Azure policy for naming conventions for subnets to start with "snet", but allow subnet names like "AzureBastionSubnet", "AzureFirewallSubnet", etc
I'm creating an Azure policy that enforces a naming convention for my subnets. The subnets should follow the format: snet---. To do this I used the regular expression:
[if(and(greaterOrEquals(length(split(field('name'), '-')), 0), equals(split(field('name'), '-')[0], 'snet')), if(and(greaterOrEquals(length(split(field('name'), '-')), 1), contains(parameters('unit'), split(field('name'), '-')[1])), if(and(greaterOrEquals(length(split(field('name'), '-')), 2), contains(parameters('env'), split(field('name'), '-')[2])), 'isValid', 'Environment not accepted')]
This works as expected. However when I try to allow the creation of subnets with names like "AzureBastionSubnet", I get an error that the name should follow the format above mentioned.
Here is the code of the policy:
{
"mode": "All",
"policyRule": {
"if": {
"allOf": [
{
"equals": "Microsoft.Network/virtualNetworks/subnets",
"field": "type"
},
{
"anyOf": [
{
"value": "(equals(field('name'),'AzureBastionSubnet')",
"notEquals": "true"
},
{
"notEquals": "isValid",
"value": "[if(and(greaterOrEquals(length(split(field('name'), '-')), 0), equals(split(field('name'), '-')[0], 'snet')), if(and(greaterOrEquals(length(split(field('name'), '-')), 1), contains(parameters('unit'), split(field('name'), '-')[1])), if(and(greaterOrEquals(length(split(field('name'), '-')), 2), contains(parameters('env'), split(field('name'), '-')[2])), 'isValid', 'Environment not accepted')]"
}
]
}
]
},
"then": {
"effect": "deny"
}
},
"parameters": {
"unit": {
"type": "Array",
"metadata": {
"displayName": "unit",
"description": null
}
},
"env": {
"type": "Array",
"metadata": {
"displayName": "env",
"description": null
}
}
}
}
Is there an issue on how I'm expressing that the value "AzureBastionSubnet" is also allowed?
Thank you in advance for the help.
Azure policy for naming conventions for subnets to start with "snet", but allow subnet names like AzureBastionSubnet
Here is the updated policy to create a subnet with a name starting with snet based on the unit and environment conditions, and also allowing specific names like AzureBastionSubnet. In my case, I have given the unit name as IT and the env as test in the parameters
{
"mode": "All",
"policyRule": {
"if": {
"allOf": [
{
"equals": "Microsoft.Network/virtualNetworks/subnets",
"field": "type"
},
{
"not": {
"allOf": [
{
"equals": "AzureBastionSubnet",
"field": "name"
},
{
"notEquals": "isValid",
"value": "[if(and(greaterOrEquals(length(split(field('name'), '-')), 1), equals(split(field('name'), '-')[0], 'snet'), contains(parameters('unit'), split(field('name'), '-')[1]), contains(parameters('env'), split(field('name'), '-')[2])), 'isValid', 'Environment not accepted')]"
}
]
}
}
]
},
"then": {
"effect": "deny"
}
},
"parameters": {
"unit": {
"type": "Array",
"metadata": {
"displayName": "unit",
"description": null
}
},
"env": {
"type": "Array",
"metadata": {
"displayName": "env",
"description": null
}
}
}
}
The policy allows the creation of a subnet only if the specified conditions are met. For example, 'snet-IT-test' is considered valid, while 'snet-IT-demo' is not valid. Similarly, 'AzureBastionSubnet' is valid, but 'AzureBastionSubnet1' is not valid. The policy allows subnet creation only under valid conditions; otherwise, it denies the creation of the subnet.
Subnet result in Portal
- SQL Server - how to query JSON string which has numeric value as keys
- Why does the ASP.Net MVC model binder bind an empty JSON array to null?
- How to get async call to return response to main thread, using okhttp?
- Backbone insert data inside Model from another
- Blazor requesting a json file
- UnicodeDecodeError: 'utf8' codec can't decode byte 0x80 in position 3131: invalid start byte
- How to parse JSON string in Typescript
- Removing JSON object from JSON file
- Directory import not supported
- Foreach loop in Reviews.io API for Products
- how to pass JSON data though a foreach loop in php
- How to select data and put it on label text coming from HTTP request in Xamarin
- json_encode() throwing an error: "Invalid UTF-8 sequence in argument"
- How can an arbitrary json structure be deserialized with reqwest get in Rust?
- Jmeter JSON Extractor for Value based off another Value in Array
- How to make members with the required keyword (C# 11) be required in JSON schemas generated by json-schema builder?
- How do I automatically fix an invalid JSON string?
- ModuleNotFoundError: No module named 'json'
- JSON schema to enforce array contents
- Oracle JSON Query with hyphen-key
- Converting XML to JSON using Python?
- How can add comments when serialize to JSON
- Accessing JSON's value from app metafield in liquid
- Create json-encoded array from a PDO query result column
- JSON encode the first column of a 2d array
- need to json_encode a PHP array in a particular way
- How to convert FormData (HTML5 object) to JSON
- Organisational Policy Permissions Google Cloud for Microsoft Migration
- Replace NULL with NIL when using JSON or Hash
- Which characters are valid/invalid in a JSON key name?