How to enforce naming pattern such as "*-*-asp" using Azure policy?

Question

I am trying to enforce Azure resource naming pattern for prod/dev/uat environments, the suggested pattern is [service name]-[environment]-[resource short name]. Is there a way to enforce this using Azure policy? It appears that Azure policy (Like/Match functions) does not support regex. Please suggest a workaround solution.

Note: The [service name], [environment], [resource short name] are of variable length.

Thanks.

Answer 1

Below code block should address the requirement of *-*-asp pattern. i have not put this through sufficient testing, but for anyone who is looking for enforcing naming conventions through policies i hope this would be of help. Also, it would be interesting to know if there is better solution than that provided here.

Azure Policy Like/Match does not support regex, the complexity of the below solution only highlights the need for such a system. There is a user voice, i request for your vote, if you see relevance of regex feature in Azure policy - link here.

{
    "if": {
        "allOf": [
            {
                "field": "type",
                "in": "[parameters('listOfResourceTypes')]"
            },
            {
                "not": {
                    "allOf": [
                        {
                            "value": "[equals(length(split(parameters('namePattern'), '-')), length(split(field('name'), '-')))]",
                            "equals": true
                        },
                        {
                            "value": "[equals(toLower(last(split(parameters('namePattern'), '-'))), toLower(last(split(field('name'), '-'))))]",
                            "equals": true
                        }
                    ]
                }
            }
        ]
    },
    "then": {
        "effect": "[parameters('policyEffect')]"
    }
}