Fatal编程技术网
  • azure/
  • Azure策略检查是否存在空值

Azure策略检查是否存在空值

azure tags

Azure策略检查是否存在空值,azure,tags,notnull,azure-policy,Azure,Tags,Notnull,Azure Policy,我需要一个用于标记的Azure策略。我希望在创建资源组时,用户需要定义一个标记。策略还应检查tagvaule是否为空 我尝试了以下方法: { "properties": { "displayName": "Require a tag Billto and a value that is not empty", "policyType": "Custom", "mode": "All", "description": "Enforces a required t

我需要一个用于标记的Azure策略。我希望在创建资源组时,用户需要定义一个标记。策略还应检查tagvaule是否为空

我尝试了以下方法:

{
  "properties": {
    "displayName": "Require a tag Billto and a value that is not empty",
    "policyType": "Custom",
    "mode": "All",
    "description": "Enforces a required tag and its value on resource groups.",
    "metadata": {
      "category": "Tags",
    },
    "parameters": {
      "tagName": {
        "type": "String",
        "metadata": {
          "displayName": "Tag Name",
          "description": "Name of the tag, such as 'Billto'"
        }
      },
      "tagValue": {
        "type": "String",
        "metadata": {
          "displayName": "Tag Value",
          "description": "Value of the tag, such as 'Costcenter'"
        }
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Resources/subscriptions/resourceGroups"
          },
          {
            "field": "[concat('tags[', parameters('tagName'), ']')]",
            "exists": "false"
          },
          {
            "value": "[concat('tags[', parameters('tagValue'), ']')]",
            "equals": ""
          }
        ]
      },
      "then": {
        "effect": "deny"
      }
    }
  }
有人能帮我找到正确的密码吗?
感谢Thomas

此策略定义将拒绝给定标记具有空值或完全缺少标记的资源组:

{
  "properties": {
    "mode": "All",
    "parameters": {
      "tagName": {
        "type": "String",
        "metadata": {
          "displayName": "Tag Name",
          "description": "Name of the tag, such as 'Billto'"
        }
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Resources/subscriptions/resourceGroups"
          },
          {
            "anyOf": [
              {
                "field": "[concat('tags[', parameters('tagName'), ']')]",
                "exists": false
              },
              {
                "field": "[concat('tags[', parameters('tagName'), ']')]",
                "equals": ""
              }
            ]
          }
        ]
      },
      "then": {
        "effect": "deny"
      }
    }
  }
}
细分:

  • 参数(“标记名”)
    解析为参数标记名的值。对于本例的其余部分,我们将使用
    Billto
    作为标记名
  • “字段”:“[concat('tags[',parameters('tagName'),']]””
    解析为
    “字段”:“tags[Billto]”
  • “字段”:“tags[Billto]”
    将获取
    Billto
    标记的值
  • 如果资源没有
    Billto
    标记,则
    Billto
    标记将没有值,因此
    “exists”:false将为true,策略将拒绝。如果
    Billto
    标记的值为空,则
    的“等于”:“
    将为真,策略将拒绝