如何使用现有策略与 azurerm_subscription_policy_remediation。

huangapple go评论69阅读模式
英文:

how to use azurerm_subscription_policy_remediation with existing policy

问题

我在将策略作为数据块读取以纠正策略时遇到了问题。

错误出现在 scope_id 部分。我使用了 azurerm_resouce_group.id,但它显示:“策略分配名称:“Test-Inherit-RequiredTag-IheritedTag”未找到”。

我尝试使用订阅 ID,然后它要求添加“/subscriptions/”,所以我添加了它。现在它显示“格式错误或无效”。

我还尝试过:

scope_id = "/subscriptions/00000000-0000-0000-0000-00000000000/providers/microsoft.authorization/policyassignments/test-inherit-requiredtag-iheritedtag"

对于 scope_id,预期是什么?

data "azurerm_policy_assignment" "policy_assignment1" {
  name     = "Test-Inherit-RequiredTag-InheritedTag"
  scope_id = "/subscriptions/${var.subscription_id}"
}

resource "azurerm_subscription_policy_remediation" "remediation1" {
  name                 = "remediation1-inherit-tag"
  subscription_id      = var.subscription_id
  policy_assignment_id = data.azurerm_policy_assignment.policy_assignment1.id
}
英文:

I'm having trouble reading in a policy as a data block to remediate the policy.

The error is with the scope_id. I have used a azurerm_resouce_group.id, but it says
"Policy Assignment Name: "Test-Inherit-RequiredTag-IheritedTag" was not found"
I'm trying with the subscription Id , which it then said it expected "/subscriptions/" so I added that. Now it is "malformed or invalid."

I have also tried

scope_id = "/subscriptions/00000000-0000-0000-0000-00000000000/providers/microsoft.authorization/policyassignments/test-inherit-requiredtag-iheritedtag"

What is expected for the scope_id ?

data "azurerm_policy_assignment" "policy_assignment1" {
  name     = "Test-Inherit-RequiredTag-InheritedTag"
  scope_id = "/subscriptions/${var.subscription_id}"
}

resource "azurerm_subscription_policy_remediation" "remediation1" {
  name                 = "remediation1-inherit-tag"
  subscription_id      = var.subscription_id
  policy_assignment_id = data.azurerm_policy_assignment.policy_assignment1.id
}

答案1

得分: 4

> 我尝试使用 azurerm_subscription_policy_remediation 与我的现有策略,并成功执行了 terrafrom_planterraform_apply 命令。

我参考了这个 官方 Terraform 豁免文件官方 Terraform 补救文件 中的代码,并做了相应修改。

问题中提到的模块。

data "azurerm_policy_assignment" "policy_assignment1" {
  name     = "Test-Inherit-RequiredTag-InheritedTag"
  scope_id = "/subscriptions/${var.subscription_id}"
}

对我也没有起作用,所以我根据需求修改了模块,最终能够产生你想要的输出。

我的 main.tf 代码:

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "=3.59.0"
    }
  }
}

provider "azurerm" {
  features {}
}

data "azurerm_subscription" "example" {}

data "azurerm_policy_set_definition" "example" {
  display_name = "Audit machines with insecure password security settings"
}

resource "azurerm_subscription_policy_assignment" "example" {
  name                  = "exampleAssignment"
  subscription_id       = data.azurerm_subscription.example.id
  policy_definition_id  = data.azurerm_policy_set_definition.example.id
  location              = "westus"

  identity {
    type = "SystemAssigned"
  }
}

resource "azurerm_subscription_policy_remediation" "example" {
  name                = "example"
  subscription_id     = data.azurerm_subscription.example.id
  policy_assignment_id = azurerm_subscription_policy_assignment.example.id
}

输出:

执行 terrafrom_plan

如何使用现有策略与 azurerm_subscription_policy_remediation。

执行 terraform_apply

如何使用现有策略与 azurerm_subscription_policy_remediation。

通过使用脚本,我成功执行了所有 Terraform 步骤并获得了所需的输出。

英文:

> I tried to use azurerm_subscription_policy_remediation with my existing policy and I was successfully executed the terrafrom_plan & terraform_apply commands.

I have referred the code from this official Terraform exemption document & [official Terraform remediation document] and modified it accordingly.

The module mentioned in the question.

data "azurerm_policy_assignment" "policy_assignment1" {
  name     = "Test-Inherit-RequiredTag-InheritedTag"
  scope_id = "/subscriptions/${var.subscription_id}"
}

It was not worked for me as well, so I ended up modifying the modules as per the requirement and able to produce the output you're looking for.

My main.tf code:-

terraform {

required_providers {

azurerm  =  {

source  =  "hashicorp/azurerm"

version  =  "=3.59.0"

}

}

}

  

provider  "azurerm" {

features {}

}

  

data  "azurerm_subscription"  "example" {}

  

data  "azurerm_policy_set_definition"  "example" {

display_name  =  "Audit machines with insecure password security settings"

}

  

resource  "azurerm_subscription_policy_assignment"  "example" {

name  =  "exampleAssignment"

subscription_id  =  data.azurerm_subscription.example.id

policy_definition_id  =  data.azurerm_policy_set_definition.example.id

location  =  "westus"

  

identity {

type  =  "SystemAssigned"

}

}

  

resource  "azurerm_subscription_policy_remediation"  "example" {

name  =  "example"

subscription_id  =  data.azurerm_subscription.example.id

policy_assignment_id  =  azurerm_subscription_policy_assignment.example.id

}

Output:

While executing terrafrom_plan

如何使用现有策略与 azurerm_subscription_policy_remediation。

While executing terraform_apply

如何使用现有策略与 azurerm_subscription_policy_remediation。

By using the script, I was successfully performed all terraform steps and the desired output.

huangapple
  • 本文由 发表于 2023年6月13日 03:07:39
  • 转载请务必保留本文链接:https://go.coder-hub.com/76459624.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定