我对策略的 arm 部署感到非常困惑,我希望有人可以帮助我解决这个问题。
我想制定一项政策,根据他们的 Sku.name 拒绝数据库部署。
对,不,我想允许创建它们是standard
或的数据库Basic
,并拒绝所有其他 sku。
我有这个json
配置,但它部分工作。
{
"properties": {
"displayName": "Not allowed resource types",
"policyType": "BuiltIn",
"mode": "All",
"description": "This policy enables you to specify the resource types that your organization cannot deploy.",
"parameters": {
"listOfAllowedSKUs": {
"type": "Array",
"metadata": {
"description": "The list of resource types that cannot be deployed.",
"displayName": "Not allowed resource types",
"strongType": "resourceTypes"
}
}
},
"policyRule": {
"if": {
"field": "type",
"in": "[parameters('listOfAllowedSKUs')]"
},
"then": {
"effect": "Deny"
}
}
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "6c112d4e-5bc7-47ae-a041-ea2d9dccd749"
}
参数:
{
"listOfAllowedSKUs": {
"type": "Array",
"allowedValues": [
"Standard",
"Basic"
],
"metadata": {
"displayName": "Allowed SKUs",
"description": "The list of SKUs that can be specified for databases."
}
}
}
和规则:
{
"if": {
"not": {
"field": "Microsoft.Sql/servers/databases/sku.name",
"in": "[parameters('listOfAllowedSKUs')]"
}
},
"then": {
"effect": "deny"
}
}
当我部署此策略时,我只能部署基本 Sku,而所有其他(包括标准)都被拒绝。
我怎样才能允许同时创建Basic
and Standard
?
非常感谢愿意花费宝贵时间帮助我理解这一点的人。