Azure策略检查是否存在空值
我需要一个用于标记的Azure策略。我希望在创建资源组时,用户需要定义一个标记。策略还应检查tagvaule是否为空 我尝试了以下方法:Azure策略检查是否存在空值,azure,tags,notnull,azure-policy,Azure,Tags,Notnull,Azure Policy,我需要一个用于标记的Azure策略。我希望在创建资源组时,用户需要定义一个标记。策略还应检查tagvaule是否为空 我尝试了以下方法: { "properties": { "displayName": "Require a tag Billto and a value that is not empty", "policyType": "Custom", "mode": "All", "description": "Enforces a required t
{
"properties": {
"displayName": "Require a tag Billto and a value that is not empty",
"policyType": "Custom",
"mode": "All",
"description": "Enforces a required tag and its value on resource groups.",
"metadata": {
"category": "Tags",
},
"parameters": {
"tagName": {
"type": "String",
"metadata": {
"displayName": "Tag Name",
"description": "Name of the tag, such as 'Billto'"
}
},
"tagValue": {
"type": "String",
"metadata": {
"displayName": "Tag Value",
"description": "Value of the tag, such as 'Costcenter'"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions/resourceGroups"
},
{
"field": "[concat('tags[', parameters('tagName'), ']')]",
"exists": "false"
},
{
"value": "[concat('tags[', parameters('tagValue'), ']')]",
"equals": ""
}
]
},
"then": {
"effect": "deny"
}
}
}
有人能帮我找到正确的密码吗?
感谢Thomas此策略定义将拒绝给定标记具有空值或完全缺少标记的资源组:
{
"properties": {
"mode": "All",
"parameters": {
"tagName": {
"type": "String",
"metadata": {
"displayName": "Tag Name",
"description": "Name of the tag, such as 'Billto'"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions/resourceGroups"
},
{
"anyOf": [
{
"field": "[concat('tags[', parameters('tagName'), ']')]",
"exists": false
},
{
"field": "[concat('tags[', parameters('tagName'), ']')]",
"equals": ""
}
]
}
]
},
"then": {
"effect": "deny"
}
}
}
}
细分:
参数(“标记名”)
解析为参数标记名的值。对于本例的其余部分,我们将使用Billto
作为标记名“字段”:“[concat('tags[',parameters('tagName'),']]””
解析为“字段”:“tags[Billto]”
“字段”:“tags[Billto]”
将获取Billto
标记的值李>
Billto
标记,则Billto
标记将没有值,因此“exists”:false将为true,策略将拒绝。如果Billto
标记的值为空,则的“等于”:“
将为真,策略将拒绝李>