You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using a custom rule of type 'Microsoft.Authorization/roleAssignments' with a condition that specifies that the field: 'properties.principalType' should be equal to 'xyz' we receive an error that the property does not exist.
However, when specifying the 'properties.PrincipalType' in a bicep file, and running the custom rule, everything works as expected. So it seems to only be an issue when the bicep property is not set.
To Reproduce
Steps to reproduce the issue:
PSRule rule:
---
apiVersion: github.com/microsoft/PSRule/v1
kind: Rule
recommend: "roleAssignments principalType should be set to ServicePrincipal or Group."
metadata:
name: "Local.YAML.roleAssignments.principalType"
spec:
type:
- Microsoft.Authorization/roleAssignments
condition:
anyOf:
- field: 'properties.principalType'
equals: 'c3666e92-27d3-4fa3-bfa3-38ddd4d57559'
As the property clearly exist in bicep, as is working as expected in ARM, we had hoped that PSRule would process the property correctly even when the property is not set in the bicep file.
Module in use and version:
Module: PSRule
Version: [2.9.0]
Captured output from $PSVersionTable:
Name Value
---- -----
PSVersion 7.4.2
PSEdition Core
GitCommitId 7.4.2
OS Darwin 23.4.0 Darwin Kernel Version 23.4.0: Fri Mar 15 00:10:42 PDT 2024; root:xnu-10063.101.17~1/RELEASE_ARM64_T6000
Platform Unix
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
Additional context
The text was updated successfully, but these errors were encountered:
@lassehastrup Thanks for reporting the issue. Let me see if I understand the issue correctly.
When testing a Microsoft.Authorization/roleAssignments resource you get a failure with reason Path properties.principalType: The field 'properties.principalType' does not exist. if the property is not set in Bicep.
However properties.principalType defaults to ServicePrincipal when not set so the reason The field 'properties.principalType' does not exist. is unexpected.
Description of the issue
Using a custom rule of type 'Microsoft.Authorization/roleAssignments' with a condition that specifies that the field: 'properties.principalType' should be equal to 'xyz' we receive an error that the property does not exist.
However, when specifying the 'properties.PrincipalType' in a bicep file, and running the custom rule, everything works as expected. So it seems to only be an issue when the bicep property is not set.
To Reproduce
Steps to reproduce the issue:
PSRule rule:
Bicep file:
Error output
When adding the properties.PrincipalType to the bicep file:
Everything works as expected.
Expected behaviour
As the property clearly exist in bicep, as is working as expected in ARM, we had hoped that PSRule would process the property correctly even when the property is not set in the bicep file.
Module in use and version:
Captured output from
$PSVersionTable
:Additional context
The text was updated successfully, but these errors were encountered: