我正在尝试在二头肌中创建一个循环,以遍历计划分配中的策略定义,并为每个循环创建一个补救任务。运行我的代码时出现多个错误:
无法计算,属性名称必须是字符串。'"
这是我的二头肌文件: 策略定义.bicep
targetScope = 'managementGroup'
// added new parameter of type array and removed name, pattern and policyType
param policies array
// added loop inside the module iterating over the value provided for the policies parameter
resource policyDefinitionsName 'Microsoft.Authorization/policyDefinitions@2021-06-01' existing = [for policy in policies: {
name: policy.name
}]
// Create an output constructed in the format the format that Microsoft.Authorization/policySetDefinitions accepts for the policyDefinitions property
output policyDefinitions array = [for (policy, i) in policies: {
policyDefinitionId: policyDefinitionsName[i].id
}]
policyRemediation.bicep
targetScope = 'managementGroup'
@description('The Policy Definitions that were applied')
param policyDefinitions array
@description('The Policy Assignment ID')
param policyAssignmentId string
resource remediateTask 'Microsoft.PolicyInsights/remediations@2021-10-01' = [for (definition, i) in policyDefinitions: {
name: guid('Remediate-${definition.policyDefinitionId}')
properties: {
failureThreshold: {
percentage: 1
}
resourceCount: 500
policyAssignmentId: policyAssignmentId
policyDefinitionReferenceId: definition[i].policyDefinitionId
parallelDeployments: 10
resourceDiscoveryMode: 'ExistingNonCompliant'
}
}]
main.bicep
module initiatives './modules/policyInitiative.bicep' = {
name: initiativeName
params: {
initiativeName: initiativeName
// passing in the output from the policy definition deployment as value to the policyDefinitions parameter
policyDefinitions: policyDefinitionsName.outputs.policyDefinitions
}
}
resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' = {
name: 'test policyAssignment'
location: location
identity: {
type: 'SystemAssigned'
}
properties: {
description: 'testassign'
displayName: 'test policyAssignment'
policyDefinitionId: initiatives.outputs.initiativeId
}
}
resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
name: guid(policyAssignment.name,'1')
properties: {
roleDefinitionId: roleDefinitionId
principalId: policyAssignment.identity.principalId
principalType: 'ServicePrincipal'
}
}
module remediateTask 'modules/policyRemediation.bicep' = {
name: 'remediate-task'
params: {
policyAssignmentId: policyAssignment.id
policyDefinitions: policyDefinitionsName.outputs.policyDefinitions
}
}
对我在这里做错了什么有什么建议吗?
module remediateTask 'modules/policyRemediation.bicep' = {
name: 'remediate-task'
params: {
policyAssignmentId: policyAssignment.id
policyDefinitions: policyDefinitionsName.outputs.policyDefinitions
}
}
预期对每个定义执行修复任务,而不是具有相同错误消息的多个错误无法评估语言表达式属性“7”,属性名称必须是字符串
最佳答案
在 bicep 文件中创建修复任务时,无需将其传递为
policyDefinitionReferenceId:定义[i].policyDefinitionId
。因为定义是代表策略定义的单个对象而不是数组。
我修改了您的代码如下:
resource remediateTask 'Microsoft.PolicyInsights/remediations@2021-10-01' = [for definition in (properties.policyDefinitionId): {
name: guid('Remediate-${definition}')
properties: {
failureThreshold: {
percentage: 1
}
resourceCount: 500
policyAssignmentId: initiativeDefinitionPolicyAssignment.id
policyDefinitionReferenceId: definition.policyDefinitionID
parallelDeployments: 10
resourceDiscoveryMode: 'ExistingNonCompliant'
}
}]
部署成功:
注意:您将 policyDefinitionsName.outputs.policyDefinitions
输出传递给计划模块的 policyDefinitions
参数。但是,由于 policyDefinitionsName
是资源而不是模块,因此它没有 outputs
属性。
修改为
policyDefinitions: policyDefinition.outputs.policyDefinitions
在 main.bicep
文件中。
关于azure - 二头肌矫正任务循环,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/77032785/