| JSON |
{
"properties": {
"displayName": "[Preview]: Configure code signing for training code for specified Azure Machine Learning computes",
"policyType": "BuiltIn",
"mode": "Microsoft.MachineLearningServices.Data",
"description": "Provide code signing for training code in specified Azure Machine Learning computes and can be assigned at the workspace. For more information, visit https://aka.ms/amlpolicydoc.",
"metadata": {
"version": "2.1.0-preview",
"category": "Machine Learning",
"preview": true
},
"parameters": {
"computeNames": {
"type": "Array",
"metadata": {
"displayName": "Compute names where Azure Machine Learning jobs run",
"description": "List of compute names where this policy should be applied. Example: 'cpu-cluster;gpu-cluster'. If no value is provided to this parameter, policy is applicable to all computes."
},
"defaultValue": [
]
},
"computeType": {
"type": "String",
"metadata": {
"displayName": "Compute type for the compute where Azure ML jobs run",
"description": "Compute type name. If Any is selected, the policy is applicable to any compute types."
},
"allowedValues": [
"MachineLearningCompute",
"AzureDataFactory",
"HDInsight",
"Any"
],
"defaultValue": "Any"
},
"isIsolatedNetwork": {
"type": "String",
"metadata": {
"displayName": "Is the compute in isolated network",
"description": "Only applicable for MachineLearningCompute type. \"Yes: apply the policy to computes in isolated network\". \"No: apply the policy to computes that are out of isolated network\". \"Any: apply the policy regardless of if the compute is in isolated network or not\". If compute type is not MachineLearningCompute, the value set for this parameter will be ignored."
},
"allowedValues": [
"Yes",
"No",
"Any"
],
"defaultValue": "Any"
},
"signingKey": {
"type": "String",
"metadata": {
"displayName": "PGP public key",
"description": "Public key text in PGP public key format, with newline characters encoded as string literals \"\\r\" and \"\\n\"."
}
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy."
},
"allowedValues": [
"enforceSetting",
"disabled"
],
"defaultValue": "enforceSetting"
}
},
"policyRule": {
"if": {
"allOf": [
{
"anyOf": [
{
"field": "Microsoft.MachineLearningServices.Data/workspaces/computes/name",
"in": "[parameters('computeNames')]"
},
{
"value": "[length(parameters('computeNames'))]",
"equals": 0
}
]
},
{
"anyOf": [
{
"value": "[parameters('computeType')]",
"equals": "Any"
},
{
"field": "Microsoft.MachineLearningServices.Data/workspaces/computes/type",
"equals": "[parameters('computeType')]"
}
]
},
{
"anyOf": [
{
"allOf": [
{
"field": "Microsoft.MachineLearningServices.Data/workspaces/computes/type",
"equals": "MachineLearningCompute"
},
{
"anyOf": [
{
"value": "[parameters('isIsolatedNetwork')]",
"equals": "Any"
},
{
"field": "Microsoft.MachineLearningServices.Data/workspaces/computes/isIsolatedNetwork",
"equals": "[parameters('isIsolatedNetwork')]"
}
]
}
]
},
{
"field": "Microsoft.MachineLearningServices.Data/workspaces/computes/type",
"notEquals": "MachineLearningCompute"
}
]
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"setting": {
"name": "signingKey",
"value": "[parameters('signingKey')]"
}
}
}
}
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/6a6f7384-63de-11ea-bc55-0242ac130003",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "6a6f7384-63de-11ea-bc55-0242ac130003"
}
|