Add "Resources of type X should have tag" policy

2026-02-27 18:52:18 +01:00 · 2022-05-02 10:20:47 +02:00
parent cac42633ce
commit 8807531093
3 changed files with 90 additions and 846 deletions
--- a/Policies/must-have-tag.json
+++ b/Policies/must-have-tag.json
@@ -0,0 +1,37 @@
+{
+    "properties": {
+        "displayName": "Must have tag",
+        "policyType": "Custom",
+        "mode": "All",
+        "metadata": {
+            "category": "Effectory Custom Policies"
+        },
+        "parameters": {
+            "tagName": {
+                "type": "String",
+                "metadata": {
+                    "displayName": "tagName",
+                    "description": "Tag name"
+                }
+            },
+            "allowedTags": {
+                "type": "Array",
+                "metadata": {
+                    "displayName": "Allowed tags",
+                    "description": "The list of allowed tags for resources."
+                }
+            }
+        },
+        "policyRule": {
+            "if": {
+                "not": {
+                    "field": "[concat('tags[', parameters('tagName'), ']')]",
+                    "in": "[parameters('allowedTags')]"
+                }
+            },
+            "then": {
+                "effect": "audit"
+            }
+        }
+    }
+}
--- a/Policies/resources-of-type-should-have-tag.json
+++ b/Policies/resources-of-type-should-have-tag.json
@@ -0,0 +1,53 @@
+{
+    "properties": {
+        "displayName": "Resources of type X should have tag",
+        "policyType": "Custom",
+        "mode": "All",
+        "metadata": {
+            "category": "Effectory Custom Policies"
+        },
+        "parameters": {
+            "tagName": {
+                "type": "String",
+                "metadata": {
+                    "displayName": "tagName",
+                    "description": "Tag name"
+                }
+            },
+            "allowedTags": {
+                "type": "Array",
+                "metadata": {
+                    "displayName": "Allowed tags",
+                    "description": "The list of allowed tags for resources."
+                }
+            },
+            "listOfResourceTypesAllowed": {
+                "type": "Array",
+                "metadata": {
+                    "description": "The list of resource types to apply this policy to.",
+                    "displayName": "Allowed resource types",
+                    "strongType": "resourceTypes"
+                }
+            }
+        },
+        "policyRule": {
+            "if": {
+                "allOf": [
+                    {
+                        "field": "type",
+                        "in": "[parameters('listOfResourceTypesAllowed')]"
+                    },
+                    {
+                        "not": {
+                            "field": "[concat('tags[', parameters('tagName'), ']')]",
+                            "in": "[parameters('allowedTags')]"
+                        }
+                    }
+                ]
+            },
+            "then": {
+                "effect": "audit"
+            }
+        }
+    }
+}