Skip to content

Commit

Permalink
[Modules] Policy assignment updated nonCompliance messages (#1644)
Browse files Browse the repository at this point in the history
  • Loading branch information
ahmadabdalla authored Jul 8, 2022
1 parent e46939e commit fa8d770
Show file tree
Hide file tree
Showing 12 changed files with 77 additions and 42 deletions.
13 changes: 12 additions & 1 deletion .lycheeignore
Original file line number Diff line number Diff line change
@@ -1,10 +1,21 @@
https://foo.psd1/
file:///github
https://teststringforvalidation.com/
http://localhost/
https://mystorageaccount.blob.core.windows.net
https://mykeyvault.vault.azure.net
https://www.powershellgallery.com
https://github.com/myProject
http://validurltoconfiglocation/
https://mycustomdependencylocation/
http://tools.ietf.org/html/rfc6749#section-3.2
https://adp-/
https://www.contoso.com/webhook
https://adp/
file:///github
dummy@contoso.com
test2@contoso.com
test1@contoso.com
test@contoso.com
foo@contoso.com
@parameters.json
'@odata.type
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,12 @@
}
}
},
"nonComplianceMessage": {
"value": "Violated Policy Assignment - This is a Non Compliance Message"
"nonComplianceMessages": {
"value": [
{
"message": "Violated Policy Assignment - This is a Non Compliance Message"
}
]
},
"enforcementMode": {
"value": "DoNotEnforce"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,12 @@
}
}
},
"nonComplianceMessage": {
"value": "Violated Policy Assignment - This is a Non Compliance Message"
"nonComplianceMessages": {
"value": [
{
"message": "Violated Policy Assignment - This is a Non Compliance Message"
}
]
},
"enforcementMode": {
"value": "DoNotEnforce"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,12 @@
}
}
},
"nonComplianceMessage": {
"value": "Violated Policy Assignment - This is a Non Compliance Message"
"nonComplianceMessages": {
"value": [
{
"message": "Violated Policy Assignment - This is a Non Compliance Message"
}
]
},
"enforcementMode": {
"value": "DoNotEnforce"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ param roleDefinitionIds array = []
param metadata object = {}

@sys.description('Optional. The messages that describe why a resource is non-compliant with the policy.')
param nonComplianceMessage string = ''
param nonComplianceMessages array = []

@sys.description('Optional. The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce.')
@allowed([
Expand Down Expand Up @@ -89,7 +89,7 @@ module policyAssignment_mg 'managementGroup/deploy.bicep' = if (empty(subscripti
userAssignedIdentityId: userAssignedIdentityId
roleDefinitionIds: !empty(roleDefinitionIds) ? roleDefinitionIds : []
metadata: !empty(metadata) ? metadata : {}
nonComplianceMessage: !empty(nonComplianceMessage) ? nonComplianceMessage : ''
nonComplianceMessages: !empty(nonComplianceMessages) ? nonComplianceMessages : []
enforcementMode: enforcementMode
notScopes: !empty(notScopes) ? notScopes : []
managementGroupId: managementGroupId
Expand All @@ -111,7 +111,7 @@ module policyAssignment_sub 'subscription/deploy.bicep' = if (!empty(subscriptio
userAssignedIdentityId: userAssignedIdentityId
roleDefinitionIds: !empty(roleDefinitionIds) ? roleDefinitionIds : []
metadata: !empty(metadata) ? metadata : {}
nonComplianceMessage: !empty(nonComplianceMessage) ? nonComplianceMessage : ''
nonComplianceMessages: !empty(nonComplianceMessages) ? nonComplianceMessages : []
enforcementMode: enforcementMode
notScopes: !empty(notScopes) ? notScopes : []
subscriptionId: subscriptionId
Expand All @@ -133,7 +133,7 @@ module policyAssignment_rg 'resourceGroup/deploy.bicep' = if (!empty(resourceGro
userAssignedIdentityId: userAssignedIdentityId
roleDefinitionIds: !empty(roleDefinitionIds) ? roleDefinitionIds : []
metadata: !empty(metadata) ? metadata : {}
nonComplianceMessage: !empty(nonComplianceMessage) ? nonComplianceMessage : ''
nonComplianceMessages: !empty(nonComplianceMessages) ? nonComplianceMessages : []
enforcementMode: enforcementMode
notScopes: !empty(notScopes) ? notScopes : []
subscriptionId: subscriptionId
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ param roleDefinitionIds array = []
param metadata object = {}

@sys.description('Optional. The messages that describe why a resource is non-compliant with the policy.')
param nonComplianceMessage string = ''
param nonComplianceMessages array = []

@sys.description('Optional. The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce.')
@allowed([
Expand All @@ -53,10 +53,6 @@ param notScopes array = []
@sys.description('Optional. Location for all resources.')
param location string = deployment().location

var nonComplianceMessage_var = {
message: !empty(nonComplianceMessage) ? nonComplianceMessage : null
}

@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).')
param enableDefaultTelemetry bool = true

Expand Down Expand Up @@ -91,7 +87,7 @@ resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01'
description: !empty(description) ? description : null
policyDefinitionId: policyDefinitionId
parameters: parameters
nonComplianceMessages: !empty(nonComplianceMessage) ? array(nonComplianceMessage_var) : []
nonComplianceMessages: !empty(nonComplianceMessages) ? nonComplianceMessages : []
enforcementMode: enforcementMode
notScopes: !empty(notScopes) ? notScopes : []
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ With this module you can perform policy assignments on a management group level.
| `location` | string | `[deployment().location]` | | Location for all resources. |
| `managementGroupId` | string | `[managementGroup().name]` | | The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. |
| `metadata` | object | `{object}` | | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
| `nonComplianceMessage` | string | `''` | | The messages that describe why a resource is non-compliant with the policy. |
| `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. |
| `notScopes` | array | `[]` | | The policy excluded scopes. |
| `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. |
| `userAssignedIdentityId` | string | `''` | | The Resource ID for the user assigned identity to assign to the policy assignment. |
Expand Down
44 changes: 34 additions & 10 deletions modules/Microsoft.Authorization/policyAssignments/readme.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ With this module you can perform policy assignments across the management group,
| `location` | string | `[deployment().location]` | | Location for all resources. |
| `managementGroupId` | string | `[managementGroup().name]` | | The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. |
| `metadata` | object | `{object}` | | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
| `nonComplianceMessage` | string | `''` | | The messages that describe why a resource is non-compliant with the policy. |
| `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. |
| `notScopes` | array | `[]` | | The policy excluded scopes. |
| `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. |
| `resourceGroupName` | string | `''` | | The Target Scope for the Policy. The name of the resource group for the policy assignment. |
Expand Down Expand Up @@ -241,8 +241,12 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
}
}
},
"nonComplianceMessage": {
"value": "Violated Policy Assignment - This is a Non Compliance Message"
"nonComplianceMessages": {
"value": [
{
"message": "Violated Policy Assignment - This is a Non Compliance Message"
}
]
},
"enforcementMode": {
"value": "DoNotEnforce"
Expand Down Expand Up @@ -298,7 +302,11 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
value: 'prod'
}
}
nonComplianceMessage: 'Violated Policy Assignment - This is a Non Compliance Message'
nonComplianceMessages: [
{
message: 'Violated Policy Assignment - This is a Non Compliance Message'
}
]
enforcementMode: 'DoNotEnforce'
metadata: {
category: 'Security'
Expand Down Expand Up @@ -401,8 +409,12 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
}
}
},
"nonComplianceMessage": {
"value": "Violated Policy Assignment - This is a Non Compliance Message"
"nonComplianceMessages": {
"value": [
{
"message": "Violated Policy Assignment - This is a Non Compliance Message"
}
]
},
"enforcementMode": {
"value": "DoNotEnforce"
Expand Down Expand Up @@ -464,7 +476,11 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
value: 'prod'
}
}
nonComplianceMessage: 'Violated Policy Assignment - This is a Non Compliance Message'
nonComplianceMessages: [
{
message: 'Violated Policy Assignment - This is a Non Compliance Message'
}
]
enforcementMode: 'DoNotEnforce'
metadata: {
category: 'Security'
Expand Down Expand Up @@ -565,8 +581,12 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
}
}
},
"nonComplianceMessage": {
"value": "Violated Policy Assignment - This is a Non Compliance Message"
"nonComplianceMessages": {
"value": [
{
"message": "Violated Policy Assignment - This is a Non Compliance Message"
}
]
},
"enforcementMode": {
"value": "DoNotEnforce"
Expand Down Expand Up @@ -625,7 +645,11 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
value: 'prod'
}
}
nonComplianceMessage: 'Violated Policy Assignment - This is a Non Compliance Message'
nonComplianceMessages: [
{
message: 'Violated Policy Assignment - This is a Non Compliance Message'
}
]
enforcementMode: 'DoNotEnforce'
metadata: {
category: 'Security'
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ param roleDefinitionIds array = []
param metadata object = {}

@sys.description('Optional. The messages that describe why a resource is non-compliant with the policy.')
param nonComplianceMessage string = ''
param nonComplianceMessages array = []

@sys.description('Optional. The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce.')
@allowed([
Expand All @@ -50,10 +50,6 @@ param notScopes array = []
@sys.description('Optional. Location for all resources.')
param location string = resourceGroup().location

var nonComplianceMessage_var = {
message: !empty(nonComplianceMessage) ? nonComplianceMessage : null
}

@sys.description('Optional. The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment.')
param subscriptionId string = subscription().subscriptionId

Expand Down Expand Up @@ -93,7 +89,7 @@ resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01'
description: !empty(description) ? description : null
policyDefinitionId: policyDefinitionId
parameters: parameters
nonComplianceMessages: !empty(nonComplianceMessage) ? array(nonComplianceMessage_var) : []
nonComplianceMessages: !empty(nonComplianceMessages) ? nonComplianceMessages : []
enforcementMode: enforcementMode
notScopes: !empty(notScopes) ? notScopes : []
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ With this module you can perform policy assignments on a resource group level
| `identity` | string | `'SystemAssigned'` | `[SystemAssigned, UserAssigned, None]` | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. |
| `location` | string | `[resourceGroup().location]` | | Location for all resources. |
| `metadata` | object | `{object}` | | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
| `nonComplianceMessage` | string | `''` | | The messages that describe why a resource is non-compliant with the policy. |
| `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. |
| `notScopes` | array | `[]` | | The policy excluded scopes. |
| `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. |
| `resourceGroupName` | string | `[resourceGroup().name]` | | The Target Scope for the Policy. The name of the resource group for the policy assignment. If not provided, will use the current scope for deployment. |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ param roleDefinitionIds array = []
param metadata object = {}

@sys.description('Optional. The messages that describe why a resource is non-compliant with the policy.')
param nonComplianceMessage string = ''
param nonComplianceMessages array = []

@sys.description('Optional. The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce.')
@allowed([
Expand All @@ -50,10 +50,6 @@ param notScopes array = []
@sys.description('Optional. Location for all resources.')
param location string = deployment().location

var nonComplianceMessage_var = {
message: !empty(nonComplianceMessage) ? nonComplianceMessage : null
}

@sys.description('Optional. The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment.')
param subscriptionId string = subscription().subscriptionId

Expand Down Expand Up @@ -91,7 +87,7 @@ resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01'
description: !empty(description) ? description : null
policyDefinitionId: policyDefinitionId
parameters: parameters
nonComplianceMessages: !empty(nonComplianceMessage) ? array(nonComplianceMessage_var) : []
nonComplianceMessages: !empty(nonComplianceMessages) ? nonComplianceMessages : []
enforcementMode: enforcementMode
notScopes: !empty(notScopes) ? notScopes : []
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ With this module you can perform policy assignments on a subscription level.
| `identity` | string | `'SystemAssigned'` | `[SystemAssigned, UserAssigned, None]` | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. |
| `location` | string | `[deployment().location]` | | Location for all resources. |
| `metadata` | object | `{object}` | | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
| `nonComplianceMessage` | string | `''` | | The messages that describe why a resource is non-compliant with the policy. |
| `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. |
| `notScopes` | array | `[]` | | The policy excluded scopes. |
| `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. |
| `subscriptionId` | string | `[subscription().subscriptionId]` | | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. |
Expand Down

0 comments on commit fa8d770

Please sign in to comment.