Azure Custom Policy- PostgreSQL Product – Compliance Report not Available- New Feature Request

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

If you try to create custom policy to add diagnostic settings for Azure Cosmos DB for PostgreSQL Cluster for log analytics and assign policy at subscription level, you will find that compliance report says "no resources found" even if you have deployed resources under same subscription

Below is the screenshot of resources deployed in subscription:

 

Shikhaghildiyal_2-1715745921887.png

 

 

Custom Policy is Assigned at Subscription Level:

 

Shikhaghildiyal_1-1715745867027.png

 

Here in Below Screenshot, Compliance Report says "no resources":

Shikhaghildiyal_0-1715745688482.png

 

 

A read operation should be available from Resource provider end to read the resource. In this case the resource provider(Microsoft.DBforPostgreSQL) did not provide a read operation for this resource type- Microsoft.DBforPostgreSQL/serverGroupsv2. So, policy is not able to read the resource and generate the compliance.

 

Below are the PowerShell command and operations available on the resource(Microsoft.DBforPostgreSQL/serverGroupsv2)

 

Command:

 

 

 

 

(Get-AzProviderOperation Microsoft.DBforPostgreSQL/* | ?{$_.operation -like 'Microsoft.DBforPostgreSQL/serverGroupsv2*'} | sort operation | select operation

 

 

 

 

Output:

 

Operation

---------

Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnectionProxies/delete

Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnectionProxies/read

Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnectionProxies/validate/action

Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnectionProxies/write

Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnections/delete

Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnections/read

Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnections/write

Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnectionsApproval/action

Microsoft.DBforPostgreSQL/serverGroupsv2/privateLinkResources/read

 

To add any custom policy for Microsoft.DBforPostgreSQL/serverGroupsv2, you will not be able to see if resources are complaint or non- compliant. The requested read operation is not supported and will be implemented in future by PG Team. Once read operation is available, we will be able to see resources under compliance report. Hence, our custom policy will work properly once this feature is implemented

 

As of now, only below operations are supported by the resource provider(Microsoft.DBforPostgreSQL/serverGroupsv2).

 

Link: Azure resource provider operations | Microsoft Learn

 

Shikhaghildiyal_0-1715744830134.png

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.