我目前正在尝试了解 Azure 政策。我想我已经了解了别名,但我无法理解在哪里可以找到 ExistenceCondition equals 字段的正确值
- 它与我们应用的 PolicyRule 有什么不同?
- 我应该让 ExistanceCondition 与 PolicyRule 保持几乎相同吗?
我应用的策略规则:
"if":{
"allOf":[
{
"field":"type",
"equals":"Microsoft.Insights/metricalerts"
},
{
"field":"Microsoft.Insights/metricalerts/enabled",
"equals":"true"
},
{
"field":"Microsoft.Insights/metricalerts/actions[*]",
"less":"1"
}
]
}
最佳答案
ExistenceCondition与policyRule在控制方向上是相反的。
在策略规则中,仅当条件为真时才继续。在 ExistenceCondition 中,仅当条件为 false 时才继续。在下面的 policyRule 示例中,您仅过滤 storageAccount,然后继续。仅当条件为 false (deleteRetentionPolicy.enabled ==false) 时才会进行部署,因此它会继续进行部署。所以一旦部署完成,它将是deleteRetentionPolicy.enabled ==true
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Storage/storageAccounts"
},
{
"field": "kind",
"in": [
"Storage",
"StorageV2",
"BlobStorage",
"BlockBlobStorage"
]
}
]
},
"then": {
"effect": "DeployIfNotExists",
"details": {
"type": "Microsoft.Storage/storageAccounts/blobServices",
"existenceCondition": {
"field": "Microsoft.Storage/storageAccounts/blobServices/default.deleteRetentionPolicy.enabled",
"equals": true
},
关于azure - Azure 策略中的存在条件?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58050717/