search

Azure / AKS

Azure Kubernetes Service
https://azure.github.io/AKS/
1.95k stars 304 forks source link

[BUG] Unable to Create Azure Policy to AKS 'metricsProfile.costAnalysis.enabled' #4409

Open bengodeloson opened 1 month ago

bengodeloson commented 1 month ago

Describe the bug I'm currently creating azure policy which Audit/Deny AKS Clusters with cost analysis feature disabled.

To Reproduce I created new Azure Policy with this JSON:

{
  "mode": "Indexed",
  "policyRule": {
    "if": {
      "allOf": [
        {
          "equals": "Microsoft.ContainerService/managedClusters",
          "field": "type"
        },
        {
          "equals": "[parameters('tagValue')]",
          "field": "[concat('tags[', parameters('tagName'), ']')]"
        },
        {
          "equals": "Standard",
          "field": "Microsoft.ContainerService/managedClusters/sku.tier"
        },
        {
          "field": "Microsoft.ContainerService/managedClusters/metricsProfile.costAnalysis.enabled",
          "notEquals": true
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]"
    }
  },
  "parameters": {
    "effect": {
      "allowedValues": [
        "audit",
        "Audit",
        "deny",
        "Deny",
        "disabled",
        "Disabled"
      ],
      "defaultValue": "Deny",
      "metadata": {
        "description": "Enable or disable the execution of the policy",
        "displayName": "Effect",
        "portalReview": true
      },
      "type": "String"
    },
    "tagName": {
      "metadata": {
        "description": "Name of the tag, such as 'environment'",
        "displayName": "Tag Name",
        "portalReview": true
      },
      "type": "String"
    },
    "tagValue": {
      "metadata": {
        "description": "Value of the tag, such as 'production'",
        "displayName": "Tag Value",
        "portalReview": true
      },
      "type": "String"
    }
  }
}

Expected behavior A new policy would be created which deny/audit AKS Cluster with cost analysis is disabled.

Screenshots image

Environment (please complete the following information):

Additional context N/A

microsoft-github-policy-service[bot] commented 1 month ago

@az-policy-kube would you be able to assist?

microsoft-github-policy-service[bot] commented 1 week ago

Action required from @aritraghosh, @julia-yin, @AllenWen-at-Azure

microsoft-github-policy-service[bot] commented 4 hours ago

@az-policy-kube would you be able to assist?