Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update json file loading to use loadJsonContent #343

Merged
merged 7 commits into from
Oct 20, 2022
Merged

Update json file loading to use loadJsonContent #343

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
9e286f7
Update json file loading to use loadJsonContent
KevinRabun Oct 17, 2022
592f44b
Respond to linter errors
KevinRabun Oct 17, 2022
3ee87ad
Merge branch 'main' into loadTextContent-to-loadJsonContent
KevinRabun Oct 20, 2022
6cc8648
Update line endings
KevinRabun Oct 20, 2022
e969f20
Undo changes to some of the files
KevinRabun Oct 20, 2022
189b5d4
Update dead CLA link
KevinRabun Oct 20, 2022
62db58d
Update depth check to align with rest of code base (Fixes build)
KevinRabun Oct 20, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/scripts/Get-AlzBicepResourceTypes.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ $resourceTypesFullList = @{}

Get-ChildItem -Path '.\infra-as-code\bicep\modules' -Recurse -Filter '*.json' -Exclude 'callModuleFromACR.example.json', 'orchHubSpoke.json', '*parameters*.json', 'bicepconfig.json', '*policy_*.json' | ForEach-Object {
Write-Information "==> Reading Built ARM Template JSON File: $_" -InformationAction Continue
$armTemplate = Get-Content $_.FullName | ConvertFrom-Json -Depth 20
$armTemplate = Get-Content $_.FullName | ConvertFrom-Json -Depth 100
$armResourceTypes = $armTemplate.Resources
$armResourceTypes | ForEach-Object {
if (!$resourceTypesFullList.ContainsKey($_.Type)) {
Expand All @@ -29,4 +29,4 @@ Write-Information "==> Remove nested deployments resource type" -InformationActi
$resourceTypesFullList.Remove('Microsoft.Resources/Deployments')

Write-Information "==> List of resource types in ALZ-Bicep modules" -InformationAction Continue
$resourceTypesFullList.Keys | Sort-Object
$resourceTypesFullList.Keys | Sort-Object
330 changes: 165 additions & 165 deletions .github/scripts/Invoke-PolicyToBicep-China.ps1
View file
Open in desktop

Large diffs are not rendered by default.

332 changes: 166 additions & 166 deletions .github/scripts/Invoke-PolicyToBicep.ps1
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion .github/workflows/bicep-build-to-validate.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ jobs:

Get-ChildItem -Path '.\infra-as-code\bicep\modules' -Recurse -Filter '*.json' -Exclude 'callModuleFromACR.example.json', 'orchHubSpoke.json', '*parameters*.json', 'bicepconfig.json', '*policy_*.json' | ForEach-Object {
Write-Information "==> Reading Built ARM Template JSON File: $_" -InformationAction Continue
$armTemplate = Get-Content $_.FullName | ConvertFrom-Json -Depth 20
$armTemplate = Get-Content $_.FullName | ConvertFrom-Json -Depth 100
$armResourceTypes = $armTemplate.Resources
$armResourceTypes | ForEach-Object {
if (!$resourceTypesFullList.ContainsKey($_.Type)) {
Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ We have created a short 3-part series of video on the Azure Enablement Show that
This project welcomes contributions and suggestions. Please review our [Contributing guide][wiki_contributing] in the Wiki. Once your PR is created and submitted a member of the team will triage, review and discuss with you 👍
Most contributions require you to agree to a
Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
the rights to use your contribution. For details, visit the [Microsoft Contributor License Agreement page](https://cla.opensource.microsoft.com).
the rights to use your contribution. For details, visit the [Microsoft Contributor License Agreement page](https://opensource.microsoft.com/cla/).
When you submit a pull request, a CLA bot will automatically determine whether you need to provide
a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
provided by the bot. You will only need to do this once across all repos using our CLA.
Expand Down
2 changes: 1 addition & 1 deletion infra-as-code/bicep/modules/policy/assignments/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ The module requires the following inputs:
| parPolicyAssignmentDescription | The description of the policy assignment | Mandatory input | `This policy denies creation of Public IPs under the assigned scope.` | None |
| parPolicyAssignmentDefinitionId | The policy definition ID (full resource ID) for the policy to be assigned. | Mandatory input | `/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91` (built-in) or `/providers/Microsoft.Management/managementgroups/alz/providers/Microsoft.Authorization/policyDefinitions/Deny-Public-IP` (custom) | None |
| parPolicyAssignmentParameters | An object containing the parameter values for the policy to be assigned. | Mandatory input | `{"value":{"emailSecurityContact":{"value":"security_contact@replace_me"}}}` | `{}` |
| parPolicyAssignmentParameterOverrides | An object containing parameter values that override those provided to parPolicyAssignmentParameters, usually via a JSON file and json(loadTextContent(FILE_PATH)). This is only useful when wanting to take values from a source like a JSON file for the majority of the parameters but override specific parameter inputs from other sources or hardcoded. If duplicate parameters exist between parPolicyAssignmentParameters & parPolicyAssignmentParameterOverrides, inputs provided to parPolicyAssignmentParameterOverrides will win. | Not mandatory | `{"value":{"emailSecurityContact":{"value":"different_contact@replace_me"}}}` | `{}` |
| parPolicyAssignmentParameterOverrides | An object containing parameter values that override those provided to parPolicyAssignmentParameters, usually via a JSON file and loadJsonContent(FILE_PATH). This is only useful when wanting to take values from a source like a JSON file for the majority of the parameters but override specific parameter inputs from other sources or hardcoded. If duplicate parameters exist between parPolicyAssignmentParameters & parPolicyAssignmentParameterOverrides, inputs provided to parPolicyAssignmentParameterOverrides will win. | Not mandatory | `{"value":{"emailSecurityContact":{"value":"different_contact@replace_me"}}}` | `{}` |
| parPolicyAssignmentNonComplianceMessages | An array containing object/s for the non-compliance messages for the policy to be assigned. See [Non-compliance messages](https://docs.microsoft.com/azure/governance/policy/concepts/assignment-structure#non-compliance-messages) for more details on use. | Mandatory input | `[{"message":"Default message"}]` | `[]` |
| parPolicyAssignmentNotScopes | An array containing a list of scope Resource IDs to be excluded for the policy assignment. | Mandatory input | `["/providers/Microsoft.Management/managementgroups/alz","/providers/Microsoft.Management/managementgroups/alz-sandbox"]` | `[]` |
| parPolicyAssignmentEnforcementMode | The enforcement mode for the policy assignment. See [Enforcement Mode](https://aka.ms/EnforcementMode) for more details on use. | Not mandatory. Will only allow values of `Default` or `DoNotEnforce` | `Default` | `Default` |
Expand Down
8 changes: 4 additions & 4 deletions infra-as-code/bicep/modules/policy/assignments/lib/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,12 @@
This directory contains the default policy assignments we make as part of the Azure Landing Zones (aka. Enterprise-scale) in JSON files. These can then be used in variables with the bicep functions of:

- [`json()`](https://docs.microsoft.com/azure/azure-resource-manager/bicep/bicep-functions-object#json)
- [`loadTextContent()`](https://docs.microsoft.com/azure/azure-resource-manager/bicep/bicep-functions-files#loadtextcontent)
- [`loadJsonContent()`](https://learn.microsoft.com/azure/azure-resource-manager/bicep/bicep-functions-files#loadjsoncontent)

For example:

```bicep
var varPolicyAssignmentDenyPublicIp = json(loadTextContent('infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_public_ip.tmpl.json'))
var varPolicyAssignmentDenyPublicIp = loadJsonContent('infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_public_ip.tmpl.json')
```

Or you can use the export available in `_policyAssignmentsBicepInput.txt` to copy and paste into a variable to then use to assign policies but manage their properties from the JSON files, like below:
Expand All @@ -24,7 +24,7 @@ var varTargetManagementGroupResourceId = tenantResourceId('Microsoft.Management/
var varPolicyAssignmentDenyPublicIp = {
name: 'Deny-Public-IP'
definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicIP'
libDefinition: json(loadTextContent('../../policy/assignments/lib/policy_assignments/policy_assignment_es_deny_public_ip.tmpl.json'))
libDefinition: loadJsonContent('../../policy/assignments/lib/policy_assignments/policy_assignment_es_deny_public_ip.tmpl.json')
}

module modPolicyAssignmentDenyPublicIP '../../policyAssignments/policyAssignmentManagementGroup.bicep' = {
Expand All @@ -40,5 +40,5 @@ module modPolicyAssignmentDenyPublicIP '../../policyAssignments/policyAssignment
```

> You do not have to use this method, but it is provided to you for ease and is used in the orchestration templates.
>
>
> You may also extend the library and add your own assignment files in following the pattern shown in the examples above.
4 changes: 2 additions & 2 deletions infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ param parPolicyAssignmentDefinitionId string
@description('An object containing the parameter values for the policy to be assigned. DEFAULT VALUE = {}')
param parPolicyAssignmentParameters object = {}

@description('An object containing parameter values that override those provided to parPolicyAssignmentParameters, usually via a JSON file and json(loadTextContent(FILE_PATH)). This is only useful when wanting to take values from a source like a JSON file for the majority of the parameters but override specific parameter inputs from other sources or hardcoded. If duplicate parameters exist between parPolicyAssignmentParameters & parPolicyAssignmentParameterOverrides, inputs provided to parPolicyAssignmentParameterOverrides will win. DEFAULT VALUE = {}')
@description('An object containing parameter values that override those provided to parPolicyAssignmentParameters, usually via a JSON file and loadJsonContent(FILE_PATH). This is only useful when wanting to take values from a source like a JSON file for the majority of the parameters but override specific parameter inputs from other sources or hardcoded. If duplicate parameters exist between parPolicyAssignmentParameters & parPolicyAssignmentParameterOverrides, inputs provided to parPolicyAssignmentParameterOverrides will win. DEFAULT VALUE = {}')
param parPolicyAssignmentParameterOverrides object = {}

@description('An array containing object/s for the non-compliance messages for the policy to be assigned. See https://docs.microsoft.com/en-us/azure/governance/policy/concepts/assignment-structure#non-compliance-messages for more details on use. DEFAULT VALUE = []')
Expand Down Expand Up @@ -64,7 +64,7 @@ var varCuaid = '78001e36-9738-429c-a343-45cc84e8a527'
resource resPolicyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' = {
name: parPolicyAssignmentName
properties: {
displayName: parPolicyAssignmentDisplayName
displayName: parPolicyAssignmentDisplayName
description: parPolicyAssignmentDescription
policyDefinitionId: parPolicyAssignmentDefinitionId
parameters: varPolicyAssignmentParametersMerged
Expand Down
Loading