我正在尝试创建一个自定义策略,该策略将基于标签值拒绝。标签是“ external VM”。然后,该策略允许部署一组批准的扩展。但是,当我尝试使用"tag.external vm"添加标签时,会显示错误,与本文结尾(The value of 'field' property 'Tag' of the policy rule must be one of 'Name, Type, Location, Tags, Kind, FullName, Identity.type' or an alias, e.g.)相同。
{
"mode": "All",
"policyRule": {
"if": {
"allOf": [
{
"field": "tag.External VM",
"equals": "Third Party"
},
{
"field": "Microsoft.Compute/virtualMachines/extensions/publisher",
"equals": "Microsoft.Compute"
},
{
"field": "Microsoft.Compute/virtualMachines/extensions/type",
"notin": "[parameters('AllowedExtensions')]"
}
]
},
"then": {
"effect": "deny"
}
},
"parameters": {
"AllowedExtensions": {
"type": "Array",
"metadata": {
"displayName": "AllowedExtensions",
"description": "Allowed VM Extensions"
}
}
}
}
参数文件是
{
"AllowedExtensions": {
"type": "Array",
"metadata": {
"description": "The list of extensions that will be Allowed.",
"strongType": "type",
"displayName": "Allowed extension"
}
},
"tagName": {
"type": "String",
"metadata": {
"description": "The Referenced Tag Name.",
"displayName": "Tag to Query"
}
}
}
有没有一种方法可以给标签名称分配空格。另一种选择是用“ external-vm”重新标记,或参数化标记名,例如
{
"field": "[parameters('tagName')]",
"equals": "Third Party"
},
但这给了我错误
The value of 'field' property 'Tag' of the policy rule must be one of 'Name, Type, Location, Tags, Kind, FullName, Identity.type' or an alias, e.g.
有什么想法吗?
谢谢。
答案 0 :(得分:0)
参数不正确
"[concat('tags[', parameters('tagName'), ']')]",
将其添加为参数可以解决组织问题。