![](/img/trans.png)
[英]Assigning multiple tags to a resource via Azure CLI results in one big tag when using a variable
[英]Tags format when creating new resource with Azure CLI
使用 Azure CLI 時,我未能通過新 azure 資源的標簽收集。
我有幾個標簽驗證策略,但我已經通過 Azure 門戶驗證了它們,並且標簽值是有效的。
我正在使用 PowerShell
$TAGS = "foo=X/12345/01/01 owner=joe.doe@email.com app=myapp1"
az group create `
--name $RESOURCE_GROUP `
--location $LOCATION `
--query "properties.provisioningState" `
--tags $TAGS
Type: PolicyViolation
Info: {
"evaluationDetails": {
"evaluatedExpressions": [
{
"result": "True",
"expressionKind": "Field",
"expression": "type",
"path": "type",
"expressionValue": "Microsoft.Resources/subscriptions/resourcegroups",
"targetValue": "Microsoft.Resources/subscriptions/resourceGroups",
"operator": "Equals"
},
{
"result": "True",
"expressionKind": "Field",
"expression": "tags[foo]",
"path": "tags[foo]",
"expressionValue": "X/12345/01/01 owner=joe.doe@email.com app=myapp1",
"targetValue": [
"X/12345/01/01",
...
],
"operator": "NotIn"
}
]
},
"policyDefinitionId": "/providers/Microsoft.Management/managementgroups/Non-Production/providers/Microsoft.Authorization/policyDefinitions/Enforce_tag_foo_rg",
"policyDefinitionName": "Enforce_tag_foo_rg",
"policyDefinitionDisplayName": "Require foo tag name and correct values on resource group",
"policyDefinitionEffect": "deny",
"policyAssignmentId": "/providers/Microsoft.Management/managementGroups/Non-Production/providers/Microsoft.Authorization/policyAssignments/Enforce_tag_foo_rg",
"policyAssignmentName": "Enforce_tag_foo_rg",
"policyAssignmentDisplayName": "Enforce Tag - foo on resource groups",
"policyAssignmentScope": "/providers/Microsoft.Management/managementGroups/Non-Production",
"policyAssignmentParameters": {
"tagName": "foo",
"tagValue": [
"X/12345/01/01",
...
]
}
}
注意這一行
"expressionValue": "X/12345/01/01 owner=joe.doe@email.com app=myapp1"
這看起來像無效的參數格式,但az group create -h
很清楚。
Command
az group create : Create a new resource group.
Arguments
--tags : Space-separated tags: key[=value] [key[=value] ...].
Use "" to clear existing tags.
根據評論,PowerShell 正在為您調用此命令:
az group create --name name --location location --query properties.provisioningState --tags "foo=X/12345/01/01 owner=joe.doe@email.com app=myapp1"
最后加上--tags "foo=X/12345/01/01 owner=joe.doe@email.com app=myapp1"
。
az
命令將此解釋為名為foo
的標簽,其值為X/12345/01/01 owner=joe.doe@email.com app=myapp1
,但這違反了您的策略,因此您會收到錯誤消息。
注意 - 如果您的策略不存在, az
會很樂意像這樣創建資源組:
你真正想要的是這樣的:
所以向后工作你的az
命令需要
az group create --name name --location location --query properties.provisioningState --tags "foo=X/12345/01/01" "owner=joe.doe@email.com" "app=myapp1"
最后加上--tags "foo=X/12345/01/01" "owner=joe.doe@email.com" "app=myapp1"
,
為此,您需要使用它:
$tags = @("foo=X/12345/01/01", "owner=joe.doe@email.com", "app=myapp1")
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.