Json 使用Azure Devops部署Azure策略ARM模板失败
我们已经为“允许的位置”构建了一个Azure策略。创建所需的template.json和parameter.json,如下所示: Template.json 在将json文件上载到Azure repos后尝试使用Azure管道运行时,出现以下错误 [错误]请求内容无效,无法反序列化:“在JSON中找不到必需属性”resources“。路径“properties.template”,第1行,位置222“。 尽管在template.json中提到了资源,但由于此错误,它失败了。任何人都能给出任何见解Json 使用Azure Devops部署Azure策略ARM模板失败,json,azure,azure-devops,arm-template,azure-policy,Json,Azure,Azure Devops,Arm Template,Azure Policy,我们已经为“允许的位置”构建了一个Azure策略。创建所需的template.json和parameter.json,如下所示: Template.json 在将json文件上载到Azure repos后尝试使用Azure管道运行时,出现以下错误 [错误]请求内容无效,无法反序列化:“在JSON中找不到必需属性”resources“。路径“properties.template”,第1行,位置222“。 尽管在template.json中提到了资源,但由于此错误,它失败了。任何人都能给出任何见解
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"listOfAllowedLocations": {
"type": "array"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Authorization/policyDefinitions",
"name": "policylocation",
"apiVersion": "2018-03-01",
"properties": {
"policyType": "Custom",
"displayName": "policylocation",
"description": "",
"mode": "all",
"parameters": {
"listOfAllowedLocations": {
"type": "array",
"metadata": {
"description": "The list of locations that can be specified when deploying resources.",
"displayName": "Allowed locations"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "location",
"notIn": "EastUS"
},
{
"field": "location",
"notEquals": "global"
},
{
"field": "type",
"notEquals": "Microsoft.Compute/virtualMachines"
}
]
},
"then": {
"effect": "deny"
}
}
}
}
]
}
Parameter.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-
01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"listOfAllowedLocations": {
"type":"array",
"value": "EastUS"
}
}
}
问题是策略没有利用listOfAllowedLocations参数。我将删除它,并使参数仅为空brakets
以下是一些原因:当我尝试使用给定的模板和参数文件部署策略时,我收到以下错误
{
"error": {
"code": "InvalidDeploymentParameterType",
"message": "The type of deployment parameter 'listOfAllowedLocations' should not be specified. Please see https://aka.ms/resource-manager-parameter-files for details."
}
}
这意味着您有一个未使用的参数(listOfAllowedLocations)。虽然对于大多数语言模式来说,有一个未使用的参数是可以的,但对于策略来说则不是。首先删除此参数或将此参数添加到策略中以便使用
接下来,根据您收到的误导性错误消息,我对您的部署方法感到好奇。策略可以以多种不同的方式部署。门户、Powershell、RESTAPI等等。我更喜欢RESTAPI方法,因为它在定义和使用方面提供了相当大的灵活性和简单性。如果您选择RESTAPI,实际上您可以分别选择两种不同的方法(作为Azure部署或策略定义),它们是以下端点
PUT https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Resources/deployments/{deploymentName}?api-version=2019-10-01
文件-
文件-
我更喜欢部署路由,因为它使用azure部署机制来部署策略,该策略提供了一致且用户友好的故障排除、重试和检查方法。它还允许您将策略部署为模板文件和参数文件,在部署中嵌套部署(这在更复杂的用例中非常有用),并在部署范围和策略范围中指定参数。但是,部署也有一些限制,例如每个订阅和资源组配额(目前为800)。定期打扫一下房子会有帮助的
使用Azure部署REST API方法,我鼓励您尝试以下操作之一,具体取决于您的意图
选项1a:您希望保留“listOfAllowedLocations”作为参数,并在策略中使用它。您还希望在部署范围应用该参数,以便生成的部署策略具有静态定义的允许位置列表
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Resources/deployments/{deploymentName}?api-version=2019-10-01
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Resources/deployments/{deploymentName}?api-version=2019-10-01
正文:
选项1b:您希望保留“listOfAllowedLocations”作为参数,并在策略中使用它。您还希望在策略定义范围中应用该参数,以便在分配时可以操作生成的已部署允许位置列表。请注意,在策略资源定义(“[]”)中,参数的作用域和参数的转义存在细微差异
正文:
选项2:允许位置的静态定义。这将基本上避免通过部署或策略分配传递参数的过程
{
"location": "eastus",
"properties": {
"mode": "Incremental",
"parameters": {},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.Authorization/policyDefinitions",
"name": "policylocation",
"apiVersion": "2018-03-01",
"properties": {
"policyType": "Custom",
"displayName": "policylocation",
"description": "",
"mode": "all",
"parameters": {},
"policyRule": {
"if": {
"allOf": [
{
"field": "location",
"notIn": ["eastus"]
},
{
"field": "location",
"notEquals": "global"
},
{
"field": "type",
"notEquals": "Microsoft.Compute/virtualMachines"
}
]
},
"then": {
"effect": "deny"
}
}
}
}
]
}
}
}
我们修复了使用powershell而不是通过devops部署策略的问题。我们的ARM模板与您在上面提供的模板匹配。感谢您的帮助谢谢!如果这解决了问题,请不要忘记向上投票。如果您有任何问题,请在向下投票前留下评论。谢谢!
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Resources/deployments/{deploymentName}?api-version=2019-10-01
{
"location": "eastus",
"properties": {
"mode": "Incremental",
"parameters": {},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.Authorization/policyDefinitions",
"name": "policylocation",
"apiVersion": "2018-03-01",
"properties": {
"policyType": "Custom",
"displayName": "policylocation",
"description": "",
"mode": "all",
"parameters": {
"listOfAllowedLocations": {
"type": "array",
"defaultValue": ["eastus"]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "location",
"notIn": "[[parameters('listOfAllowedLocations')]"
},
{
"field": "location",
"notEquals": "global"
},
{
"field": "type",
"notEquals": "Microsoft.Compute/virtualMachines"
}
]
},
"then": {
"effect": "deny"
}
}
}
}
]
}
}
}
{
"location": "eastus",
"properties": {
"mode": "Incremental",
"parameters": {},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.Authorization/policyDefinitions",
"name": "policylocation",
"apiVersion": "2018-03-01",
"properties": {
"policyType": "Custom",
"displayName": "policylocation",
"description": "",
"mode": "all",
"parameters": {},
"policyRule": {
"if": {
"allOf": [
{
"field": "location",
"notIn": ["eastus"]
},
{
"field": "location",
"notEquals": "global"
},
{
"field": "type",
"notEquals": "Microsoft.Compute/virtualMachines"
}
]
},
"then": {
"effect": "deny"
}
}
}
}
]
}
}
}