You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
The following is the Policy Definition file
`targetScope = 'managementGroup'
param pattern string
param policyName string
param policyType string
param initiativeName string
param assignmentName string
@Allowed([
'Deny'
'Audit'
'Disabled'
])
@description('The effect determines what happens when the policy rule is evaluated to match')
param effect string = 'Deny'
param policySource string = 'Azure Naming Convention'
@Allowed([
'Default'
'DoNotEnforce'
])
@description('When enforcement mode is disabled, the policy effect isn't enforced (i.e. deny policy won't deny resources). Compliance assessment results are still available.')
param enforcementMode string = 'Default'
output oPolicyId string = namingConventionDefinition.id
output oPolicyName string = namingConventionDefinition.name
output oPolicyInitiativeId string = namingConventionInitiative.id
resource namingConventionDefinition 'Microsoft.Authorization/policyDefinitions@2021-06-01' = {
name: policyName
properties: {
displayName: policyName
policyType: 'Custom'
mode: 'All'
description: 'Policy to Check the naming convention of the target Azure Resource.'
metadata: {
category: 'Custom'
source: policySource
version: '0.1.0'
}
policyRule: {
if: {
allOf: [
{
field: 'type'
equals: policyType
}
{
field: 'name'
notLike: pattern
}
]
}
then: {
effect: effect
}
}
}
}`
The Initiative file is as follows.I am using initiative resource in to a module in the main.bicep file.
`targetScope = 'managementGroup'
param policySource string = 'Azure Naming Convention'
param initiativeName string = 'Initiative1'
param policyDefinitionIds array
output initiativeId string = initiative.id
resource initiative 'Microsoft.Authorization/policySetDefinitions@2021-06-01' = {
name: initiativeName
properties: {
policyType: 'Custom'
displayName: initiativeName
description: '
{policySource}'
metadata: {
category: 'Custom'
source: policySource
version: '0.1.0'
}
policyDefinitions: policyDefinitionIds
}
}`
I am calling the above policy Definition module in the main policy implementation files as follows.
`targetScope = 'managementGroup'
param initiativeName string = 'initiative-naming-conv'
param assignmentName string = 'asgmt-naming-conv'
param policies array = [
{
name: 'plcy-naming-conv-rg'
pattern:'rg-'
policyType: 'microsoft.resources/subscriptions/resourceGroups'
}
{
name: 'plcy-naming-conv-vm'
pattern:'vm'
policyType: 'Microsoft.Compute/virtualMachines'
}
]
module namingConventionDefinitions './definitions/generic.bicep' = [for policy in policies: {
name: policy.name
params: {
policyName: policy.name
pattern: policy.pattern
policyType: policy.policyType
initiativeName:initiativeName
assignmentName: assignmentName
}
}]
module initiatives './initiatives/generic.bicep' = [for (policy, i) in array(policies): {
name: initiativeName
params: {
initiativeName: initiativeName
policyDefinitionIds: array(namingconventionDefinitions[i].outputs.policyId)
}
}]`
I am unable to get the array of policy ids from the Policy Definitions module. Any help regarding this is much appreciated.
Beta Was this translation helpful? Give feedback.
All reactions