Home > Enterprise >  Inherit multiple tags from subscription/resource group
Inherit multiple tags from subscription/resource group

Time:03-04

Can anyone help me with creating a policy definition to inherit multiple or all tags from a subscription? I see the built-in policy that allows for a single tag to be inherited but I'm not sure how to modify that policy definition to include multiple tags.

Here is what the built-in definition looks like:

{

"mode": "Indexed",

"policyRule": {

"if": {

"allOf": [

{

"field": "[concat('tags[', parameters('tagName'), ']')]",

"exists": "false"

},

{

"value": "[subscription().tags[parameters('tagName')]]",

"notEquals": ""

}

]

},

"then": {

"effect": "modify",

"details": {

"roleDefinitionIds": [

"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"

],

"operations": [

{

"operation": "add",

"field": "[concat('tags[', parameters('tagName'), ']')]",

"value": "[subscription().tags[parameters('tagName')]]"

}

]

}

}

},

"parameters": {

"tagName": {

"type": "String",

"metadata": {

"displayName": "Tag Name",

"description": "Name of the tag, such as 'environment'"

}

}

}

}

CodePudding user response:

No easy way to inherit multiple tags with policy. You need add one by one like below..

"policyRule": {
      "if": {
        "anyOf": [
          {
            "exists": "false",
            "field": "tags['tag1']"
          },
          {
            "exists": "false",
            "field": "tags['tag2']"
          },
          {
            "exists": "false",
            "field": "tags['tag3']"
          }          
        ]
      },
      "then": {
        "details": {
          "operations": [
            {
              "field": "tags['tag1']",
              "operation": "add",
              "value": "[subscription().tags['tag1']]"
            },
            {
              "field": "tags['tag2']",
              "operation": "add",
              "value": "[subscription().tags['tag2']]"
            },
            {
              "field": "tags['tag3']",
              "operation": "add",
              "value": "[subscription().tags['tag3']]"
            }            
          ],
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/*****"
          ]
        },
        "effect": "modify"
      }
    }

CodePudding user response:

I've figure it out. See code below:

  "properties": {
    "displayName": "Add multiple tags to resource if missing",
    "policyType": "Custom",
    "mode": "Indexed",
    "description": "Adds multiple tags with its value from the parent resource group when any resource missing this tag is created or updated. Existing resources can be remediated by triggering a remediation task. If the tag exists with a different value it will not be changed.",
    "parameters": {
      "tagName1": {
        "type": "String",
        "metadata": {
          "displayName": "First Tag Name",
          "description": "Name of the tag, such as 'environment'"
        }
      },
      "tagName2": {
        "type": "String",
        "metadata": {
          "displayName": "Second Tag Name",
          "description": "Name of the tag, such as 'environment'"
        }
      },
      "tagName3": {
        "type": "String",
        "metadata": {
          "displayName": "Third Tag Name",
          "description": "Name of the tag, such as 'environment'"
        }
      },
      "tagName4": {
        "type": "String",
        "metadata": {
          "displayName": "Forth Tag Name",
          "description": "Name of the tag, such as 'environment'"
        }
      },
      "tagName5": {
        "type": "String",
        "metadata": {
          "displayName": "Fifth Tag Name",
          "description": "Name of the tag, such as 'environment'"
        }
      },
      "tagName6": {
        "type": "String",
        "metadata": {
          "displayName": "Sixth Tag Name",
          "description": "Name of the tag, such as 'environment'"
        }
      },
      "tagName7": {
        "type": "String",
        "metadata": {
          "displayName": "Seventh Tag Name",
          "description": "Name of the tag, such as 'environment'"
        }
      },
      "tagName8": {
        "type": "String",
        "metadata": {
          "displayName": "Eighth Tag Name",
          "description": "Name of the tag, such as 'environment'"
        }
      },
      "tagName9": {
        "type": "String",
        "metadata": {
          "displayName": "Ninth Tag Name",
          "description": "Name of the tag, such as 'environment'"
        }
      }
    },
    "policyRule": {
      "if": {
        "anyOf": [
          {
            "field": "[concat('tags[', parameters('tagName1'), ']')]",
            "exists": "false"
          },
          {
            "field": "[concat('tags[', parameters('tagName2'), ']')]",
            "exists": "false"
          },
          {
            "field": "[concat('tags[', parameters('tagName3'), ']')]",
            "exists": "false"
          },
          {
            "field": "[concat('tags[', parameters('tagName4'), ']')]",
            "exists": "false"
          },
          {
            "field": "[concat('tags[', parameters('tagName5'), ']')]",
            "exists": "false"
          },
          {
            "field": "[concat('tags[', parameters('tagName6'), ']')]",
            "exists": "false"
          },
          {
            "field": "[concat('tags[', parameters('tagName7'), ']')]",
            "exists": "false"
          },
          {
            "field": "[concat('tags[', parameters('tagName8'), ']')]",
            "exists": "false"
          },
          {
            "field": "[concat('tags[', parameters('tagName9'), ']')]",
            "exists": "false"
          }
        ]
      },
      "then": {
        "effect": "modify",
        "details": {
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
          ],
          "operations": [
            {
              "operation": "add",
              "field": "[concat('tags[', parameters('tagName1'), ']')]",
              "value": "[resourceGroup().tags[parameters('tagName1')]]"
            },
            {
              "operation": "add",
              "field": "[concat('tags[', parameters('tagName2'), ']')]",
              "value": "[resourceGroup().tags[parameters('tagName2')]]"
            },
            {
              "operation": "add",
              "field": "[concat('tags[', parameters('tagName3'), ']')]",
              "value": "[resourceGroup().tags[parameters('tagName3')]]"
            },
            {
              "operation": "add",
              "field": "[concat('tags[', parameters('tagName4'), ']')]",
              "value": "[resourceGroup().tags[parameters('tagName4')]]"
            },
            {
              "operation": "add",
              "field": "[concat('tags[', parameters('tagName5'), ']')]",
              "value": "[resourceGroup().tags[parameters('tagName5')]]"
            },
            {
              "operation": "add",
              "field": "[concat('tags[', parameters('tagName6'), ']')]",
              "value": "[resourceGroup().tags[parameters('tagName6')]]"
            },
            {
              "operation": "add",
              "field": "[concat('tags[', parameters('tagName7'), ']')]",
              "value": "[resourceGroup().tags[parameters('tagName7')]]"
            },
            {
              "operation": "add",
              "field": "[concat('tags[', parameters('tagName8'), ']')]",
              "value": "[resourceGroup().tags[parameters('tagName8')]]"
            },
            {
              "operation": "add",
              "field": "[concat('tags[', parameters('tagName9'), ']')]",
              "value": "[resourceGroup().tags[parameters('tagName9')]]"
            }
          ]
        }
      }
    }
  }
}
  • Related