帮助我使用azure策略制作强制标记,并且不允许用户提供自己的标记名称。下面的代码强制提到的标签,而不是控制不允许的其他标签
{
"mode": "All",
"policyRule": {
"if": {
"anyOf": [
{
"field": "tags['environment']",
"exists": "false"
},
{
"field": "tags['Location']",
"exists": "false"
}
]
},
"then": {
"effect": "deny"
}
},
"parameters": {}
}
以下是在Azure策略中使用Tag进行更改的示例
"policyRule": {
"if": {
"allOf": [{
"field": "type",
"equals": "Microsoft.Resources/subscriptions/resourceGroups"
},
{
"field": "name",
"like": "prd-*"
},
{
"field": "tags['Env']",
"notEquals": "Production"
}
]
},
"then": {
"effect": "modify",
"details": {
"roleDefinitionIds": [
"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"operations": [{
"operation": "addOrReplace",
"field": "tags['Env']",
"value": "Production"
}]
}
}
}
有关更多信息,请查看Azure策略文档