I'm coding Azure policy using the JSON structure documented here: https://learn.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure
Would somebody be able to confirm if it's possible to use the asterisk wildcard and the "?", "#", or "." on the same statements. As it says, I think you can only use asterisk on like comparisons and the others on match comparisons.
etc. Many thanks
My tag field must start with 4 numbers, then a semi-colon but after that I don't care what is coded. Ideally this would be
####;*
But I'm finding I have to code ####;. or ####;.. or ####;... etc.
{
"if": {
"allOf": [
{
"field": "type",
"in": "[parameters('type')]"
},
{
"not": {
"anyOf": [
{
"field": "[concat('tags[','tag_name', ']')]",
"match": "####;"
},
{
"field": "[concat('tags[','tag_name', ']')]",
"match": "####;."
},
{
"field": "[concat('tags[','tag_name', ']')]",
"match": "####;.."
},
{
"field": "[concat('tags[','tag_name', ']')]",
"match": "####;..."
},
{
"field": "[concat('tags[','tag_name', ']')]",
"match": "####;...."
},
{
"field": "[concat('tags[','tag_name', ']')]",
"match": "####;....."
},
{
"field": "[concat('tags[','tag_name', ']')]",
"match": "####;......"
},
etc. Is there a better way to achieve this?
You are correct that you cannot use the asterisk wildcard (*) in a match clause.
However, you can use a value clause with the take and field functions to achieve your desired result:
{
"if": {
"allOf": [
{
"field": "type",
"in": "[parameters('type')]"
},
{
"not": {
"value": "[take(field('tags[tag_name]'), 5)]",
"match": "####;"
}
}
]
},
"then": {
"effect": "audit"
}
}