forked from kenieva/batch-policy-scripts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
batchCreatePolicies.ps1
65 lines (55 loc) · 2.03 KB
/
batchCreatePolicies.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
$policyDefRootFolder = "$(System.DefaultWorkingDirectory)/Policies/policies"
$subscriptionName = "$(subscriptionName)"
class PolicyDef {
[string]$PolicyName
[string]$PolicyRulePath
[string]$PolicyParamPath
[string]$ResourceId
}
function Select-Policies {
[CmdletBinding()]
Param
(
[Parameter(Mandatory = $true)]
[System.IO.DirectoryInfo[]]$PolicyFolders
)
Write-Verbose "Processing policies"
$policyList = @()
foreach ($policyDefinition in $PolicyFolders) {
if([System.IO.File]::Exists($($policyDefinition.FullName + "\policydef.json"))){
$policy = New-Object -TypeName PolicyDef
$policy.PolicyName = $policyDefinition.Name
$policy.PolicyRulePath = $($policyDefinition.FullName + "\policydef.json")
$policy.PolicyParamPath = $($policyDefinition.FullName + "\policydef.params.json")
$policyList += $policy
}
else{
continue
}
}
return $policyList
}
function Add-Policies {
[CmdletBinding()]
Param
(
[Parameter(Mandatory = $true)]
[PolicyDef[]]$Policies,
[String]$subscriptionId
)
Write-Verbose "Creating policy definitions"
$policyDefList = @()
foreach ($policy in $Policies) {
$policyDef = New-AzureRmPolicyDefinition -Name $policy.PolicyName -Policy $policy.PolicyRulePath -Parameter $policy.PolicyParamPath -SubscriptionId $subscriptionId -Metadata '{"category":"Pipeline"}'
$policyDefList += $policyDef
}
return $policyDefList
}
$subscriptionId = (Get-AzureRmSubscription -SubscriptionName $subscriptionName).Id
Write-Verbose $policyDefRootFolder
Write-Verbose $subscriptionId
#get list of policy folders
$policies = Select-Policies -PolicyFolders (Get-ChildItem -Path $policyDefRootFolder -Directory)
$policyDefinitions = Add-Policies -Policies $policies -subscriptionId $subscriptionId
$policyDefsJson = ($policyDefinitions | ConvertTo-Json -Depth 10 -Compress)
Write-Host "##vso[task.setvariable variable=PolicyDefs]$policyDefsJson"