Alias request: Microsoft.Network/networkInterfaces/ipConfigurations[*].subnet.routeTable.id #889
Labels
alias-request
Requests for new alias creation (either modifiable or not)
Comments
nehakulkarni123
added
the
alias-request
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Details of the scenario you tried and the problem that is occurring
Need to create policy preventing attachment of network interfaces to a subnet which hasn't been secured with a route table (UDR). This currently fails with an error as the alias does not exist.
Verbose logs showing the problem
n/a
Suggested solution to the issue
Register the alias
Microsoft.Network/networkInterfaces/ipConfigurations[*].subnet.routeTable.idto support creating a policy definition such as the following:{ "mode": "All", "policyRule": { "if": { "allOf": [ { "field": "type", "equals": "Microsoft.Network/networkInterfaces" }, { "field": "Microsoft.Network/networkInterfaces/ipConfigurations[*].subnet.name", "notIn": "[parameters('excludedSubnets')]" }, { "field": "Microsoft.Network/networkInterfaces/ipConfigurations[*].subnet.routeTable.id", "exists": "false" } ] }, "then": { "effect": "[parameters('effect')]" } }, "parameters": { "effect": { "type": "String", "metadata": { "displayName": "Effect", "description": "Enable or disable the execution of the policy" }, "allowedValues": [ "Audit", "Deny", "Disabled" ], "defaultValue": "Deny" }, "excludedSubnets": { "type": "Array", "metadata": { "displayName": "Excluded Subnets", "description": "Array of subnet names that are excluded from this policy" }, "defaultValue": [ "GatewaySubnet", "AzureFirewallSubnet", "AzureFirewallManagementSubnet" ] } } }If policy is Guest Configuration - details about target node
n/a
The text was updated successfully, but these errors were encountered: