Enforcing Azure Policy for Convert Tags either being all lowercase or all uppercase

Madhur Asati 1 Reputation point
2022-01-12T15:06:36.143+00:00

"parameters": {
"toLowerOrToUpper": {
"type": "String",
"metadata": {
"displayName": "Enforce Lowercase or Uppercase",
"description": "If set to Lowercase then the Policy will convert all tags on existing and new resources to lowercase. Uppercase will convert them to uppercase."
},
"allowedValues": [
"Lowercase",
"Uppercase"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions/resourceGroups"
}
]
},
"then": {
"effect": "modify",
"operations": [
{
"operation": "addOrReplace",
"field": "tags",
"value": "[json(if(equals(parameters('toLowerOrToUpper'), 'Lowercase'), toLower(string(field('tags'))),toUpper(string(field('tags')))))]"
}
]
}
}
}

Error : Editing policy definition 'Enforce Lowercase or Uppercase on Tags and their Values' in 'subscription ABCXXX' failed. A function or parameter in policy assignment '' associated with the policy definition '' could not be validated. Please either fix the policy or remove the policy assignment to unblock. If using template functions, try following the tips in: https://aka.ms/policy-avoiding-template-failures. The inner exception 'Unable to evaluate the template language function 'json'. The argument provided is not a valid JSON string.

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
799 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jesse Loudon 336 Reputation points MVP
    2022-02-05T23:40:21.79+00:00

    hi @Madhur Asati

    looks like the JSON definition is not complete/valid - I'm comparing to this working sample: https://github.com/Azure/Community-Policy/blob/master/Policies/Tags/enforce-casing-on-tags/resource-groups-and-subscriptions/azurepolicy.json

    can you try updating your JSON definition's "then" block should look like the below snippet? 

          "then": {  
        "effect": "modify",  
        "details": {  
          "roleDefinitionIds": [  
            "/providers/microsoft.authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f"  
          ],  
          "operations": [  
            {  
              "operation": "addOrReplace",  
              "field": "tags",  
              "value": "[json(if(equals(parameters('toLowerOrToUpper'), 'Lowercase'), toLower(string(field('tags'))),toUpper(string(field('tags')))))]"  
            }  
          ]  
        }  
      }
  2. Andreas Tratter 20 Reputation points
    2024-02-08T13:28:51.5733333+00:00

    I am facing the same issue. Has anybody a workaround for this?

    0 comments