Share via

Policy existenceCondition for Redis cache Schedule updates gets "No related resources match the effect details in the policy definition"

Matt Padfield 20 Reputation points
2025-10-07T14:56:11.5833333+00:00

I've created a custom policy for setting the "Schedule updates" times on an Azure cache for Redis resource. I couldn't find any built-in policy or examples online for this. My policy does successfully set up the schedule, so the template part works.

But it always says the redis is non-compliant, so my existenceCondition is failing. I get 2 reasons for non-compliance:

  1. "No related resources match the effect details in the policy definition"
    Existence condition
    Type Microsoft.Cache/redis/patchSchedules"
  2. "Current value must be equal to the target value"
    Expression Length(field('Microsoft.Cache/redis/patchSchedules/scheduleEntries'))]
    Current value 0 Target value 1
    (this is just an example expression)

Here is the existence condition part of my policy:

      "then": {
        "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Cache/redis/patchSchedules",
          "evaluationDelay": "AfterProvisioning",
          "existenceCondition": {
            "value": "[length(field('Microsoft.Cache/redis/patchSchedules/scheduleEntries'))]",
            "equals": 1
          },
          "deployment": {

I've tried adding a "name" to the "details" section as below, it made no difference:

"name": "[concat(field('fullName'), '/default'))]",

Error 1 above goes away if I set type to "Microsoft.Cache/redis" instead of "Microsoft.Cache/redis/patchSchedules" but I don't see why that should be correct. If I go to my test redis in the Azure portal and click Export Template I do see this child resource of type "Microsoft.Cache/redis/patchSchedules" with the expected schedule.

Either way I always get the second error, all of the relevant aliases seem to have no value, they're empty, null, 0 etc. I suppose this is because no matching resource was found. I'd be grateful for any help, I think I'm stuck!

Here's the whole policy:

{
    "mode": "All",
    "parameters": {
      "excludeRedisNames": {
        "type": "Array",
        "metadata": {
          "displayName": "text for excluding matching redis cache (part) names, formatted as json string array",
          "description": "Text for excluding matching redis cache names, any names containing any of the strings are excluded"
        }
      },
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Choose Audit or 
        },
        "allowedValues": [
          "Audit",
          "DeployIfNotExists"
        ]
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Cache/redis"
          },
          {
            "count": {
              "value": "[parameters('excludeRedisNames')]",
              "name": "excludeRedisName",
              "where": {
                "field": "name",
                "contains": "[current('excludeRedisName')]"
              }
            },
            "equals": 0
          }
        ]
      },
      "then": {
        "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Cache/redis/patchSchedules",
          "evaluationDelay": "AfterProvisioning",
          "existenceCondition": {
            "value": "[length(field('Microsoft.Cache/redis/patchSchedules/scheduleEntries'))]",
            "equals": 1
          },
          "deployment": {
            "properties": {
              "mode": "incremental",
              "parameters": {
                "redisName": {
                  "value": "[field('name')]"
                },
                "location": {
                  "value": "[field('location')]"
                },
                "redisCapacity": {
                  "value": "[field('Microsoft.Cache/redis/sku.capacity')]"
                },
                "redisTier": {
                  "value": "[field('Microsoft.Cache/redis/sku.name')]"
                },
                "redisFamily": {
                  "value": "[field('Microsoft.Cache/redis/sku.family')]"
                }
              },
              "template": {
                "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "redisName": {
                    "type": "string"
                  },
                  "location": {
                    "defaultValue": "northeurope",
                    "type": "string"
                  },
                  "redisCapacity": {
                    "type": "int",
                    "allowedValues": [
                      0,
                      1,
                      2,
                      3,
                      4,
                      5,
                      6
                    ],
                    "defaultValue": 1
                  },
                  "redisFamily": {
                    "type": "string",
                    "allowedValues": [
                      "C",
                      "P"
                    ],
                    "defaultValue": "C"
                  },
                  "redisTier": {
                    "type": "string",
                    "allowedValues": [
                      "Standard",
                      "Basic",
                      "Premium"
                    ],
                    "defaultValue": "Standard"
                  }
                },
                "resources": [
                  {
                    "apiVersion": "2022-06-01",
                    "type": "Microsoft.Cache/Redis",
                    "name": "[parameters('redisName')]",
                    "location": "[parameters('location')]",
                    "properties": {
                      "sku": {
                        "name": "[parameters('redisTier')]",
                        "family": "[parameters('redisFamily')]",
                        "capacity": "[parameters('redisCapacity')]"
                      }
                    }
                  },
                  {
                    "type": "Microsoft.Cache/Redis/patchSchedules",
                    "apiVersion": "2024-11-01",
                    "name": "[concat(parameters('redisName'), '/default')]",
                    "location": "North Europe",
                    "dependsOn": [
                      "[resourceId('Microsoft.Cache/Redis', parameters('redisName'))]"
                    ],
                    "properties": {
                      "scheduleEntries": [
                        {
                          "dayOfWeek": "Sunday",
                          "startHourUtc": 0,
                          "maintenanceWindow": "PT5H"
                        }
                      ]
                    }
                  }
                ]
              }
            }
          },
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
          ]
        }
      }
    }
}
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
0 comments
Answer accepted by question author
  1. Alex Burlachenko 18,310 Reputation points Volunteer Moderator
    2025-10-08T06:36:18.61+00:00

    Hi Matt,

    You've done an impressive job building this custom Redis patch schedule policy from scratch )) that's no small feat, and you're really close to getting it working properly.

    The issue you're hitting with the existenceCondition is actually quite common when working with child resources in Azure Policy. The policy engine struggles to evaluate properties of nested resources like patchSchedules during compliance checks.

    The "No related resources match the effect details" error occurs because the policy engine can't find the Microsoft.Cache/redis/patchSchedules resource during evaluation. Even though it exists in your template, the compliance scan doesn't see it as a separate manageable resource.

    For your existenceCondition, try this approach instead

    "existenceCondition": { "field": "Microsoft.Cache/redis/patchSchedules/scheduleEntries[*].dayOfWeek", "equals": "Sunday" }

    This checks for a specific property within the scheduleEntries array rather than trying to evaluate the array length, which the policy engine handles better.

    Also, you're absolutely right about needing the "name" in the details section. It should be:

    "name": "[concat(field('name'), '/default')]"

    This tells the policy exactly which patchSchedules resource to look for - the 'default' one.

    The Azure Policy documentation has good examples of working with nested resources that might give you additional ideas https://free.blessedness.top/en-us/azure/governance/policy/concepts/definition-structure.

    Another thing to check is your API versions. You're using 2024-11-01 for patchSchedules, which should be fine, but make sure it matches what's available in your region. Sometimes newer API versions have slightly different behavior in policy evaluations.

    If you're still getting compliance issues, try simplifying the existenceCondition to just check if any scheduleEntries exist rather than specific values:

    "existenceCondition": { "count": "[field('Microsoft.Cache/redis/patchSchedules/scheduleEntries')]", "greater": 0 }

    This might be more reliable than checking the exact array length or specific property values. Hope this helps you get that policy showing compliant

    regards,

    Alex

    and "yes" if you would follow me at Q&A - personaly thx.
P.S. If my answer help to you, please Accept my answer

    https://ctrlaltdel.blog/

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.