使用 Powershell 部署 Azure Policy
Azure Policy Deploying using Powershell
我正在通过 powershell 部署拒绝策略并收到以下错误
New-AzPolicyDefinition : InvalidPolicyRule : Failed to parse policy rule: 'Could not find member 'properties' on object of type
'PolicyRuleDefinition'. Path 'properties'.'.
我使用的代码是:
1New-AzPolicyDefinition
-name 'externalDeny'
-Policy 'C:\tmp\denyoms-temp.json'
-参数'C:\tmp\denyoms-param.json'`
策略模板如下。
模板文件 - https://pastebin.com/embed_js/HrjUWrvf
参数 - https://pastebin.com/embed_js/QxEX92jf
我想这可能是标签,在此先感谢。
模板有问题。根据这个documentation,模板应该是这样的格式(template.json):
{
"if": {
"allOf": [
{
"field": "tags",
"Equals": "ExternalVM"
},
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines/extensions"
},
{
"field": "Microsoft.Compute/virtualMachines/extensions/publisher",
"equals": "Microsoft.Compute"
},
{
"field": "Microsoft.Compute/virtualMachines/extensions/type",
"in": "[parameters(\'notAllowedExtensions\')]"
}
]
},
"then": {
"effect": "deny"
}
}
此外,您的参数文件中有一个小改动,根据您应用的条件,模板需要 "Array" 类型:
{
"notAllowedExtensions": {
"type": "Array",
"metadata": {
"description": "The list of extensions that will be denied. Example: BGInfo, CustomScriptExtension, JsonAADDomainExtension, VMAccessAgent.",
"displayName": "OmsAgentForLinux"
}
}
}
使用这条命令执行:
New-AzPolicyDefinition -Name 'Not allowed VM Extensions' -Description 'This policy governs which VM extensions that are explicitly denied.' -Policy 'template.json' -Parameter 'parameters.json'
希望对您有所帮助!
我正在通过 powershell 部署拒绝策略并收到以下错误
New-AzPolicyDefinition : InvalidPolicyRule : Failed to parse policy rule: 'Could not find member 'properties' on object of type
'PolicyRuleDefinition'. Path 'properties'.'.
我使用的代码是:
1New-AzPolicyDefinition
-name 'externalDeny'
-Policy 'C:\tmp\denyoms-temp.json'
-参数'C:\tmp\denyoms-param.json'`
策略模板如下。
模板文件 - https://pastebin.com/embed_js/HrjUWrvf 参数 - https://pastebin.com/embed_js/QxEX92jf
我想这可能是标签,在此先感谢。
模板有问题。根据这个documentation,模板应该是这样的格式(template.json):
{
"if": {
"allOf": [
{
"field": "tags",
"Equals": "ExternalVM"
},
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines/extensions"
},
{
"field": "Microsoft.Compute/virtualMachines/extensions/publisher",
"equals": "Microsoft.Compute"
},
{
"field": "Microsoft.Compute/virtualMachines/extensions/type",
"in": "[parameters(\'notAllowedExtensions\')]"
}
]
},
"then": {
"effect": "deny"
}
}
此外,您的参数文件中有一个小改动,根据您应用的条件,模板需要 "Array" 类型:
{
"notAllowedExtensions": {
"type": "Array",
"metadata": {
"description": "The list of extensions that will be denied. Example: BGInfo, CustomScriptExtension, JsonAADDomainExtension, VMAccessAgent.",
"displayName": "OmsAgentForLinux"
}
}
}
使用这条命令执行:
New-AzPolicyDefinition -Name 'Not allowed VM Extensions' -Description 'This policy governs which VM extensions that are explicitly denied.' -Policy 'template.json' -Parameter 'parameters.json'
希望对您有所帮助!