Azure Question posted in
The official documentation to get you started can be found here.

Azure – What am I missing editing Policy

I’m simply trying to take the default deny template and add a few more tags that I want to get added to the resources. I get an error that says "tagName1" is not allowed. What am I missing?

{
"mode": "All",
"policyRule": {
"if": {
  "allOf": [
    {
      "field": "type",
      "equals": "Microsoft.Resources/subscriptions/resourceGroups"
    },
    {
      "field": "[concat('tags[', parameters('tagName'),('tagName1') ']')]",
      "exists": "false"
    }
  ]
},
"then": {
  "effect": "deny"
}
},
"parameters": {
"tagName": {
  "type": "String",
  "metadata": {
    "displayName": "Tag Name",
    "description": "Name of the tag, such as 'environment'"
  },
  "tagName1": {
  "type": "String",
  "metadata": {
    "displayName": "Project",
    "description": "Name of the tag, such as 'environment'"
  }
},
Tags:

2

Answers


  1. 0

    You’re just missing a closing brace after tagName.

    {
"mode": "All",
"policyRule": {
"if": {
  "allOf": [
    {
      "field": "type",
      "equals": "Microsoft.Resources/subscriptions/resourceGroups"
    },
    {
      "field": "[concat('tags[', parameters('tagName'),('tagName1') ']')]",
      "exists": "false"
    }
  ]
},
"then": {
  "effect": "deny"
}
},
"parameters": {
  "tagName": {
    "type": "String",
    "metadata": {
      "displayName": "Tag Name",
      "description": "Name of the tag, such as 'environment'"
    }
  },
  "tagName1": {
    "type": "String",
    "metadata": {
      "displayName": "Project",
      "description": "Name of the tag, such as 'environment'"
    }
  }
}
    Login or Signup to reply.
  2. 0

    In your policy, Tag names such as tagName and tagName1, must be separately defined within the parameters object. The concatenated tag names should be used in the field condition of the policy rule to check for their existence.

    Here is the updated policy.

        {
      "mode": "All",
      "policyRule": {
        "if": {
          "allOf": [
            {
              "field": "type",
              "equals": "Microsoft.Resources/subscriptions/resourceGroups"
            },
            {
              "field": "[concat('tags[', parameters('tagName'), ',', parameters('tagName1'), ']')]",
              "exists": "false"
            }
          ]
        },
        "then": {
          "effect": "deny"
        }
      },
      "parameters": {
        "tagName": {
          "type": "String",
          "metadata": {
            "displayName": "Tag Name",
            "description": "Name of the tag, such as 'pailot'"
          }
        },
        "tagName1": {
          "type": "String",
          "metadata": {
            "displayName": "Project",
            "description": "Name of the tag, such as 'environment'"
          }
        }
      }
    }

    Output:

    The policy is denying the resource group with different tag names.

    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search