Abiquo multicloud tag policies

Introduction to tag policies

Abiquo 6.0 introduces tag policies to allow or deny the creation of valid resources with (or without) the defined tags.

  • Abiquo does not enforce tag policies on resources

  • Abiquo creates a report of invalid resources for the administrator to manage. 

Abiquo tag policies apply to both Abiquo local multicloud tags and corresponding tags in supported cloud providers.

To work with tag policies, the user will need the additional privileges to:

  • Access tag policies view

  • Manage tag policies

The administrator can manage tag policies in the Control view in the Tag management section, on the Tag policies tab. (The Tag management → Entities tab from previous versions is now the Search tab.)

Create a tag policy

When you create a tag policy, the Name contains the characters of the Key of the tags that the policy describes. You can only use lowercase letters in the name and you will also need to comply with all the tagging rules of your cloud providers. You will need to specify the action of the tag policy, which is to Allow or Deny the creation of tags and values.

Example: Tag deny policy

A tag policy can specify Key formats and Values, to allow or deny the creation of valid resources with these tag formats and values.

For policies that Allow tag formats and values, you can also define the resource types that users must tag (Required resources).

Edit a tag policy

When you edit a tag policy, you cannot change the Name or the action (Allow or Deny).

Tag policies in a tenant hierarchy

When you are working with a tenant hierarchy, you can define a tag policy at the reseller or key node level and it will apply to tenants at lower levels of the hierarchy. You can allow administrators of tenants below your tenant to modify their copy of a tag policy, which is called a child tag policy. You can allow them to append or remove definitions, which is called the tag policy override functionality.

To override a tag policy, administrators should select it and click the clone Override button at the bottom of the screen. They can then make the changes as allowed by previous administrators.

On the Tag policies tab administrators can filter by whether the tag policy belongs to the current tenant (Own), belongs to a tenant above their tenant (Overridable), or a child tenant (Overridden).

Compliance report

After you create a tag policy, you can check tag compliance on the Compliance report tab. You can filter the Compliance report by the State of the resource (invalid or valid) and search for text in any of the resource attribute columns (e.g. Resource name, Provider type). To sort the Compliance report by the data in a column, click on the column header.   

For all resources, the Compliance report displays the following compliance details:

  • Resource compliance State (which means its status), which is Valid or Invalid 

  • Tags and values

  • Keys with no compliant values

  • Missing required keys

  • Non-compliant values

You can select a resource to display details of its Compliance errors.

You can also obtain the Compliance report using the Abiquo API.

After you have made changes to your tags and resources, to update the Compliance report, click the refresh button at the bottom of the screen.

See also, Tag policy examples

Copyright © 2006-2024, Abiquo Holdings SL. All rights reserved