0

如何编写仅在满足这两个条件时才允许创建资源的 Azure 策略:

  • 资源具有分配给它的“所有者”标签
  • “所有者”标签的值是有效的电子邮件地址格式

编辑:我只会做简​​单的电子邮件地址验证,因为它应该只是提醒我公司的人使用他们的电子邮件地址而不是他们的全名。我不是要验证所有可能的电子邮件地址。

正则表达式可能看起来像这样:

[A-Z0-9a-z._-]+@[A-Za-z0-9.-]+\.[A-Za-z]+
4

1 回答 1

0

有内置策略来强制执行标签及其值,您可以利用这些策略来定制自己的标签。如果要添加标签,即使它不存在,您可以使用新的修改效果。这是一个例子

{"properties": {
  "displayName": "Add a tag to resources",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "Adds the specified tag and value when any resource missing this tag is created or updated. Existing resources can be remediated by triggering a remediation task. If the tag exists with a different value it will not be changed. Does not modify tags on resource groups.",
  "metadata": {
     "category": "Tags"
  },
  "parameters": {
     "tagName": {
        "type": "String",
        "metadata": {
           "displayName": "Tag Name",
           "description": "Name of the tag, such as 'environment'"
        }
     },
     "tagValue": {
        "type": "String",
        "metadata": {
           "displayName": "Tag Value",
           "description": "Value of the tag, such as 'production'"
        }
     }
  },
  "policyRule": {
     "if": {
        "field": "[concat('tags[', parameters('tagName'), ']')]",
        "exists": "false"
     },
     "then": {
        "effect": "modify",
        "details": {
           "roleDefinitionIds": [
              "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
           ],
           "operations": [
              {
                 "operation": "add",
                 "field": "[concat('tags[', parameters('tagName'), ']')]",
                 "value": "[parameters('tagValue')]"
              }
           ]
        }
     }
  }
},"id": "/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26",
   "type": "Microsoft.Authorization/policyDefinitions",
   "name": "4f9dc7db-30c1-420c-b61a-e1d640128d26"
}

现在对于电子邮件地址,您可以尝试使用包含或不包含。信息在这里

于 2019-12-13T18:55:14.360 回答