问:我想知道是否可以迭代azure策略中的effects属性 例如:
{
"mode": "All",
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"in": [
"Microsoft.Compute/virtualMachines",
"Microsoft.Storage/storageAccounts",
"Microsoft.Network/networkInterfaces"
]
},
{
"anyOf": [
{
"not": {
"field": "[concat('tags[', parameters('tags')[0].tagName, ']')]",
"exists": "true"
}
},
{
"not": {
"field": "[concat('tags[', parameters('tags')[1].tagName, ']')]",
"exists": "true"
}
}
]
}
]
},
"then": {
"effect": "modify",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"operations": [
{
"operation": "addOrReplace",
"field": "[concat('tags[', parameters('tags')[0].tagName, ']')]",
"value": "[parameters('tags')[0].tagValue]"
},
{
"operation": "addOrReplace",
"field": "[concat('tags[', parameters('tags')[1].tagName, ']')]",
"value": "[parameters('tags')[1].tagValue]"
}
]
}
}
},
"parameters": {
"tags": {
"type": "Array",
"metadata": {
"displayName": "tags",
"description": "The tags to apply to the resources."
},
"defaultValue": [
{
"tagName": "Environment",
"tagValue": "Production"
},
{
"tagName": "Department",
"tagValue": "IT"
}
]
}
}
}
在上面的策略中,我想在“修改”效果下多次迭代操作/addOrReplace,而不是像策略中那样多次硬编码
"operations": [
{
"operation": "addOrReplace",
"field": "[concat('tags[', parameters('tags')[0].tagName, ']')]",
"value": "[parameters('tags')[0].tagValue]"
},
{
"operation": "addOrReplace",
"field": "[concat('tags[', parameters('tags')[1].tagName, ']')]",
"value": "[parameters('tags')[1].tagValue]"
}
]
所以,基本上我的要求是通过迭代使用“addOrReplace”添加多个标签,而不是在策略定义中指定每个实例
解决该问题后,我发现策略定义没有迭代的默认功能。
作为解决方法,请在策略定义中使用
referencing
。这意味着您可以为一个标签创建策略定义,并为其他标签多次引用它。请参阅以下步骤来满足您的要求。
{
"mode": "All",
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"in": [
"Microsoft.Compute/virtualMachines",
"Microsoft.Storage/storageAccounts",
"Microsoft.Network/networkInterfaces"
]
},
{
"anyOf": [
{
"not": {
"field": "[concat('tags[', parameters('tags')[0].tagName, ']')]",
"exists": "true"
}
},
{
"not": {
"field": "[concat('tags[', parameters('tags')[1].tagName, ']')]",
"exists": "true"
}
}
]
}
]
},
"then": {
"effect": "modify",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"operations": [
{
"operation": "addOrReplace",
"field": "[concat('tags[', parameters('tagName'), ']')]",
"value": "[parameters('tagValue')]"
}
]
}
}
},
"parameters": {
"tagName": {
"type": "String",
"metadata": {
"displayName": "xxx",
"description": "<TagName>"
}
},
"tagValue": {
"type": "String",
"metadata": {
"displayName": "xxx",
"description": "<Tagvalue>"
}
}
}
}
参考定义文件看起来与下面类似。
"parameters": {
"tagName1": {
"type": "String", //First tag
},
"tagValue1": {
"type": "String",
},
"tagName2": {
"type": "String", //Second tag
},
"tagValue2": {
"type": "String",
}
},
"policyDefinitions": [
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/tag1definitionID",
"parameters": {
"tagName": "[parameters('tag1')]",
"tagValue": "[parameters('Value')]"
}
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/tag2definitionID",
"parameters": {
"tagName": "[parameters('tag2')]",
"tagValue": "[parameters('Value')]"
}
}
]