Azure策略检查空值 [英] Azure Policy check for an empty value
本文介绍了Azure策略检查空值的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我需要使用Azure策略进行标记.我希望用户在创建资源组时需要定义标签.该策略还应检查tagvaule是否为空.
I need an Azure Policy for tagging. I want that a user needs to define a tag when a Resource Groups is created. The Policy should also check that the tagvaule is not empty.
我尝试了以下操作:
{
"properties": {
"displayName": "Require a tag Billto and a value that is not empty",
"policyType": "Custom",
"mode": "All",
"description": "Enforces a required tag and its value on resource groups.",
"metadata": {
"category": "Tags",
},
"parameters": {
"tagName": {
"type": "String",
"metadata": {
"displayName": "Tag Name",
"description": "Name of the tag, such as 'Billto'"
}
},
"tagValue": {
"type": "String",
"metadata": {
"displayName": "Tag Value",
"description": "Value of the tag, such as 'Costcenter'"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions/resourceGroups"
},
{
"field": "[concat('tags[', parameters('tagName'), ']')]",
"exists": "false"
},
{
"value": "[concat('tags[', parameters('tagValue'), ']')]",
"equals": ""
}
]
},
"then": {
"effect": "deny"
}
}
}
有人可以帮助我并给我正确的代码吗?谢谢托马斯
can someone help me and give me the right code? Thanks Thomas
推荐答案
此策略定义将拒绝给定标签具有空值或完全缺少标签的资源组:
This policy definition will deny resource groups which have an empty value for the given tag, or are missing the tag altogether:
{
"properties": {
"mode": "All",
"parameters": {
"tagName": {
"type": "String",
"metadata": {
"displayName": "Tag Name",
"description": "Name of the tag, such as 'Billto'"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions/resourceGroups"
},
{
"anyOf": [
{
"field": "[concat('tags[', parameters('tagName'), ']')]",
"exists": false
},
{
"field": "[concat('tags[', parameters('tagName'), ']')]",
"equals": ""
}
]
}
]
},
"then": {
"effect": "deny"
}
}
}
}
打破现状:
-
parameters('tagName')
解析为参数tagName的值.对于本示例的其余部分,我们将使用Billto
作为标记名称. -
"field":"[concat('tags [',parameters('tagName'),']')]"
解析为"field":"tags [Billto]"
-
"field":"tags [Billto]"
将获得Billto
标记的 value . - 如果资源没有
Billto
标记,则Billto
标记将没有值,因此"exists":false
为true,并且该政策将拒绝.如果Billto
标记的值为空,则"equals":"
将为true,并且该策略将拒绝.
parameters('tagName')
resolves to the value of the parameter tagName. For the rest of this example, we'll useBillto
as the tag name."field": "[concat('tags[', parameters('tagName'), ']')]"
resolves to"field": "tags[Billto]"
"field": "tags[Billto]"
will get the value of theBillto
tag.- If the resource doesn't have a
Billto
tag, TheBillto
tag won't have a value, so the"exists" : false
will be true and the policy will deny. If theBillto
tag's value is empty, then"equals": ""
will be true, and the policy will deny.
这篇关于Azure策略检查空值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文