![](/img/trans.png)
[英]Azure policy error: CaseSensitiveDeploymentParameterNamesFound
[英]Odd result, error creating Azure KeyVault Policy based on existing BuiltIn Policy - provider referenced by the 'field' property doesn't exist
所以...我在将其中一个内置函数转换为自定义函数时遇到了一些困难。 (我为什么要那样做?内部事务,我是否同意无关紧要,所以请不要在那个决定上打扰我。:-))
现有的内置策略:
问题出在 json 文件的第 40/43 行。
main.tf 文件包括:
# policy
locals {
json_keyvault_certmaxvalidityperiod = jsondecode(file("${path.module}/resourceprovider/KeyVault/Certificates should have the specified maximum validity period.json"))
}
resource "azurerm_policy_definition" "CertificatesShouldHaveSpecifiedMaximumValidityPeriod" {
name = "CertificatesShouldHaveSpecifiedMaximumValidityPeriod" # must match output.tf and ad ID to main
policy_type = "Custom" #Must always be Custom
mode = "All"
display_name = "CertificatesShouldHaveSpecifiedMaximumValidityPeriod" #add Custom to display name
description = "Manage your organizational compliance requirements by specifying the maximum amount of time that a certificate can be valid within your key vault."
metadata = jsonencode(local.json_keyvault_certmaxvalidityperiod.properties.metadata)
policy_rule = jsonencode(local.json_keyvault_certmaxvalidityperiod.properties.policyRule)
parameters = <<PARAMETERS
{
"effect" : {
"type": "string",
"metadata": {
"description": "Enable or disable the execution of the policy",
"displayName": "Effect"
}
},
"maximumValidityInMonths": {
"type": "integer",
"metadata": {
"description": "The limit to how long a certificate may be valid for. Certificates with lengthy validity periods aren\u0027t best practice.",
"displayName": "The maximum validity in months"
}
}
}
PARAMETERS
}
按原样使用 json 内容,执行terraform apply
返回:
│ Error: creating/updating Policy Definition "CertificatesShouldHaveSpecifiedMaximumValidityPeriod": policy.DefinitionsClient#CreateOrUpdate: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="InvalidProviderNameInPolicyAlias" Message="The policy definition 'CertificatesShouldHaveSpecifiedMaximumValidityPeriod' rule is invalid. The provider 'Microsoft.KeyVault.Data' referenced by the 'field' property 'Microsoft.KeyVault.Data/vaults/certificates/properties.validityInMonths' of the policy rule doesn't exist."
因此,我查看了 Microsoft.KeyVault.Data 提供者的定义,从下面看来,不应该有“证书”,而应该是“秘密”:
但是...如果我更新第 40/43 行以反映 Microsoft.KeyVault.Data/vaults/secrets,则terraform apply
返回:
│ Error: creating/updating Policy Definition "CertificatesShouldHaveSpecifiedMaximumValidityPeriod": policy.DefinitionsClient#CreateOrUpdate: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="InvalidProviderNameInPolicyAlias" Message="The policy definition 'CertificatesShouldHaveSpecifiedMaximumValidityPeriod' rule is invalid. The provider 'Microsoft.KeyVault.Data' referenced by the 'field' property 'Microsoft.KeyVault.Data/vaults/secrets/properties.validityInMonths' of the policy rule doesn't exist."
以前有没有人处理过这样的事情? 关于如何定义策略规则以适应数据提供者的建议?
无法创建具有自定义策略类型的 keyvault 策略,因为"Microsoft.Keyvault.Data"
仅支持内置策略类型,如参考中给出的Microsoft 文档中所述。
如果您在Azure Policy Extension in Visual Studio Code
您可以找到 azure 中存在的资源提供程序的所有属性,但对于 keyvault,它不存在,它们是空的。
参考:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.