Bicep:azure 策略分配范围
Bicep: azure policy assignment scope
我正在尝试使用 Bicep 部署 Azure Policy Assignment。
resource policy_assignment 'Microsoft.Authorization/policyAssignments@2021-06-01' = {
name: 'my_policy'
location: 'westus'
scope: subscriptionResourceId('Microsoft.Resources/resourceGroups', resourceGroup().name)
identity: {
type: 'UserAssigned'
userAssignedIdentities: {
'/subscriptions/xxxxxxx-xxxxxx-xxxx-xxx/resourceGroups/my-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/mymi': {}
}
}
properties: {
parameters: {
MyParamKey: '/subscriptions/xxxxx-xxx-xxxx-xxx-xxx/resourcegroups/my-rg2/providers/microsoft.network/virtualnetworks/vnetmy/subnets/default'
}
policyDefinitionId: '/subscriptions/xxxxx-xxx-xxxx-xxx-xxx//providers/Microsoft.Authorization/policyDefinitions/my-policy-def'
}
}
当我用 az bicep build --file .\policy_assignment.bicep 检查它时,我得到以下错误:
C:$Path.bicep(4,10) : Error BCP036: The property "scope" expected a value of type "resource | tenant" but the provided value is of type "string".
C:$Path.bicep(13,32) : Warning BCP036: The property "MyParamKey" expected a value of type "ParameterValuesValue" but the provided value is of type "'/subscriptions/xxxxx-xxx/resourcegroups/my-rg2/providers/microsoft.network/virtualnetworks/vnetmy/subnets/default'".
我有两个问题:
- 政策分配范围的定义。
- 赋值参数的定义
我在互联网上找不到太多示例。 Bicep 策略分配的文档是 here。
你知道我该如何纠正这些错误吗?
这种资源类型很可能希望参数值包装在具有 value 的对象中,例如 :
parameters: {
MyParamKey: {
value: '/subscriptions/xxxxx-xxx-xxxx-xxx-xxx/resourcegroups/my-rg2/providers/microsoft.network/virtualnetworks/vnetmy/subnets/default'
}
}
有some other use cases个这样的。
编辑:如@Thomas 所述,范围应称为 scope: resourceGroup(),因为这是由您的客户端使用 Bicep 正在等待的正确类型动态检索的。
我正在尝试使用 Bicep 部署 Azure Policy Assignment。
resource policy_assignment 'Microsoft.Authorization/policyAssignments@2021-06-01' = {
name: 'my_policy'
location: 'westus'
scope: subscriptionResourceId('Microsoft.Resources/resourceGroups', resourceGroup().name)
identity: {
type: 'UserAssigned'
userAssignedIdentities: {
'/subscriptions/xxxxxxx-xxxxxx-xxxx-xxx/resourceGroups/my-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/mymi': {}
}
}
properties: {
parameters: {
MyParamKey: '/subscriptions/xxxxx-xxx-xxxx-xxx-xxx/resourcegroups/my-rg2/providers/microsoft.network/virtualnetworks/vnetmy/subnets/default'
}
policyDefinitionId: '/subscriptions/xxxxx-xxx-xxxx-xxx-xxx//providers/Microsoft.Authorization/policyDefinitions/my-policy-def'
}
}
当我用 az bicep build --file .\policy_assignment.bicep 检查它时,我得到以下错误:
C:$Path.bicep(4,10) : Error BCP036: The property "scope" expected a value of type "resource | tenant" but the provided value is of type "string".
C:$Path.bicep(13,32) : Warning BCP036: The property "MyParamKey" expected a value of type "ParameterValuesValue" but the provided value is of type "'/subscriptions/xxxxx-xxx/resourcegroups/my-rg2/providers/microsoft.network/virtualnetworks/vnetmy/subnets/default'".
我有两个问题:
- 政策分配范围的定义。
- 赋值参数的定义
我在互联网上找不到太多示例。 Bicep 策略分配的文档是 here。
你知道我该如何纠正这些错误吗?
这种资源类型很可能希望参数值包装在具有 value 的对象中,例如 :
parameters: {
MyParamKey: {
value: '/subscriptions/xxxxx-xxx-xxxx-xxx-xxx/resourcegroups/my-rg2/providers/microsoft.network/virtualnetworks/vnetmy/subnets/default'
}
}
有some other use cases个这样的。
编辑:如@Thomas 所述,范围应称为 scope: resourceGroup(),因为这是由您的客户端使用 Bicep 正在等待的正确类型动态检索的。