任何人都可以帮助我创建策略定义以从订阅继承多个或所有标签吗?我看到允许继承单个标签的内置策略,但我不确定如何修改该策略定义以包含多个标签。
以下是内置定义:
{
"mode": "Indexed",
"policyRule": {
"if": {
"allOf": [
{
"field": "[concat('tags[', parameters('tagName'), ']')]",
"exists": "false"
},
{
"value": "[subscription().tags[parameters('tagName')]]",
"notEquals": ""
}
]
},
"then": {
"effect": "modify",
"details": {
"roleDefinitionIds": [
"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"operations": [
{
"operation": "add",
"field": "[concat('tags[', parameters('tagName'), ']')]",
"value": "[subscription().tags[parameters('tagName')]]"
}
]
}
}
},
"parameters": {
"tagName": {
"type": "String",
"metadata": {
"displayName": "Tag Name",
"description": "Name of the tag, such as 'environment'"
}
}
}
}
最佳答案
没有简单的方法可以通过策略继承多个标签。您需要像下面一样一一添加..
"policyRule": {
"if": {
"anyOf": [
{
"exists": "false",
"field": "tags['tag1']"
},
{
"exists": "false",
"field": "tags['tag2']"
},
{
"exists": "false",
"field": "tags['tag3']"
}
]
},
"then": {
"details": {
"operations": [
{
"field": "tags['tag1']",
"operation": "add",
"value": "[subscription().tags['tag1']]"
},
{
"field": "tags['tag2']",
"operation": "add",
"value": "[subscription().tags['tag2']]"
},
{
"field": "tags['tag3']",
"operation": "add",
"value": "[subscription().tags['tag3']]"
}
],
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/*****"
]
},
"effect": "modify"
}
}
关于azure - 从订阅/资源组继承多个标签,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/71316483/