Share via

Question regarding the document- https://learn.microsoft.com/en-us/azure/openshift/howto-tag-resources

Wayden Lee 0 Reputation points Microsoft Employee
2025-01-13T17:02:45.06+00:00

Team,

I'm from the Azure Containers team, and regarding the documentation, there seems to be an issue that needs some opinions. Below are the test lab results I performed. Please see the details below. Thanks,

User's imageUser's image

Conclusion

  1. The policy definition and assignment command went through without any error messages, but nothing showed up on the managed resource group on the portal. However, when I manually added tags, all the tags from the param-values.json file appeared.
  2. In the 'Remediate tags using Azure Policy' section, I got an error message while trying the az policy remediation create command due to the deny policy on the managed resource group. However, the same rule applies: when I manually added the tags, all the tags from the param-values.json file showed up.
  3. When I tried to delete all the tags, only the last three tags from the param-values.json file through the Azure Policy remained.
  4. The command to tag ARO resources using Azure Policy went through with or without the error message regarding the Azure Policy. However, the tags do not show up on the managed resource group in the Azure portal. If I manually add or delete all the tags, the tags from the param-values.json file will show up. Therefore, there are some issues regarding the Azure Policy.
  5. If I manually add tags on the portal, all the tags from the policy will show up. However, if I delete all the tags, the last tags from the param-values.json file remain after performing the az policy assignment update and az policy remediation create commands.
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
955 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rahul Podila 1,570 Reputation points Microsoft Vendor
    2025-01-16T06:58:34.45+00:00

    Hi @Wayden Lee

    Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

    That the policy is applied to the correct object group or member. If assigned to the wrong scope, the tags will not display as expected. Also, the "deny policy" may block some commands, so try to change or temporarily disable tags during editing. You can turn the deny policy back on after the tags are applied.

    Next, check the param-values.json file to make sure all tags are typed correctly and that the system is set to use all the tags you need. If some tags are missing, it could be because of how they are defined. Additionally, it may take some time for the changes to reflect on the portal, so try to wait a few minutes to refresh the page. If the problem persists, try using a simple system with very few tags and see if that helps.

    If you have any concerns, please go through this link: -

    https://learn.microsoft.com/en-us/azure/governance/policy/concepts/remediation-structure

    Tag resources, resource groups, and subscriptions for logical organization - Azure Resource Manager | Microsoft Learn

    If you have any further queries, do let us know

    If the answer is helpful, please click "Accept Answer" and "Upvote it"

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.