Azurerm_policy_set_definition with boolean parameter

Hi,

I’m going round in circles with this one.

I have an azurerm_policy_set_definition which accepts a boolean parameter.

      "bringYourOwnUserAssignedManagedIdentity": {
        "type": "Boolean",
        "metadata": {
          "displayName": "Bring Your Own User-Assigned Identity",
          "description": "Enable this to use your pre-created user-assigned managed identity. The pre-created identity MUST exist within the subscription otherwise the policy deployment will fail. If enabled, ensure that the User-Assigned Identity Name and Identity Resource Group Name parameters match the pre-created identity. If not enabled, the policy will create per subscription, per resource user-assigned managed identities in a new resource group named 'Built-In-Identity-RG'."
        },
        "allowedValues": [
          true,
          false
        ]
      }

I then have a policy_definition block which references the parameter above

      parameter_values = <<VALUE
      {
        "bringYourOwnUserAssignedManagedIdentity": {
            "value": parameters('bringYourOwnUserAssignedManagedIdentity')
        },
...

If I reference it as above then I get an error in the plan saying

“policy_definition_reference.0.parameter_values” contains an invalid JSON: invalid character ‘p’ looking for beginning of value"

If I change the reference to this

      parameter_values = <<VALUE
      {
        "bringYourOwnUserAssignedManagedIdentity": {
            "value": "parameters('bringYourOwnUserAssignedManagedIdentity')"
        },

Then my plan complains that the parameter is a bool not a string i.e it recieves “true” not true

I’ve looked everywhere and I can’t find any examples of how to pass a bool parameter correctly.

Any help much appreciated.

Phill

I’ve figured it out.

What I did in the end was to use the data resource with outputs to look at the structure of an existing policy initiative.

I could see it was using jsonencode instead of a HERE doc and more importantly I could see the correct way to reference the parameters was like this.

      parameter_values = jsonencode(
      {
        "effect": {
            "value": "[parameters('effect')]"
        },
        "bringYourOwnUserAssignedManagedIdentity": {
            "value": "[parameters('bringYourOwnUserAssignedManagedIdentity')]"
        },
...

I’m glad to say now it works.

There are two things that could go back into the documentation though for this resource.

  1. The parameters = <<VALUE could be replace with the corresponding jsonencode() example. I read apparentlyamart saying hashicorp recommend the use of jsonencode() anyway so having it in the documentation would reinforce that.
  2. The example in the docs only passes one parameter and that is an array of values. This confuses the way the parameters() code is interpreted for someone who is unsure. I couldn’t tell whether the [ ] were part of the parameter reference. i.e should I be typing [parameters()] or typing parameters() and the square brackets were associated with the array… To avoid the confusion if the example had multiple parameters in it - one string, one bool, one array for example it would make it easier to understand what is required.

Hope this helps