【发布时间】:2020-07-22 21:44:24
【问题描述】:
我正在尝试创建 Azure 策略定义,但出现错误。此 JSON 代码取自 Azure 策略“应禁用虚拟机上的 IP 转发”的内置脚本 下面是我的脚本
$Policy=
'{
"properties": {
"displayName": "Disable-IP-Forwarding",
"policyType": "Custom",
"mode": "All",
"description": "Disable-IP-Forwarding-Test.",
"metadata": {
"version": "1.0.1",
"category": "Security Center"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"defaultValue": "AuditIfNotExists"
}
},
"policyRule": {
"if": {
"field": "type",
"in": [
"Microsoft.Compute/virtualMachines",
"Microsoft.ClassicCompute/virtualMachines"
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Security/complianceResults",
"name": "disableIPForwarding",
"existenceCondition": {
"field": "Microsoft.Security/complianceResults/resourceStatus",
"in": [
"Monitored",
"OffByPolicy",
"Healthy"
]
}
}
}
}
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/Disable-IP-Forwarding",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "Disable-IP-Forwarding"
}'
$definition = New-AzPolicyDefinition -Name "Disable-IP-Forwarding" -Description "Disable-IP-Forwarding-Test." -Policy $Policy
https://i.stack.imgur.com/Ttj4w.png https://i.stack.imgur.com/K0JCv.png
我还尝试删除策略规则中的单引号,如 here(click Here)
**错误:删除单引号后**
New-AzPolicyDefinition:InvalidPolicyRule:无法解析策略规则:“在“PolicyRuleDefinition”类型的对象上找不到成员“属性”。路径'属性'。'。 相关 ID:7e754d56-2e8e-4323-8650-ae620bb60573 在 line:70 char:15
- ... efinition = New-AzPolicyDefinition -Name "Disable-IP-Forwarding" ...
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~- CategoryInfo : CloseError: (:) [New-AzPolicyDefinition], ErrorResponseMessageException
- FullyQualifiedErrorId:Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzurePolicyDefinitionCmdlet
【问题讨论】:
标签: json powershell azure-policy