Sac*_*lia 5 azure azure-policy
我目前正在尝试了解 Azure 政策。我想我已经了解了别名,但我无法理解在哪里可以找到 ExistenceCondition equals 字段的正确值
我应用的政策规则:
"if":{
"allOf":[
{
"field":"type",
"equals":"Microsoft.Insights/metricalerts"
},
{
"field":"Microsoft.Insights/metricalerts/enabled",
"equals":"true"
},
{
"field":"Microsoft.Insights/metricalerts/actions[*]",
"less":"1"
}
]
}
ExistenceConditionpolicyRule与控制方向相反。在策略规则中,仅当条件为真时才继续。ExistenceCondition 仅当条件为假时才继续。在下面的示例中,policyRule您仅过滤 storageAccount,然后继续。仅当条件为 false (deleteRetentionPolicy.enabled ==false) 时才会进行部署,因此它会继续进行部署。所以一旦部署完成,它将是deleteRetentionPolicy.enabled ==true
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Storage/storageAccounts"
},
{
"field": "kind",
"in": [
"Storage",
"StorageV2",
"BlobStorage",
"BlockBlobStorage"
]
}
]
},
"then": {
"effect": "DeployIfNotExists",
"details": {
"type": "Microsoft.Storage/storageAccounts/blobServices",
"existenceCondition": {
"field": "Microsoft.Storage/storageAccounts/blobServices/default.deleteRetentionPolicy.enabled",
"equals": true
},
看这个例子:
"details": {
"type": "Microsoft.Compute/virtualMachines/extensions",
"existenceCondition": {
"allOf": [{
"field": "Microsoft.Compute/virtualMachines/extensions/publisher",
"equals": "[parameters('publisher')]"
},
{
"field": "Microsoft.Compute/virtualMachines/extensions/type",
"equals": "[parameters('type')]"
}
]
}
}
ExistingCondition使用策略语言元素(例如逻辑运算符)来确定是否存在匹配的相关资源。在此示例中,针对每个别名检查的值在参数中定义。
| 归档时间: |
|
| 查看次数: |
7193 次 |
| 最近记录: |