0

我很难通过 Azure Pipelines 处理这些策略和部署。现在它type已经被定义了。

我使用 Azure 策略部署模板(创建和分配任务都有版本 3)错误消息:

InvalidRequestContent :请求内容无效,无法反序列化:'在'PolicyParameter'类型的对象上找不到成员'type'。路径“properties.parameters.envValue.type”,第 9 行,位置 15。

教授 在此处输入图像描述

我的参数文件有什么问题?

{
  "envValue": {
    "type": "String",
    "metadata": {
      "displayName": "Tag Value",
      "description": "Deployment Environment of the resource"
    },
    "defaultValue": "Dev",
    "allowedValues": [
      "Dev",
      "Qas",
      "prd"
    ]
  }
}

我的分配任务:

# Input variables: set these values in the variables section of the release pipeline

#   AssignmentName        - [required] Policy assignment name
#   AssignmentDisplayName - [optional] Policy assignment display name
#   AssignmentDescription - [optional] Policy assignment description
#   PolicyName            - [optional] Name of policy definition to assign
#   PolicySetName         - [optional] Name of policy set definition to assign
#   ResourceGroupName     - [optional] Name of resource group the policy [set] definition will be applied to
#   SubscriptionId        - [optional] Id of subscription the policy [set] definition will be applied to
#   ManagementGroupName   - [optional] Name of management group the policy [set] definition will be applied to
#  PolicyParameters      - [optional] Policy parameter values in JSON string format

# Notes:
#   Refer to https://docs.microsoft.com/en-us/azure/azure-policy/ for documentation on the Powershell cmdlets and the JSON input formats

$assignmentName = "$(AssignmentName)"
$assignmentDisplayName = "$(AssignmentDisplayName)"
$assignmentDescription = "$(AssignmentDescription)"
$policyName = "$(PolicyName)"
$policySetName = "$(PolicySetName)"
$resourceGroupName = "$(ResourceGroupName)"
$subscriptionId = "$(SubscriptionId)"
$managementGroupName = "$(managementGroupName)"
$policyParameters = "$(PolicyParameters)"

if (!$assignmentName)
{
    throw "Unable to create policy assignment: required input variable value `$(AssignmentName) was not provided"
}

if (!$policyName -and !$policySetName)
{
    throw "Unable to create policy assignment: neither `$(PolicyName) nor `$(PolicySetName) was provided. One or the other must be provided."
}

if ($policyName -and $policySetName)
{
    throw "Unable to create policy assignment: `$(PolicyName) '$policyName' and `$(PolicySetName) '$policySetName' were both provided. Either may be provided, but not both."
}

if ($subscriptionId -and $managementGroupName)
{
    throw "Unable to create policy assignment: `$(SubscriptionId) '$subscriptionId' and `$(ManagementGroupName) '$managementGroupName' were both provided. Either may be provided, but not both."
}

if ($managementGroupName -and $resourceGroupName)
{
    throw "Unable to create policy assignment: `$(ManagementGroupName) '$managementGroupName' and `$(ResourceGroupName) '$resourceGroupName' were both provided. Either may be provided, but not both."
}

if ($managementGroupName)
{
    $scope = "/providers/Microsoft.Management/managementGroups/$managementGroupName"
    $searchParameters = @{ManagementGroupName=$managementGroupName}
}
else
{
    if (!$subscriptionId)
    {
        $subscription = Get-AzureRmContext | Select-Object -Property Subscription
        $subscriptionId = $subscription.Id
    }

    $scope = "/subscriptions/$subscriptionId"
    $searchParameters = @{SubscriptionId=$subscriptionId}

    if ($resourceGroupName)
    {
        $scope += "/resourceGroups/$resourceGroupName"
    }
}

$cmdletParameters = @{Name=$assignmentName; Scope=$scope}
if ($assignmentDisplayName)
{
    $cmdletParameters += @{DisplayName=$assignmentDisplayName}
}

if ($assignmentDescription)
{
    $cmdletParameters += @{Description=$assignmentDescription}
}

if ($policyName)
{
    $policyDefinition = Get-AzureRmPolicyDefinition @searchParameters | Where-Object { $_.Name -eq $policyName }
    if (!$policyDefinition)
    {
        throw "Unable to create policy assignment: policy definition $policyName does not exist"
    }

    $cmdletParameters += @{PolicyDefinition=$policyDefinition}
}

if ($policySetName)
{
    $policySetDefinition = Get-AzureRmPolicySetDefinition @searchParameters | Where-Object { $_.Name -eq $policySetName }
    if (!$policySetDefinition)
    {
        throw "Unable to create policy assignment: policy set definition $policySetName does not exist"
    }

    $cmdletParameters += @{PolicySetDefinition=$policySetDefinition}
}

if ($policyParameters)
{
    $cmdletParameters += @{PolicyParameter=$policyParameters}
}

&New-AzureRmPolicyAssignment @cmdletParameters
4

2 回答 2

0

看起来创建您的策略定义任务已成功,这意味着您的参数和规则应该已经建立。问题出在分配时,这意味着您可能将非字符串格式的策略参数发送到管道。

于 2020-02-14T23:27:58.177 回答
0

有点晚了,但我今天碰到了这个。您的分配参数文件应如下所示:

{
 "envValue":{
    "value": "Dev"
  }
}

您传递的是参数定义,而不是实际参数。遵循与 ARM 模板相同的模式。

于 2020-06-16T00:50:17.070 回答