Sentinel policy to correct tag value

“tags”: {

                "Data Classification": "Data Level 1",

                "environment":         "staging",


allStorageAccounts = filter tfplan.resource_changes as _, resource_changes {
resource_changes.mode is “managed” and
resource_changes.type is “azurerm_storage_account” and
(resource_changes.change.actions contains “create” or
resource_changes.change.actions is [“update”])

only_allow_defined_tags = rule {
all allStorageAccounts as _, tags {
keys(tags.change.after.tags) contains “Data Classification”

only_allow_defined_tags_values = rule when only_allow_defined_tags is true {
all allStorageAccounts as _, tags {
values(tags.change.after.tags[“Data Classification”]) contains “Data Level 1” or
values(tags.change.after.tags) contains “Data Level 2” or
values(tags.change.after.tags) contains “Data Level 3” or
values(tags.change.after.tags) contains “Data Level 4”

I need to check the value for the corresponding key of the tag “Data Classification”.
Above code just checks the value match. Can you help?

@hcrhall Can you help?

I think I found one of your post with an example which basically addresses my problem too. Sentinel : Checking nested tagging values

@jhabikal21 you can take a look at the following example which is a little easier to read.