在Azure策略“允许的资源类型”中,您可以提供资源类型数组。当我想要允许SQL弹性池时,我还需要包括SQL弹性池的所有子类型。
我想用途:
'Microsoft.Sql/servers/elasticpools/*'
'Microsoft.Sql/servers/elasticPools/advisors/*'
'Microsoft.Sql/servers/elasticpools/elasticpool/advisors/*'
'microsoft.web/serverfarms/*
'microsoft.web/sites/*
但这行不通。
我们现在用途:
'Microsoft.Sql/servers/elasticpools'
'Microsoft.Sql/servers/elasticPools/advisors'
'Microsoft.Sql/servers/elasticpools/advisors/createindex'
'Microsoft.Sql/servers/elasticpools/advisors/dbparameterization'
'Microsoft.Sql/servers/elasticpools/advisors/defragmentindex'
'Microsoft.Sql/servers/elasticpools/advisors/dropindex'
'Microsoft.Sql/servers/elasticpools/advisors/forcelastgoodplan'
'Microsoft.Sql/servers/elasticpools/elasticpool/advisors/createindex'
'Microsoft.Sql/servers/elasticpools/elasticpool/advisors/dbparameterization'
'Microsoft.Sql/servers/elasticpools/elasticpool/advisors/defragmentindex'
'Microsoft.Sql/servers/elasticpools/elasticpool/advisors/dropindex'
'Microsoft.Sql/servers/elasticpools/elasticpool/advisors/forcelastgoodplan'
'Microsoft.Web/sites/config'
'Microsoft.Web/sites/...'
我们使用的政策是:
{
"if": {
"not": {
"field": "type",
"in": "[parameters('listOfResourceTypesAllowed')]"
}
},
"then": {
"effect": "[parameters('Effect')]"
}
}
策略参数:
{
"listOfResourceTypesAllowed": {
"type": "array",
"metadata": {
"displayName": "Allowed resource types",
"description": "The list of resource types that can be deployed.",
"strongType": "resourceTypes"
}
},
"Effect": {
"type": "string",
"metadata": {
"description": "The effect of the policy."
}
}
}
问题是可以使用通配符或类似的东西吗?
1条答案
按热度按时间8yoxcaq71#
因此,只能在
like
或notLike
条件下使用通配符。当使用like和notLike条件时,在值中提供通配符 *。该值不应有多个通配符 *。Source
这对我来说是有效的,我相信你可以很容易地创建逆。
这将不允许创建存储帐户。
找出字段类型是一件很复杂的事情...
我已经计算出一个小的一行程序,它将为你创建JSON。它将创建大约1500行JSON,你可以删除你不想要的。
在我的例子中有趣的是
Microsoft.Resources
不足以停止存储帐户,我还需要Microsoft.Storage
。