是否可以从 Azure Policy 调用 Azure Function?假设一个函数返回一个基于 ResourceId 的布尔值。该函数查找资源并确定资源是否包含具有特定名称的标签以及该标签是否符合一组值列表。如果标签符合,则资源返回 true,否则返回 false。考虑以下政策并注意 PCODE 部分。
这样的事情可能吗?我找不到任何允许这样做的文档或示例。
{
"properties": {
"displayName": "Enforce tag and its value",
"policyType": "BuiltIn",
"description": "Enforces a required tag and its value.",
},
"policyRule": {
"if": {
//ORIGINAL IN SAMPLE
"not": {
"field": "MyTagName",
"equals": "Sample Tag Value"
}
//PCODE TO CALL FUNCTION
"not": {
"evaluate": "https://url.../ReturnsBoolean/resourceId()"
}
},
"then": {
"effect": "deny"
}
}
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "1e30110a-5ceb-460c-a204-c1c3969c6d62"
}