时间戳

首页 > 解决方案 > 二头肌:天蓝色策略分配范围

azure - 二头肌:天蓝色策略分配范围

问题描述

我正在尝试使用Bicep部署Azure Policy 分配

resource policy_assignment 'Microsoft.Authorization/policyAssignments@2021-06-01' = {
  name: 'my_policy'
  location: 'westus'
  scope: subscriptionResourceId('Microsoft.Resources/resourceGroups',  resourceGroup().name)
  identity: {
    type: 'UserAssigned'
    userAssignedIdentities: {
      '/subscriptions/xxxxxxx-xxxxxx-xxxx-xxx/resourceGroups/my-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/mymi': {}
    }
  }
  properties: {
    parameters: {
      MyParamKey: '/subscriptions/xxxxx-xxx-xxxx-xxx-xxx/resourcegroups/my-rg2/providers/microsoft.network/virtualnetworks/vnetmy/subnets/default'
    }
    policyDefinitionId: '/subscriptions/xxxxx-xxx-xxxx-xxx-xxx//providers/Microsoft.Authorization/policyDefinitions/my-policy-def'
  }
}

当我检查它时az bicep build --file .\policy_assignment.bicep,我收到以下错误:

C:$Path.bicep(4,10) : Error BCP036: The property "scope" expected a value of type "resource | tenant" but the provided value is of type "string".
C:$Path.bicep(13,32) : Warning BCP036: The property "MyParamKey" expected a value of type "ParameterValuesValue" but the provided value is of type "'/subscriptions/xxxxx-xxx/resourcegroups/my-rg2/providers/microsoft.network/virtualnetworks/vnetmy/subnets/default'".

我有两个问题:

我在互联网上找不到太多示例。二头肌策略分配的文档在这里

您知道如何纠正这些错误吗?

标签: azureazure-policyazure-bicep

解决方案

这种资源类型很可能期望参数值被包装在带有valuelike 的对象中:

parameters: {
  MyParamKey: {
    value: '/subscriptions/xxxxx-xxx-xxxx-xxx-xxx/resourcegroups/my-rg2/providers/microsoft.network/virtualnetworks/vnetmy/subnets/default'
  }
}

还有一些像这样的其他用例。

编辑:正如@Thomas 所述,范围应该被称为,scope: resourceGroup()因为这是由您的客户使用 Bicep 等待的正确类型动态检索的。

推荐阅读