我为现有资源设置了一项新策略,以在缺少时添加所需的标签。场景1:资源1具有以下标签和值 标签名称 = 项目值 = ProjSSO 标签名称=目的值=应用程序登录
但是,如果策略触发我收到错误。错误:策略尝试附加请求中已存在的一些具有不同值的字段。
注意:如果我使用 addOrReplace,则策略会追加/更新现有标签名称及其值,这是我们不希望发生的情况,我们希望现有值保持原样。只需添加缺少的标签即可
{
"properties": {
"displayName": "test-add-required-tag-if missing",
"policyType": "Custom",
"mode": "Indexed",
"description": "test-add-required-tag-if missing",
"metadata": {
"version": "1.0.1",
"category": "Tags",
},
"parameters": {},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"notEquals": "Microsoft.Compute/VirtualMachines"
},
{
"field": "type",
"notEquals": "Microsoft.ClassicCompute/virtualMachines"
},
{
"field": "type",
"notEquals": "microsoft.compute/virtualmachines/extensions"
},
{
"field": "type",
"notEquals": "microsoft.network/networkinterfaces"
},
{
"field": "type",
"notEquals": "Microsoft.Compute/disks"
},
{
"anyOf": [
{
"not": {
"field": "tags[Project]",
"exists": "true"
}
},
{
"not": {
"field": "tags[Application]",
"exists": "true"
}
},
{
"not": {
"field": "tags[BU]",
"exists": "true"
}
},
{
"not": {
"field": "tags[Cost Center]",
"exists": "true"
}
},
{
"not": {
"field": "tags[Ticket]",
"exists": "true"
}
},
{
"not": {
"field": "tags[Function]",
"exists": "true"
}
},
{
"not": {
"field": "tags[Purpose]",
"exists": "true"
}
},
{
"not": {
"field": "tags[Platform Owner1]",
"exists": "true"
}
},
{
"not": {
"field": "tags[Platform Owner2]",
"exists": "true"
}
}
]
}
]
},
"then": {
"effect": "modify",
"details": {
"roleDefinitionIds": [
"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"operations": [
{
"operation": "add",
"field": "tags['Project']",
"value": ""
},
{
"operation": "add",
"field": "tags['Cost Center']",
"value": ""
},
{
"operation": "add",
"field": "tags['Application']",
"value": ""
},
{
"operation": "add",
"field": "tags['bu']",
"value": ""
},
{
"operation": "add",
"field": "tags['Environment']",
"value": ""
},
{
"operation": "add",
"field": "tags['Ticket']",
"value": ""
},
{
"operation": "add",
"field": "tags['Function']",
"value": ""
},
{
"operation": "add",
"field": "tags['Purpose']",
"value": ""
},
{
"operation": "add",
"field": "tags['Platform Owner1']",
"value": ""
},
{
"operation": "add",
"field": "tags['Platform Owner2']",
"value": ""
}
]
}
}
}
}
}
根据您的要求,最好使用 PowerShell 或 CLI。以下是有关如何使用以前的标签值更新标签名称的示例 PowerShell 代码。
# Get all subscriptions in the Azure account
try {
"Logging in to Azure..."
Connect-AzAccount
}
catch {
Write-Error -Message $_.Exception
throw $_.Exception
}
$subscriptions = Get-AzSubscription -SubscriptionId "XXXXXXX"
# Loop through each subscription
foreach ($subscription in $subscriptions) {
# Set the current subscription
Set-AzContext -SubscriptionId $subscription.SubscriptionId
# Get all resource groups for the subscription
$resourceGroups = Get-AzResourceGroup -ResourceGroupName "XXXXXXX"
$tagName = "Region"
$newTagName = "Country"
# Loop through each resource provider
foreach ($rg in $resourceGroups) {
$resources = Get-AzResource -ResourceGroupName $rg.ResourceGroupName
foreach ($r in $resources) {
$resourceId = Get-AzResource -ResourceId $r.ResourceId
if ($resourceId.Tags.ContainsKey("Region")) {
$tagValue = $resourceId.Tags[$tagName]
$resourceId.Tags.Remove($tagName)
$resourceId.Tags.Add($newTagName, $tagValue)
# Update the resource with the new tags
$resourceId | Set-AzResource -Force
}
}
}
}