Share via

Check for multiple tag names in an array instead of individual parameters?

namedk-4467 21 Reputation points
2024-04-29T15:24:54.12+00:00

I want to check for the existence of a large quantity of tag names (not values) and I would like to specify the tag names in an array instead of creating a separate parameter for each name. Is that possible?

For example, here is the method for checking multiple tags that I know will work: 

{
  "mode": "Indexed",
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "[concat('tags[', parameters('tagName1'),  ']')]",
          "exists": "false"
        },
        {
          "field": "[concat('tags[', parameters('tagName2'),  ']')]",
          "exists": "false"
        }
      ]
    },
    "then": {
      "effect": "audit"
    }
  },
  "parameters": {
    "tagName1": {
      "type": "String",
      "metadata": {
        "displayName": "Tag Name 1",
        "description": "Name of first tag, such as 'environment'"
      }
    },
    "tagName2": {
      "type": "String",
      "metadata": {
        "displayName": "Tag Name 2",
        "description": "Name of second tag, such as 'owner'"
      }
    }
  }
}

And here is an example of what I am trying to do:

{
    "mode": "Indexed",
    "policyRule": {
        "if": {
            "allOf": [
                {
                    "field": "[concat('tags[', parameters('findTagNames'), ']')]",
                    "exists": "false"
                }
            ]
        },
        "then": {
            "effect": "audit"
        }
    },
    "parameters": {
        "findTagNames": {
            "type": "Array",
            "metadata": {
                "displayName": "Looking for these Tags",
                "description": "Tags to find"
            },
            "allowedValues": [
                "environment",
                "location",
                "costCenter"
            ]
        }
    }
}
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
812 questions
0 comments
Accepted answer
  1. Luis Arias 5,291 Reputation points
    2024-04-29T20:20:24.8733333+00:00

    Hi namedk-4467,

    In Azure Policy, the parameters field does not support arrays for tag names. The policy rule checks each field individually, so it’s not possible to pass an array of tag names directly into the field property of the policy rule.

    However, you can achieve similar functionality by creating a separate policy for each tag you want to check. You can then group these policies into an initiative. Here’s an example of how you can do this:

    {
  "mode": "Indexed",
  "policyRule": {
    "if": {
      "field": "[concat('tags[', parameters('tagName'), ']')]",
      "exists": "false"
    },
    "then": {
      "effect": "audit"
    }
  },
  "parameters": {
    "tagName": {
      "type": "String",
      "metadata": {
        "displayName": "Tag Name",
        "description": "Name of the tag to check"
      }
    }
  }
}

    In this example, you would create a separate policy for each tag (environment, location, costCenter, etc.) and replace the tagName parameter with the actual tag name. Then, group these policies into an initiative.

    This way, you can check for the existence of multiple tags without having to specify each tag as a separate parameter in the policy rule. However, it does require more setup as you need to create a policy for each tag.

    References:

    If the information helped address your question, please Accept the answer.

    Luis

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest