locked
Create Application-Function, Sandbox Policy, Learning Test Example RRS feed

  • Question

  • I'm looking at an example of creating an Azure app. The link: https://docs.microsoft.com/ru-ru/learn/modules/build-ml-model-with-azure-stream-analytics/7-add-azure-function When you create Preline Function, I get an error:

    {
      "telemetryId": "202559f1-2386-460f-80b4-e84415aa08f7",
      "bladeInstanceId": "Blade_725d4d80d9ce4de099710acabe7f6f1b_1_0",
      "galleryItemId": "Microsoft.FunctionApp",
      "createBlade": "CreateBlade",
      "code": "InvalidTemplateDeployment",
      "message": "Не удалось развернуть шаблон, нарушена политика. Подробности см. в дополнительных сведениях.",
      "details": [
        {
          "code": "RequestDisallowedByPolicy",
          "target": "qovalenkopolarbear",
          "message": "Ресурс \"qovalenkopolarbear\" запрещен политикой. (код: RequestDisallowedByPolicy)",
          "additionalInfo": [
            {
              "type": "PolicyViolation",
              "info": {
                "policyDefinitionDisplayName": "Allowed resource types",
                "policySetDefinitionDisplayName": "ioteventdocker",
                "evaluationDetails": {
                  "evaluatedExpressions": [
                    {
                      "result": "False",
                      "expression": "type",
                      "path": "type",
                      "expressionValue": "microsoft.insights/components",
                      "targetValue": [
                        "Microsoft.Resources/resourceGroups",
                        "Microsoft.Storage/storageAccounts",
                        "Microsoft.Devices/IotHubs",
                        "Microsoft.Devices/ProvisioningServices",
                        "Microsoft.EventHub/namespaces",
                        "Microsoft.ContainerService/managedClusters",
                        "Microsoft.ContainerInstance/containerGroups",
                        "Microsoft.ContainerRegistry/registries",
                        "Microsoft.KeyVault/vaults",
                        "Microsoft.KeyVault/vaults/accessPolicies",
                        "Microsoft.ContainerRegistry/registries/replications",
                        "Microsoft.DocumentDB/databaseAccounts",
                        "Microsoft.StreamAnalytics/streamingjobs",
                        "Microsoft.Web/sites",
                        "Microsoft.Web/serverfarms",
                        "Microsoft.Sql/servers",
                        "Microsoft.Sql/servers/databases"
                      ],
                      "operator": "In"
                    }
                  ]
                },
                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c",
                "policySetDefinitionId": "/providers/Microsoft.Management/managementGroups/triplecrown3/providers/Microsoft.Authorization/policySetDefinitions/e4912578-66e5-4531-8956-e03d15844028",
                "policyDefinitionReferenceId": "1729020705997343765",
                "policySetDefinitionName": "e4912578-66e5-4531-8956-e03d15844028",
                "policyDefinitionName": "a08ec900-254a-4555-9bf5-e42af04b5c5c",
                "policyDefinitionEffect": "deny",
                "policyAssignmentId": "/subscriptions/e61967c2-0f35-47d0-8774-0ff814cb89e9/resourceGroups/2f7d1c89-0581-4be1-a37d-9e3db060bc59/providers/Microsoft.Authorization/policyAssignments/TripleCrownPolicy",
                "policyAssignmentName": "TripleCrownPolicy",
                "policyAssignmentDisplayName": "Sandbox Policy",
                "policyAssignmentScope": "/subscriptions/e61967c2-0f35-47d0-8774-0ff814cb89e9/resourceGroups/2f7d1c89-0581-4be1-a37d-9e3db060bc59"
              }
            },
            {
              "type": "PolicyViolation",
              "info": {
                "policyDefinitionDisplayName": "Allowed resource types",
                "policySetDefinitionDisplayName": "ioteventdocker",
                "evaluationDetails": {
                  "evaluatedExpressions": [
                    {
                      "result": "False",
                      "expression": "type",
                      "path": "type",
                      "expressionValue": "microsoft.insights/components",
                      "targetValue": [
                        "Microsoft.Resources/resourceGroups",
                        "Microsoft.Storage/storageAccounts",
                        "Microsoft.Devices/IotHubs",
                        "Microsoft.Devices/ProvisioningServices",
                        "Microsoft.EventHub/namespaces",
                        "Microsoft.ContainerService/managedClusters",
                        "Microsoft.ContainerInstance/containerGroups",
                        "Microsoft.ContainerRegistry/registries",
                        "Microsoft.KeyVault/vaults",
                        "Microsoft.KeyVault/vaults/accessPolicies",
                        "Microsoft.ContainerRegistry/registries/replications",
                        "Microsoft.DocumentDB/databaseAccounts",
                        "Microsoft.StreamAnalytics/streamingjobs",
                        "Microsoft.Web/sites",
                        "Microsoft.Web/serverfarms",
                        "Microsoft.Sql/servers",
                        "Microsoft.Sql/servers/databases"
                      ],
                      "operator": "In"
                    }
                  ]
                },
                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c",
                "policySetDefinitionId": "/providers/Microsoft.Management/managementGroups/triplecrown3/providers/Microsoft.Authorization/policySetDefinitions/e4912578-66e5-4531-8956-e03d15844028",
                "policyDefinitionReferenceId": "1729020705997343765",
                "policySetDefinitionName": "e4912578-66e5-4531-8956-e03d15844028",
                "policyDefinitionName": "a08ec900-254a-4555-9bf5-e42af04b5c5c",
                "policyDefinitionEffect": "deny",
                "policyAssignmentId": "/providers/Microsoft.Management/managementGroups/triplecrown3/providers/Microsoft.Authorization/policyAssignments/1f93402984d34048aeebc3bc",
                "policyAssignmentName": "1f93402984d34048aeebc3bc",
                "policyAssignmentDisplayName": "ioteventdocker",
                "policyAssignmentScope": "/providers/Microsoft.Management/managementGroups/triplecrown3",
                "policyAssignmentParameters": {}
              }
            }
          ],
          "policyDetails": [
            {
              "isInitiative": true,
              "assignmentId": "/subscriptions/e61967c2-0f35-47d0-8774-0ff814cb89e9/resourceGroups/2f7d1c89-0581-4be1-a37d-9e3db060bc59/providers/Microsoft.Authorization/policyAssignments/TripleCrownPolicy",
              "assignmentName": "Sandbox Policy",
              "auxDefinitionNames": [
                "Allowed resource types"
              ],
              "viewDetailsUri": "https://portal.azure.com#blade/Microsoft_Azure_Policy/EditAssignmentBlade/id/%2Fsubscriptions%2Fe61967c2-0f35-47d0-8774-0ff814cb89e9%2FresourceGroups%2F2f7d1c89-0581-4be1-a37d-9e3db060bc59%2Fproviders%2FMicrosoft.Authorization%2FpolicyAssignments%2FTripleCrownPolicy"
            },
            {
              "isInitiative": true,
              "assignmentId": "/providers/Microsoft.Management/managementGroups/triplecrown3/providers/Microsoft.Authorization/policyAssignments/1f93402984d34048aeebc3bc",
              "assignmentName": "ioteventdocker",
              "auxDefinitionNames": [
                "Allowed resource types"
              ],
              "viewDetailsUri": "https://portal.azure.com#blade/Microsoft_Azure_Policy/EditAssignmentBlade/id/%2Fproviders%2FMicrosoft.Management%2FmanagementGroups%2Ftriplecrown3%2Fproviders%2FMicrosoft.Authorization%2FpolicyAssignments%2F1f93402984d34048aeebc3bc"
            }
          ]
        }
      ]
    }

    Saturday, May 18, 2019 8:56 AM

All replies

  • Hello,

    From the error message, it clearly states that “Resource creation is prohibited by the policy defined. “Allowed resources types” does not contain "Microsoft.Web/sites/functions".

    Please contact your admin to allow the function app creation in the policy defined “Allowed resources types”.

    "type": "Microsoft.Web/sites/functions"

    Hope this helps.

    Monday, May 20, 2019 11:29 AM