Nota
O acesso a esta página requer autorização. Podes tentar iniciar sessão ou mudar de diretório.
O acesso a esta página requer autorização. Podes tentar mudar de diretório.
Este artigo inclui exemplos de definições de Política do Azure que criam destinos e recursos para um tipo de recurso específico. Você pode adicionar recursos automaticamente ao Azure Chaos Studio. Primeiro, você implanta esses exemplos como definições de política personalizadas. Em seguida, você atribui a política a um escopo.
Nesses exemplos, adicionamos destinos e recursos diretos de serviço para cada tipo de recurso suportado usando destinos e capacidades.
Nota
Cada uma dessas políticas difere ligeiramente, e você deve consultar a documentação do recurso (por exemplo, computação, armazenamento, etc.) que você está usando, além dessas definições de exemplo abaixo para garantir que está definindo tudo ocrrectamente para o seu cenário específico
Nota
Verifique se a assinatura que você está usando para a implantação automatizada da política do Azure tem as permissões RBAC corretas para fazer isso.
Definição de política do Cache do Azure para Redis
{
"displayName": "Deploy Chaos Target and Capability for Azure Cache for Redis",
"policyType": "Custom",
"mode": "Indexed",
"metadata": {
"category": "Chaos Studio"
},
"description": "Deploys the target and capabilities for an Azure Cache for Redis instance for onboarding to Azure Chaos Studio."
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Cache/Redis"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Chaos/targets",
"name": "Microsoft-AzureCacheForRedis",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "string"
},
"location": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Cache/Redis/providers/targets",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureCacheForRedis')]",
"location": "[parameters('location')]",
"properties": {}
},
{
"type": "Microsoft.Cache/Redis/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureCacheForRedis/Reboot-1.0')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.Cache/Redis', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureCacheForRedis')]"
],
"properties": {}
}
],
"outputs": {}
},
"parameters": {
"resourceName": {
"value": "[field('name')]"
},
"location": {
"value": "[field('location')]"
}
}
}
}
}
}
}
}
Definição de política do Azure Cosmos DB
{
"displayName": "Deploy Chaos Target and Capability for Cosmos DB",
"policyType": "Custom",
"mode": "Indexed",
"description": "Deploys the target and capabilities for a Cosmos DB for onboarding to Azure Chaos Studio.",
"metadata": {
"category": "Chaos Studio"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.DocumentDB/databaseAccounts"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Chaos/targets",
"name": "Microsoft-CosmosDB",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "string"
},
"location": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.DocumentDB/databaseAccounts/providers/targets",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-CosmosDB')]",
"location": "[parameters('location')]",
"properties": {}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-CosmosDB/Failover-1.0')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-CosmosDB')]"
],
"properties": {}
}
],
"outputs": {}
},
"parameters": {
"resourceName": {
"value": "[field('name')]"
},
"location": {
"value": "[field('location')]"
}
}
}
}
}
}
}
}
Definição da política do Serviço Kubernetes do Azure
{
"displayName": "Deploy Chaos Target and Capabilities for Azure Kubernetes Service",
"policyType": "Custom",
"mode": "Indexed",
"description": "Deploys the target and capabilities for an AKS cluster for onboarding to Azure Chaos Studio.",
"metadata": {
"category": "Chaos Studio"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.ContainerService/managedClusters"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Chaos/targets",
"name": "Microsoft-AzureKubernetesServiceChaosMesh",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "string"
},
"location": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh')]",
"location": "[parameters('location')]",
"properties": {}
},
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/NetworkChaos-2.1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties": {}
},
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/PodChaos-2.1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties": {}
},
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/StressChaos-2.1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties": {}
},
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/IOChaos-2.1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties": {}
},
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/TimeChaos-2.1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties": {}
},
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/KernelChaos-2.1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties": {}
},
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/DNSChaos-2.1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties": {}
},
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/HTTPChaos-2.1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties": {}
}
],
"outputs": {}
},
"parameters": {
"resourceName": {
"value": "[field('name')]"
},
"location": {
"value": "[field('location')]"
}
}
}
}
}
}
}
}
Definição de política de grupo de segurança de rede do Azure
{
"displayName": "Deploy Chaos Target and Capability for Network Security Groups",
"policyType": "Custom",
"mode": "Indexed",
"description": "Deploys the target and capabilities for a network security group for onboarding to Azure Chaos Studio.",
"metadata": {
"category": "Chaos Studio"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Network/networkSecurityGroups"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Chaos/targets",
"name": "Microsoft-NetworkSecurityGroup",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "string"
},
"location": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups/providers/targets",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-NetworkSecurityGroup')]",
"location": "[parameters('location')]",
"properties": {}
},
{
"type": "Microsoft.Network/networkSecurityGroups/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-NetworkSecurityGroup/SecurityRule-1.0')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.Network/networkSecurityGroups', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-NetworkSecurityGroup')]"
],
"properties": {}
}
],
"outputs": {}
},
"parameters": {
"resourceName": {
"value": "[field('name')]"
},
"location": {
"value": "[field('location')]"
}
}
}
}
}
}
}
}
Definição de política de Máquinas Virtuais do Azure
{
"displayName": "Deploy Chaos Target and Capability for Virtual Machines (service-direct)",
"policyType": "Custom",
"mode": "Indexed",
"description": "Deploys the target and capabilities for a virtual machine for onboarding to Azure Chaos Studio (service-direct faults).",
"metadata": {
"category": "Chaos Studio"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Chaos/targets",
"name": "Microsoft-VirtualMachine",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "string"
},
"location": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Compute/virtualMachines/providers/targets",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-VirtualMachine')]",
"location": "[parameters('location')]",
"properties": {}
},
{
"type": "Microsoft.Compute/virtualMachines/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-VirtualMachine/Shutdown-1.0')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.Compute/virtualMachines', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-VirtualMachine')]"
],
"properties": {}
}
],
"outputs": {}
},
"parameters": {
"resourceName": {
"value": "[field('name')]"
},
"location": {
"value": "[field('location')]"
}
}
}
}
}
}
}
}
Definição de política de Conjuntos de Escala de Máquina Virtual do Azure
{
"displayName": "Deploy Chaos Target and Capability for Virtual Machine Scale Sets (service-direct)",
"policyType": "Custom",
"mode": "Indexed",
"description": "Deploys the target and capabilities for virtual machine scale sets for onboarding to Azure Chaos Studio (service-direct faults).",
"metadata": {
"category": "Chaos Studio"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Compute/virtualMachineScaleSets"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Chaos/targets",
"name": "Microsoft-VirtualMachineScaleSet",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "string"
},
"location": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Compute/virtualMachineScaleSets/providers/targets",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-VirtualMachineScaleSet')]",
"location": "[parameters('location')]",
"properties": {}
},
{
"type": "Microsoft.Compute/virtualMachineScaleSets/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-VirtualMachineScaleSet/Shutdown-1.0')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-VirtualMachineScaleSet')]"
],
"properties": {}
}
],
"outputs": {}
},
"parameters": {
"resourceName": {
"value": "[field('name')]"
},
"location": {
"value": "[field('location')]"
}
}
}
}
}
}
}
}
Solução de problemas relacionados à Política do Azure/RBAC
Visite Resolução de problemas na Azure Policy para fazer isso.