Azure Policy Deploying using Powershell
Question
I'm deploying a deny policy through powershell and get the following error
New-AzPolicyDefinition: InvalidPolicyRule: Failed to parse policy rule: 'Could not find member 'properties' on object of type 'PolicyRuleDefinition'. Path 'properties'.'.
The code I'm using is: 1 New-AzPolicyDefinition -name 'externalDeny' -Policy 'C:\tmp\denyoms-temp.json' -Parameter 'C:\tmp\denyoms-param.json' `
The policy templates are below.
Template File - https://pastebin.com/embed_js/HrjUWrvf Parameter - https://pastebin.com/embed_js/QxEX92jf
I think it could be the tags, thanks in advance.
1 answers
solution1
3 ACCPTED 2020-04-06 11:12:55
The problem is with the template. According to this documentation , the template should be in this format (template.json):
{
"if": {
"allOf": [
{
"field": "tags",
"Equals": "ExternalVM"
},
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines/extensions"
},
{
"field": "Microsoft.Compute/virtualMachines/extensions/publisher",
"equals": "Microsoft.Compute"
},
{
"field": "Microsoft.Compute/virtualMachines/extensions/type",
"in": "[parameters(\'notAllowedExtensions\')]"
}
]
},
"then": {
"effect": "deny"
}
}
Also, a minor change in your parameters file, template expects a "Array" type as per the condition you have applied:
{
"notAllowedExtensions": {
"type": "Array",
"metadata": {
"description": "The list of extensions that will be denied. Example: BGInfo, CustomScriptExtension, JsonAADDomainExtension, VMAccessAgent.",
"displayName": "OmsAgentForLinux"
}
}
}
Use this command to execute:
New-AzPolicyDefinition -Name 'Not allowed VM Extensions' -Description 'This policy governs which VM extensions that are explicitly denied.' -Policy 'template.json' -Parameter 'parameters.json'
Hope this helps!
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.