search

Azure / application-gateway-kubernetes-ingress

This is an ingress controller that can be run on Azure Kubernetes Service (AKS) to allow an Azure Application Gateway to act as the ingress for an AKS cluster.
https://azure.github.io/application-gateway-kubernetes-ingress
MIT License
667 stars 413 forks source link

Need to cretae a Application Gateway WAF policy resource lock enable policy #1600

Open Devaraj004 opened 3 months ago

Devaraj004 commented 3 months ago

Hi Team,

I am trying to create a custom policy for Azure Application Gateway WAF policy resource lock enable via policy, we need to restrict the user to modify or delete the WAF rules. i am using below policy definition below but getting the error, could you please check and support this one or please suggest the correct policy definition

{
  "mode": "All",
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies"
        }
      ]
    },
    "then": {
      "effect": "deny",
      "details": {
        "type": "Microsoft.Authorization/locks",
        "existenceCondition": {
          "allOf": [
            {
              "field": "Microsoft.Authorization/locks/level",
              "equals": "CanNotDelete"
            }
          ]
        }
      }
    }
  }

Error : The policy definition '171d5886-c7ef-48d4-b556-b06f6b9b76bd' rule is invalid. The policy effect 'details' property could not be parsed using mode 'All'.