如何在没有标签的情况下强制执行政策

时间:2019-01-26 15:12:26

标签: azure gitlab terraform

我们正在使用gitlab管道通过Azure云中的terraform旋转基础架构,例如VM / Service总线和其他资源。很多时候,开发人员忘记标记他们剥离资源的目的。由于缺少此信息,我们无法找到资源及其用途。

gitlab管道中是否有通过变量的任何方式,或者没有标签管道的其他任何方式都会失败?就像通过gitlab管道旋转任何基础结构时强制使用tag一样。 我正在寻找gitlab中的任何配置或实施策略

1 个答案:

答案 0 :(得分:1)

您可以为此使用Azure策略。强制标记:

{
   "properties": {
      "displayName": "Enforce tag and its value",
      "policyType": "BuiltIn",
      "description": "Enforces a required tag and its value.",
      "parameters": {
         "tagName": {
            "type": "String",
            "metadata": {
               "description": "Name of the tag, such as costCenter"
            }
         },
         "tagValue": {
            "type": "String",
            "metadata": {
               "description": "Value of the tag, such as headquarter"
            }
         }
      },
      "policyRule": {
         "if": {
            "not": {
               "field": "[concat('tags[', parameters('tagName'), ']')]",
               "equals": "[parameters('tagValue')]"
            }
         },
         "then": {
            "effect": "deny"
         }
      }
   },
   "id": "/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62",
   "type": "Microsoft.Authorization/policyDefinitions",
   "name": "1e30110a-5ceb-460c-a204-c1c3969c6d62"
}

链接:

  1. https://docs.microsoft.com/en-us/azure/governance/policy/samples/enforce-tag-value
  2. https://docs.microsoft.com/en-us/azure/governance/policy/samples/enforce-tag-on-resource-groups