Question 377422 in Azure Question posted in
The official documentation to get you started can be found here.

Azure Policy not working (check for lowercase APIM Url)

I have a simple Azure Policy that should check if all API-management URL’s are lowercase (Display Name and API Url Suffix), but violations still pass the check, so obviously the policy is incorrect.

I am new to writing my own Azure Policies… Does anyone have an idea what could be wrong?

"policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.ApiManagement/service/apis"
          },
          {
            "anyOf": [
              {
                "field": "Microsoft.ApiManagement/service/apis/path",
                "notEquals": "[toLower(string(field('Microsoft.ApiManagement/service/apis/path')))]"
              },
              {
                "field": "Microsoft.ApiManagement/service/apis/displayName",
                "notEquals": "[toLower(string(field('Microsoft.ApiManagement/service/apis/displayName')))]"
              }
            ]
          }
        ]
      }
}
Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    According to Microsoft (https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-name-rules) this is by design:

    Resource and resource group names are case-insensitive unless specifically noted in the valid characters column.

    When using various APIs to retrieve the name for a resource or resource group, the returned value may have different casing than what you originally specified for the name. The returned value may even display different case values than what is listed in the valid characters table.

    Always perform a case-insensitive comparison of names.

    The last comment is probably the reason an Azure Policy cannot be used to check for casing of several fields.


  2. 0

    Azure Policy not working (check for lowercase APIM Url)

    Here is the updated Azure Policy checks whether the API management display name and URL are lowercase. If either the display name or the path is not lowercase, it is considered non-compliant otherwise, it is compliant.

    The display name is located within the properties of API management.

    enter image description here

    Azure Policy:

    {
  "mode": "All",
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.ApiManagement/service/apis"
        },
        {
          "anyOf": [
            {
              "not": {
                "field": "Microsoft.ApiManagement/service/apis/path",
                "equals": "[toLower(string(field('Microsoft.ApiManagement/service/apis/path')))]"
              }
            },
            {
              "not": {
                "field": "Microsoft.ApiManagement/service/properties/displayName",
                "equals": "[toLower(string(field('Microsoft.ApiManagement/service/properties/displayName')))]"
              }
            }
          ]
        }
      ]
    },
    "then": {
      "effect": "audit"
    }
  },
  "parameters": {}
}

    Compliance result

    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search