AzPolicyAdvertizer

last sync: 2021-Jul-23 16:37:57 UTC

Azure Policy definition

[Preview]: Configure allowed registries for specified Azure Machine Learning computes

Name [Preview]: Configure allowed registries for specified Azure Machine Learning computes
Azure Portal

Id 5853517a-63de-11ea-bc55-0242ac130003

Version 2.0.0-preview
details on versioning

Category Machine Learning
Microsoft docs

Description Provide registries that are allowed in specified Azure Machine Learning computes and can be assigned at the workspace. For more information, visit https://aka.ms/amlpolicydoc.

Mode Microsoft.MachineLearningServices.Data

Type BuiltIn

Preview True

Deprecated FALSE

Effect Default: enforceSetting
Allowed: (enforceSetting, disabled)

Used RBAC Role none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-03-31 14:35:06	change	Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2020-05-13 05:56:52	add	5853517a-63de-11ea-bc55-0242ac130003

Used in Initiatives none

JSON Changes

Visual JSON JSON (Annotated)

Show unchanged values

JSON

{
  "properties": {
  "displayName": "[Preview]: Configure allowed registries for specified Azure Machine Learning computes",
    "policyType": "BuiltIn",
    "mode": "Microsoft.MachineLearningServices.Data",
    "description": "Provide registries that are allowed in specified Azure Machine Learning computes and can be assigned at the workspace. For more information, visit https://aka.ms/amlpolicydoc.",
    "metadata": {
      "version": "2.0.0-preview",
      "category": "Machine Learning",
      "preview": true
    },
    "parameters": {
      "computeNames": {
        "type": "Array",
        "metadata": {
          "displayName": "Compute names where Azure ML jobs run",
          "description": "List of compute names where this policy should be applied. Ex. cpu-cluster;gpu-cluster. If no value is provided to this parameter then policy is applicable to all computes."
        },
        "defaultValue": [
          
        ]
      },
      "computeType": {
        "type": "String",
        "metadata": {
          "displayName": "Compute type for the compute where Azure ML jobs run",
          "description": "Compute type name. If Any is selected, the policy is applicable to any compute types."
        },
        "allowedValues": [
          "MachineLearningCompute",
          "Any"
        ],
        "defaultValue": "Any"
      },
      "isIsolatedNetwork": {
        "type": "String",
        "metadata": {
          "displayName": "Is the compute in isolated network",
          "description": "Only applicable for MachineLearningCompute type. \"Yes: apply the policy to computes in isolated network\". \"No: apply the policy to computes that are out of isolated network\". \"Any: apply the policy regardless of if the compute is in isolated network or not\"."
        },
        "allowedValues": [
          "Yes",
          "No",
          "Any"
        ],
        "defaultValue": "Any"
      },
      "allowedACRs": {
        "type": "Array",
        "metadata": {
          "displayName": "Azure Container Registries",
          "description": "List of Azure Container Registries that can be used with Azure ML. Ex. amlrepo.azurecr.io;amlrepo.azurecr.io/foo"
        },
        "defaultValue": [
          
        ]
      },
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy."
        },
        "allowedValues": [
          "enforceSetting",
          "disabled"
        ],
        "defaultValue": "enforceSetting"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "anyOf": [
              {
                "field": "Microsoft.MachineLearningServices.Data/workspaces/computes/name",
              "in": "[parameters('computeNames')]"
              },
              {
              "value": "[length(parameters('computeNames'))]",
                "equals": 0
              }
            ]
          },
          {
            "anyOf": [
              {
              "value": "[parameters('computeType')]",
                "equals": "Any"
              },
              {
                "field": "Microsoft.MachineLearningServices.Data/workspaces/computes/type",
              "equals": "[parameters('computeType')]"
              }
            ]
          },
          {
            "anyOf": [
              {
                "allOf": [
                  {
                    "field": "Microsoft.MachineLearningServices.Data/workspaces/computes/type",
                    "equals": "MachineLearningCompute"
                  },
                  {
                    "anyOf": [
                      {
                      "value": "[parameters('isIsolatedNetwork')]",
                        "equals": "Any"
                      },
                      {
                        "field": "Microsoft.MachineLearningServices.Data/workspaces/computes/isIsolatedNetwork",
                      "equals": "[parameters('isIsolatedNetwork')]"
                      }
                    ]
                  }
                ]
              },
              {
                "field": "Microsoft.MachineLearningServices.Data/workspaces/computes/type",
                "notEquals": "MachineLearningCompute"
              }
            ]
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "setting": {
            "name": "allowedACRs",
          "value": "[parameters('allowedACRs')]"
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/5853517a-63de-11ea-bc55-0242ac130003",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "5853517a-63de-11ea-bc55-0242ac130003"
}

AzPolicyAdvertizer

Azure Policy definition

[Preview]: Configure allowed registries for specified Azure Machine Learning computes

JSON Left

JSON Right