Support for groups as part of policy Initiatives (#364)

* Code changes to support groups as part of policy Initiatives 1. Updated the Invoke-PolicyToBicep.ps1 PowerShell script for generating groups as part of the varCustomPolicySetDefinitionsArray 2. updated the invocation of policySetDefinitions creation to include group names * Addressed PR comments and code to support mooncake deployments 1) Added code in Invoke-PolicyToBicep-China.ps1 to support mooncake deployment 2) Addressed the PR comments with regards to naming
Azure · Nov 1, 2022 · ec9e8f2 · ec9e8f2
1 parent a223de2
commit ec9e8f2
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 8 deletions.
diff --git a/.github/scripts/Invoke-PolicyToBicep-China.ps1 b/.github/scripts/Invoke-PolicyToBicep-China.ps1
@@ -154,7 +154,13 @@ function New-PolicySetDefinitionsBicepInputTxtFile {
     # Loop through child Policy Set/Initiative Definitions if HashTable not == 0
     if (($policyDefinitions.Count) -ne 0) {
       $policyDefinitions | Sort-Object | ForEach-Object {
-        $policySetDefinitionsOutputForBicep.Add($_.policyDefinitionReferenceId, $_.policyDefinitionId)
+        if ($null -ne $_.groupNames -and $_.groupNames.Count -ne 0) {
+          $joinedGroupNames = "'" + ($_.groupNames -join "','" ) + "'"
+          $policySetDefinitionsOutputForBicep.Add($_.policyDefinitionReferenceId, @($_.policyDefinitionId, $joinedGroupNames))
+        }
+        else {
+          $policySetDefinitionsOutputForBicep.Add($_.policyDefinitionReferenceId, @($_.policyDefinitionId, ""))
+        }
       }
     }
 
@@ -173,7 +179,8 @@ function New-PolicySetDefinitionsBicepInputTxtFile {
       $policySetDefinitionsOutputForBicep.Keys | Sort-Object | ForEach-Object {
         $definitionReferenceId = $_
         $definitionReferenceIdForParameters = $_
-        $definitionId = $($policySetDefinitionsOutputForBicep[$_])
+        $definitionId = $($policySetDefinitionsOutputForBicep[$_][0])
+        $groups = $($policySetDefinitionsOutputForBicep[$_][1])
 
         # If definitionReferenceId or definitionReferenceIdForParameters contains apostrophes, replace that apostrophe with a backslash and an apostrohphe for Bicep string escaping
         if ($definitionReferenceId.Contains("'")) {
@@ -189,11 +196,11 @@ function New-PolicySetDefinitionsBicepInputTxtFile {
           $definitionReferenceIdForParameters = "['$definitionReferenceIdForParameters']"
 
           # Add nested array of objects to each Policy Set/Initiative Definition in the Bicep variable, without the '.' before the definitionReferenceId to make it an accessor
-          Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t`t{`r`n`t`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`t`tdefinitionId: '$definitionId'`r`n`t`t`t`tdefinitionParameters: $policySetDefParamVarCreation$definitionReferenceIdForParameters.parameters`r`n`t`t`t}"
+          Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t`t{`r`n`t`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`t`tdefinitionId: '$definitionId'`r`n`t`t`t`tdefinitionParameters: $policySetDefParamVarCreation$definitionReferenceIdForParameters.parameters`r`n`t`t`t`tdefinitionGroups: [$groups]`r`n`t`t`t}"
         }
         else {
           # Add nested array of objects to each Policy Set/Initiative Definition in the Bicep variable
-          Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t`t{`r`n`t`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`t`tdefinitionId: '$definitionId'`r`n`t`t`t`tdefinitionParameters: $policySetDefParamVarCreation.$definitionReferenceIdForParameters.parameters`r`n`t`t`t}"
+          Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t`t{`r`n`t`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`t`tdefinitionId: '$definitionId'`r`n`t`t`t`tdefinitionParameters: $policySetDefParamVarCreation.$definitionReferenceIdForParameters.parameters`r`n`t`t`t`tdefinitionGroups: [$groups]`r`n`t`t`t}"
         }
       }
     }

diff --git a/.github/scripts/Invoke-PolicyToBicep.ps1 b/.github/scripts/Invoke-PolicyToBicep.ps1
@@ -154,7 +154,13 @@ function New-PolicySetDefinitionsBicepInputTxtFile {
     # Loop through child Policy Set/Initiative Definitions if HashTable not == 0
     if (($policyDefinitions.Count) -ne 0) {
       $policyDefinitions | Sort-Object | ForEach-Object {
-        $policySetDefinitionsOutputForBicep.Add($_.policyDefinitionReferenceId, $_.policyDefinitionId)
+        if ($null -ne $_.groupNames -and $_.groupNames.Count -ne 0) {
+          $joinedGroupNames = "'" + ($_.groupNames -join "','" ) + "'"
+          $policySetDefinitionsOutputForBicep.Add($_.policyDefinitionReferenceId, @($_.policyDefinitionId, $joinedGroupNames))
+        }
+        else {
+          $policySetDefinitionsOutputForBicep.Add($_.policyDefinitionReferenceId, @($_.policyDefinitionId, ""))
+        }
       }
     }
 
@@ -173,7 +179,8 @@ function New-PolicySetDefinitionsBicepInputTxtFile {
       $policySetDefinitionsOutputForBicep.Keys | Sort-Object | ForEach-Object {
         $definitionReferenceId = $_
         $definitionReferenceIdForParameters = $_
-        $definitionId = $($policySetDefinitionsOutputForBicep[$_])
+        $definitionId = $($policySetDefinitionsOutputForBicep[$_][0])
+        $groups = $($policySetDefinitionsOutputForBicep[$_][1])
 
         # If definitionReferenceId or definitionReferenceIdForParameters contains apostrophes, replace that apostrophe with a backslash and an apostrohphe for Bicep string escaping
         if ($definitionReferenceId.Contains("'")) {
@@ -189,11 +196,11 @@ function New-PolicySetDefinitionsBicepInputTxtFile {
           $definitionReferenceIdForParameters = "['$definitionReferenceIdForParameters']"
 
           # Add nested array of objects to each Policy Set/Initiative Definition in the Bicep variable, without the '.' before the definitionReferenceId to make it an accessor
-          Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t`t{`r`n`t`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`t`tdefinitionId: '$definitionId'`r`n`t`t`t`tdefinitionParameters: $policySetDefParamVarCreation$definitionReferenceIdForParameters.parameters`r`n`t`t`t}"
+          Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t`t{`r`n`t`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`t`tdefinitionId: '$definitionId'`r`n`t`t`t`tdefinitionParameters: $policySetDefParamVarCreation$definitionReferenceIdForParameters.parameters`r`n`t`t`t`tdefinitionGroups: [$groups]`r`n`t`t`t}"
         }
         else {
           # Add nested array of objects to each Policy Set/Initiative Definition in the Bicep variable
-          Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t`t{`r`n`t`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`t`tdefinitionId: '$definitionId'`r`n`t`t`t`tdefinitionParameters: $policySetDefParamVarCreation.$definitionReferenceIdForParameters.parameters`r`n`t`t`t}"
+          Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t`t{`r`n`t`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`t`tdefinitionId: '$definitionId'`r`n`t`t`t`tdefinitionParameters: $policySetDefParamVarCreation.$definitionReferenceIdForParameters.parameters`r`n`t`t`t`tdefinitionGroups: [$groups]`r`n`t`t`t}"
         }
       }
     }

diff --git a/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep b/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep
@@ -1264,6 +1264,7 @@ resource resPolicySetDefinitions 'Microsoft.Authorization/policySetDefinitions@2
       policyDefinitionReferenceId: policySetDef.definitionReferenceId
       policyDefinitionId: policySetDef.definitionId
       parameters: policySetDef.definitionParameters
+      groupNames: policySetDef.definitionGroups
     }]
     policyDefinitionGroups: policySet.libSetDefinition.properties.policyDefinitionGroups
   }

diff --git a/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep b/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep
@@ -1299,6 +1299,7 @@ resource resPolicySetDefinitions 'Microsoft.Authorization/policySetDefinitions@2
       policyDefinitionReferenceId: policySetDef.definitionReferenceId
       policyDefinitionId: policySetDef.definitionId
       parameters: policySetDef.definitionParameters
+      groupNames: policySetDef.definitionGroups
     }]
     policyDefinitionGroups: policySet.libSetDefinition.properties.policyDefinitionGroups
   }