【发布时间】:2021-11-08 15:56:50
【问题描述】:
我正在尝试使用 Bicep 部署 Azure 策略分配。
resource policy_assignment 'Microsoft.Authorization/policyAssignments@2021-06-01' = {
name: 'my_policy'
location: 'westus'
scope: subscriptionResourceId('Microsoft.Resources/resourceGroups', resourceGroup().name)
identity: {
type: 'UserAssigned'
userAssignedIdentities: {
'/subscriptions/xxxxxxx-xxxxxx-xxxx-xxx/resourceGroups/my-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/mymi': {}
}
}
properties: {
parameters: {
MyParamKey: '/subscriptions/xxxxx-xxx-xxxx-xxx-xxx/resourcegroups/my-rg2/providers/microsoft.network/virtualnetworks/vnetmy/subnets/default'
}
policyDefinitionId: '/subscriptions/xxxxx-xxx-xxxx-xxx-xxx//providers/Microsoft.Authorization/policyDefinitions/my-policy-def'
}
}
当我使用 az bicep build --file .\policy_assignment.bicep 检查时,我收到以下错误:
C:$Path.bicep(4,10) : Error BCP036: The property "scope" expected a value of type "resource | tenant" but the provided value is of type "string".
C:$Path.bicep(13,32) : Warning BCP036: The property "MyParamKey" expected a value of type "ParameterValuesValue" but the provided value is of type "'/subscriptions/xxxxx-xxx/resourcegroups/my-rg2/providers/microsoft.network/virtualnetworks/vnetmy/subnets/default'".
我有两个问题:
- 策略分配范围的定义。
- 赋值参数的定义
我在互联网上找不到太多示例。二头肌策略分配的文档是here。
您知道如何纠正这些错误吗?
【问题讨论】:
-
您好@MoonHorse,我可以知道您要分配的策略是什么吗?是自定义的还是内置的?
-
对于范围你可以设置
scope: resourceGroup()。 -
@AnsumanBal-MT,这是一个自定义策略
-
@Thomas,谢谢,我不再收到范围错误。我现在要修复参数错误
-
这是什么
MyParamKey?
标签: azure azure-policy azure-bicep