Azure Network Policy for approved public IP allocation to specific subnets revision required

Azure / azure-policy

Repository for Azure Resource Policy built-in definitions and samples

MIT License

1.49k stars 1.08k forks source link

Azure Network Policy for approved public IP allocation to specific subnets revision required #128

Closed sajudaniel closed 5 years ago

sajudaniel commented 6 years ago

It looks like

azure-policy/samples/Network/no-public-ip-except-for-one-subnet/azurepolicy.json

needs the ID of the subnets to be passed and NOT a list of subnets as the document suggests. Please review and amend the logic OR the doc to maintain functionality. Regards, Saju

indepth15 commented 6 years ago

The logic is not wrong. The given policy aims to scan networkInterface resource type, then retrieve its fields namely ipconfigurations along with associated PIP if any. Still with ipconfigurations, it tries to access to subnet field. You need to populate a list of subnets in format of resource ID (e.g /subscriptions/{subscription_id}/resourcegroups/{resource_group)/providers/microsoft.network/virtualnetworks/{vnet}/subnets/{subnet-name}

pilor commented 5 years ago

The description of the subnetIds parameter gives an example of what it is expected. It is expecting a list of subnet IDs. I will update the display name of the parameter to better reflect that.