将数组分配给对象属性具有“值:'[parameters(\'tag0\')]'`的`policyDefinitions`时,Bicep`for`循环在policySetDefinition上中断
问题描述 投票:0回答:1
当我部署下面的 Bicep 时,资源
policySetDefinition0使用
forpolicySetDefinition2mappolicySetDefinition1forvalue: '[parameters(\'tag0\')]'虽然我有一个使用
mapfortargetScope = 'managementGroup'
var policyDefinitions = [
'DeleteMe - Demo Fail 00'
'DeleteMe - Demo Fail 01'
'DeleteMe - Demo Fail 02'
]
resource policyDefinition 'Microsoft.Authorization/policyDefinitions@2023-04-01' = [
for item in policyDefinitions: {
name: replace(item, ' ', '')
properties: {
parameters: {
tag0: {
type: 'string'
}
tag1: {
type: 'string'
}
}
policyRule: {
if: {
anyof: [
{
field: '[concat(\'tags[\',parameters(\'tag0\'), \']\')]'
exists: 'false'
}
{
field: '[concat(\'tags[\',parameters(\'tag1\'), \']\')]'
exists: 'false'
}
]
}
then: {
effect: 'audit'
}
}
}
}
]
resource policySetDefinition0 'Microsoft.Authorization/policySetDefinitions@2023-04-01' = {
name: 'DeleteMe - Demo Fail'
properties: {
displayName: 'DeleteMe - Demo Fail'
description: 'Demo Fail'
parameters: {
tag0: {
type: 'string'
}
tag1: {
type: 'string'
}
}
policyDefinitions: [
for item in policyDefinitions: {
policyDefinitionReferenceId: 'Audit Tags for ${item}'
policyDefinitionId: managementGroupResourceId(
'Microsoft.Authorization/policyDefinitions',
'${replace(item, ' ', '')}'
)
parameters: {
tag0: {
value: '[parameters(\'tag0\')]'
}
tag1: {
value: '[parameters(\'tag1\')]'
}
}
}
]
}
dependsOn: [policyDefinition]
}
resource policySetDefinition1 'Microsoft.Authorization/policySetDefinitions@2023-04-01' = {
name: 'DeleteMe - Demo Lambda'
properties: {
displayName: 'DeleteMe - Demo Lambda'
description: 'Demo Lambda'
parameters: {
tag0: {
type: 'string'
}
tag1: {
type: 'string'
}
}
policyDefinitions: map(policyDefinitions, policyDefinition => {
policyDefinitionReferenceId: 'Audit Tags for ${policyDefinition}'
policyDefinitionId: managementGroupResourceId(
'Microsoft.Authorization/policyDefinitions',
'${replace(policyDefinition, ' ', '')}'
)
parameters: {
tag0: {
value: '[parameters(\'tag0\')]'
}
tag1: {
value: '[parameters(\'tag1\')]'
}
}
})
}
dependsOn: [policyDefinition]
}
resource policySetDefinition2 'Microsoft.Authorization/policySetDefinitions@2023-04-01' = {
name: 'DeleteMe - Demo Success'
properties: {
displayName: 'DeleteMe - Demo Success'
description: 'Demo Success'
parameters: {
tag0: {
type: 'string'
}
tag1: {
type: 'string'
}
}
policyDefinitions: [
{
policyDefinitionReferenceId: 'Audit Tags for ${policyDefinitions[0]}'
policyDefinitionId: managementGroupResourceId(
'Microsoft.Authorization/policyDefinitions',
'${replace(policyDefinitions[0], ' ', '')}'
)
parameters: {
tag0: {
value: '[parameters(\'tag0\')]'
}
tag1: {
value: '[parameters(\'tag1\')]'
}
}
}
{
policyDefinitionReferenceId: 'Audit Tags for ${policyDefinitions[1]}'
policyDefinitionId: managementGroupResourceId(
'Microsoft.Authorization/policyDefinitions',
'${replace(policyDefinitions[1], ' ', '')}'
)
parameters: {
tag0: {
value: '[parameters(\'tag0\')]'
}
tag1: {
value: '[parameters(\'tag1\')]'
}
}
}
]
}
dependsOn: [policyDefinition]
}
一些 PowerShell 有助于部署。
$deploymentTimestamp = (Get-Date).ToString('yyyyMMdd-HHmmss')
$deploymentParameterSplat = @{
Name = "PolicyDefinitionBatch_$($deploymentTimestamp)"
ManagementGroupId = (Get-AzContext).Tenant.Id
Location = 'East US 2'
TemplateFile = '.\demoFail.bicep'
}
New-AzManagementGroupDeployment @deploymentParameterSplat -Verbose
这是部署结果。
在 Azure 门户中查看的部署模板。
{
"$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"variables": {
"policyDefinitions": [
"DeleteMe - Demo Fail 00",
"DeleteMe - Demo Fail 01",
"DeleteMe - Demo Fail 02"
]
},
"resources": [
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2023-04-01",
"name": "[replace(variables('policyDefinitions')[copyIndex()], ' ', '')]",
"properties": {
"parameters": {
"tag0": {
"type": "string"
},
"tag1": {
"type": "string"
}
},
"policyRule": {
"if": {
"anyof": [
{
"field": "[[concat('tags[',parameters('tag0'), ']')]",
"exists": "false"
},
{
"field": "[[concat('tags[',parameters('tag1'), ']')]",
"exists": "false"
}
]
},
"then": {
"effect": "audit"
}
}
},
"copy": {
"name": "policyDefinition",
"count": "[length(variables('policyDefinitions'))]"
}
},
{
"type": "Microsoft.Authorization/policySetDefinitions",
"apiVersion": "2023-04-01",
"name": "DeleteMe - Demo Fail",
"dependsOn": [
"policyDefinition"
],
"properties": {
"copy": [
{
"name": "policyDefinitions",
"count": "[length(variables('policyDefinitions'))]",
"input": {
"policyDefinitionReferenceId": "[format('Audit Tags for {0}', variables('policyDefinitions')[copyIndex('policyDefinitions')])]",
"policyDefinitionId": "[managementGroupResourceId('Microsoft.Authorization/policyDefinitions', format('{0}', replace(variables('policyDefinitions')[copyIndex('policyDefinitions')], ' ', '')))]",
"parameters": {
"tag0": {
"value": "[[parameters('tag0')]"
},
"tag1": {
"value": "[[parameters('tag1')]"
}
}
}
}
],
"displayName": "DeleteMe - Demo Fail",
"description": "Demo Fail",
"parameters": {
"tag0": {
"type": "string"
},
"tag1": {
"type": "string"
}
}
}
},
{
"type": "Microsoft.Authorization/policySetDefinitions",
"apiVersion": "2023-04-01",
"name": "DeleteMe - Demo Lambda",
"dependsOn": [
"policyDefinition"
],
"properties": {
"displayName": "DeleteMe - Demo Lambda",
"description": "Demo Lambda",
"parameters": {
"tag0": {
"type": "string"
},
"tag1": {
"type": "string"
}
},
"policyDefinitions": "[map(variables('policyDefinitions'), lambda('policyDefinition', createObject('policyDefinitionReferenceId', format('Audit Tags for {0}', lambdaVariables('policyDefinition')), 'policyDefinitionId', managementGroupResourceId('Microsoft.Authorization/policyDefinitions', format('{0}', replace(lambdaVariables('policyDefinition'), ' ', ''))), 'parameters', createObject('tag0', createObject('value', '[parameters(''tag0'')]'), 'tag1', createObject('value', '[parameters(''tag1'')]')))))]"
}
},
{
"type": "Microsoft.Authorization/policySetDefinitions",
"apiVersion": "2023-04-01",
"name": "DeleteMe - Demo Success",
"dependsOn": [
"policyDefinition"
],
"properties": {
"displayName": "DeleteMe - Demo Success",
"description": "Demo Success",
"parameters": {
"tag0": {
"type": "string"
},
"tag1": {
"type": "string"
}
},
"policyDefinitions": [
{
"policyDefinitionReferenceId": "[format('Audit Tags for {0}', variables('policyDefinitions')[0])]",
"policyDefinitionId": "[managementGroupResourceId('Microsoft.Authorization/policyDefinitions', format('{0}', replace(variables('policyDefinitions')[0], ' ', '')))]",
"parameters": {
"tag0": {
"value": "[[parameters('tag0')]"
},
"tag1": {
"value": "[[parameters('tag1')]"
}
}
},
{
"policyDefinitionReferenceId": "[format('Audit Tags for {0}', variables('policyDefinitions')[1])]",
"policyDefinitionId": "[managementGroupResourceId('Microsoft.Authorization/policyDefinitions', format('{0}', replace(variables('policyDefinitions')[1], ' ', '')))]",
"parameters": {
"tag0": {
"value": "[[parameters('tag0')]"
},
"tag1": {
"value": "[[parameters('tag1')]"
}
}
}
]
}
}
]
}
1个回答
0
投票
投票
由于
forpolicySetDefinition0for这是使用 for 循环和 3 Initiative 创建策略定义的正确
bicep codetargetScope = 'subscription'
var policyDefinitions = [
'DeleteMe - Demo Fail 00'
'DeleteMe - Demo Fail 01'
'DeleteMe - Demo Fail 02'
]
resource policyDefinition 'Microsoft.Authorization/policyDefinitions@2023-04-01' = [
for item in policyDefinitions: {
name: replace(item, ' ', '')
properties: {
parameters: {
tagName: {
type: 'string'
defaultValue: 'testing'
}
tagValue: {
type: 'string'
defaultValue: 'production'
}
}
policyRule: {
if: {
anyof: [
{
field: '[concat(\'tags[\', parameters(\'tagName\'), \']\')]'
exists: 'false'
}
{
field: '[concat(\'tags[\', parameters(\'tagValue\'), \']\')]'
exists: 'false'
}
]
}
then: {
effect: 'audit'
}
}
}
}
]
// Define policy set definitions
resource policySetDefinitionFail 'Microsoft.Authorization/policySetDefinitions@2023-04-01' = {
name: 'DeleteMe - Demo Fail'
properties: {
displayName: 'DeleteMe - Demo Fail'
description: 'Demo Fail'
policyDefinitions: [
for item in policyDefinitions: {
policyDefinitionReferenceId: 'Audit Tags for ${item}'
policyDefinitionId: subscriptionResourceId(
'Microsoft.Authorization/policyDefinitions',
replace(item, ' ', '')
)
parameters: {
tagName: {
value: 'testing'
}
tagValue: {
value: 'production'
}
}
}
]
}
dependsOn: [policyDefinition]
}
resource policySetDefinitionLambda 'Microsoft.Authorization/policySetDefinitions@2023-04-01' = {
name: 'DeleteMe - Demo Lambda'
properties: {
displayName: 'DeleteMe - Demo Lambda'
description: 'Demo Lambda'
policyDefinitions: [
for item in policyDefinitions: {
policyDefinitionReferenceId: 'Audit Tags for ${item}'
policyDefinitionId: subscriptionResourceId(
'Microsoft.Authorization/policyDefinitions',
replace(item, ' ', '')
)
parameters: {
tagName: {
value: 'testing'
}
tagValue: {
value: 'production'
}
}
}
]
}
dependsOn: [policyDefinition]
}
resource policySetDefinitionSuccess 'Microsoft.Authorization/policySetDefinitions@2023-04-01' = {
name: 'DeleteMe - Demo Success'
properties: {
displayName: 'DeleteMe - Demo Success'
description: 'Demo Success'
policyDefinitions: [
{
policyDefinitionReferenceId: 'Audit Tags for ${policyDefinitions[0]}'
policyDefinitionId: subscriptionResourceId(
'Microsoft.Authorization/policyDefinitions',
replace(policyDefinitions[0], ' ', '')
)
parameters: {
tagName: {
value: 'testing'
}
tagValue: {
value: 'production'
}
}
}
{
policyDefinitionReferenceId: 'Audit Tags for ${policyDefinitions[1]}'
policyDefinitionId: subscriptionResourceId(
'Microsoft.Authorization/policyDefinitions',
replace(policyDefinitions[1], ' ', '')
)
parameters: {
tagName: {
value: 'testing'
}
tagValue: {
value: 'production'
}
}
}
{
policyDefinitionReferenceId: 'Audit Tags for ${policyDefinitions[2]}'
policyDefinitionId: subscriptionResourceId(
'Microsoft.Authorization/policyDefinitions',
replace(policyDefinitions[2], ' ', '')
)
parameters: {
tagName: {
value: 'testing'
}
tagValue: {
value: 'production'
}
}
}
]
}
dependsOn: [policyDefinition]
}
政策输出
策略定义的创建名称为 DeleteMe-DemoFail00
最新问题
- 在并行模式下运行测试时,Jest/Vitest 输出控制台日志可以不交错吗?
- Pinescript 策略提醒在收市时触发
- 使用网格中逐个字符输入填充 PDF 表单的 Python 脚本失败
- 切换到 postgresql 后 - 连接被对等重置
- 如何在 .net Framework ASP.NET Web 应用程序构建时强制重新安装选定的 nuget 包
- 如何在 Linux 中使用 python VS 代码将终端输出的特定分割保存到文本文件中?
- 三元表达式中的字符串没有被打印
- Terraform 提供商 hashicorp/launch(不存在)
- 获取 OpenPGP 密钥的指纹
- 获取滑块的拇指
- Apache Camel 版本升级 3.20.3 至 4.4.2 - 出现循环依赖问题
- PgPool-II 和 repmgr 自动故障转移
- Azure 耐用功能卡住了
- Rabbitmq 出现 python 错误
- 如何在SQL Server中创建删除前触发器?
- 无法实现嵌套三元表达式以将序数后缀添加到格式化日期中的日期[重复]
- 如何获取 git log --follow 显示二进制文件(如 git diff)的补丁
- EHLLAPI IBM communicator c# Web Api 无法在 IIS 上运行
- 我正在创建一个 bash 脚本来组织“下载”文件夹中的文件,如何使用“For”循环进行迭代
- 在 Windows VM 上注册数据工厂集成运行时时出错
© www.soinside.com 2019 - 2024. All rights reserved.