附加标签政策不适用于某些资源

【问题标题】:Appending tag policy isn't working for some resources附加标签政策不适用于某些资源
【发布时间】:2019-05-10 09:41:16
【问题描述】:

我正在创建一个 azure 策略来将标签附加到新创建的资源,它适用于大多数组件,但我发现此策略不适用于某些组件,例如:逻辑应用。

{
  "mode": "All",
  "parameters": {
    "Environment": {
      "type": "String",
      "metadata": {
        "displayName": "Environment"
      },
      "defaultValue": "dev"
    },
    "Owner": {
      "type": "String",
      "metadata": {
        "displayName": "Owner"
      },
      "defaultValue": "Admin"
    },
    "CostCenter": {
      "type": "String",
      "metadata": {
        "displayName": "CostCenter"
      },
      "defaultValue": "NA"
    }
  },
  "policyRule": {
    "if": {
      "field": "tags",
      "exists": "false"
    },
    "then": {
      "effect": "append",
      "details": [
        {
          "field": "tags",
          "value": {
            "Environment": "[parameters('Environment')]",
            "Owner": "[parameters('Owner')]",
            "CostCenter": "[parameters('CostCenter')]"
          }
        }
      ]
    }
  }
}

我添加了一个类似的策略来将标签应用于资源组,根本不起作用,我不知道发生了什么。 

{
  "mode": "All",
  "parameters": {
    "Environment": {
      "type": "String",
      "metadata": {
        "displayName": "Environment"
      },
      "defaultValue": "dev"
    },
    "Owner": {
      "type": "String",
      "metadata": {
        "displayName": "Owner"
      },
      "defaultValue": "admin"
    },
    "CostCenter": {
      "type": "String",
      "metadata": {
        "displayName": "CostCenter"
      },
      "defaultValue": "NA"
    }
  }
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "tags",
          "exists": "false"
        },
        {
          "field": "type",
          "equals": "Microsoft.Resources/subscriptions/resourceGroups"
        }
      ]
    },
    "then": {
      "effect": "append",
      "details": [
        {
          "field": "tags",
          "value": {
            "Environment": "[parameters('Environment')]",
            "Owner": "[parameters('Owner')]",
            "CostCenter": "[parameters('CostCenter')]"
          }
        }
      ]
    }
  }
}

【问题讨论】:

    标签: azure azure-policy


    【解决方案1】:

    自己弄清楚,我的策略中的"exists": "false" 条件只会在“tags”属性丢失或为空时触发,因此具有"tags": {} 的资源组或资源将绕过我的策略,即使它没有没有任何标签。

    另外,简单的标签检查是不合理的,应该逐个检查标签名,如果不符合,采取行动追加。

    我还发现以下语句不适用于资源组,可能是因为它是不规则的做法。

    {
  "then": {
    "effect": "append",
    "details": [
      {
        "field": "tags",
        "value": {
          "Environment": "[parameters('Environment')]",
          "Owner": "[parameters('Owner')]",
          "CostCenter": "[parameters('CostCenter')]"
        }
      }
    ]
  }
}

    建议改用下面的语句

    {
  "then": {
    "effect": "append",
    "details": [
      {
        "field": "tags['Environment']",
        "value": "[parameters('Environment')]"
      },
      {
        "field": "tags['Owner']",
        "value": "[parameters('Owner')]"
      },
      {
        "field": "tags['CostCenter']",
        "value": "[parameters('CostCenter')]"
      }
    ]
  }
}

    【讨论】:

    • 我们也可以使用内置的策略定义(Append tag and its default valueAppend tag and its value from the resource groupApply tag and its default value to resource groups)来实现这个目标
    猜你喜欢
    • 1970-01-01
    • 2017-12-16
    • 1970-01-01
    • 2018-01-23
    • 1970-01-01
    • 2020-09-11
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode