附加标签策略不适用于某些资源
Appending tag policy isn't working for some resources
我正在创建一个 Azure 策略来将标签附加到新创建的资源,它适用于大多数组件,但我发现此策略不适用于某些组件,例如:逻辑应用程序。
{
"mode": "All",
"parameters": {
"Environment": {
"type": "String",
"metadata": {
"displayName": "Environment"
},
"defaultValue": "dev"
},
"Owner": {
"type": "String",
"metadata": {
"displayName": "Owner"
},
"defaultValue": "Admin"
},
"CostCenter": {
"type": "String",
"metadata": {
"displayName": "CostCenter"
},
"defaultValue": "NA"
}
},
"policyRule": {
"if": {
"field": "tags",
"exists": "false"
},
"then": {
"effect": "append",
"details": [
{
"field": "tags",
"value": {
"Environment": "[parameters('Environment')]",
"Owner": "[parameters('Owner')]",
"CostCenter": "[parameters('CostCenter')]"
}
}
]
}
}
}
我添加了一个类似的策略来将标签应用到资源组,但根本不起作用,我不知道发生了什么。
{
"mode": "All",
"parameters": {
"Environment": {
"type": "String",
"metadata": {
"displayName": "Environment"
},
"defaultValue": "dev"
},
"Owner": {
"type": "String",
"metadata": {
"displayName": "Owner"
},
"defaultValue": "admin"
},
"CostCenter": {
"type": "String",
"metadata": {
"displayName": "CostCenter"
},
"defaultValue": "NA"
}
}
"policyRule": {
"if": {
"allOf": [
{
"field": "tags",
"exists": "false"
},
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions/resourceGroups"
}
]
},
"then": {
"effect": "append",
"details": [
{
"field": "tags",
"value": {
"Environment": "[parameters('Environment')]",
"Owner": "[parameters('Owner')]",
"CostCenter": "[parameters('CostCenter')]"
}
}
]
}
}
}
我自己弄清楚,我策略中的 "exists": "false" 条件只会在 "tags" 属性 缺失或为空时触发,因此具有 [= 的资源组或资源13=] 将绕过我的政策,即使它没有任何标签。
此外,简单的标签检查是不合理的,应该通过标签名称逐一检查,如果不符合,则采取行动追加。
而且我还发现以下声明不适用于资源组,可能是因为它是不规范的做法。
{
"then": {
"effect": "append",
"details": [
{
"field": "tags",
"value": {
"Environment": "[parameters('Environment')]",
"Owner": "[parameters('Owner')]",
"CostCenter": "[parameters('CostCenter')]"
}
}
]
}
}
建议改用下面的语句
{
"then": {
"effect": "append",
"details": [
{
"field": "tags['Environment']",
"value": "[parameters('Environment')]"
},
{
"field": "tags['Owner']",
"value": "[parameters('Owner')]"
},
{
"field": "tags['CostCenter']",
"value": "[parameters('CostCenter')]"
}
]
}
}
我正在创建一个 Azure 策略来将标签附加到新创建的资源,它适用于大多数组件,但我发现此策略不适用于某些组件,例如:逻辑应用程序。
{
"mode": "All",
"parameters": {
"Environment": {
"type": "String",
"metadata": {
"displayName": "Environment"
},
"defaultValue": "dev"
},
"Owner": {
"type": "String",
"metadata": {
"displayName": "Owner"
},
"defaultValue": "Admin"
},
"CostCenter": {
"type": "String",
"metadata": {
"displayName": "CostCenter"
},
"defaultValue": "NA"
}
},
"policyRule": {
"if": {
"field": "tags",
"exists": "false"
},
"then": {
"effect": "append",
"details": [
{
"field": "tags",
"value": {
"Environment": "[parameters('Environment')]",
"Owner": "[parameters('Owner')]",
"CostCenter": "[parameters('CostCenter')]"
}
}
]
}
}
}
我添加了一个类似的策略来将标签应用到资源组,但根本不起作用,我不知道发生了什么。
{
"mode": "All",
"parameters": {
"Environment": {
"type": "String",
"metadata": {
"displayName": "Environment"
},
"defaultValue": "dev"
},
"Owner": {
"type": "String",
"metadata": {
"displayName": "Owner"
},
"defaultValue": "admin"
},
"CostCenter": {
"type": "String",
"metadata": {
"displayName": "CostCenter"
},
"defaultValue": "NA"
}
}
"policyRule": {
"if": {
"allOf": [
{
"field": "tags",
"exists": "false"
},
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions/resourceGroups"
}
]
},
"then": {
"effect": "append",
"details": [
{
"field": "tags",
"value": {
"Environment": "[parameters('Environment')]",
"Owner": "[parameters('Owner')]",
"CostCenter": "[parameters('CostCenter')]"
}
}
]
}
}
}
我自己弄清楚,我策略中的 "exists": "false" 条件只会在 "tags" 属性 缺失或为空时触发,因此具有 [= 的资源组或资源13=] 将绕过我的政策,即使它没有任何标签。
此外,简单的标签检查是不合理的,应该通过标签名称逐一检查,如果不符合,则采取行动追加。
而且我还发现以下声明不适用于资源组,可能是因为它是不规范的做法。
{
"then": {
"effect": "append",
"details": [
{
"field": "tags",
"value": {
"Environment": "[parameters('Environment')]",
"Owner": "[parameters('Owner')]",
"CostCenter": "[parameters('CostCenter')]"
}
}
]
}
}
建议改用下面的语句
{
"then": {
"effect": "append",
"details": [
{
"field": "tags['Environment']",
"value": "[parameters('Environment')]"
},
{
"field": "tags['Owner']",
"value": "[parameters('Owner')]"
},
{
"field": "tags['CostCenter']",
"value": "[parameters('CostCenter')]"
}
]
}
}