0

我正在尝试创建一个自定义策略,该策略将根据标签值拒绝。标签是“ external VM”。然后,该策略允许部署一组已批准的扩展。但是,当我尝试使用"tag.external vm"它添加标签时,会出现错误,这与本文末尾的相同(The value of 'field' property 'Tag' of the policy rule must be one of 'Name, Type, Location, Tags, Kind, FullName, Identity.type' or an alias, e.g.)。

{
  "mode": "All",
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "tag.External VM",
          "equals": "Third Party"
        },
        {
          "field": "Microsoft.Compute/virtualMachines/extensions/publisher",
          "equals": "Microsoft.Compute"
        },
        {
          "field": "Microsoft.Compute/virtualMachines/extensions/type",
          "notin": "[parameters('AllowedExtensions')]"
        }
      ]
    },
    "then": {
      "effect": "deny"
    }
  },
  "parameters": {
    "AllowedExtensions": {
      "type": "Array",
      "metadata": {
        "displayName": "AllowedExtensions",
        "description": "Allowed VM Extensions"
      }
    }
 }
}

参数文件是

{
    "AllowedExtensions": {
        "type": "Array",
        "metadata": {
            "description": "The list of extensions that will be Allowed.",
            "strongType": "type",
            "displayName": "Allowed extension"
        }
    },
        "tagName": {
        "type": "String",
        "metadata": {
            "description": "The Referenced Tag Name.",
            "displayName": "Tag to Query"
        }
    }
}

有没有办法用其中的空格分配标签名称。还有其他选择是用“”重新标记它external-vm或参数化标记名,例如

{
  "field": "[parameters('tagName')]",
  "equals": "Third Party"
},

但这给了我错误

The value of 'field' property 'Tag' of the policy rule must be one of 'Name, Type, Location, Tags, Kind, FullName, Identity.type' or an alias, e.g. 

任何想法?

提前致谢。

4

1 回答 1

0

参数不正确

"[concat('tags[', parameters('tagName'), ']')]",

添加它作为参数解决了组织。

于 2020-04-07T15:19:09.543 回答