cloud-custodian: Azure - Event Grid Fuctions - Sample policy does not work
Description:
Running an event grid function successfully deploys all the necessary components to run the functions in a new resource group. When setting up the event grid with the following policy in the docs:
Policy:
policies:
- name: tag-key-vault-creator
resource: azure.keyvault
mode:
type: azure-event-grid
events: [{
resourceProvider: 'Microsoft.KeyVault/vaults',
event: 'write'
}]
filters:
- "tag:CreatorEmail": null
actions:
- type: auto-tag-user
tag: CreatorEmail
The policy appears to not actually tag key vaults in the subscription, even a freshly created keyvault in that same RG as the other event grid components. When looking into App insights, this may be expected (as I’m newer to using app insights) but the sample telemetry appears to show the custodian policy running constantly, 1-2 times per second. Let me know what other detail I can provide.
Desired outcome:
- Sample policy executes successfully and resource tagged
- Any additional documentation on running event grid functions that may be needed for additional steps beyond initial deployment
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 31 (14 by maintainers)
Each time I’ve tested this, I’ve actually created brand new resources for everything, brand new cloud-custodian resource group, new function, new policy, but just to humor this, I’ll try it one more time and give it a good 20 min after deploying the policy to let it run. I’ll keep you updated…
Yeah probably not the issue here but worth being aware that when deploying over an existing function it sometimes takes more minutes than you’d expect for it to actually swap the old bits for the new bits (it does a rather complicated per-file comparison internally in App Services before overwriting).
Yes fix is in-progress!
So what you’re saying is that any resources created by a service administrator, in this case the test resource group that I create via me being logged with my personal credentials in the CLI, will run into these issues… that seems like a bug to be resolved, no?