You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Let's assume a policy have more than one parameter. We want to be able to set those parameters when deploying the policy (in Bicep).
Describe the solution you'd like
Here is an example:
resourceSecurityInitiative'Microsoft.Authorization/policySetDefinitions@2020-09-01' = {
name: initiativeNameproperties: {
policyType: 'Custom'displayName: initiativeNamedescription: '${initiativeName} via ${policySource}'metadata: {
category: policyCategorysource: policySourceversion: '1.0.0'
}
parameters: {
storagePolicy: {
type: 'object'metadata: {
displayName: 'Storage Policy'description: 'Specifies the minimum TLS version and effect for storage accounts policy'
}
defaultValue: {
minimumTlsVersion: 'TLS1_2'effect: 'Audit'
}
}
effectOfSecureTransferForStorageAccount: {
type: 'String'metadata: {
displayName: 'Effect'description: 'Enable or disable the execution of the policy'
}
allowedValues: [
'Audit''Disabled''Deny'
]
defaultValue: 'Audit'
}
effectOfGuestConfigExtention: {
type: 'String'metadata: {
displayName: 'Effect'description: 'Enable or disable the execution of the policy'
}
allowedValues: [
'AuditIfNotExists''Disabled'
]
defaultValue: 'AuditIfNotExists'
}
}
policyDefinitions: [
{
// Storage accounts should have the specified minimum TLS versionpolicyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0'policyDefinitionReferenceId: 'Storage accounts should have the specified minimum TLS version'parameters: {
minimumTlsVersion: {
value: '[parameters(\'storagePolicy\').minimumTlsVersion]'
}
effect: {
value: '[parameters(\'storagePolicy\').effect]'
}
}
}
{
// Secure transfer to storage accounts should be enabledpolicyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9'policyDefinitionReferenceId: 'Secure transfer to storage accounts should be enabled'parameters: {
effect: {
value: '[parameters(\'effectOfSecureTransferForStorageAccount\')]'
}
}
}
{
// Guest Configuration extension should be installed on your machinespolicyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/ae89ebca-1c92-4898-ac2c-9f63decb045c'policyDefinitionReferenceId: 'Guest Configuration extension should be installed on your machines'parameters: {
effect: {
value: '[parameters(\'effectOfGuestConfigExtention\')]'
}
}
}
]
}
}
The first built-in policy (id: fe83a0eb-a853-422d-aac2-1bffd182c5d0) can have two parameters (minimumTlsVersion and effect). The second and third policies also have parameters with common name ('effect').
Questions
Is it possible to have all the parameters of a policy in one object defined in the parameters property of policySetDefinitions? If it's possible, how do we later set this object parameter in policyDefinitions? I would also like to set those parameters in the assignment (Microsoft.Authorization/policyAssignments)
This discussion was converted from issue #12700 on December 13, 2023 19:26.
Heading
Bold
Italic
Quote
Code
Link
Numbered list
Unordered list
Task list
Attach files
Mention
Reference
Menu
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Is your feature request related to a problem? Please describe.
Let's assume a policy have more than one parameter. We want to be able to set those parameters when deploying the policy (in Bicep).
Describe the solution you'd like
Here is an example:
The first built-in policy (id: fe83a0eb-a853-422d-aac2-1bffd182c5d0) can have two parameters (
minimumTlsVersion
andeffect
). The second and third policies also have parameters with common name ('effect
').Questions
Is it possible to have all the parameters of a policy in one object defined in the parameters property of
policySetDefinitions
? If it's possible, how do we later set this object parameter inpolicyDefinitions
? I would also like to set those parameters in the assignment (Microsoft.Authorization/policyAssignments)If the object type is not supported, how would you suggest to define the
effect
parameter for these three different policies?@anthony-c-martin
Beta Was this translation helpful? Give feedback.
All reactions