cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Azure Custom Policy- PostgreSQL Product - Compliance Report not Available- New Feature Request
By
Shikhaghildiyal
Published May 17 2024 12:04 AM 1,647 Views
Shikhaghildiyal
Microsoft
‎May 17 2024 12:04 AM

Azure Custom Policy- PostgreSQL Product - Compliance Report not Available- New Feature Request

‎May 17 2024 12:04 AM

If you try to create custom policy to add diagnostic settings for Azure Cosmos DB for PostgreSQL Cluster for log analytics and assign policy at subscription level, you will find that compliance report says "no resources found" even if you have deployed resources under same subscription

Below is the screenshot of resources deployed in subscription:

 

Shikhaghildiyal_2-1715745921887.png

 

 

Custom Policy is Assigned at Subscription Level:

 

Shikhaghildiyal_1-1715745867027.png

 

Here in Below Screenshot, Compliance Report says "no resources":

Shikhaghildiyal_0-1715745688482.png

 

 

A read operation should be available from Resource provider end to read the resource. In this case the resource provider(Microsoft.DBforPostgreSQL) did not provide a read operation for this resource type- Microsoft.DBforPostgreSQL/serverGroupsv2. So, policy is not able to read the resource and generate the compliance.

 

Below are the PowerShell command and operations available on the resource(Microsoft.DBforPostgreSQL/serverGroupsv2)

 

Command:

 

 

 

 

(Get-AzProviderOperation Microsoft.DBforPostgreSQL/* | ?{$_.operation -like 'Microsoft.DBforPostgreSQL/serverGroupsv2*'} | sort operation | select operation

 

 

 

 

Output:

 

Operation

---------

Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnectionProxies/delete

Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnectionProxies/read

Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnectionProxies/validate/action

Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnectionProxies/write

Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnections/delete

Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnections/read

Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnections/write

Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnectionsApproval/action

Microsoft.DBforPostgreSQL/serverGroupsv2/privateLinkResources/read

 

To add any custom policy for Microsoft.DBforPostgreSQL/serverGroupsv2, you will not be able to see if resources are complaint or non- compliant. The requested read operation is not supported and will be implemented in future by PG Team. Once read operation is available, we will be able to see resources under compliance report. Hence, our custom policy will work properly once this feature is implemented

 

As of now, only below operations are supported by the resource provider(Microsoft.DBforPostgreSQL/serverGroupsv2).

 

Link: Azure resource provider operations | Microsoft Learn

 

Shikhaghildiyal_0-1715744830134.png

 

 

 

0 Likes
Like
Co-Authors
Version history
Last update:
‎May 15 2024 07:21 AM
Updated by:
Labels