Azure Policy Deploying using Powershell

Question

I'm deploying a deny policy through powershell and get the following error

New-AzPolicyDefinition : InvalidPolicyRule : Failed to parse policy rule: 'Could not find member 'properties' on object of type 'PolicyRuleDefinition'. Path 'properties'.'.

The code I'm using is: 1New-AzPolicyDefinition -name 'externalDeny’ -Policy 'C:\tmp\denyoms-temp.json' -Parameter 'C:\tmp\denyoms-param.json' `

The policy templates are below.

Template File - https://pastebin.com/embed_js/HrjUWrvf Parameter - https://pastebin.com/embed_js/QxEX92jf

I think it could be the tags, thanks in advance.

score 4 · Accepted Answer · answered Apr 06 '20 at 11:12

The problem is with the template. According to this documentation, the template should be in this format (template.json):

{
        "if": {
            "allOf": [
                {
                    "field": "tags",
                    "Equals": "ExternalVM"
                },
                {
                    "field": "type",
                    "equals": "Microsoft.Compute/virtualMachines/extensions"
                },
                {
                    "field": "Microsoft.Compute/virtualMachines/extensions/publisher",
                    "equals": "Microsoft.Compute"
                },
                {
                    "field": "Microsoft.Compute/virtualMachines/extensions/type",
                    "in": "[parameters(\'notAllowedExtensions\')]"
                }
            ]
        },
        "then": {
            "effect": "deny"
        }
}

Also, a minor change in your parameters file, template expects a "Array" type as per the condition you have applied:

{
    "notAllowedExtensions": {
        "type": "Array",
        "metadata": {
            "description": "The list of extensions that will be denied. Example: BGInfo, CustomScriptExtension, JsonAADDomainExtension, VMAccessAgent.",
            "displayName": "OmsAgentForLinux"
        }
    }
}

Use this command to execute:

New-AzPolicyDefinition -Name 'Not allowed VM Extensions' -Description 'This policy governs which VM extensions that are explicitly denied.' -Policy 'template.json'  -Parameter 'parameters.json'

Hope this helps!

thanks, but I'm still getting this error `InvalidPolicyRule : Failed to parse policy rule: 'Could not find member 'properties' on object of type 'PolicyRuleDefinition'. Path 'properties'.'.` — Norrin Rad, Apr 06 '20 at 11:23
Did you updated the template file? Are you using the template, I added in the answer? — Jagrati Modi, Apr 06 '20 at 11:25
Hi, Yes sorry my fault, the command should have been ` New-AzPolicyDefinition -Name 'Not allowed VM Extensions' -Description 'This policy governs which VM extensions that are explicitly denied.' -Policy 'C:\tmp\tempate.json' -Parameter '{ "notAllowedExtensions": { "type": "array" } }'`` thanks again :) — Norrin Rad, Apr 06 '20 at 11:36

Azure Policy Deploying using Powershell

1 Answers1