{
  "id": "policy/azure-policy-tag-inheritance-missing",
  "signature": "Resource 'myresource' was disallowed by policy. Policy: 'Require a tag on resources'. Reason: 'The resource has no tags.' but the resource group has tags that should have been inherited.",
  "signature_zh": "资源‘myresource’被策略禁止。策略：‘要求资源具有标签’。原因：‘该资源没有标签。’但资源组具有应被继承的标签。",
  "regex": "Resource '.*' was disallowed by policy\\. Policy: 'Require a tag on resources'\\. Reason: 'The resource has no tags\\.'",
  "domain": "policy",
  "category": "config_error",
  "subcategory": null,
  "root_cause": "Azure Policy's 'Require a tag on resources' policy does not automatically inherit tags from the resource group; inheritance must be explicitly configured using a separate 'Inherit a tag from the resource group' policy or by manual tagging.",
  "root_cause_type": "generic",
  "root_cause_zh": "Azure 策略的‘要求资源具有标签’策略不会自动从资源组继承标签；必须使用单独的‘从资源组继承标签’策略或手动标记来显式配置继承。",
  "versions": [
    {
      "version": "Azure Policy",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "Azure Resource Manager",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "Azure CLI 2.50.0+",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    }
  ],
  "os_specific": {},
  "dead_ends": [
    {
      "action": "",
      "why_fails": "Azure does not automatically propagate resource group tags to resources. Without an explicit inheritance policy, resources remain untagged.",
      "fail_rate": 0.9,
      "condition": "",
      "sources": []
    },
    {
      "action": "",
      "why_fails": "The policy is designed to enforce tagging; modifying it to allow empty tags defeats its purpose and may violate compliance requirements.",
      "fail_rate": 0.7,
      "condition": "",
      "sources": []
    },
    {
      "action": "",
      "why_fails": "This only works if you explicitly tag each resource. If you miss any resource, the policy will still fail for that resource.",
      "fail_rate": 0.5,
      "condition": "",
      "sources": []
    }
  ],
  "workarounds": [
    {
      "action": "Create and assign an Azure Policy initiative that includes both 'Require a tag on resources' and 'Inherit a tag from the resource group if missing' (built-in policy ID: /providers/Microsoft.Authorization/policyDefinitions/...). Use the Azure Portal or CLI: `az policy assignment create --policy-set-definition <initiative-id> --assign-identity`.",
      "success_rate": 0.9,
      "how": "Create and assign an Azure Policy initiative that includes both 'Require a tag on resources' and 'Inherit a tag from the resource group if missing' (built-in policy ID: /providers/Microsoft.Authorization/policyDefinitions/...). Use the Azure Portal or CLI: `az policy assignment create --policy-set-definition <initiative-id> --assign-identity`.",
      "condition": "",
      "sources": []
    },
    {
      "action": "Manually tag each resource in the resource group using `az resource tag --tags <key>=<value> --ids <resource-id>` or through the Azure Portal. Ensure all resources have at least the required tag.",
      "success_rate": 0.8,
      "how": "Manually tag each resource in the resource group using `az resource tag --tags <key>=<value> --ids <resource-id>` or through the Azure Portal. Ensure all resources have at least the required tag.",
      "condition": "",
      "sources": []
    },
    {
      "action": "If the resource is a template deployment, add the tags in the ARM template or Bicep file at the resource level. For example, in ARM: `\"tags\": { \"Environment\": \"[parameters('environmentTag')]\" }`.",
      "success_rate": 0.85,
      "how": "If the resource is a template deployment, add the tags in the ARM template or Bicep file at the resource level. For example, in ARM: `\"tags\": { \"Environment\": \"[parameters('environmentTag')]\" }`.",
      "condition": "",
      "sources": []
    }
  ],
  "workarounds_zh": [
    "创建并分配一个 Azure 策略计划，该计划包括‘要求资源具有标签’和‘如果缺少标签则从资源组继承标签’（内置策略 ID：/providers/Microsoft.Authorization/policyDefinitions/...）。使用 Azure 门户或 CLI：`az policy assignment create --policy-set-definition <initiative-id> --assign-identity`。",
    "使用 `az resource tag --tags <key>=<value> --ids <resource-id>` 或通过 Azure 门户手动标记资源组中的每个资源。确保所有资源至少具有所需的标签。",
    "如果资源是模板部署，请在 ARM 模板或 Bicep 文件的资源级别添加标签。例如，在 ARM 中：`\"tags\": { \"Environment\": \"[parameters('environmentTag')]\" }`。"
  ],
  "transition_graph": {
    "leads_to": [],
    "preceded_by": [],
    "frequently_confused_with": []
  },
  "official_doc_url": "https://learn.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure#tags",
  "official_doc_section": null,
  "error_code": null,
  "verification_tier": "ai_generated",
  "confidence": 0.86,
  "fix_success_rate": 0.85,
  "resolvable": "true",
  "first_seen": "2023-09-12",
  "last_confirmed": "2024-06-01",
  "last_updated": "2024-06-01",
  "evidence_count": 1,
  "tags": [],
  "locale": "en",
  "aliases": []
}