",
                    "GreaterThan",
                    "GreaterThanOrEqual",
                    "LessThan",
                    "LessThanOrEqual"
                ],
                "defaultValue": "GreaterThan"
            },
            "timeAggregation": {
                "type": "String",
                "metadata": {
                    "displayName": "timeAggregation",
                    "description": "How the data that is collected should be combined over time."
                },
                "allowedValues": [
                    "Average",
                    "Minimum",
                    "Maximum",
                    "Total",
                    "Count"
                ],
                "defaultValue": "Maximum"
            },
            "evaluationFrequency": {
                "type": "String",
                "metadata": {
                    "displayName": "Evaluation Frequency",
                    "description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
                },
                "allowedValues": [
                    "PT1M",
                    "PT5M",
                    "PT15M",
                    "PT30M",
                    "PT1H"
                ],
                "defaultValue": "PT5M"
            },
            "windowSize": {
                "type": "String",
                "metadata": {
                    "displayName": "Window Size",
                    "description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
                },
                "allowedValues": [
                    "PT1M",
                    "PT5M",
                    "PT15M",
                    "PT30M",
                    "PT1H",
                    "PT6H",
                    "PT12H",
                    "PT24H"
                ],
                "defaultValue": "PT5M"
            },
            "actionGroupId": {
                "type": "String",
                "metadata": {
                    "displayName": "Action Group Id",
                    "description": "The ID of the action group that is triggered when the alert is activated or deactivated."
                }
            },
            "targetResourceType": {
                "type": "String",
                "metadata": {
                    "displayName": "target Resource Type",
                    "description": "Specifies the target resource type. For example: Microsoft.Network/publicIPAddresses"
                },
                "defaultValue": "Microsoft.Network/publicIPAddresses"
            }
        },
        "PolicyRule": {
            "if": {
                "field": "type",
                "equals": "[parameters('targetResourceType')]"
            },
            "then": {
                "effect": "deployIfNotExists",
                "details": {
                    "type": "Microsoft.Insights/metricalerts",
                    "existenceCondition": {
                        "allOf": [
                            {
                                "field": "name",
                                "equals": "[concat('DDoSAlert','-', field('name'))]"
                            },
                            {
                                "field": "Microsoft.Insights/metricalerts/targetResourceType",
                                "equals": "[parameters('targetResourceType')]"
                            },
                            {
                                "field": "Microsoft.Insights/metricalerts/actions[*].actionGroupId",
                                "equals": "[parameters('actionGroupId')]"
                            },
                            {
                                "field": "Microsoft.Insights/metricalerts/enabled",
                                "equals": "true"
                            },
                            {
                                "field": "Microsoft.Insights/metricalerts/scopes[*]",
                                "equals": "[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/', parameters('targetResourceType'), '/', field('name'))]"
                            }
                        ]
                    },
                    "roleDefinitionIds": [],
                    "deployment": {
                        "properties": {
                            "mode": "incremental",
                            "template": {
                                "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                                "contentVersion": "1.0.0.0",
                                "parameters": {
                                    "Name": {
                                        "type": "string"
                                    },
                                    "targetResourceType": {
                                        "type": "string"
                                    },
                                    "actionGroupId": {
                                        "type": "string"
                                    },
                                    "alertDescription": {
                                        "type": "string"
                                    },
                                    "alertSeverity": {
                                        "type": "string"
                                    },
                                    "evaluationFrequency": {
                                        "type": "string"
                                    },
                                    "windowSize": {
                                        "type": "string"
                                    },
                                    "metricName": {
                                        "type": "string"
                                    },
                                    "operator": {
                                        "type": "string"
                                    },
                                    "timeAggregation": {
                                        "type": "string"
                                    },
                                    "resourceTags": {
                                        "type": "object"
                                    }
                                },
                                "variables": {},
                                "resources": [
                                    {
                                        "name": "[concat('DDoSAlert','-',parameters('name'))]",
                                        "type": "Microsoft.Insights/metricAlerts",
                                        "location": "global",
                                        "apiVersion": "2018-03-01",
                                        "tags": "[parameters('resourceTags')]",
                                        "properties": {
                                            "description": "[parameters('alertDescription')]",
                                            "severity": "[int(parameters('alertSeverity'))]",
                                            "enabled": "true",
                                            "scopes": [
                                                "[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/', parameters('targetResourceType'), '/', parameters('name'))]"
                                            ],
                                            "evaluationFrequency": "[parameters('evaluationFrequency')]",
                                            "windowSize": "[parameters('windowSize')]",
                                            "criteria": {
                                                "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria",
                                                "allOf": [
                                                    {
                                                        "name": "1st criteria",
                                                        "metricName": "[parameters('metricName')]",
                                                        "dimensions": [],
                                                        "operator": "[parameters('operator')]",
                                                        "threshold": 0,
                                                        "timeAggregation": "[parameters('timeAggregation')]"
                                                    }
                                                ]
                                            },
                                            "actions": [
                                                {
                                                    "actionGroupId": "[parameters('actionGroupId')]"
                                                }
                                            ]
                                        }
                                    }
                                ]
                            },
                            "parameters": {
                                "name": {
                                    "value": "[field('name')]"
                                },
                                "targetResourceType": {
                                    "value": "[parameters('targetResourceType')]"
                                },
                                "actionGroupId": {
                                    "value": "[parameters('actionGroupId')]"
                                },
                                "alertDescription": {
                                    "value": "[parameters('alertDescription')]"
                                },
                                "alertSeverity": {
                                    "value": "[parameters('alertSeverity')]"
                                },
                                "evaluationFrequency": {
                                    "value": "[parameters('evaluationFrequency')]"
                                },
                                "windowSize": {
                                    "value": "[parameters('windowSize')]"
                                },
                                "metricName": {
                                    "value": "[parameters('metricName')]"
                                },
                                "operator": {
                                    "value": "[parameters('operator')]"
                                },
                                "timeAggregation": {
                                    "value": "[parameters('timeAggregation')]"
                                },
                                "resourceTags": {
                                    "value": "[parameters('resourceTags')]"
                                }
                            }
                        }
                    }
                }
            }
        },
        "PolicyType": 1
    },
    "PolicyDefinitionId": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/00000000-0000-0000-0000-000000000000"
}

Error messages

An error occurred evaluating expression '[concat('DDoSAlert','-', field('name'))]' line 159. The function "field" was not found.

Reproduction

Exporting policy assignment data

Version of PSRule

2.9.0

Version of PSRule for Azure

1.33.2

Additional context

This bug is related to #1323

@Marc013 Marc013 added bug Something isn't working Needs: Triage 🔍 Needs attention from the team. labels Mar 5, 2024
@BernieWhite BernieWhite added feature: policy-as-rules Issues that related to exporting policy as rules. and removed Needs: Triage 🔍 Needs attention from the team. labels Mar 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working feature: policy-as-rules Issues that related to exporting policy as rules.
Projects
None yet
Development

No branches or pull requests

2 participants