it looks like the action of tagging was removed from app service plans in #4154 - was this intentional? I use the following policy which now does not work:
vars:
email-notify: &email-notify
- type: notify
template: my_default.html
priority_header: '2'
to:
- [email protected]
transport:
type: asq
queue: https://storageQueue
schedules:
mode: &azure-12h
type: azure-periodic
schedule: 0 0 */12 * * *
execution-options:
output_dir: azure://storage_Queue
tag-sets:
- contact-missing: &contact-missing
- tag:OwnerContact: absent
- tag:OwnerContact: empty
- env-product-owner-tags: &env-product-owner-tags
- tag:Environment: empty
- tag:Product: empty
- tag:Owner: empty
-policies:
- name: ownercontact-absent-appserviceplan
mode: *azure-12h
resource: azure.appserviceplan
filters:
- or: *contact-missing
actions:
- type: tag
tags:
OwnerContact: ''
This results in an error of:
c7n.exceptions.PolicyValidationError: Failed to validate policy ownercontact-absent-appserviceplan
Error on policy:ownercontact-absent-appserviceplan resource:azure.appserviceplan
{'type': 'tag', 'tags': {'OwnerContact': ''}} is not valid under any of the given schemas
Failed validating 'anyOf' in schema[198]['allOf'][1]['properties']['actions']['items']:
{'anyOf': [{'$ref': '#/definitions/actions/azure.delete'},
{'$ref': '#/definitions/actions/azure.lock'},
{'$ref': '#/definitions/actions/azure.logic-app'},
{'$ref': '#/definitions/actions/azure.notify'},
{'$ref': '#/definitions/resources/azure.appserviceplan/actions/resize-plan'},
{'$ref': '#/definitions/actions/azure.webhook'},
{'enum': ['notify',
'webhook',
'resize-plan',
'logic-app',
'lock',
'delete']}]}
if the action of tagging this resource should be performed differently, please point out, thanks.
@stefangordon @logachev ^
We removed it due to a bug in the App Service Plan REST API which prevents tagging safely, but people need this so we'll need to code in some sort of work around and get it working somehow rather than waiting for the API to be fixed.
For context, the Azure CLI tags these resources by doing a full resource GET followed by a full resource POST - we wanted to avoid that as there is a significant chance of you being underwritten. Currently we only tag resources that implement PATCH (update specific fields only).
I'm tagging/adding this to the backlog.
Notes for who this gets assigned to:
Verify if we can still PATCH tags on this resource as long as we provide the non-standard additional fields (SKU?) that it requires, if so, add appropriate conditions or resource specific tagging overrides to make this happen.
If not, we need a way to fall back to a GET/POST tagging instead of PATCH, and we need to enable it on this resource.
Related #3327
Most helpful comment
We removed it due to a bug in the App Service Plan REST API which prevents tagging safely, but people need this so we'll need to code in some sort of work around and get it working somehow rather than waiting for the API to be fixed.
For context, the Azure CLI tags these resources by doing a full resource GET followed by a full resource POST - we wanted to avoid that as there is a significant chance of you being underwritten. Currently we only tag resources that implement PATCH (update specific fields only).
I'm tagging/adding this to the backlog.
Notes for who this gets assigned to:
Verify if we can still PATCH tags on this resource as long as we provide the non-standard additional fields (SKU?) that it requires, if so, add appropriate conditions or resource specific tagging overrides to make this happen.
If not, we need a way to fall back to a GET/POST tagging instead of PATCH, and we need to enable it on this resource.