Azure门户使用的旧Azure API版本(2016-03-01)-对Azure策略的影响-未知字段属性 [英] Old Azure API Version (2016-03-01) used by Azure Portal - impact on Azure Policies - unkown field property
问题描述
我们使用Azure策略来强制执行某些App Service设置(例如与安全性相关).
例如,以下是用于强制执行AppService安全设置的策略
We use Azure Policy to enforce certain App Service settings (f.e. Security related).
an example, is the following policy to enforce AppService Security settings
{
"if":{
"anyOf":[
{
" allOf" :[
{
字段":类型",
等于":"Microsoft.Web/网站"
},
{
字段":"Microsoft.Web/sites/httpsOnly",
"notEquals":"true"
}
]
},
{
" allOf" :[
{
字段":类型",
等于":"Microsoft.Web/sites/config"
},
{
字段":"Microsoft.Web/sites/config/minTlsVersion",
"notEquals":"1.2"
}
]
}
]
},
然后":{
效果":追加",
详细信息":[
{
字段":"Microsoft.Web/sites/httpsOnly",
值":真"
},
{
字段":"Microsoft.Web/sites/config/minTlsVersion",
值":"1.2"
}
]
}
}
{
"if": {
"anyOf": [
{
"allOf" : [
{
"field": "type",
"equals": "Microsoft.Web/sites"
},
{
"field": "Microsoft.Web/sites/httpsOnly",
"notEquals": "true"
}
]
},
{
"allOf" : [
{
"field": "type",
"equals": "Microsoft.Web/sites/config"
},
{
"field": "Microsoft.Web/sites/config/minTlsVersion",
"notEquals": "1.2"
}
]
}
]
},
"then": {
"effect": "append",
"details": [
{
"field": "Microsoft.Web/sites/httpsOnly",
"value": "true"
},
{
"field": "Microsoft.Web/sites/config/minTlsVersion",
"value": "1.2"
}
]
}
}
但是,当创建一个新的Azure Function应用程序(通过Azure门户)时,我收到以下异常:
However, when creating a new Azure Function App (via the Azure Portal), I receive the following exception :
{"telemetryId":"bf4d4063-30b8-437b-8ef9-fc221ca30614","bladeInstanceId":"Blade_04ecec6b3dad41bd96c3069383dc4e2f_42_0&"""" ; CreateBlade","code":"InvalidTemplateDeployment","message":"The 模板部署由于违反策略而失败.请查看详细信息以获取更多信息.",详细信息":[{代码"","AppendPoliciesUndefinedFields","message":引用未定义字段的已找到策略" api版本'2016-03-01'的属性.字段:"Microsoft.Web/sites/config/minTlsVersion".策略标识符:'[{\"policyAssignment \":{\"name \":\\"TA Main PolicySet \",\"id \":\\/providers/Microsoft.Management /managementGroups/TAApplicationTeamManagementGroup/providers/Microsoft.Authorization/policyAssignments/53a9a736d57544488699247d\"},\"policyDefinition\":{\"name\":\\Enforce AppService Security \,\" id \:\"/providers/Microsoft.Management/managementgroups/TAMainManagementGroup/providers/Microsoft.Authorization/policyDefinitions/Enforce AppService Security \},\" policySetDefinition \";:{\名称\":\"TA Main PolicySet \,\" id \:\"/providers/Microsoft.Management/managementgroups/TAMainManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/TA Main PolicySet \}}]".请联系订阅管理员以进行更新 ","additionalInfo":[{"type":"PolicyViolation","info":{"policySetDefinitionDisplayName":"TA Main PolicySet","policyDefinitionId":"/提供者/Microsoft.Management/managementgroups/TAMainManagementGroup/providers/Microsoft.Authorization/policyDefinitions/Enforce AppService安全性","policySetDefinitionId":"/providers/Microsoft.Management/managementgroups/TAMainManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/TA Main PolicySet","policyDefinitionReferenceId":"4580426754168807178"定义:" TA Main PolicySet","policyDefinitionName":"Enforce AppService Security","policyDefinitionEffect":"append","policyAssignmentId":"/providers/Microsoft.Management/managementGroups/TAApplicationTeamManagementGroup/providers/". policyAssignments/53a9a736d57544488699247d","policyAssignmentName":"53a9a736d57544488699247d","policyAssignmentDisplayName":"TA Main PolicySet","policyAssignmentScope":"/providers/Microsoft.Management/managementGroups/TAApplicationTeamManagementGroup","policyAssignmentParameters":{}}}]}}}}
{"telemetryId":"bf4d4063-30b8-437b-8ef9-fc221ca30614","bladeInstanceId":"Blade_04ecec6b3dad41bd96c3069383dc4e2f_42_0","galleryItemId":"Microsoft.FunctionApp","createBlade":"CreateBlade","code":"InvalidTemplateDeployment","message":"The template deployment failed because of policy violation. Please see details for more information.","details":[{"code":"AppendPoliciesUndefinedFields","message":"Found policies that refer to an undefined field property for api-version '2016-03-01'. Fields: 'Microsoft.Web/sites/config/minTlsVersion'. Policy identifiers: '[{\"policyAssignment\":{\"name\":\"TA Main PolicySet\",\"id\":\"/providers/Microsoft.Management/managementGroups/TAApplicationTeamManagementGroup/providers/Microsoft.Authorization/policyAssignments/53a9a736d57544488699247d\"},\"policyDefinition\":{\"name\":\"Enforce AppService Security\",\"id\":\"/providers/Microsoft.Management/managementgroups/TAMainManagementGroup/providers/Microsoft.Authorization/policyDefinitions/Enforce AppService Security\"},\"policySetDefinition\":{\"name\":\"TA Main PolicySet\",\"id\":\"/providers/Microsoft.Management/managementgroups/TAMainManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/TA Main PolicySet\"}}]'. Please contact the subscription administrator to update the policies.","additionalInfo":[{"type":"PolicyViolation","info":{"policySetDefinitionDisplayName":"TA Main PolicySet","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/TAMainManagementGroup/providers/Microsoft.Authorization/policyDefinitions/Enforce AppService Security","policySetDefinitionId":"/providers/Microsoft.Management/managementgroups/TAMainManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/TA Main PolicySet","policyDefinitionReferenceId":"4580426754168807178","policySetDefinitionName":"TA Main PolicySet","policyDefinitionName":"Enforce AppService Security","policyDefinitionEffect":"append","policyAssignmentId":"/providers/Microsoft.Management/managementGroups/TAApplicationTeamManagementGroup/providers/Microsoft.Authorization/policyAssignments/53a9a736d57544488699247d","policyAssignmentName":"53a9a736d57544488699247d","policyAssignmentDisplayName":"TA Main PolicySet","policyAssignmentScope":"/providers/Microsoft.Management/managementGroups/TAApplicationTeamManagementGroup","policyAssignmentParameters":{}}}]}]}
最诚挚的问候,
Jens
Best regards,
Jens
推荐答案
执行TLS版本 资源管理器策略在Azure WebApp上运行
Enforcing TLS version on Azure WebApps with Resource Manager Policies
https://gist.github.com/cmatskas/1cf1fd9b63459fa37b8296796770f51b
确保您使用的是管理员订阅上的帐户以及策略定义/分配已正确设置.
此外,您也可以发布查询上 Azure / azure-policy ,用于接收来自正确专家组的输入.
Also, you may post the query on Azure/azure-policy for receiving inputs from the right set of experts.
注意: 此响应包含一个对第三方万维网站点的引用.
Note: This response contains a reference to a third-party World Wide Web site.
Microsoft是提供这些信息是为了给您带来方便. Microsoft不控制这些站点,也未测试任何软件 或在这些网站上找到的信息;因此,Microsoft无法对在此找到的任何软件或信息的质量,安全性或适用性做出任何陈述.
Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there.
这篇关于Azure门户使用的旧Azure API版本(2016-03-01)-对Azure策略的影响-未知字段属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!