Azure门户使用的旧Azure API版本(2016-03-01)-对Azure策略的影响-未知字段属性 [英] Old Azure API Version (2016-03-01) used by Azure Portal - impact on Azure Policies - unkown field property

问题描述

我们使用Azure策略来强制执行某些App Service设置(例如与安全性相关).
例如，以下是用于强制执行A​​ppService安全设置的策略

We use Azure Policy to enforce certain App Service settings (f.e. Security related).
an example, is the following policy to enforce AppService Security settings

{
"if":{
"anyOf":[
{
" allOf" :[
{
字段":类型"，
等于":"Microsoft.Web/网站"
}，
{
字段":"Microsoft.Web/sites/httpsOnly"，
"notEquals":"true"                           
}
]
}，
{
" allOf" :[
{
字段":类型"，
等于":"Microsoft.Web/sites/config"
}，
{
字段":"Microsoft.Web/sites/config/minTlsVersion"，
"notEquals":"1.2"                          
}
]
}
]
}，
然后":{
效果":追加"，
详细信息":[
    {
  字段":"Microsoft.Web/sites/httpsOnly"，
  值":真"
   }，
    {
  字段":"Microsoft.Web/sites/config/minTlsVersion"，
  值":"1.2"
   }
]
}
}

{
"if": {
"anyOf": [
{
"allOf" : [
{
"field": "type",
"equals": "Microsoft.Web/sites"
},
{
"field": "Microsoft.Web/sites/httpsOnly",
"notEquals": "true"                            
}
]
},
{
"allOf" : [
{
"field": "type",
"equals": "Microsoft.Web/sites/config"
},
{
"field": "Microsoft.Web/sites/config/minTlsVersion",
"notEquals": "1.2"                           
}
]
}
]
},
"then": {
"effect": "append",
"details": [
   {
  "field": "Microsoft.Web/sites/httpsOnly",
  "value": "true"
   },
   {
  "field": "Microsoft.Web/sites/config/minTlsVersion",
  "value": "1.2"
   }
]
}
}

但是，当创建一个新的Azure Function应用程序(通过Azure门户)时，我收到以下异常:

However, when creating a new Azure Function App (via the Azure Portal), I receive the following exception :

{"telemetryId":"bf4d4063-30b8-437b-8ef9-fc221ca30614"，"bladeInstanceId":"Blade_04ecec6b3dad41bd96c3069383dc4e2f_42_0&"""" ; CreateBlade"，"code":"InvalidTemplateDeployment"，"message":"The 模板部署由于违反策略而失败.请查看详细信息以获取更多信息."，详细信息":[{代码""，"AppendPoliciesUndefinedFields"，"message":引用未定义字段的已找到策略" api版本'2016-03-01'的属性.字段:"Microsoft.Web/sites/config/minTlsVersion".策略标识符:'[{\"policyAssignment \":{\"name \":\\"TA Main PolicySet \"，\"id \":\\/providers/Microsoft.Management /managementGroups/TAApplicationTeamManagementGroup/providers/Microsoft.Authorization/policyAssignments/53a9a736d57544488699247d\"},\"policyDefinition\":{\"name\":\\Enforce AppService Security \，\" id \:\"/providers/Microsoft.Management/managementgroups/TAMainManagementGroup/providers/Microsoft.Authorization/policyDefinitions/Enforce AppService Security \}，\" policySetDefinition \";:{\名称\":\"TA Main PolicySet \，\" id \:\"/providers/Microsoft.Management/managementgroups/TAMainManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/TA Main PolicySet \}}]".请联系订阅管理员以进行更新 "，"additionalInfo":[{"type":"PolicyViolation"，"info":{"policySetDefinitionDisplayName":"TA Main PolicySet"，"policyDefinitionId":"/提供者/Microsoft.Management/managementgroups/TAMainManagementGroup/providers/Microsoft.Authorization/policyDefinitions/Enforce AppService安全性"，"policySetDefinitionId":"/providers/Microsoft.Management/managementgroups/TAMainManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/TA Main PolicySet"，"policyDefinitionReferenceId":"4580426754168807178"定义:" TA Main PolicySet"，"policyDefinitionName":"Enforce AppService Security"，"policyDefinitionEffect":"append"，"policyAssignmentId":"/providers/Microsoft.Management/managementGroups/TAApplicationTeamManagementGroup/providers/". policyAssignments/53a9a736d57544488699247d"，"policyAssignmentName":"53a9a736d57544488699247d"，"policyAssignmentDisplayName":"TA Main PolicySet"，"policyAssignmentScope":"/providers/Microsoft.Management/managementGroups/TAApplicationTeamManagementGroup"，"policyAssignmentParameters":{}}}]}}}}

{"telemetryId":"bf4d4063-30b8-437b-8ef9-fc221ca30614","bladeInstanceId":"Blade_04ecec6b3dad41bd96c3069383dc4e2f_42_0","galleryItemId":"Microsoft.FunctionApp","createBlade":"CreateBlade","code":"InvalidTemplateDeployment","message":"The template deployment failed because of policy violation. Please see details for more information.","details":[{"code":"AppendPoliciesUndefinedFields","message":"Found policies that refer to an undefined field property for api-version '2016-03-01'. Fields: 'Microsoft.Web/sites/config/minTlsVersion'. Policy identifiers: '[{\"policyAssignment\":{\"name\":\"TA Main PolicySet\",\"id\":\"/providers/Microsoft.Management/managementGroups/TAApplicationTeamManagementGroup/providers/Microsoft.Authorization/policyAssignments/53a9a736d57544488699247d\"},\"policyDefinition\":{\"name\":\"Enforce AppService Security\",\"id\":\"/providers/Microsoft.Management/managementgroups/TAMainManagementGroup/providers/Microsoft.Authorization/policyDefinitions/Enforce AppService Security\"},\"policySetDefinition\":{\"name\":\"TA Main PolicySet\",\"id\":\"/providers/Microsoft.Management/managementgroups/TAMainManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/TA Main PolicySet\"}}]'. Please contact the subscription administrator to update the policies.","additionalInfo":[{"type":"PolicyViolation","info":{"policySetDefinitionDisplayName":"TA Main PolicySet","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/TAMainManagementGroup/providers/Microsoft.Authorization/policyDefinitions/Enforce AppService Security","policySetDefinitionId":"/providers/Microsoft.Management/managementgroups/TAMainManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/TA Main PolicySet","policyDefinitionReferenceId":"4580426754168807178","policySetDefinitionName":"TA Main PolicySet","policyDefinitionName":"Enforce AppService Security","policyDefinitionEffect":"append","policyAssignmentId":"/providers/Microsoft.Management/managementGroups/TAApplicationTeamManagementGroup/providers/Microsoft.Authorization/policyAssignments/53a9a736d57544488699247d","policyAssignmentName":"53a9a736d57544488699247d","policyAssignmentDisplayName":"TA Main PolicySet","policyAssignmentScope":"/providers/Microsoft.Management/managementGroups/TAApplicationTeamManagementGroup","policyAssignmentParameters":{}}}]}]}

最诚挚的问候，
Jens

Best regards,
Jens

推荐答案

 

执行TLS版本 资源管理器策略在Azure WebApp上运行

Enforcing TLS version on Azure WebApps with Resource Manager Policies

https://gist.github.com/cmatskas/1cf1fd9b63459fa37b8296796770f51b

确保您使用的是管理员订阅上的帐户以及策略定义/分配已正确设置.

此外，您也可以发布查询上 Azure / azure-policy ，用于接收来自正确专家组的输入.

Also, you may post the query on Azure/azure-policy for receiving inputs from the right set of experts.

 

注意: 此响应包含一个对第三方万维网站点的引用.

Note: This response contains a reference to a third-party World Wide Web site.

Microsoft是提供这些信息是为了给您带来方便. Microsoft不控制这些站点，也未测试任何软件 或在这些网站上找到的信息；因此，Microsoft无法对在此找到的任何软件或信息的质量，安全性或适用性做出任何陈述.

Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there.

这篇关于Azure门户使用的旧Azure API版本(2016-03-01)-对Azure策略的影响-未知字段属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！