如何使用 deployIfNotExists 策略强制在 Azure 存储上配置删除保留?
[英]How to enforce that Delete Retention is configured on Azure Storage by using a deployIfNotExists policy?
问题描述
I would like to create a policy that automatically applies a delete retention policy of 14 days to every new storage created.
我想创建一个策略,自动将 14 天的删除保留策略应用于创建的每个新存储。 I think that this is possible by using a deployIfNotExists policy, but I was not able to find a sample JSON or anything on the Internet.我认为这可以通过使用deployIfNotExists策略来实现,但我无法在 Internet 上找到示例 JSON 或任何内容。
2 个解决方案
解决方案1
3 已采纳 2020-11-24 08:27:57
I spoke with Microsoft, and they uploaded an example that worked fine.我与 Microsoft 进行了交谈,他们上传了一个运行良好的示例。 This would be the json extracted from Community-Policy :这将是从Community-Policy 中提取的 json:
{
"properties": {
"displayName": "Deploy Soft-Delete for Blobs",
"mode": "All",
"description": "This policy enables soft-delete for blobs.",
"parameters": {
"retentionInDays": {
"type": "Integer",
"minValue": 1,
"maxValue": 365,
"defaultValue": 7,
"metadata": {
"displayName": "Retention in days",
"description": "This defines how long the deleted object should be retained for. Allowed values are 1 to 365."
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Storage/storageAccounts"
},
{
"field": "kind",
"in": [
"Storage",
"StorageV2",
"BlobStorage",
"BlockBlobStorage"
]
}
]
},
"then": {
"effect": "DeployIfNotExists",
"details": {
"type": "Microsoft.Storage/storageAccounts/blobServices",
"existenceCondition": {
"field": "Microsoft.Storage/storageAccounts/blobServices/default.deleteRetentionPolicy.enabled",
"equals": true
},
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"type": "string"
},
"retentionInDays": {
"type": "int"
}
},
"variables": {},
"resources": [
{
"name": "[concat(parameters('storageAccountName'), '/default')]",
"type": "Microsoft.Storage/storageAccounts/blobServices",
"apiVersion": "2019-06-01",
"properties": {
"deleteRetentionPolicy": {
"enabled": true,
"days": "[parameters('retentionInDays')]"
}
}
}
],
"outputs": {}
},
"parameters": {
"storageAccountName": {
"value": "[field('name')]"
},
"retentionInDays": {
"value": "[parameters('retentionInDays')]"
}
}
}
}
}
}
}
}
}
解决方案2
1 2020-11-23 07:18:56
You can try the code below(by the way, no time to test it at my side):你可以试试下面的代码(顺便说一句,没有时间在我身边测试它):
{
"mode":"All",
"policyRule":{
"if":{
"field":"type",
"equals":"Microsoft.Storage/storageAccounts"
},
"then":{
"effect":"deployIfNotExists",
"details":{
"type":"Microsoft.Storage/storageAccounts",
"roleDefinitionIds":[
"xxx"
],
"deployment":{
"properties":{
"mode":"incremental",
"template":{
"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion":"1.0.0.0",
"parameters":{
"storageAccountName":{
"type":"String",
"metadata":{
"description":"storageAccountName"
}
},
"location":{
"type":"String",
"metadata":{
"description":"location"
}
}
},
"variables":{
},
"resources":[
{
"type":"Microsoft.Storage/storageAccounts",
"apiVersion":"2019-06-01",
"name":"[parameters('storageAccountName')]",
"location":"[parameters('location')]",
"resources":[
{
"name":"default",
"type":"Microsoft.Storage/storageAccounts/managementPolicies",
"apiVersion":"2019-06-01",
"properties":{
"policy":{
"rules":[
"xxx"
]
}
}
}
]
}
],
"outputs":{
}
},
"parameters":{
"storageAccountName":{
"value":"[field('Name')]"
},
"location":{
"value":"[field('location')]"
}
}
}
}
}
}
},
"parameters":{
}
}
Here is the details of the json format of Life cycle management .下面详细介绍一下生命周期管理的json格式。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.