网络子网的命名约定 [英] Naming convention for Network Subnet

问题描述

Hello Experts，

Hello Experts,

我有以下内容以确保在虚拟网络中创建的子网符合命名约定，但是，该策略似乎不起作用配置子网时......以下是Azure策略定义

I'have the following to ensure that subnet created within a virtual networks alings to a naming convention, however, the policy doesn't seem to work while provisioning subnets...Here is the Azure Policy definition below

{"mode": "all",
  "policyRule": {
  "if": {
    "anyOf": [
      {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Network/virtualNetworks"
          },
          {
            "not": {
              "field": "Microsoft.Network/virtualNetworks/subnets[*].name",
              "match": "ccc-???-subnet"
            }
          },
          {
            "not": {
              "field": "Microsoft.Network/virtualNetworks/subnets[*].name",
              "match": "ccc-????-subnet"
            }
          }
        ]
      }
    ]
  },
  "then": {
    "effect": "Deny"
  }
}
}

请帮助

推荐答案

 

Hi, 

您的模板失败的原因是因为"allOf"声明。只有当所有条件匹配时，它才会拒绝。但是当你给子网命名时，它可以是"ccc - ??? - subnet"。或"ccc - ???? - subnet"。因此，该条件的一个
将是假的，因此它不会生效。 

The reason why your template fails is because of the "allOf" statement. Only when all the condition match, it will deny. But when you give a name to the subnet, it can either be "ccc-???-subnet" or "ccc-????-subnet". So one of the condition will be false and hence it is not taking effect. 

您可以尝试使用一个条件" CCC - ??? - 子网"并试试？

Can you try using one condition "ccc-???-subnet" and try?

"mode": "all",
  "policyRule": {
  "if": {
    "anyOf": [
      {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Network/virtualNetworks"
          },
          {
            "not": {
              "field": "Microsoft.Network/virtualNetworks/subnets[*].name",
              "match": "ccc-???-subnet"
            }
          }
         
        ]
      }
    ]
  },
  "then": {
    "effect": "Deny"
  }
}
}

问候， 

Msrini

这篇关于网络子网的命名约定的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！