我正在尝试编写我的第一个 Azure Policy。
我希望它审核我的虚拟机,其中名称以 -tr-sa-vm 结尾,以查看它们是否在允许的 vmSKU 内。我认为以下内容会起作用,但它说 Compliant 100% 0 out of 0. 谁能帮我理解为什么它不起作用以及如何使它起作用?
{
"properties": {
"displayName": "TR - Allowed VM Sizes",
"policyType": "Custom",
"mode": "All",
"metadata": {
"category": "Compute",
"createdBy": "0dcf9e6c-b717-485b-8704-a0695cd10be7",
"createdOn": "2020-04-29T19:38:39.486075Z",
"updatedBy": null,
"updatedOn": null
},
"parameters": {
"listOfAllowedSKUs": {
"type": "Array",
"metadata": {
"displayName": "Allowed SKUs",
"description": "The list of SKUs that can be specified for TR virtual machines.",
"strongType": "vmSKUs"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"field": "name",
"like": "*-tr-sa-vm"
},
{
"not": {
"field": "Microsoft.Compute/virtualMachines/sku.name",
"in": "[parameters('listOfAllowedSKUs')]"
}
}
]
},
"then": {
"effect": "audit"
}
}
},
"id": "/subscriptions/c8387722-df99-4ac4-9e19-682e684b048d/providers/Microsoft.Authorization/policyDefinitions/44fd80d7-569a-416e-92ee-be2a5b56e9fd",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "44fd80d7-569a-416e-92ee-be2a5b56e9fd"
}
预期结果:假设我有 200 台虚拟机,其中 100 台的名称以 -tr-sa-vm 结尾 如果这 100 台中目前有 30 台没有允许的 sku.name,那么我希望看到它说100个中有30个不合规。