如何解决在 azure 策略的“名称”字段中检查几个可能的值
我有一个 azure 策略,它强制执行“kind”api 应用程序服务的命名约定。我得到它主要工作。该政策应允许创建遵循此格式的应用服务(??--api-dev、??--api-stage、??-*-api-prod)。一切正常,直到我输入最后一点来检查 -environment 部分。政策现在允许创建资源,无论名称字段中输入什么。
下面是我定义的json:
{
"mode": "All","policyRule": {
"if": {
"allOf": [
{
"field": "type","match": "Microsoft.Web/sites"
},{
"field": "kind","match": "api"
},{
"not": {
"anyOf": [
{
"value": "[if(greaterOrEquals(length(split(field('name'),'-')),4),split(field('name'),'-')[0],'length of name incorrect')]","match": "??"
},{
"value": "[if(greaterOrEquals(length(split(field('name'),'-')[1],"match": "*"
},'-')[2],"equals": "api"
},'-')[3],"notin": "[parameters('validEnvironments')]"
}
]
}
}
]
},"then": {
"effect": "deny"
}
},"parameters": {
"validEnvironments": {
"type": "Array","Metadata": {
"displayName": "Allowed Environments","description": "The list of environments that can be specified during resource deployment."
},"allowedValues": [
"dev","stage","prod"
],"defaultValue": [
"dev","prod"
]
}
}
}
解决方法
我发现我做错了什么。我只需要做 allOf 而不是 anyOf。将最终代码放在下面。希望这可以帮助任何尝试使用 Azure 策略强制实施半复杂命名约定的人。
{
"mode": "All","policyRule": {
"if": {
"allOf": [
{
"field": "type","match": "Microsoft.Web/sites"
},{
"field": "kind","match": "api"
},{
"not": {
"allOf": [
{
"value": "[if(equals(length(split(field('name'),'-')),4),split(field('name'),'-')[0],'length of name incorrect')]","match": "??"
},{
"value": "[if(equals(length(split(field('name'),'-')[1],"like": "*"
},'-')[2],"equals": "api"
},{
"value": "[if(greaterOrEquals(length(split(field('name'),'-')[3],"in": "[parameters('validEnvironments')]"
}
]
}
}
]
},"then": {
"effect": "deny"
}
},"parameters": {
"validEnvironments": {
"type": "Array","metadata": {
"displayName": "Allowed Environments","description": "The list of environments that can be specified during resource deployment."
},"allowedValues": [
"dev","stage","prod"
],"defaultValue": [
"dev","prod"
]
}
}
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。