search

Azure / azure-policy

Repository for Azure Resource Policy built-in definitions and samples
MIT License
1.51k stars 1.09k forks source link

Alias request: Microsoft.Network/virtualNetworks/subnets[*].serviceEndpoints[*] #891

Open F-r-a-n-k-D opened 2 years ago

F-r-a-n-k-D commented 2 years ago

Details of the scenario you tried and the problem that is occurring

Deny the creation of serviceEndpoints in all scenario's: Creation from virtual network/settings/subnets/ Creation from virtual network/settings/service endpoints

Suggested solution to the issue

Register an alias to support using Microsoft.Network/virtualNetworks/subnets[].serviceEndpoints[] in a policy as follows:

"if": { "allOf": [ { "field": "type", "equals": "Microsoft.Network/virtualNetworks" }, { "count": { "field": "Microsoft.Network/virtualNetworks/subnets[].serviceEndpoints[]" }, "greaterOrEquals": 1 } ] }

kenieva commented 2 years ago

@F-r-a-n-k-D , these are the aliases exposed today: Microsoft.Network/virtualNetworks/subnets[].serviceEndpoints[].locations[]
Microsoft.Network/virtualNetworks/subnets[].serviceEndpoints[*].service

F-r-a-n-k-D commented 2 years ago

Thank you! How long does it take for these new aliases to be available in region West-Europe?

kenieva commented 2 years ago

Those should be available in West-Europe...