Skip to content

Commit

Permalink
Minor fix to export script (#794)
Browse files Browse the repository at this point in the history 
Co-authored-by: Anthony Watherston <[email protected]>
  • Loading branch information
@anwather
anwather and Anthony Watherston authored Oct 24, 2024
1 parent da1f735 commit 4424aa7
Showing 1 changed file with 45 additions and 6 deletions.
51 changes: 45 additions & 6 deletions Scripts/Operations/Export-PolicyToEPAC.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,16 +93,22 @@ Write-Information "" -InformationAction Continue

#region PolicyDefinition
if ($PolicyDefinitionId) {
# Check proper formatting
if ($PolicyDefinitionId -notmatch "/providers/") {
Write-Error "Policy Definition ID '$($PolicyDefinitionId)' does not match expected format. Example format expected: '/providers/Microsoft.Authorization/policyDefinitions/f0e5abd0-2554-4736-b7c0-4ffef23475ef'"
exit 1
}

# Pull Built-In Policies
$builtInPolicies = Get-AzPolicyDefinition -Builtin
$builtInPolicyNames = $builtInPolicies.name

# Create Policy Definition File
if ($PolicySetDefinitionId -match "/") {
$policyName = $PolicySetDefinitionId.split("/")[-1]
if ($PolicyDefinitionId -match "/") {
$policyName = $PolicyDefinitionId.split("/")[-1]
}
else {
$policyName = $PolicySetDefinitionId
$policyName = $PolicyDefinitionId
}

try {
Expand All @@ -112,7 +118,8 @@ if ($PolicyDefinitionId) {
$policyResponse = Get-AzPolicyDefinition -Id "/providers/Microsoft.Authorization/policyDefinitions/$PolicyDefinitionId" | Select-Object -Property *
}
if ($null -eq $policyResponse) {
Write-Error "Policy Definition Not Found!"
Write-Error "Policy Definition ID '$($PolicyDefinitionId)' Not Found!"
exit 1
}

$policyType = "policyDefinitions"
Expand Down Expand Up @@ -168,6 +175,11 @@ if ($PolicyDefinitionId) {
}
#region PolicySetDefinition
elseif ($PolicySetDefinitionId) {
# Check proper formatting
if ($PolicySetDefinitionId -notmatch "/providers/") {
Write-Error "Policy Set Definition ID '$($PolicySetDefinitionId)' does not match expected format. Example format expected: '/providers/Microsoft.Authorization/policySetDefinitions/e20d08c5-6d64-656d-6465-ce9e37fd0ebc'"
exit 1
}
# Pull Built-In Policies and Policy Sets
$builtInPolicies = Get-AzPolicyDefinition -Builtin
$builtInPolicyNames = $builtInPolicies.name
Expand All @@ -189,7 +201,8 @@ elseif ($PolicySetDefinitionId) {
$policyResponse = Get-AzPolicySetDefinition -Id "/providers/Microsoft.Authorization/policySetDefinitions/$PolicySetDefinitionId" | Select-Object -Property *
}
if ($null -eq $policyResponse) {
Write-Error "Policy Definition Not Found!"
Write-Error "Policy Set Definition ID '$($PolicySetDefinitionId)' Not Found!"
exit 1
}

$policyType = "policySetDefinitions"
Expand All @@ -206,6 +219,12 @@ elseif ($PolicySetDefinitionId) {
"parameters" = $tempParam
"groupNames" = "$($policyDef.groupNames)"
}
if ( $orderedPolicyDefinitions.definitionVersion -eq "") {
$orderedPolicyDefinitions.Remove('definitionVersion')
}
if ( $orderedPolicyDefinitions.groupNames -eq "") {
$orderedPolicyDefinitions.Remove('groupNames')
}
$policyDefinitionArray += $orderedPolicyDefinitions
}
$orderedPolicy = [ordered]@{
Expand All @@ -217,6 +236,9 @@ elseif ($PolicySetDefinitionId) {
"policyDefinitions" = $policyDefinitionArray
"policyDefinitionGroups" = $policyResponse.PolicyDefinitionGroup
}
if ( $null -eq $orderedPolicy.policyDefinitionGroups) {
$orderedPolicy.Remove('policyDefinitionGroups')
}
$policyObject = [ordered]@{
"`$schema" = "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-set-definition-schema.json"
"name" = $policyName
Expand Down Expand Up @@ -356,6 +378,10 @@ elseif ($ALZPolicyDefinitionId) {
$policyName = $ALZPolicyDefinitionId
$policyType = "policyDefinitions"
$policyResponse = $alzHash[$ALZPolicyDefinitionId]
if ($null -eq $policyResponse) {
Write-Error "ALZ Policy Definition ID '$($ALZPolicyDefinitionId)' Not Found!"
exit 1
}
$policyDisplayName = $policyResponse.displayName
$policyDescription = $policyResponse.description
$policyBuiltInType = $policyResponse.policyType
Expand Down Expand Up @@ -469,6 +495,10 @@ elseif ($ALZPolicySetDefinitionId) {
$policyName = $ALZPolicySetDefinitionId
$policyType = "policySetDefinitions"
$policyResponse = $alzSetHash[$ALZPolicySetDefinitionId]
if ($null -eq $policyResponse) {
Write-Error "ALZ Policy Set Definition ID '$($ALZPolicySetDefinitionId)' Not Found!"
exit 1
}
$policyDisplayName = $policyResponse.displayName
$policyDescription = $policyResponse.description
$policyBuiltInType = $policyResponse.policyType
Expand All @@ -482,6 +512,12 @@ elseif ($ALZPolicySetDefinitionId) {
"parameters" = $tempParam
"groupNames" = "$($policyDef.groupNames)"
}
if ( $orderedPolicyDefinitions.definitionVersion -eq "") {
$orderedPolicyDefinitions.Remove('definitionVersion')
}
if ( $orderedPolicyDefinitions.groupNames -eq "") {
$orderedPolicyDefinitions.Remove('groupNames')
}
$policyDefinitionArray += $orderedPolicyDefinitions
}
$orderedPolicy = [ordered]@{
Expand All @@ -493,6 +529,9 @@ elseif ($ALZPolicySetDefinitionId) {
"policyDefinitions" = $policyDefinitionArray
"policyDefinitionGroups" = $policyResponse.PolicyDefinitionGroups
}
if ( $null -eq $orderedPolicy.policyDefinitionGroups) {
$orderedPolicy.Remove('policyDefinitionGroups')
}
$policyObject = [ordered]@{
"`$schema" = "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-set-definition-schema.json"
"name" = $policyName
Expand Down Expand Up @@ -611,7 +650,7 @@ elseif ($ALZPolicySetDefinitionId) {
}
}
else {
Write-Error "Export-PolicyToEPAC requires at least one of the following: PolicyDefinitionId, PolicySetDefinitionId!"
Write-Error "Export-PolicyToEPAC requires at least one of the following: PolicyDefinitionId, PolicySetDefinitionId, ALZPolicyDefinitionId or ALZPolicySetDefinitionId!"
}


Expand Down

0 comments on commit 4424aa7

Please sign in to comment.