[英]Azure Policy Deploying using Powershell
我正在通過 powershell 部署拒絕策略並收到以下錯誤
New-AzPolicyDefinition: InvalidPolicyRule: Failed to parse policy rule: 'Could not find member 'properties' on object of type 'PolicyRuleDefinition'. Path 'properties'.'.
我使用的代碼是: 1 New-AzPolicyDefinition
-name 'externalDeny' -Policy -Policy 'C:\tmp\denyoms-temp.json'
-Parameter 'C:\tmp\denyoms-param.json' `
策略模板如下。
模板文件 - https://pastebin.com/embed_js/HrjUWrvf參數 - https://pastebin.com/embed_js/QxEX92jf
我想可能是標簽,在此先感謝。
問題出在模板上。 根據此文檔,模板應采用以下格式(template.json):
{
"if": {
"allOf": [
{
"field": "tags",
"Equals": "ExternalVM"
},
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines/extensions"
},
{
"field": "Microsoft.Compute/virtualMachines/extensions/publisher",
"equals": "Microsoft.Compute"
},
{
"field": "Microsoft.Compute/virtualMachines/extensions/type",
"in": "[parameters(\'notAllowedExtensions\')]"
}
]
},
"then": {
"effect": "deny"
}
}
此外,根據您應用的條件,您的參數文件中的模板需要一個“數組”類型:
{
"notAllowedExtensions": {
"type": "Array",
"metadata": {
"description": "The list of extensions that will be denied. Example: BGInfo, CustomScriptExtension, JsonAADDomainExtension, VMAccessAgent.",
"displayName": "OmsAgentForLinux"
}
}
}
使用此命令執行:
New-AzPolicyDefinition -Name 'Not allowed VM Extensions' -Description 'This policy governs which VM extensions that are explicitly denied.' -Policy 'template.json' -Parameter 'parameters.json'
希望這可以幫助!
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.