1

我正在尝试在内置的允许位置 Azure 策略中使用。

在我的 ARM 模板定义下方

{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "listOfAllowedLocations": {
            "type": "Array"
        }
    },
    "variables": {},
    "resources": [{
        "type": "Microsoft.Authorization/policyDefinitions",
        "name": "Test",
        "apiVersion": "2018-03-01",
        "properties": {
            "displayName": "Test allowed locations",
            "policyType": "BuiltIn",
            "description": "This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements.",
            "parameters": {
                "listOfAllowedLocations": {
                    "type": "Array",
                    "metadata": {
                        "description": "The list of locations that can be specified when deploying resources.",
                        "strongType": "location",
                        "displayName": "Allowed locations"
                    }
                }
            },
            "policyRule": {
                "if": {
                    "not": {
                        "field": "location",
                        "in": "[parameters('listOfAllowedLocations')]"
                    }
                },
                "then": {
                    "effect": "Deny"
                }
            }
        }
    }],
    "outputs": {}
}

当我尝试使用 Visual Studio 部署选项进行部署时出现以下错误

{
"error": {
"code": "InvalidPolicyUri",
"message": "The policy request scope '/subscriptions/xxx/resourcegroups/Test' should be '/', '/subscriptions/id' or '/providers/Microsoft.Management/managementGroups/id'."
 }
}

如果有人能指导我使用 Visual Studio 部署策略的正确方法,我将不胜感激。一旦在 VS 部署测试中成功,此模板将在稍后进入 DevOps 发布管道。

4

1 回答 1

1

我想到了。默认情况下,Visual Studio 使用资源组部署,这就是它不起作用的原因。我们需要使用 New-AzureRmDeployment 而不是 New-AzureRmResourceGroupDeployment。

于 2018-11-30T02:32:18.057 回答