对资源组强制命名约定的 Azure Policy 无效
Azure Policy to enfore naming convention on resource group has no effect
为什么下面的政策没有效果?我期望它能阻止创建任何不以 rg-* 开头的资源组。但是,可以使用资源组名称的任何模式。
{
"properties": {
"policyType": "Custom",
"mode": "All",
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Resources/resourceGroups"
},
{
"field": "name",
"notLike": "rg-*"
}
]
},
"then": {
"effect": "Deny"
}
}
},
"id": "/subscriptions/.../providers/Microsoft.Authorization/policyDefinitions/policy-naming-convention-rg",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "policy-naming-convention-rg"
}
它已正确分配,而且我已经等待了足够长的时间,所以它有时间生效。可用于创建资源组的 ARM 模板如下所示:
所以类型应该匹配,字段也应该匹配。我很困惑。有什么想法吗?
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.1",
"parameters": {
"rgName": {
"type": "string"
},
"rgLocation": {
"type": "string"
},
"tags": {
"type": "object",
"defaultValue": {}
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"location": "[parameters('rgLocation')]",
"name": "[parameters('rgName')]",
"properties": {},
"tags": "[parameters('tags')]"
}
],
"outputs": {}
}
请参阅 this SO question,我认为它可能有所帮助。基本上,您在定义策略时需要使用 Microsoft.Resources/subscriptions/resourceGroups 而不是 Microsoft.Resources/resourceGroups。
这不完全是您的用例,但 Microsoft Azure 提供了 an example 与使用上述命名约定的资源组相关的 Azure 策略。
为什么下面的政策没有效果?我期望它能阻止创建任何不以 rg-* 开头的资源组。但是,可以使用资源组名称的任何模式。
{
"properties": {
"policyType": "Custom",
"mode": "All",
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Resources/resourceGroups"
},
{
"field": "name",
"notLike": "rg-*"
}
]
},
"then": {
"effect": "Deny"
}
}
},
"id": "/subscriptions/.../providers/Microsoft.Authorization/policyDefinitions/policy-naming-convention-rg",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "policy-naming-convention-rg"
}
它已正确分配,而且我已经等待了足够长的时间,所以它有时间生效。可用于创建资源组的 ARM 模板如下所示:
所以类型应该匹配,字段也应该匹配。我很困惑。有什么想法吗?
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.1",
"parameters": {
"rgName": {
"type": "string"
},
"rgLocation": {
"type": "string"
},
"tags": {
"type": "object",
"defaultValue": {}
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"location": "[parameters('rgLocation')]",
"name": "[parameters('rgName')]",
"properties": {},
"tags": "[parameters('tags')]"
}
],
"outputs": {}
}
请参阅 this SO question,我认为它可能有所帮助。基本上,您在定义策略时需要使用 Microsoft.Resources/subscriptions/resourceGroups 而不是 Microsoft.Resources/resourceGroups。
这不完全是您的用例,但 Microsoft Azure 提供了 an example 与使用上述命名约定的资源组相关的 Azure 策略。