| title | description | ms.date | ms.topic |
|---|---|---|---|
Pattern: The value operator in a policy definition |
This Azure Policy pattern provides an example of how to use the value operator in a policy definition. |
08/17/2021 |
sample |
The value operator evaluates parameters, supported template functions, or literals to a provided value for a given condition.
Warning
If the result of a template function is an error, policy evaluation fails. A failed evaluation is an implicit deny. For more information, see avoiding template failures.
This policy definition adds or replaces the tag specified in the parameter tagName (string) on resources and inherits the value for tagName from the resource group the resource is in. This evaluation happens when the resource is created or updated. As a modify effect, the remediation may be run on existing resources through a remediation task.
:::code language="json" source="~/policy-templates/patterns/pattern-value-operator.json":::
:::code language="json" source="~/policy-templates/patterns/pattern-value-operator.json" range="20-30" highlight="7,8":::
The value operator is used within the policyRule.if block within properties. In this example, the logical operator allOf is used to state that both conditional statements must be true for the effect, modify, to take place.
value evaluates the result of the template function resourceGroup() to the condition notEquals of a blank value. If the tag name provided in tagName on the parent resource group exists, the conditional evaluates to true.
- Review other patterns and built-in definitions.
- Review the Azure Policy definition structure.
- Review Understanding policy effects.