tyconsulting / azurepolicy Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
During testing, "create or update resource diagnostic setting" operation failed. The supported Metric categories are "AllMetrics" and should be updated accordingly.
The azure policy definition is azurepolicy/policy-definitions/resource-diagnostics-settings/log-analytics/azurepolicy.sqlDBs-la.json .These two log categories must be added to the policy else Azure policy compliance evaluation will mark it as non-compliant because the two missing categories are set to "false".
Azure Portal shows 9 log categories, but the API call is sending 11 log categories.
Hi, the above policy has a mistake starting with the parameters on line 88. you copied the parameters from the Log analytics version (it appears). the correct block is below. I hope this helps.
"parameters": {
"diagnosticsSettingNameToUse": {
"type": "string"
},
"resourceName": {
"type": "string"
},
"eventHubName": {
"type": "string"
},
"eventHubAuthorizationRuleId": {
"type": "string"
},
"location": {
"type": "string"
}
},
Applying the CDN policy ist not working because of the following error:
Error code
RemediatedResourceNotFound
Reason
The resource being remediated '/subscriptions//resourcegroups//providers/microsoft.cdn/profiles//endpoints/' could not be retrieved.
Seems like copy-paste for web apps without changing config for bastion.
Below are correct fields for policy definition:
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Network/bastionHosts"
},
Resource type:
"resources": [
{
"type": "Microsoft.Network/bastionHosts/providers/diagnosticSettings",
Log and metrics config:
"metrics": [],
"logs": [
{
"category": "BastionAuditLogs",
"enabled": true
}
I tried using 2018-06-01 but got this error.
Looking at in the API docs diagnosticSettings is only mentioned in 2017-05-01-preview.
Am I the only one having this issue?
Hi, I am trying to use deploy-policyDef.ps1 using
.\deploy.ps1 -managementGroupName "$mgtGroup" -definitionFile "$file"
I do receive following error:
New-AzPolicyDefinition : Cannot validate argument on parameter 'Name'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
At azurepolicydeploy-policyDef.ps1:70 char:44
+ $deployResult = New-AzPolicyDefinition @deployParams
+ CategoryInfo : InvalidData: (:) [New-AzPolicyDefinition], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzurePolicyDefinitionCmdlet
My policy definition looks like this:
{
"properties": {
"name": "xxx",
"displayName": "xxx",
"mode": "Indexed",
"description": "xxx",
"metadata": {
"category": "General"
},
"parameters": {
"regions": {
"type": "Array",
"metadata": {
"description": "The list of locations that can be specified when deploying resources.",
"strongType": "location",
"displayName": "Allowed locations"
},
"defaultValue": ["westeurope", "northeurope"]
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Audit",
"Deny"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "location",
"notIn": "[parameters('regions')]"
},
{
"field": "location",
"notEquals": "global"
},
{
"field": "type",
"notEquals": "Microsoft.AzureActiveDirectory/b2cDirectories"
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
}
}
}
Encountered following error, while creating new policy defining:
The script is here:
t1.txt
Hi Tao,
Great work putting together this great resource!
I'd really love to use some of these policy definitions, but I'm not sure what license they're under.
Could you release these as a Apache 2, MIT or BSD?
Thanks!
Carl
Great policies, just one note regarding existence condition. Due to lack of metrics in diagnostics logs we dont export metrics at all and disable them. However the existence condition checks if metrics are True, even if parameters is set to false. So it will just never be compliant because metrics is never enabled.
Existence condition should check same as parameter input
Noticed in https://github.com/tyconsulting/azurepolicy/pull/24/files that initiative-definitions/resource-diagnostics-settings/*
had been removed. This is intention?
Using deploy-policySetDef.ps1
becomes tedious
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.