I get a warning message when I run the code to populate the network groups using azure policy.
Warning: use-resource-id-functions: If property "networkGroupId" represents a resource ID, it must use a symbolic resource reference, be a parameter or start with one of these functions: extensionResourceId, guid, if, reference, resourceId, subscription, subscriptionResourceId, tenantResourceId.
I have tried using the resourceId function to link the network group to the policies but I also get this error message:
Validation Errors: 'String' /subscriptions/<subscriptionID>/providers/Microsoft.Network/networkManagers/<networkManagerName>/networkGroups/<networkGroupName>' does not match regex pattern. Path 'networkGroupId'
How best can I add the networkGroupId without getting the warning message? Here is the policy code written in bicep.
targetScope = 'subscription'
param tagName string
param resourceGroupName string
param networkManagerName string
param networkGroupName string
var policyName = ''
var policyDisplayName = ''
resource policyDefinition 'Microsoft.Authorization/policyDefinitions@2021-06-01' = {
name: policyName
properties: {
displayName: policyDisplayName
policyType: 'Custom'
mode: 'Microsoft.Network.Data'
metadata: {
category: 'Virtual Network Manager'
}
parameters: {
tagName: {
type: 'String'
metadata: {
displayName: 'Tag name'
}
}
}
policyRule: {
if: {
allOf: [
{
field: 'type'
equals: 'Microsoft.Network/virtualNetworks'
}
{
allOf: [
{
"field": "tagName",
"contains": "gen"
}
]
}
]
}
then: {
effect: 'addToNetworkGroup'
details: {
networkGroupId: '${subscription().id}/resourceGroups/${resourceGroupName}/providers/Microsoft.Network/networkManagers/${networkManagerName}/networkGroups/${networkGroupName}'
}
}
}
}
}