Azure Policy - How to audit Node and Runtime version on Function Apps
Paul Matthews
11
Reputation points
I am trying to write 3 policies.
- Audit Function App that are not version 4 runtime.
- Audit Function App that are not the latest Node Version
- Audit Function App that are not the latest .Net Framework Version - Working!
I have been able to audit the .NET Framework Function apps in our environment, using the following policy.
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Web/sites"
},
{
"field": "kind",
"like": "functionapp*"
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Web/sites/config",
"name": "web",
"existenceCondition": {
"field": "Microsoft.Web/sites/config/netFrameworkVersion",
"equals": "v6.0"
}
}
}
}
I've attempted the following for Node but the value it finds is always "".
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Web/sites"
},
{
"field": "kind",
"like": "functionapp*"
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Web/sites/config",
"name": "web",
"existenceCondition": {
"field": "Microsoft.Web/sites/config/nodeVersion",
"in": [
"14",
"12"
]
}
}
}
}
I've attempted the policy for Azure Function App Run time, but the values all show up as "******".
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Web/sites"
},
{
"field": "kind",
"like": "functionapp*"
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Web/sites/config",
"name": "web",
"existenceCondition": {
"field": "Microsoft.Web/sites/config/platform.runtimeVersion",
"equals": "4"
}
}
}
}
Is it possible to get the node and runtime version? Am I just using the wrong field value?
Sign in to answer