Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Minor fix to export script #794

Merged
merged 1 commit into from
Oct 24, 2024
Merged

Minor fix to export script #794

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 45 additions & 6 deletions Scripts/Operations/Export-PolicyToEPAC.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,16 +93,22 @@ Write-Information "" -InformationAction Continue

#region PolicyDefinition
if ($PolicyDefinitionId) {
# Check proper formatting
if ($PolicyDefinitionId -notmatch "/providers/") {
Write-Error "Policy Definition ID '$($PolicyDefinitionId)' does not match expected format. Example format expected: '/providers/Microsoft.Authorization/policyDefinitions/f0e5abd0-2554-4736-b7c0-4ffef23475ef'"
exit 1
}

# Pull Built-In Policies
$builtInPolicies = Get-AzPolicyDefinition -Builtin
$builtInPolicyNames = $builtInPolicies.name

# Create Policy Definition File
if ($PolicySetDefinitionId -match "/") {
$policyName = $PolicySetDefinitionId.split("/")[-1]
if ($PolicyDefinitionId -match "/") {
$policyName = $PolicyDefinitionId.split("/")[-1]
}
else {
$policyName = $PolicySetDefinitionId
$policyName = $PolicyDefinitionId
}

try {
Expand All @@ -112,7 +118,8 @@ if ($PolicyDefinitionId) {
$policyResponse = Get-AzPolicyDefinition -Id "/providers/Microsoft.Authorization/policyDefinitions/$PolicyDefinitionId" | Select-Object -Property *
}
if ($null -eq $policyResponse) {
Write-Error "Policy Definition Not Found!"
Write-Error "Policy Definition ID '$($PolicyDefinitionId)' Not Found!"
exit 1
}

$policyType = "policyDefinitions"
Expand Down Expand Up @@ -168,6 +175,11 @@ if ($PolicyDefinitionId) {
}
#region PolicySetDefinition
elseif ($PolicySetDefinitionId) {
# Check proper formatting
if ($PolicySetDefinitionId -notmatch "/providers/") {
Write-Error "Policy Set Definition ID '$($PolicySetDefinitionId)' does not match expected format. Example format expected: '/providers/Microsoft.Authorization/policySetDefinitions/e20d08c5-6d64-656d-6465-ce9e37fd0ebc'"
exit 1
}
# Pull Built-In Policies and Policy Sets
$builtInPolicies = Get-AzPolicyDefinition -Builtin
$builtInPolicyNames = $builtInPolicies.name
Expand All @@ -189,7 +201,8 @@ elseif ($PolicySetDefinitionId) {
$policyResponse = Get-AzPolicySetDefinition -Id "/providers/Microsoft.Authorization/policySetDefinitions/$PolicySetDefinitionId" | Select-Object -Property *
}
if ($null -eq $policyResponse) {
Write-Error "Policy Definition Not Found!"
Write-Error "Policy Set Definition ID '$($PolicySetDefinitionId)' Not Found!"
exit 1
}

$policyType = "policySetDefinitions"
Expand All @@ -206,6 +219,12 @@ elseif ($PolicySetDefinitionId) {
"parameters" = $tempParam
"groupNames" = "$($policyDef.groupNames)"
}
if ( $orderedPolicyDefinitions.definitionVersion -eq "") {
$orderedPolicyDefinitions.Remove('definitionVersion')
}
if ( $orderedPolicyDefinitions.groupNames -eq "") {
$orderedPolicyDefinitions.Remove('groupNames')
}
$policyDefinitionArray += $orderedPolicyDefinitions
}
$orderedPolicy = [ordered]@{
Expand All @@ -217,6 +236,9 @@ elseif ($PolicySetDefinitionId) {
"policyDefinitions" = $policyDefinitionArray
"policyDefinitionGroups" = $policyResponse.PolicyDefinitionGroup
}
if ( $null -eq $orderedPolicy.policyDefinitionGroups) {
$orderedPolicy.Remove('policyDefinitionGroups')
}
$policyObject = [ordered]@{
"`$schema" = "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-set-definition-schema.json"
"name" = $policyName
Expand Down Expand Up @@ -356,6 +378,10 @@ elseif ($ALZPolicyDefinitionId) {
$policyName = $ALZPolicyDefinitionId
$policyType = "policyDefinitions"
$policyResponse = $alzHash[$ALZPolicyDefinitionId]
if ($null -eq $policyResponse) {
Write-Error "ALZ Policy Definition ID '$($ALZPolicyDefinitionId)' Not Found!"
exit 1
}
$policyDisplayName = $policyResponse.displayName
$policyDescription = $policyResponse.description
$policyBuiltInType = $policyResponse.policyType
Expand Down Expand Up @@ -469,6 +495,10 @@ elseif ($ALZPolicySetDefinitionId) {
$policyName = $ALZPolicySetDefinitionId
$policyType = "policySetDefinitions"
$policyResponse = $alzSetHash[$ALZPolicySetDefinitionId]
if ($null -eq $policyResponse) {
Write-Error "ALZ Policy Set Definition ID '$($ALZPolicySetDefinitionId)' Not Found!"
exit 1
}
$policyDisplayName = $policyResponse.displayName
$policyDescription = $policyResponse.description
$policyBuiltInType = $policyResponse.policyType
Expand All @@ -482,6 +512,12 @@ elseif ($ALZPolicySetDefinitionId) {
"parameters" = $tempParam
"groupNames" = "$($policyDef.groupNames)"
}
if ( $orderedPolicyDefinitions.definitionVersion -eq "") {
$orderedPolicyDefinitions.Remove('definitionVersion')
}
if ( $orderedPolicyDefinitions.groupNames -eq "") {
$orderedPolicyDefinitions.Remove('groupNames')
}
$policyDefinitionArray += $orderedPolicyDefinitions
}
$orderedPolicy = [ordered]@{
Expand All @@ -493,6 +529,9 @@ elseif ($ALZPolicySetDefinitionId) {
"policyDefinitions" = $policyDefinitionArray
"policyDefinitionGroups" = $policyResponse.PolicyDefinitionGroups
}
if ( $null -eq $orderedPolicy.policyDefinitionGroups) {
$orderedPolicy.Remove('policyDefinitionGroups')
}
$policyObject = [ordered]@{
"`$schema" = "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-set-definition-schema.json"
"name" = $policyName
Expand Down Expand Up @@ -611,7 +650,7 @@ elseif ($ALZPolicySetDefinitionId) {
}
}
else {
Write-Error "Export-PolicyToEPAC requires at least one of the following: PolicyDefinitionId, PolicySetDefinitionId!"
Write-Error "Export-PolicyToEPAC requires at least one of the following: PolicyDefinitionId, PolicySetDefinitionId, ALZPolicyDefinitionId or ALZPolicySetDefinitionId!"
}


Expand Down