Testing azure inline functions in policy definitions

Question

I am currently working on implementing our naming policies using azure policy. I am having some issues with the match / equals / like operators. They seem to match even though I think they should not. For instance

"value": "[substring(field('name'), sub(length(field('name')), 6), 6)]",
              "match": "Prod##"

matches autorb-PermProd-01 , and as far as I can understand, the index here starts at number six from the right, which means "rod-01" == "Prod##" . This just does not seem right to me? Also I wonder if there are ways to test these functions locally, as it takes forever to upload them and test in my sandbox environment.

score 0 · Answer 1 · answered Jul 27 '20 at 13:29

Ok, so what I did wrong was; I misunderstood the effect. It does not match, but for some reason it lists as compliant when the resource is already made, and denies me making new resources when the effect is set to deny. Some more details

"value": "[substring(field('name'), sub(length(field('name')), 5), 5)]",
"match": "Dev##"
---- snipped for clarity ---
"then": {
    "effect": "deny"

Will not trigger an alarm for autorb-permdev-01 when it is already made, but will deny it's creation.

Testing azure inline functions in policy definitions

1 Answers1