我想创建一种自动创建新策略的方法,该策略需要将默认标签应用于已部署的每个虚拟机。
此刻我有以下内容
Powershell脚本:
#Remove Policy
#$scope = Get-AzSubscription -SubscriptionName "subscriptionname"
#$SubscriptionID = "/subscriptions/" + $scope.Id
#Remove-AzPolicyAssignment -Name 'apply-default-tag-1' -Scope $SubscriptionID
# Create the Policy Definition (Subscription scope)
$definition = New-AzPolicyDefinition -Name 'default-tags-to-vms' -DisplayName 'Append default tags to VM' -description 'This policy will add default tags to VMs' -Policy 'C:\policy.json' -Parameter 'C:\policy.parameters.json' -Mode All
# Set the scope to a resource group; may also be a resource, subscription, or management group
$scope = Get-AzSubscription -SubscriptionName "DCS-EM-AZ1"
$SubscriptionID = "/subscriptions/" + $scope.Id
# Set the Policy Parameter (JSON format)
$Tag1 = '{ "tagName": { "value": "Application"}, "tagValue": { "value": "stackoverflow" } }'
$Tag2 = '{ "tagName": { "value": "Contact"}, "tagValue": { "value": "bekind" } }'
$Tag3 = '{ "tagName": { "value": "Environment"}, "tagValue": { "value": "tome" } }'
$Tag4 = '{ "tagName": { "value": "RUNTIME"}, "tagValue": { "value": "please" } }'
# Create the Policy Assignment
$policyTag1 = New-AzPolicyAssignment -Name 'apply-default-tag-1' -DisplayName 'Apply default tag Application ' -Scope $SubscriptionID -PolicyDefinition $definition -PolicyParameter $Tag1
$policyTag2 = New-AzPolicyAssignment -Name 'apply-default-tag-2' -DisplayName 'Apply default tag Contact ' -Scope $SubscriptionID -PolicyDefinition $definition -PolicyParameter $Tag2
$policyTag3 = New-AzPolicyAssignment -Name 'apply-default-tag-3' -DisplayName 'Apply default tag Environment ' -Scope $SubscriptionID -PolicyDefinition $definition -PolicyParameter $Tag3
$policyTag4 = New-AzPolicyAssignment -Name 'apply-default-tag-4' -DisplayName 'Apply default tag Runtime ' -Scope $SubscriptionID -PolicyDefinition $definition -PolicyParameter $Tag4
JSON文件 policy.json
{
"if": {
"allOf": [{
"field": "[concat('tags[', parameters('tagName'), ']')]",
"exists": "false"
},
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
}
]
},
"then": {
"effect": "append",
"details": [
{
"field": "[concat('tags[', parameters('tagName'), ']')]",
"value": "[parameters('tagValue')]"
}
]
}
}
policy.parameters.json
{
"tagName": {
"type": "string",
"metadata": {
"description": "Name of the tag, such as costCenter"
}
},
"tagValue": {
"type": "string",
"metadata": {
"description": "Value of the tag, such as headquarter"
}
}
}
以上内容将部署多个天蓝色的策略分配,每个分配都是一个标记名和一个标记值,如果我在订阅中测试部署,则可以看到我的策略有效。 当然,它不仅在“现在就可以使用”部分。但是,我又该如何提高效率,以便将来可以在不更改大量代码的情况下添加此平滑函数。
到目前为止我尝试过的:
我没有使用powershell,而是在ARM模板中创建了策略:
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"tagName": {
"type": "array",
"defaultValue":[
"default",
"location",
"is",
"a",
"problem"
]
},
"tagValue": {
"type": "array",
"defaultValue":[
"hello",
"darkness",
"my",
"old",
"friend"
]
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Authorization/policyDefinitions",
"name": "[concat('append-tags-to-resource'parameters('tagName')[copyindex('CopyTags')])]",
"apiVersion": "2018-05-01",
"properties": {
"policyType": "Custom",
"parameters": {},
"policyRule": {
"if": {
"field": "[concat('tags[', parameters('tagName')[copyindex('CopyTags')], ']')]",
"exists": "false"
},
"then": {
"effect": "append",
"details": [
{
"field": "[concat('tags[', parameters('tagName')[copyindex('CopyTags')], ']')]",
"value": "[parameters('tagValue')]"
}
]
}
}
},
"copy": {
"name": "CopyTags",
"count": "[length(parameters('tagName'))]"
}
}
]
}
这给了我很多错误,因为我找不到有效地将其部署到作为范围而不是资源组的订阅中的方法。 (我确实尝试在不提供资源组的情况下进行部署,但无法弄清楚部署的方向,没有错误,我是用户的每个订阅中都没有策略)
有人知道一种有效添加多个标签的方法吗? (高效:这样我就可以在将来增加更多,而无需通过调整数组中的名称和值而进行大量更改)。还是知道实现我的策略Powershell脚本的更好方法?