自定义策略以强制执行标签

时间:2020-04-07 14:28:35

标签: json azure azure-policy

我正在尝试创建一个自定义策略,该策略将基于标签值拒绝。标签是“ external VM”。然后,该策略允许部署一组批准的扩展。但是,当我尝试使用"tag.external vm"添加标签时,会显示错误,与本文结尾(The value of 'field' property 'Tag' of the policy rule must be one of 'Name, Type, Location, Tags, Kind, FullName, Identity.type' or an alias, e.g.)相同。

{
  "mode": "All",
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "tag.External VM",
          "equals": "Third Party"
        },
        {
          "field": "Microsoft.Compute/virtualMachines/extensions/publisher",
          "equals": "Microsoft.Compute"
        },
        {
          "field": "Microsoft.Compute/virtualMachines/extensions/type",
          "notin": "[parameters('AllowedExtensions')]"
        }
      ]
    },
    "then": {
      "effect": "deny"
    }
  },
  "parameters": {
    "AllowedExtensions": {
      "type": "Array",
      "metadata": {
        "displayName": "AllowedExtensions",
        "description": "Allowed VM Extensions"
      }
    }
 }
}

参数文件是

{
    "AllowedExtensions": {
        "type": "Array",
        "metadata": {
            "description": "The list of extensions that will be Allowed.",
            "strongType": "type",
            "displayName": "Allowed extension"
        }
    },
        "tagName": {
        "type": "String",
        "metadata": {
            "description": "The Referenced Tag Name.",
            "displayName": "Tag to Query"
        }
    }
}

有没有一种方法可以给标签名称分配空格。另一种选择是用“ external-vm”重新标记,或参数化标记名,例如

{
  "field": "[parameters('tagName')]",
  "equals": "Third Party"
},

但这给了我错误

The value of 'field' property 'Tag' of the policy rule must be one of 'Name, Type, Location, Tags, Kind, FullName, Identity.type' or an alias, e.g. 

有什么想法吗?

谢谢。

1 个答案:

答案 0 :(得分:0)

参数不正确

"[concat('tags[', parameters('tagName'), ']')]",

将其添加为参数可以解决组织问题。