Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remediation Task bugs #221

Closed
techlake opened this issue May 2, 2023 · 0 comments · Fixed by #222
Closed

Remediation Task bugs #221

techlake opened this issue May 2, 2023 · 0 comments · Fixed by #222
Assignees
Labels
bug Something isn't working

Comments

@techlake
Copy link
Contributor

techlake commented May 2, 2023

  • The statement is looking at the variable “$onlyCreateOwnedRemediationTasks”, but I’m not seeing where that is set. There is a parameter “$onlyCheckManagedAssignments”. Should the parameter actually be “$onlyCreateOwnedRemediationTasks”?
  • If I run it specifying the “epac-dev” environment targeting a specific subscription as the root scope, it’s generating remediation tasks for the entire tenant (including other remediations that are scoped to a different sub)
    • On lines 54-55 we are looking for non-compliant resources at the tenant scope, rather than the environment root scope:
    • If I manually set $onlyCreateOwnedRemediationTasks to True, then the logic within the if statement on line 59 executes. That seems to filter to the correct environment root scope. I’m not 100% sure though, since I remediated items already in epac-dev and epac-test during my testing, but it seems to operate expectedly.
    • But if we don’t have a True $onlyCreateOwnedRemediationTasks, then there are no other filters for $remediationsList, so it remediates everything in the tenant for the environment regardless of the root scope. I think the if statement in line 59 may need an else clause with similar logic, or perhaps always running the logic in lines 60-76, but then updating lines 71-73 to handle managed vs unmanaged remediation logic
@techlake techlake added the bug Something isn't working label May 2, 2023
@techlake techlake self-assigned this May 2, 2023
@techlake techlake linked a pull request May 2, 2023 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant