search

Azure / azure-policy

Repository for Azure Resource Policy built-in definitions and samples
MIT License
1.51k stars 1.09k forks source link

ApiManagement_MinimumApiVersion_AuditDeny invalid policy rules #1011

Open spoelly opened 2 years ago

spoelly commented 2 years ago

Details of the scenario you tried and the problem that is occurring

We implemented the builtin policy for ApiManagement_MinimumApiVersion_AuditDeny, but afte the implementation every API is not valid.

Verbose logs showing the problem

-

Suggested solution to the issue

"notMatch": "202#-##-##-preview" and "notMatch": "202#-##-##" are wrong in this rule, because every thing starting with 202#### is not valid in this way.

Change this to "notMatch": "201#-##-##-preview" and "notMatch": "201#-##-##" or make it a "Match"

"policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.ApiManagement/service"
          },
          {
            "field": "Microsoft.ApiManagement/service/apiVersionConstraint.minApiVersion",
            "notMatch": "2019-12-01"
          },
          {
            "field": "Microsoft.ApiManagement/service/apiVersionConstraint.minApiVersion",
            "notMatch": "202#-##-##-preview"
          },
          {
            "field": "Microsoft.ApiManagement/service/apiVersionConstraint.minApiVersion",
            "notMatch": "202#-##-##"
          },
          {
            "field": "Microsoft.ApiManagement/service/sku.name",
            "notEquals": "Consumption"
          }
        ]

If policy is Guest Configuration - details about target node

MichaelWStark-Reactor commented 1 year ago

I find this issue too