我通过 bicep 部署一个策略,检查虚拟机是否具有“BackupRetention”标签,并且填充了 4 个特定保留中的 1 个 我怎么总是收到不合规的信息。以及不合规的虚拟机(没有标签的虚拟机)和具有正确标签的虚拟机。
政策规则集:
if: {
allOf: [
{
field: 'type'
equals: 'Microsoft.Compute/virtualMachines'
}
{
anyOf: [
{
field: 'tags[\'BackupRetention\']'
notEquals: 'backup-week'
}
{
field: 'tags[\'BackupRetention\']'
notEquals: 'backup-day'
}
{
field: 'tags[\'BackupRetention\']'
notEquals: 'backup-month'
}
{
field: 'tags[\'BackupRetention\']'
notEquals: 'backup-year'
}
]
}
]
}
then: {
effect: 'modify'
details: {
roleDefinitionIds: [
'/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c' // Contributor role
]
operations: [
{
operation: 'addOrReplace'
field: 'tags[\'BackupRetention\']'
value: 'None' // replace with the value you want to set
}
]
}
}
不合规消息:
Reason for non-compliance
Current value must not be equal to the target value.
Field
type
Current value
"Microsoft.Compute/virtualMachines"
Target value
"Microsoft.Compute/virtualMachines"
Reason for non-compliance
Current value must be equal to the target value.
Field
tags['BackupRetention']
Current value
"backup-week"
Target value
"backup-day"
我尝试了几个选项,甚至修改参数...也不起作用。 我有点拔头发了。
anyOf: [
{
field: 'tags[\'BackupRetention\']'
notEquals: 'backup-week'
}
{
field: 'tags[\'BackupRetention\']'
notEquals: 'backup-day'
}
{
field: 'tags[\'BackupRetention\']'
notEquals: 'backup-month'
}
{
field: 'tags[\'BackupRetention\']'
notEquals: 'backup-year'
}
]
该块需要 allOf 而不是 anyOf