AzPolicyAdvertizer

last sync: 2021-May-14 16:08:20 UTC

Azure Policy definition

[Preview]: Configure code signing for training code for specified Azure Machine Learning computes

Name [Preview]: Configure code signing for training code for specified Azure Machine Learning computes
Azure Portal
Id 6a6f7384-63de-11ea-bc55-0242ac130003
Version 2.1.0-preview
details on versioning
Category Machine Learning
Microsoft docs
Description Provide code signing for training code in specified Azure Machine Learning computes and can be assigned at the workspace. For more information, visit https://aka.ms/amlpolicydoc.
Mode Microsoft.MachineLearningServices.Data
Type BuiltIn
Preview True
Deprecated FALSE
Effect Default: enforceSetting
Allowed: (enforceSetting, disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-04-07 13:27:17 change Minor, suffix remains equal (2.0.0-preview > 2.1.0-preview)
2021-03-31 14:35:06 change Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2020-06-23 16:03:25 add 6a6f7384-63de-11ea-bc55-0242ac130003
Used in Initiatives none
JSON Changes

JSON 
{
  "properties": {
  "displayName": "[Preview]: Configure code signing for training code for specified Azure Machine Learning computes",
    "policyType": "BuiltIn",
    "mode": "Microsoft.MachineLearningServices.Data",
    "description": "Provide code signing for training code in specified Azure Machine Learning computes and can be assigned at the workspace. For more information, visit https://aka.ms/amlpolicydoc.",
    "metadata": {
      "version": "2.1.0-preview",
      "category": "Machine Learning",
      "preview": true
    },
    "parameters": {
      "computeNames": {
        "type": "Array",
        "metadata": {
        "displayName": "[Preview]: Compute names where Azure Machine Learning jobs run",
          "description": "List of compute names where this policy should be applied. Example: 'cpu-cluster;gpu-cluster'. If no value is provided to this parameter, policy is applicable to all computes."
        },
        "defaultValue": [
          
        ]
      },
      "computeType": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Compute type for the compute where Azure ML jobs run",
          "description": "Compute type name. If Any is selected, the policy is applicable to any compute types."
        },
        "allowedValues": [
          "MachineLearningCompute",
          "AzureDataFactory",
          "HDInsight",
          "Any"
        ],
        "defaultValue": "Any"
      },
      "isIsolatedNetwork": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Is the compute in isolated network",
          "description": "Only applicable for MachineLearningCompute type. \"Yes: apply the policy to computes in isolated network\". \"No: apply the policy to computes that are out of isolated network\". \"Any: apply the policy regardless of if the compute is in isolated network or not\". If compute type is not MachineLearningCompute, the value set for this parameter will be ignored."
        },
        "allowedValues": [
          "Yes",
          "No",
          "Any"
        ],
        "defaultValue": "Any"
      },
      "signingKey": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: PGP public key",
          "description": "Public key text in PGP public key format, with newline characters encoded as string literals \"\\r\" and \"\\n\"."
        }
      },
      "effect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect",
          "description": "Enable or disable the execution of the policy."
        },
        "allowedValues": [
          "enforceSetting",
          "disabled"
        ],
        "defaultValue": "enforceSetting"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "anyOf": [
              {
                "field": "Microsoft.MachineLearningServices.Data/workspaces/computes/name",
              "in": "[parameters('computeNames')]"
              },
              {
              "value": "[length(parameters('computeNames'))]",
                "equals": 0
              }
            ]
          },
          {
            "anyOf": [
              {
              "value": "[parameters('computeType')]",
                "equals": "Any"
              },
              {
                "field": "Microsoft.MachineLearningServices.Data/workspaces/computes/type",
              "equals": "[parameters('computeType')]"
              }
            ]
          },
          {
            "anyOf": [
              {
                "allOf": [
                  {
                    "field": "Microsoft.MachineLearningServices.Data/workspaces/computes/type",
                    "equals": "MachineLearningCompute"
                  },
                  {
                    "anyOf": [
                      {
                      "value": "[parameters('isIsolatedNetwork')]",
                        "equals": "Any"
                      },
                      {
                        "field": "Microsoft.MachineLearningServices.Data/workspaces/computes/isIsolatedNetwork",
                      "equals": "[parameters('isIsolatedNetwork')]"
                      }
                    ]
                  }
                ]
              },
              {
                "field": "Microsoft.MachineLearningServices.Data/workspaces/computes/type",
                "notEquals": "MachineLearningCompute"
              }
            ]
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "setting": {
            "name": "signingKey",
          "value": "[parameters('signingKey')]"
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/6a6f7384-63de-11ea-bc55-0242ac130003",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "6a6f7384-63de-11ea-bc55-0242ac130003"
}