azure-policy
azure-policy copied to clipboard
Azure
Allow Microsoft.Web/sites/slots/privateEndpointConnections/privateLinkServiceConnectionState.status in templates
I am trying to now allow to check for policy with website slots private endpoint it is now allowed in both Azure and Azure Gov so should not flag as an error. this is the template below
{
"mode": "Indexed",
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Web/sites/slots"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Web/sites/slots/privateEndpointConnections",
"existenceCondition": {
"field": "Microsoft.Web/sites/slots/privateEndpointConnections/privateLinkServiceConnectionState.status",
"equals": "Approved"
}
}
}
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"defaultValue": "AuditIfNotExists"
}
}
}
Hi @martyh888, what is the error that you're receiving when you try to create this as a custom policy? Adding a link to creating a custom policy assignment just for reference.
The error is at the saving point where in the portal it validates the template and has an error on the line "field": "Microsoft.Web/sites/slots/privateEndpointConnections/privateLinkServiceConnectionState.status",
As it thinks this is not valid but it is in ARM templates so should now be supported
this is the exact error when saving the definition
The policy definition 'GUID' rule is invalid. The resource type 'sites/slots/privateEndpointConnections' referenced by the 'field' property 'Microsoft.Web/sites/slots/privateEndpointConnections/privateLinkServiceConnectionState.status' of the policy rule doesn't exist under provider 'Microsoft.Web'.