You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The statement is looking at the variable “$onlyCreateOwnedRemediationTasks”, but I’m not seeing where that is set. There is a parameter “$onlyCheckManagedAssignments”. Should the parameter actually be “$onlyCreateOwnedRemediationTasks”?
If I run it specifying the “epac-dev” environment targeting a specific subscription as the root scope, it’s generating remediation tasks for the entire tenant (including other remediations that are scoped to a different sub)
On lines 54-55 we are looking for non-compliant resources at the tenant scope, rather than the environment root scope:
If I manually set $onlyCreateOwnedRemediationTasks to True, then the logic within the if statement on line 59 executes. That seems to filter to the correct environment root scope. I’m not 100% sure though, since I remediated items already in epac-dev and epac-test during my testing, but it seems to operate expectedly.
But if we don’t have a True $onlyCreateOwnedRemediationTasks, then there are no other filters for $remediationsList, so it remediates everything in the tenant for the environment regardless of the root scope. I think the if statement in line 59 may need an else clause with similar logic, or perhaps always running the logic in lines 60-76, but then updating lines 71-73 to handle managed vs unmanaged remediation logic
The text was updated successfully, but these errors were encountered:
The text was updated successfully, but these errors were encountered: