政策不允许的请求
Request Disallowed By Policy
我正在 Microsoft Azure 上执行此练习中提到的步骤,给出下面的练习 link:
Azure Developer League: Secure Azure Kubernetes Cluster
我卡在下面的代码里了。
当我 运行 Azure Cloud shell(沙箱)中的此代码时,如该课程中给出的步骤所述:
export DATABASE_NAME=contoso-ship-manager-$RANDOM && \
az cosmosdb create \
-n $DATABASE_NAME \
-g $RESOURCE_GROUP \
--kind MongoDB \
--enable-free-tier
或此代码:
export DATABASE_NAME=contoso-ship-manager-$RANDOM && az cosmosdb create --name $DATABASE_NAME --resource-group $RESOURCE_GROUP --subscription "Concierge Subscription"
每当我 运行 以上代码中的任何一个时,我都会收到此错误:
(RequestDisallowedByPolicy) Resource 'contoso-ship-manager-17984' was
disallowed by policy. Policy identifiers:
'[{"policyAssignment":{"name":"containers-assignment","id":"/providers/Microsoft.Management/managementGroups/eab64c3d-95b6-9f1f-755f-9f8578c31e45/providers/Microsoft.Authorization/policyAssignments/containers-assignment"},"policyDefinition":{"name":"Allowed
resource
types","id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c"},"policySetDefinition":{"name":"containers-initiative","id":"/providers/Microsoft.Management/managementGroups/learn-sandbox-prod/providers/Microsoft.Authorization/policySetDefinitions/containers-initiative"}}]'.
Additional Information:Type: PolicyViolation Info: {
"policyDefinitionDisplayName": "Allowed resource types",
"policySetDefinitionDisplayName": "containers-initiative",
"evaluationDetails": {
"evaluatedExpressions": [
{
"result": "False",
"expressionKind": "Field",
"expression": "type",
"path": "type",
"expressionValue": "Microsoft.DocumentDB/databaseAccounts",
"targetValue": [
"microsoft.compute/virtualmachinescalesets",
"Microsoft.ContainerInstance/containerGroups",
"microsoft.containerregistry/registries",
"microsoft.containerregistry/registries/replications",
"microsoft.containerservice/managedclusters",
"microsoft.insights/components",
"microsoft.keyvault/vaults",
"Microsoft.MachineLearningServices/workspaces",
"Microsoft.MachineLearningServices/workspaces/datastores",
"microsoft.managedidentity/userassignedidentities",
"microsoft.network/applicationgateways",
"microsoft.network/dnszones",
"Microsoft.Network/dnszones/A",
"Microsoft.Network/dnszones/AAA",
"Microsoft.Network/dnszones/all",
"Microsoft.Network/dnszones/CAA",
"Microsoft.Network/dnszones/CNAME",
"Microsoft.Network/dnszones/MX",
"Microsoft.Network/dnszones/NS",
"Microsoft.Network/dnszones/PTR",
"Microsoft.Network/dnszones/recordsets",
"Microsoft.Network/dnszones/SOA",
"Microsoft.Network/dnszones/SRV",
"Microsoft.Network/dnszones/TXT",
"microsoft.network/loadbalancers",
"microsoft.network/networksecuritygroups",
"microsoft.network/privatednszones",
"microsoft.network/privatednszones/virtualnetworklinks",
"microsoft.network/privateendpoints",
"microsoft.network/publicipaddresses",
"microsoft.network/routetables",
"microsoft.network/virtualnetworks",
"microsoft.operationsmanagement/solutions",
"microsoft.operationalinsights/workspaces",
"Microsoft.Storage/storageAccounts",
"Microsoft.Storage/storageAccounts/blobServices",
"Microsoft.Storage/storageAccounts/fileServices",
"Microsoft.Storage/storageAccounts/queueServices",
"Microsoft.Storage/storageAccounts/tableServices",
"Microsoft.Storage/storageAccounts/blobServices/containers",
"Microsoft.Storage/storageAccounts/fileServices/shares",
"microsoft.web/connections"
],
"operator": "In"
}
]
},
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c",
"policySetDefinitionId": "/providers/Microsoft.Management/managementGroups/learn-sandbox-prod/providers/Microsoft.Authorization/policySetDefinitions/containers-initiative",
"policyDefinitionReferenceId": "allowed-resource-types_1",
"policySetDefinitionName": "containers-initiative",
"policyDefinitionName": "a08ec900-254a-4555-9bf5-e42af04b5c5c",
"policyDefinitionEffect": "deny",
"policyAssignmentId": "/providers/Microsoft.Management/managementGroups/eab64c3d-95b6-9f1f-755f-9f8578c31e45/providers/Microsoft.Authorization/policyAssignments/containers-assignment",
"policyAssignmentName": "containers-assignment",
"policyAssignmentScope": "/providers/Microsoft.Management/managementGroups/eab64c3d-95b6-9f1f-755f-9f8578c31e45"
}
我从过去 2 天开始尝试这个,但总是再次出现同样的错误。
我能做什么?
请帮帮我。
如有任何帮助,我们将不胜感激。
您收到此错误的原因是您正在创建 Cosmos DB
resource/database 并且您的订阅管理员设置了不允许创建此类资源的策略。
您需要联系您的订阅管理员,以便他们可以更改策略以允许创建 Cosmos DB 资源。
阅读来自 here
的更多内容
我正在 Microsoft Azure 上执行此练习中提到的步骤,给出下面的练习 link:
Azure Developer League: Secure Azure Kubernetes Cluster
我卡在下面的代码里了。
当我 运行 Azure Cloud shell(沙箱)中的此代码时,如该课程中给出的步骤所述:
export DATABASE_NAME=contoso-ship-manager-$RANDOM && \
az cosmosdb create \
-n $DATABASE_NAME \
-g $RESOURCE_GROUP \
--kind MongoDB \
--enable-free-tier
或此代码:
export DATABASE_NAME=contoso-ship-manager-$RANDOM && az cosmosdb create --name $DATABASE_NAME --resource-group $RESOURCE_GROUP --subscription "Concierge Subscription"
每当我 运行 以上代码中的任何一个时,我都会收到此错误:
(RequestDisallowedByPolicy) Resource 'contoso-ship-manager-17984' was disallowed by policy. Policy identifiers: '[{"policyAssignment":{"name":"containers-assignment","id":"/providers/Microsoft.Management/managementGroups/eab64c3d-95b6-9f1f-755f-9f8578c31e45/providers/Microsoft.Authorization/policyAssignments/containers-assignment"},"policyDefinition":{"name":"Allowed resource types","id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c"},"policySetDefinition":{"name":"containers-initiative","id":"/providers/Microsoft.Management/managementGroups/learn-sandbox-prod/providers/Microsoft.Authorization/policySetDefinitions/containers-initiative"}}]'. Additional Information:Type: PolicyViolation Info: { "policyDefinitionDisplayName": "Allowed resource types", "policySetDefinitionDisplayName": "containers-initiative", "evaluationDetails": { "evaluatedExpressions": [ { "result": "False", "expressionKind": "Field", "expression": "type", "path": "type", "expressionValue": "Microsoft.DocumentDB/databaseAccounts", "targetValue": [ "microsoft.compute/virtualmachinescalesets", "Microsoft.ContainerInstance/containerGroups", "microsoft.containerregistry/registries", "microsoft.containerregistry/registries/replications", "microsoft.containerservice/managedclusters", "microsoft.insights/components", "microsoft.keyvault/vaults", "Microsoft.MachineLearningServices/workspaces", "Microsoft.MachineLearningServices/workspaces/datastores", "microsoft.managedidentity/userassignedidentities", "microsoft.network/applicationgateways", "microsoft.network/dnszones", "Microsoft.Network/dnszones/A", "Microsoft.Network/dnszones/AAA", "Microsoft.Network/dnszones/all", "Microsoft.Network/dnszones/CAA", "Microsoft.Network/dnszones/CNAME", "Microsoft.Network/dnszones/MX", "Microsoft.Network/dnszones/NS", "Microsoft.Network/dnszones/PTR", "Microsoft.Network/dnszones/recordsets", "Microsoft.Network/dnszones/SOA", "Microsoft.Network/dnszones/SRV", "Microsoft.Network/dnszones/TXT", "microsoft.network/loadbalancers", "microsoft.network/networksecuritygroups", "microsoft.network/privatednszones", "microsoft.network/privatednszones/virtualnetworklinks", "microsoft.network/privateendpoints", "microsoft.network/publicipaddresses", "microsoft.network/routetables", "microsoft.network/virtualnetworks", "microsoft.operationsmanagement/solutions", "microsoft.operationalinsights/workspaces", "Microsoft.Storage/storageAccounts", "Microsoft.Storage/storageAccounts/blobServices", "Microsoft.Storage/storageAccounts/fileServices", "Microsoft.Storage/storageAccounts/queueServices", "Microsoft.Storage/storageAccounts/tableServices", "Microsoft.Storage/storageAccounts/blobServices/containers", "Microsoft.Storage/storageAccounts/fileServices/shares", "microsoft.web/connections" ], "operator": "In" } ] }, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c", "policySetDefinitionId": "/providers/Microsoft.Management/managementGroups/learn-sandbox-prod/providers/Microsoft.Authorization/policySetDefinitions/containers-initiative", "policyDefinitionReferenceId": "allowed-resource-types_1", "policySetDefinitionName": "containers-initiative", "policyDefinitionName": "a08ec900-254a-4555-9bf5-e42af04b5c5c", "policyDefinitionEffect": "deny", "policyAssignmentId": "/providers/Microsoft.Management/managementGroups/eab64c3d-95b6-9f1f-755f-9f8578c31e45/providers/Microsoft.Authorization/policyAssignments/containers-assignment", "policyAssignmentName": "containers-assignment", "policyAssignmentScope": "/providers/Microsoft.Management/managementGroups/eab64c3d-95b6-9f1f-755f-9f8578c31e45" }
我从过去 2 天开始尝试这个,但总是再次出现同样的错误。 我能做什么?
请帮帮我。
如有任何帮助,我们将不胜感激。
您收到此错误的原因是您正在创建 Cosmos DB resource/database 并且您的订阅管理员设置了不允许创建此类资源的策略。
您需要联系您的订阅管理员,以便他们可以更改策略以允许创建 Cosmos DB 资源。
阅读来自 here
的更多内容