-
Notifications
You must be signed in to change notification settings - Fork 333
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add policy Enforce tag Name and Value casing on resource groups and s…
…ubscriptions
- Loading branch information
1 parent
db7b7d2
commit f356baa
Showing
3 changed files
with
187 additions
and
0 deletions.
There are no files selected for viewing
100 changes: 100 additions & 0 deletions
100
policyDefinitions/Tags/enforce-tag-name-and-value-casing-on-rg-and-sub/azurepolicy.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,100 @@ | ||
| { | ||
| "name": "dd478b1b-83a0-48d3-92fe-bba17c3a72a4", | ||
| "type": "Microsoft.Authorization/policyDefinitions", | ||
| "properties": { | ||
| "displayName": "Enforce tag Name and Value casing on resource groups and subscriptions", | ||
| "description": "This policy can be used to convert a specific tag name and value on a resource to either being all lowercase or all uppercase. IMPORTANT: Tag Names are NOT case sensitive in azure therefore this is just a workaround that might stop working at any time.", | ||
| "mode": "All", | ||
| "metadata": { | ||
| "category": "Tags", | ||
| "version": "1.0.0" | ||
| }, | ||
| "parameters": { | ||
| "toLowerOrToUpper": { | ||
| "type": "String", | ||
| "metadata": { | ||
| "displayName": "Enforce lowercase or uppercase", | ||
| "description": "If set to lowercase/uppercase then the Policy will convert the tag name and value on existing and new resources groups to lowercase/Uppercase " | ||
| }, | ||
| "allowedValues": [ | ||
| "Lowercase", | ||
| "Uppercase" | ||
| ] | ||
| }, | ||
| "tagName": { | ||
| "type": "String", | ||
| "metadata": { | ||
| "displayName": "TagName", | ||
| "description": "Tag name that will be used for enforcement of lowercase/uppercase case." | ||
| } | ||
| }, | ||
| "applyCaseToValue": { | ||
| "type": "Boolean", | ||
| "metadata": { | ||
| "displayName": "Apply Case to Value", | ||
| "description": "Control if the same case applied to the tag name should be applied to the value." | ||
| }, | ||
| "defaultValue": true | ||
| }, | ||
| "effect": { | ||
| "type": "String", | ||
| "metadata": { | ||
| "displayName": "Effect", | ||
| "description": "Modify, Deny, Audit or Disabled the execution of the Policy" | ||
| }, | ||
| "allowedValues": [ | ||
| "Modify", | ||
| "Deny", | ||
| "Audit", | ||
| "Disabled" | ||
| ], | ||
| "defaultValue": "Modify" | ||
| } | ||
| }, | ||
| "policyRule": { | ||
| "if": { | ||
| "allOf": [ | ||
| { | ||
| "anyOf": [ | ||
| { | ||
| "field": "type", | ||
| "equals": "Microsoft.Resources/subscriptions" | ||
| }, | ||
| { | ||
| "field": "type", | ||
| "equals": "Microsoft.Resources/subscriptions/resourceGroups" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "field": "[concat('tags[', parameters('tagName'), ']')]", | ||
| "exists": true | ||
| }, | ||
| { | ||
| "value": "[if(empty(field('tags')), bool('false'), if(contains(field('tags'), parameters('tagName')), bool('true'), bool('false')))]", | ||
| "equals": true | ||
| }, | ||
| { | ||
| "value": "[if(empty(field('tags')), bool('false'), if(contains(field('tags'), parameters('tagName')), if(equals(parameters('applyCaseToValue'), bool('true')),if(equals(parameters('toLowerOrToUpper'), 'Lowercase'), not(equals(base64(toLower(string(field(concat('tags[', parameters('tagName'), ']'))))), base64(string(field(concat('tags[', parameters('tagName'), ']')))))), not(equals(base64(toUpper(string(field(concat('tags[', parameters('tagName'), ']'))))), base64(string(field(concat('tags[', parameters('tagName'), ']'))))))), bool('false')), bool('false')))]", | ||
| "equals": true | ||
| } | ||
| ] | ||
| }, | ||
| "then": { | ||
| "effect": "[parameters('effect')]", | ||
| "details": { | ||
| "roleDefinitionIds": [ | ||
| "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" | ||
| ], | ||
| "operations": [ | ||
| { | ||
| "operation": "addOrReplace", | ||
| "field": "tags", | ||
| "value": "[json(if(empty(field('tags')), '{}', if(equals(parameters('toLowerOrToUpper'), 'Lowercase'), string(union(field('tags'), createObject(tolower(parameters('tagName')), if(parameters('applyCaseToValue'),toLower(string(field(concat('tags[', parameters('tagName'), ']')))) , string(field(concat('tags[', parameters('tagName'), ']'))))))), string(union(field('tags'), createObject(toUpper(parameters('tagName')), if(parameters('applyCaseToValue'),toUpper(string(field(concat('tags[', parameters('tagName'), ']')))) , string(field(concat('tags[', parameters('tagName'), ']'))))))))))]" | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } |
42 changes: 42 additions & 0 deletions
42
...initions/Tags/enforce-tag-name-and-value-casing-on-rg-and-sub/azurepolicy.parameters.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| { | ||
| "toLowerOrToUpper": { | ||
| "type": "String", | ||
| "metadata": { | ||
| "displayName": "Enforce lowercase or uppercase", | ||
| "description": "If set to lowercase/uppercase then the Policy will convert the tag name and value on existing and new resources groups to lowercase/Uppercase " | ||
| }, | ||
| "allowedValues": [ | ||
| "Lowercase", | ||
| "Uppercase" | ||
| ] | ||
| }, | ||
| "tagName": { | ||
| "type": "String", | ||
| "metadata": { | ||
| "displayName": "TagName", | ||
| "description": "Tag name that will be used for enforcement of lowercase/uppercase case." | ||
| } | ||
| }, | ||
| "applyCaseToValue": { | ||
| "type": "Boolean", | ||
| "metadata": { | ||
| "displayName": "Apply Case to Value", | ||
| "description": "Control if the same case applied to the tag name should be applied to the value." | ||
| }, | ||
| "defaultValue": true | ||
| }, | ||
| "effect": { | ||
| "type": "String", | ||
| "metadata": { | ||
| "displayName": "Effect", | ||
| "description": "Modify, Deny, Audit or Disabled the execution of the Policy" | ||
| }, | ||
| "allowedValues": [ | ||
| "Modify", | ||
| "Deny", | ||
| "Audit", | ||
| "Disabled" | ||
| ], | ||
| "defaultValue": "Modify" | ||
| } | ||
| } |
45 changes: 45 additions & 0 deletions
45
...cyDefinitions/Tags/enforce-tag-name-and-value-casing-on-rg-and-sub/azurepolicy.rules.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| { | ||
| "if": { | ||
| "allOf": [ | ||
| { | ||
| "anyOf": [ | ||
| { | ||
| "field": "type", | ||
| "equals": "Microsoft.Resources/subscriptions" | ||
| }, | ||
| { | ||
| "field": "type", | ||
| "equals": "Microsoft.Resources/subscriptions/resourceGroups" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "field": "[concat('tags[', parameters('tagName'), ']')]", | ||
| "exists": true | ||
| }, | ||
| { | ||
| "value": "[if(empty(field('tags')), bool('false'), if(contains(field('tags'), parameters('tagName')), bool('true'), bool('false')))]", | ||
| "equals": true | ||
| }, | ||
| { | ||
| "value": "[if(empty(field('tags')), bool('false'), if(contains(field('tags'), parameters('tagName')), if(equals(parameters('applyCaseToValue'), bool('true')),if(equals(parameters('toLowerOrToUpper'), 'Lowercase'), not(equals(base64(toLower(string(field(concat('tags[', parameters('tagName'), ']'))))), base64(string(field(concat('tags[', parameters('tagName'), ']')))))), not(equals(base64(toUpper(string(field(concat('tags[', parameters('tagName'), ']'))))), base64(string(field(concat('tags[', parameters('tagName'), ']'))))))), bool('false')), bool('false')))]", | ||
| "equals": true | ||
| } | ||
| ] | ||
| }, | ||
| "then": { | ||
| "effect": "[parameters('effect')]", | ||
| "details": { | ||
| "roleDefinitionIds": [ | ||
| "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" | ||
| ], | ||
| "operations": [ | ||
| { | ||
| "operation": "addOrReplace", | ||
| "field": "tags", | ||
| "value": "[json(if(empty(field('tags')), '{}', if(equals(parameters('toLowerOrToUpper'), 'Lowercase'), string(union(field('tags'), createObject(tolower(parameters('tagName')), if(parameters('applyCaseToValue'),toLower(string(field(concat('tags[', parameters('tagName'), ']')))) , string(field(concat('tags[', parameters('tagName'), ']'))))))), string(union(field('tags'), createObject(toUpper(parameters('tagName')), if(parameters('applyCaseToValue'),toUpper(string(field(concat('tags[', parameters('tagName'), ']')))) , string(field(concat('tags[', parameters('tagName'), ']'))))))))))]" | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| } |