Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request]: Allow Resource level policy exemption #2996

Open
shawntmeyer opened this issue Mar 15, 2023 · 2 comments · May be fixed by #2997
Open

[Feature Request]: Allow Resource level policy exemption #2996

shawntmeyer opened this issue Mar 15, 2023 · 2 comments · May be fixed by #2997
Labels
blocked if an issue is blocked [cat] needs further discussion enhancement New feature or request

Comments

@shawntmeyer
Copy link
Contributor

shawntmeyer commented Mar 15, 2023
edited by AlexanderSehr
Loading

Description

The current policyExemption modules only support exemptions at the MG, Sub, or RG levels. When policyExemptions are deployed to resources, they are treated as extensions. We need this capability to allow the creation of a storage account with public access when we have a policy applied to the Sub or MG that blocks this access.

If implemented, this would need to be added to all resource types as assignments can be created on every resource's level.
@shawntmeyer shawntmeyer added the enhancement New feature or request label Mar 15, 2023
@shawntmeyer shawntmeyer linked a pull request Mar 15, 2023 that will close this issue
Draft
8 tasks
@AlexanderSehr AlexanderSehr linked a pull request Mar 23, 2023 that will close this issue
[Modules] Microsoft.Storage/StorageAccounts and Microsoft.KeyVault/vaults policy exemption #2997
Draft
8 tasks
@rahalan
Copy link
Contributor

rahalan commented Mar 30, 2023

Team will revisit the issue next week

@AlexanderSehr AlexanderSehr changed the title [Feature Request]: StorageAccounts - Allow Resource level policy exemption [Feature Request]: Allow Resource level policy exemption Apr 13, 2023
@AlexanderSehr
Copy link
Contributor

Blocking the overall implementation for the moment until we were able to sort out the remaining questions in the PR. If the PR is rejected afterall, this issue will be closed too - if not (i.e., it is merged), we may move it out of blocked again.

@AlexanderSehr AlexanderSehr added the blocked if an issue is blocked label Apr 13, 2023
@AlexanderSehr AlexanderSehr added this to the Azure Verfified Modules (AVM) - V3 milestone Sep 16, 2023
@AlexanderSehr AlexanderSehr removed this from the Azure Verfified Modules (AVM) - CI Issues milestone Jul 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
blocked if an issue is blocked [cat] needs further discussion enhancement New feature or request
Projects
Backlog
Status: Blocked
Milestone
No milestone
4 participants
@AlexanderSehr @ahmadabdalla @shawntmeyer @rahalan