0

在尝试使用 Azure powershell 创建新的策略定义时,会引发以下异常,请让我知道 cmdlet 或定义文件中是否存在错误。

New-AzPolicyDefinition:解析值时遇到意外字符:<。路径'',第 0 行,位置 0。在第 1 行 char:15 + ... efinition = New-AzPolicyDefinition -Name "application-role-tag" -Disp ... + ~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : CloseError: (:) [New-AzPolicyDefinition], JsonReaderException + FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzurePolicyDefinitionCmdlet

我使用了以下命令,策略定义和参数定义是从 azure devops (git) 存储库中引用的,

$definition = New-AzPolicyDefinition -Name "application-role-tag" -DisplayName "Allow resource creation if Application Role tag value in allowed values" -description "Allows resource creation if the Application Role tag is set to one of the following values: webServer, appServer, data." -Policy 'https://company.visualstudio.com/DefaultCollection/Gullfoss/_git/Azure Governance?path=/Policies/Tags/application-role-tag/azurepolicy.rules.json' -Parameter 'https://company.visualstudio.com/DefaultCollection/Gullfoss/_git/Azure Governance?path=/Policies/Tags/application-role-tag/azurepolicy.parameters.json' -Mode Indexed

策略定义文件:

{
    "properties": {
      "displayName": "Allow resource creation if 'application role' tag value in allowed values",
       "policyType": "Custom",
       "mode": "Indexed",
       "description": "Allows resource creation if the 'application role' tag is set to one of the following values: webserver, appserver, data, gateway, messageBroker.",
       "parameters": {},
       "policyRule": {
          "if": {
             "not": {
                "field": "tags['applicationRole']",
                "in": [
                   "webServer",
                   "appServer"                  
                ]
             }
          },
          "then": {
             "effect": "audit"
          }
       }
    }
 }

策略参数定义:

{
    "parameters": {}
}
4

1 回答 1

0

我错误地引用了网页 url,而不是使用 DevOps REST API 获取文件内容。获取文件内容的url如下:

https://dev.azure.com/{organization}/{project}/_apis/sourceProviders/{providerName}/filecontents?repository={repository}&commitOrBranch={commitOrBranch}&path={path}&api-version=5.1-preview.1

{providerName}:tfsgit 或 tfvs {commitOrBranch}:分支的名称,例如 'master'

于 2020-02-05T09:08:55.853 回答