From cb47ed8ad4bfbd36965d5740c596b5e86101eb7e Mon Sep 17 00:00:00 2001 From: Sacha Narinx Date: Fri, 20 Dec 2024 15:56:24 +0400 Subject: [PATCH] . --- eslzArm/subscriptionTemplates/avnmPolicy.json | 687 ++++++++---------- 1 file changed, 312 insertions(+), 375 deletions(-) diff --git a/eslzArm/subscriptionTemplates/avnmPolicy.json b/eslzArm/subscriptionTemplates/avnmPolicy.json index 33aef542e..a2a459a38 100644 --- a/eslzArm/subscriptionTemplates/avnmPolicy.json +++ b/eslzArm/subscriptionTemplates/avnmPolicy.json @@ -35,21 +35,7 @@ "variables": { "networkGroupIdAll": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', 'avnm-ng-all')]", "networkGroupIdRegion1": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-{0}', parameters('location')))]", - "networkGroupIdRegion2": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-{0}', parameters('locationSecondary')))]", - "networkGroupIdCorp1": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-corp-{0}', parameters('location')))]", - "networkGroupIdCorp2": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-corp-{0}', parameters('locationSecondary')))]", - "networkGroupIdOnline1": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-online-{0}', parameters('location')))]", - "networkGroupIdOnline2": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-online-{0}', parameters('locationSecondary')))]", - "networkGroupIdIdentity1": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-identity-{0}', parameters('location')))]", - "networkGroupIdIdentity2": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-identity-{0}', parameters('locationSecondary')))]", - "networkGroupIdManagement1": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-management-{0}', parameters('location')))]", - "networkGroupIdManagement2": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-management-{0}', parameters('locationSecondary')))]", - "networkGroupIdConnectivity1": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-connectivity-{0}', parameters('location')))]", - "networkGroupIdConnectivity2": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-connectivity-{0}', parameters('locationSecondary')))]", - "networkGroupIdSandbox1": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-sandbox-{0}', parameters('location')))]", - "networkGroupIdSandbox2": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-sandbox-{0}', parameters('locationSecondary')))]", - "networkGroupIdDecommissioned1": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-decommissioned-{0}', parameters('location')))]", - "networkGroupIdDecommissioned2": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-decommissioned-{0}', parameters('locationSecondary')))]" + "networkGroupIdRegion2": "[if(empty(parameters('locationSecondary')), '', resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-{0}', parameters('locationSecondary'))))]" }, "resources": [ { @@ -220,50 +206,43 @@ "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { - "scope": "inner" + "scope": "inner" }, "mode": "Incremental", "parameters": { - "location": { - "value": "[parameters('location')]" - }, - "locationSecondary": { - "value": "[parameters('locationSecondary')]" - }, - "mgmtGroup": { - "value": "[format('{0}-corp', parameters('topLevelManagementGroupPrefix'))]" - }, - "connectivitySubscriptionId": { - "value": "[parameters('connectivitySubscriptionId')]" - } + "location": { + "value": "[parameters('location')]" + }, + "locationSecondary": { + "value": "[parameters('locationSecondary')]" + }, + "mgmtGroup": { + "value": "[format('{0}-corp', parameters('topLevelManagementGroupPrefix'))]" + }, + "connectivitySubscriptionId": { + "value": "[parameters('connectivitySubscriptionId')]" + } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "15861206698474595241" - } - }, "parameters": { "location": { - "type": "string" + "type": "string" }, "locationSecondary": { - "type": "string" + "type": "string" }, "mgmtGroup": { - "type": "string" + "type": "string" }, "connectivitySubscriptionId": { - "type": "string" + "type": "string" } }, "variables": { "networkGroupId1": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-corp-{0}', parameters('location')))]", - "networkGroupId2": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-corp-{0}', parameters('locationSecondary')))]" + "networkGroupId2": "[if(empty(parameters('locationSecondary')), '', resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-corp-{0}', parameters('locationSecondary'))))]" }, "resources": [ { @@ -274,21 +253,21 @@ "policyType": "Custom", "mode": "Microsoft.Network.Data", "policyRule": { - "if": { - "allOf": [ - { - "field": "type", - "equals": "Microsoft.Network/virtualNetworks" - } - ] - }, - "then": { - "effect": "addToNetworkGroup", - "details": { - "networkGroupId": "[variables('networkGroupId1')]" + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Network/virtualNetworks" + } + ] + }, + "then": { + "effect": "addToNetworkGroup", + "details": { + "networkGroupId": "[variables('networkGroupId1')]" + } } } - } } }, { @@ -301,12 +280,12 @@ { "name": "regionalResource", "selectors": [ - { - "kind": "ResourceLocation", - "in": [ - "[parameters('location')]" - ] - } + { + "kind": "ResourceLocation", + "in": [ + "[parameters('location')]" + ] + } ] } ] @@ -324,21 +303,21 @@ "policyType": "Custom", "mode": "Microsoft.Network.Data", "policyRule": { - "if": { - "allOf": [ - { - "field": "type", - "equals": "Microsoft.Network/virtualNetworks" - } - ] - }, - "then": { - "effect": "addToNetworkGroup", - "details": { - "networkGroupId": "[variables('networkGroupId2')]" + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Network/virtualNetworks" + } + ] + }, + "then": { + "effect": "addToNetworkGroup", + "details": { + "networkGroupId": "[variables('networkGroupId2')]" + } } } - } } }, { @@ -355,7 +334,7 @@ { "kind": "ResourceLocation", "in": [ - "[parameters('locationSecondary')]" + "[parameters('locationSecondary')]" ] } ] @@ -378,7 +357,7 @@ "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { - "scope": "inner" + "scope": "inner" }, "mode": "Incremental", "parameters": { @@ -398,30 +377,23 @@ "template": { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "15861206698474595241" - } - }, "parameters": { "location": { - "type": "string" + "type": "string" }, "locationSecondary": { - "type": "string" + "type": "string" }, "mgmtGroup": { - "type": "string" + "type": "string" }, "connectivitySubscriptionId": { - "type": "string" + "type": "string" } }, "variables": { "networkGroupId1": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-online-{0}', parameters('location')))]", - "networkGroupId2": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-online-{0}', parameters('locationSecondary')))]" + "networkGroupId2": "[if(empty(parameters('locationSecondary')), '', resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-online-{0}', parameters('locationSecondary'))))]" }, "resources": [ { @@ -432,21 +404,21 @@ "policyType": "Custom", "mode": "Microsoft.Network.Data", "policyRule": { - "if": { - "allOf": [ - { - "field": "type", - "equals": "Microsoft.Network/virtualNetworks" - } - ] - }, - "then": { - "effect": "addToNetworkGroup", - "details": { - "networkGroupId": "[variables('networkGroupId1')]" + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Network/virtualNetworks" + } + ] + }, + "then": { + "effect": "addToNetworkGroup", + "details": { + "networkGroupId": "[variables('networkGroupId1')]" + } } } - } } }, { @@ -459,12 +431,12 @@ { "name": "regionalResource", "selectors": [ - { - "kind": "ResourceLocation", - "in": [ - "[parameters('location')]" - ] - } + { + "kind": "ResourceLocation", + "in": [ + "[parameters('location')]" + ] + } ] } ] @@ -536,50 +508,43 @@ "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { - "scope": "inner" + "scope": "inner" }, "mode": "Incremental", "parameters": { - "location": { - "value": "[parameters('location')]" - }, - "locationSecondary": { - "value": "[parameters('locationSecondary')]" - }, - "mgmtGroup": { - "value": "[format('{0}-identity', parameters('topLevelManagementGroupPrefix'))]" - }, - "connectivitySubscriptionId": { - "value": "[parameters('connectivitySubscriptionId')]" - } + "location": { + "value": "[parameters('location')]" + }, + "locationSecondary": { + "value": "[parameters('locationSecondary')]" + }, + "mgmtGroup": { + "value": "[format('{0}-identity', parameters('topLevelManagementGroupPrefix'))]" + }, + "connectivitySubscriptionId": { + "value": "[parameters('connectivitySubscriptionId')]" + } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "15861206698474595241" - } - }, "parameters": { "location": { - "type": "string" + "type": "string" }, "locationSecondary": { - "type": "string" + "type": "string" }, "mgmtGroup": { - "type": "string" + "type": "string" }, "connectivitySubscriptionId": { - "type": "string" + "type": "string" } }, "variables": { "networkGroupId1": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-identity-{0}', parameters('location')))]", - "networkGroupId2": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-identity-{0}', parameters('locationSecondary')))]" + "networkGroupId2": "[if(empty(parameters('locationSecondary')), '', resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-identity-{0}', parameters('locationSecondary'))))]" }, "resources": [ { @@ -590,21 +555,21 @@ "policyType": "Custom", "mode": "Microsoft.Network.Data", "policyRule": { - "if": { - "allOf": [ - { - "field": "type", - "equals": "Microsoft.Network/virtualNetworks" - } - ] - }, - "then": { - "effect": "addToNetworkGroup", - "details": { - "networkGroupId": "[variables('networkGroupId1')]" + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Network/virtualNetworks" + } + ] + }, + "then": { + "effect": "addToNetworkGroup", + "details": { + "networkGroupId": "[variables('networkGroupId1')]" + } } } - } } }, { @@ -617,12 +582,12 @@ { "name": "regionalResource", "selectors": [ - { - "kind": "ResourceLocation", - "in": [ - "[parameters('location')]" - ] - } + { + "kind": "ResourceLocation", + "in": [ + "[parameters('location')]" + ] + } ] } ] @@ -640,21 +605,21 @@ "policyType": "Custom", "mode": "Microsoft.Network.Data", "policyRule": { - "if": { - "allOf": [ - { - "field": "type", - "equals": "Microsoft.Network/virtualNetworks" - } - ] - }, - "then": { - "effect": "addToNetworkGroup", - "details": { - "networkGroupId": "[variables('networkGroupId2')]" + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Network/virtualNetworks" + } + ] + }, + "then": { + "effect": "addToNetworkGroup", + "details": { + "networkGroupId": "[variables('networkGroupId2')]" + } } } - } } }, { @@ -671,7 +636,7 @@ { "kind": "ResourceLocation", "in": [ - "[parameters('locationSecondary')]" + "[parameters('locationSecondary')]" ] } ] @@ -694,50 +659,43 @@ "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { - "scope": "inner" + "scope": "inner" }, "mode": "Incremental", "parameters": { - "location": { - "value": "[parameters('location')]" - }, - "locationSecondary": { - "value": "[parameters('locationSecondary')]" - }, - "mgmtGroup": { - "value": "[format('{0}-management', parameters('topLevelManagementGroupPrefix'))]" - }, - "connectivitySubscriptionId": { - "value": "[parameters('connectivitySubscriptionId')]" - } + "location": { + "value": "[parameters('location')]" + }, + "locationSecondary": { + "value": "[parameters('locationSecondary')]" + }, + "mgmtGroup": { + "value": "[format('{0}-management', parameters('topLevelManagementGroupPrefix'))]" + }, + "connectivitySubscriptionId": { + "value": "[parameters('connectivitySubscriptionId')]" + } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "15861206698474595241" - } - }, "parameters": { "location": { - "type": "string" + "type": "string" }, "locationSecondary": { - "type": "string" + "type": "string" }, "mgmtGroup": { - "type": "string" + "type": "string" }, "connectivitySubscriptionId": { - "type": "string" + "type": "string" } }, "variables": { "networkGroupId1": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-management-{0}', parameters('location')))]", - "networkGroupId2": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-management-{0}', parameters('locationSecondary')))]" + "networkGroupId2": "[if(empty(parameters('locationSecondary')), '', resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-management-{0}', parameters('locationSecondary'))))]" }, "resources": [ { @@ -748,21 +706,21 @@ "policyType": "Custom", "mode": "Microsoft.Network.Data", "policyRule": { - "if": { - "allOf": [ - { - "field": "type", - "equals": "Microsoft.Network/virtualNetworks" - } - ] - }, - "then": { - "effect": "addToNetworkGroup", - "details": { - "networkGroupId": "[variables('networkGroupId1')]" + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Network/virtualNetworks" + } + ] + }, + "then": { + "effect": "addToNetworkGroup", + "details": { + "networkGroupId": "[variables('networkGroupId1')]" + } } } - } } }, { @@ -775,12 +733,12 @@ { "name": "regionalResource", "selectors": [ - { - "kind": "ResourceLocation", - "in": [ - "[parameters('location')]" - ] - } + { + "kind": "ResourceLocation", + "in": [ + "[parameters('location')]" + ] + } ] } ] @@ -798,21 +756,21 @@ "policyType": "Custom", "mode": "Microsoft.Network.Data", "policyRule": { - "if": { - "allOf": [ - { - "field": "type", - "equals": "Microsoft.Network/virtualNetworks" - } - ] - }, - "then": { - "effect": "addToNetworkGroup", - "details": { - "networkGroupId": "[variables('networkGroupId2')]" + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Network/virtualNetworks" + } + ] + }, + "then": { + "effect": "addToNetworkGroup", + "details": { + "networkGroupId": "[variables('networkGroupId2')]" + } } } - } } }, { @@ -829,7 +787,7 @@ { "kind": "ResourceLocation", "in": [ - "[parameters('locationSecondary')]" + "[parameters('locationSecondary')]" ] } ] @@ -872,30 +830,23 @@ "template": { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "15861206698474595241" - } - }, "parameters": { "location": { - "type": "string" + "type": "string" }, "locationSecondary": { - "type": "string" + "type": "string" }, "mgmtGroup": { - "type": "string" + "type": "string" }, "connectivitySubscriptionId": { - "type": "string" + "type": "string" } }, "variables": { "networkGroupId1": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-connectivity-{0}', parameters('location')))]", - "networkGroupId2": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-connectivity-{0}', parameters('locationSecondary')))]" + "networkGroupId2": "[if(empty(parameters('locationSecondary')), '', resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-connectivity-{0}', parameters('locationSecondary'))))]" }, "resources": [ { @@ -906,21 +857,21 @@ "policyType": "Custom", "mode": "Microsoft.Network.Data", "policyRule": { - "if": { - "allOf": [ - { - "field": "type", - "equals": "Microsoft.Network/virtualNetworks" - } - ] - }, - "then": { - "effect": "addToNetworkGroup", - "details": { - "networkGroupId": "[variables('networkGroupId1')]" + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Network/virtualNetworks" + } + ] + }, + "then": { + "effect": "addToNetworkGroup", + "details": { + "networkGroupId": "[variables('networkGroupId1')]" + } } } - } } }, { @@ -933,12 +884,12 @@ { "name": "regionalResource", "selectors": [ - { - "kind": "ResourceLocation", - "in": [ - "[parameters('location')]" - ] - } + { + "kind": "ResourceLocation", + "in": [ + "[parameters('location')]" + ] + } ] } ] @@ -956,21 +907,21 @@ "policyType": "Custom", "mode": "Microsoft.Network.Data", "policyRule": { - "if": { - "allOf": [ - { - "field": "type", - "equals": "Microsoft.Network/virtualNetworks" - } - ] - }, - "then": { - "effect": "addToNetworkGroup", - "details": { - "networkGroupId": "[variables('networkGroupId2')]" + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Network/virtualNetworks" + } + ] + }, + "then": { + "effect": "addToNetworkGroup", + "details": { + "networkGroupId": "[variables('networkGroupId2')]" + } } } - } } }, { @@ -987,7 +938,7 @@ { "kind": "ResourceLocation", "in": [ - "[parameters('locationSecondary')]" + "[parameters('locationSecondary')]" ] } ] @@ -1030,30 +981,23 @@ "template": { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "15861206698474595241" - } - }, "parameters": { "location": { - "type": "string" + "type": "string" }, "locationSecondary": { - "type": "string" + "type": "string" }, "mgmtGroup": { - "type": "string" + "type": "string" }, "connectivitySubscriptionId": { - "type": "string" + "type": "string" } }, "variables": { "networkGroupId1": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-sandbox-{0}', parameters('location')))]", - "networkGroupId2": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-sandbox-{0}', parameters('locationSecondary')))]" + "networkGroupId2": "[if(empty(parameters('locationSecondary')), '', resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-sandbox-{0}', parameters('locationSecondary'))))]" }, "resources": [ { @@ -1064,21 +1008,21 @@ "policyType": "Custom", "mode": "Microsoft.Network.Data", "policyRule": { - "if": { - "allOf": [ - { - "field": "type", - "equals": "Microsoft.Network/virtualNetworks" - } - ] - }, - "then": { - "effect": "addToNetworkGroup", - "details": { - "networkGroupId": "[variables('networkGroupId1')]" + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Network/virtualNetworks" + } + ] + }, + "then": { + "effect": "addToNetworkGroup", + "details": { + "networkGroupId": "[variables('networkGroupId1')]" + } } } - } } }, { @@ -1088,17 +1032,17 @@ "properties": { "policyDefinitionId": "[extensionResourceId(managementGroup().id, 'Microsoft.Authorization/policyDefinitions', format('ALZAvnmPolicy{0}{1}', parameters('mgmtGroup'), parameters('location')))]", "resourceSelectors": [ - { - "name": "regionalResource", - "selectors": [ { - "kind": "ResourceLocation", - "in": [ - "[parameters('location')]" + "name": "regionalResource", + "selectors": [ + { + "kind": "ResourceLocation", + "in": [ + "[parameters('location')]" + ] + } ] } - ] - } ] }, "dependsOn": [ @@ -1114,21 +1058,21 @@ "policyType": "Custom", "mode": "Microsoft.Network.Data", "policyRule": { - "if": { - "allOf": [ - { - "field": "type", - "equals": "Microsoft.Network/virtualNetworks" - } - ] - }, - "then": { - "effect": "addToNetworkGroup", - "details": { - "networkGroupId": "[variables('networkGroupId2')]" + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Network/virtualNetworks" + } + ] + }, + "then": { + "effect": "addToNetworkGroup", + "details": { + "networkGroupId": "[variables('networkGroupId2')]" + } } } - } } }, { @@ -1139,17 +1083,17 @@ "properties": { "policyDefinitionId": "[extensionResourceId(managementGroup().id, 'Microsoft.Authorization/policyDefinitions', format('ALZAvnmPolicy{0}{1}', parameters('mgmtGroup'), parameters('locationSecondary')))]", "resourceSelectors": [ - { - "name": "regionalResource", - "selectors": [ { - "kind": "ResourceLocation", - "in": [ - "[parameters('locationSecondary')]" + "name": "regionalResource", + "selectors": [ + { + "kind": "ResourceLocation", + "in": [ + "[parameters('locationSecondary')]" + ] + } ] } - ] - } ] }, "dependsOn": [ @@ -1168,50 +1112,43 @@ "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { - "scope": "inner" + "scope": "inner" }, "mode": "Incremental", "parameters": { - "location": { - "value": "[parameters('location')]" - }, - "locationSecondary": { - "value": "[parameters('locationSecondary')]" - }, - "mgmtGroup": { - "value": "[format('{0}-decommissioned', parameters('topLevelManagementGroupPrefix'))]" - }, - "connectivitySubscriptionId": { - "value": "[parameters('connectivitySubscriptionId')]" - } + "location": { + "value": "[parameters('location')]" + }, + "locationSecondary": { + "value": "[parameters('locationSecondary')]" + }, + "mgmtGroup": { + "value": "[format('{0}-decommissioned', parameters('topLevelManagementGroupPrefix'))]" + }, + "connectivitySubscriptionId": { + "value": "[parameters('connectivitySubscriptionId')]" + } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "15861206698474595241" - } - }, "parameters": { "location": { - "type": "string" + "type": "string" }, "locationSecondary": { - "type": "string" + "type": "string" }, "mgmtGroup": { - "type": "string" + "type": "string" }, "connectivitySubscriptionId": { - "type": "string" + "type": "string" } }, "variables": { "networkGroupId1": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-decommissioned-{0}', parameters('location')))]", - "networkGroupId2": "[resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-decommissioned-{0}', parameters('locationSecondary')))]" + "networkGroupId2": "[if(empty(parameters('locationSecondary')), '', resourceId(parameters('connectivitySubscriptionId'), 'rg-alz-avnm', 'Microsoft.Network/networkManagers/networkGroups', 'avnm', format('avnm-ng-decommissioned-{0}', parameters('locationSecondary'))))]" }, "resources": [ { @@ -1222,21 +1159,21 @@ "policyType": "Custom", "mode": "Microsoft.Network.Data", "policyRule": { - "if": { - "allOf": [ - { - "field": "type", - "equals": "Microsoft.Network/virtualNetworks" - } - ] - }, - "then": { - "effect": "addToNetworkGroup", - "details": { - "networkGroupId": "[variables('networkGroupId1')]" + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Network/virtualNetworks" + } + ] + }, + "then": { + "effect": "addToNetworkGroup", + "details": { + "networkGroupId": "[variables('networkGroupId1')]" + } } } - } } }, { @@ -1249,12 +1186,12 @@ { "name": "regionalResource", "selectors": [ - { - "kind": "ResourceLocation", - "in": [ - "[parameters('location')]" - ] - } + { + "kind": "ResourceLocation", + "in": [ + "[parameters('location')]" + ] + } ] } ] @@ -1274,16 +1211,16 @@ "policyRule": { "if": { "allOf": [ - { - "field": "type", - "equals": "Microsoft.Network/virtualNetworks" - } + { + "field": "type", + "equals": "Microsoft.Network/virtualNetworks" + } ] }, "then": { "effect": "addToNetworkGroup", "details": { - "networkGroupId": "[variables('networkGroupId2')]" + "networkGroupId": "[variables('networkGroupId2')]" } } } @@ -1300,12 +1237,12 @@ { "name": "regionalResource", "selectors": [ - { - "kind": "ResourceLocation", - "in": [ - "[parameters('locationSecondary')]" - ] - } + { + "kind": "ResourceLocation", + "in": [ + "[parameters('locationSecondary')]" + ] + } ] } ]