Azure Custom Policy- PostgreSQL Product – Compliance Report not Available- New Feature Request
If you try to create custom policy to add diagnostic settings for Azure Cosmos DB for PostgreSQL Cluster for log analytics and assign policy at subscription level, you will find that compliance report says “no resources found” even if you have deployed resources under same subscription
Below is the screenshot of resources deployed in subscription:
Custom Policy is Assigned at Subscription Level:
Here in Below Screenshot, Compliance Report says “no resources”:
A read operation should be available from Resource provider end to read the resource. In this case the resource provider(Microsoft.DBforPostgreSQL) did not provide a read operation for this resource type- Microsoft.DBforPostgreSQL/serverGroupsv2. So, policy is not able to read the resource and generate the compliance.
Below are the PowerShell command and operations available on the resource(Microsoft.DBforPostgreSQL/serverGroupsv2)
Command:
(Get-AzProviderOperation Microsoft.DBforPostgreSQL/* | ?{$_.operation -like ‘Microsoft.DBforPostgreSQL/serverGroupsv2*’} | sort operation | select operation
Output:
Operation
———
Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnectionProxies/delete
Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnectionProxies/read
Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnectionProxies/validate/action
Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnectionProxies/write
Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnections/delete
Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnections/read
Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnections/write
Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnectionsApproval/action
Microsoft.DBforPostgreSQL/serverGroupsv2/privateLinkResources/read
To add any custom policy for Microsoft.DBforPostgreSQL/serverGroupsv2, you will not be able to see if resources are complaint or non- compliant. The requested read operation is not supported and will be implemented in future by PG Team. Once read operation is available, we will be able to see resources under compliance report. Hence, our custom policy will work properly once this feature is implemented
As of now, only below operations are supported by the resource provider(Microsoft.DBforPostgreSQL/serverGroupsv2).
Link: Azure resource provider operations | Microsoft Learn
Microsoft Tech Community – Latest Blogs –Read More