在尝试使用 Azure powershell 创建新的策略定义时,会引发以下异常,请让我知道 cmdlet 或定义文件中是否存在错误。
New-AzPolicyDefinition:解析值时遇到意外字符:<。路径'',第 0 行,位置 0。在第 1 行 char:15 + ... efinition = New-AzPolicyDefinition -Name "application-role-tag" -Disp ... + ~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : CloseError: (:) [New-AzPolicyDefinition], JsonReaderException + FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzurePolicyDefinitionCmdlet
我使用了以下命令,策略定义和参数定义是从 azure devops (git) 存储库中引用的,
$definition = New-AzPolicyDefinition -Name "application-role-tag" -DisplayName "Allow resource creation if Application Role tag value in allowed values" -description "Allows resource creation if the Application Role tag is set to one of the following values: webServer, appServer, data." -Policy 'https://company.visualstudio.com/DefaultCollection/Gullfoss/_git/Azure Governance?path=/Policies/Tags/application-role-tag/azurepolicy.rules.json' -Parameter 'https://company.visualstudio.com/DefaultCollection/Gullfoss/_git/Azure Governance?path=/Policies/Tags/application-role-tag/azurepolicy.parameters.json' -Mode Indexed
策略定义文件:
{
"properties": {
"displayName": "Allow resource creation if 'application role' tag value in allowed values",
"policyType": "Custom",
"mode": "Indexed",
"description": "Allows resource creation if the 'application role' tag is set to one of the following values: webserver, appserver, data, gateway, messageBroker.",
"parameters": {},
"policyRule": {
"if": {
"not": {
"field": "tags['applicationRole']",
"in": [
"webServer",
"appServer"
]
}
},
"then": {
"effect": "audit"
}
}
}
}
策略参数定义:
{
"parameters": {}
}