From 293ac081a914cae03e0591ef1a5f11c8d8197f4e Mon Sep 17 00:00:00 2001
From: Veda Gudipati <vegudipa@microsoft.com>
Date: Fri, 28 Oct 2022 12:31:03 -0400
Subject: [PATCH 1/2] Code changes to support groups as part of policy
 Initiatives

1. Updated the Invoke-PolicyToBicep.ps1 PowerShell script for generating groups as part of the varCustomPolicySetDefinitionsArray
2. updated the invocation of policySetDefinitions creation to include group names
---
 .github/scripts/Invoke-PolicyToBicep.ps1          | 15 +++++++++++----
 .../definitions/customPolicyDefinitions.bicep     |  1 +
 .../definitions/mc-customPolicyDefinitions.bicep  |  1 +
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/.github/scripts/Invoke-PolicyToBicep.ps1 b/.github/scripts/Invoke-PolicyToBicep.ps1
index 531764b39..0c3c0548e 100644
--- a/.github/scripts/Invoke-PolicyToBicep.ps1
+++ b/.github/scripts/Invoke-PolicyToBicep.ps1
@@ -154,7 +154,13 @@ function New-PolicySetDefinitionsBicepInputTxtFile {
     # Loop through child Policy Set/Initiative Definitions if HashTable not == 0
     if (($policyDefinitions.Count) -ne 0) {
       $policyDefinitions | Sort-Object | ForEach-Object {
-        $policySetDefinitionsOutputForBicep.Add($_.policyDefinitionReferenceId, $_.policyDefinitionId)
+        if ($null -ne $_.groupNames -and $_.groupNames.Count -ne 0) {
+          $joinedGroupNames = "'" + ($_.groupNames -join "','" ) + "'"
+          $policySetDefinitionsOutputForBicep.Add($_.policyDefinitionReferenceId, @($_.policyDefinitionId, $joinedGroupNames))
+        }
+        else {
+          $policySetDefinitionsOutputForBicep.Add($_.policyDefinitionReferenceId, @($_.policyDefinitionId, ""))
+        }
       }
     }
 
@@ -173,7 +179,8 @@ function New-PolicySetDefinitionsBicepInputTxtFile {
       $policySetDefinitionsOutputForBicep.Keys | Sort-Object | ForEach-Object {
         $definitionReferenceId = $_
         $definitionReferenceIdForParameters = $_
-        $definitionId = $($policySetDefinitionsOutputForBicep[$_])
+        $definitionId = $($policySetDefinitionsOutputForBicep[$_][0])
+        $groups = $($policySetDefinitionsOutputForBicep[$_][1])
 
         # If definitionReferenceId or definitionReferenceIdForParameters contains apostrophes, replace that apostrophe with a backslash and an apostrohphe for Bicep string escaping
         if ($definitionReferenceId.Contains("'")) {
@@ -189,11 +196,11 @@ function New-PolicySetDefinitionsBicepInputTxtFile {
           $definitionReferenceIdForParameters = "['$definitionReferenceIdForParameters']"
 
           # Add nested array of objects to each Policy Set/Initiative Definition in the Bicep variable, without the '.' before the definitionReferenceId to make it an accessor
-          Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t`t{`r`n`t`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`t`tdefinitionId: '$definitionId'`r`n`t`t`t`tdefinitionParameters: $policySetDefParamVarCreation$definitionReferenceIdForParameters.parameters`r`n`t`t`t}"
+          Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t`t{`r`n`t`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`t`tdefinitionId: '$definitionId'`r`n`t`t`t`tdefinitionParameters: $policySetDefParamVarCreation$definitionReferenceIdForParameters.parameters`r`n`t`t`t`tgroups: [$groups]`r`n`t`t`t}"
         }
         else {
           # Add nested array of objects to each Policy Set/Initiative Definition in the Bicep variable
-          Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t`t{`r`n`t`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`t`tdefinitionId: '$definitionId'`r`n`t`t`t`tdefinitionParameters: $policySetDefParamVarCreation.$definitionReferenceIdForParameters.parameters`r`n`t`t`t}"
+          Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t`t{`r`n`t`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`t`tdefinitionId: '$definitionId'`r`n`t`t`t`tdefinitionParameters: $policySetDefParamVarCreation.$definitionReferenceIdForParameters.parameters`r`n`t`t`t`tgroups: [$groups]`r`n`t`t`t}"
         }
       }
     }
diff --git a/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep b/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep
index 41a9c2afa..c6354ac99 100644
--- a/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep
+++ b/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep
@@ -1264,6 +1264,7 @@ resource resPolicySetDefinitions 'Microsoft.Authorization/policySetDefinitions@2
       policyDefinitionReferenceId: policySetDef.definitionReferenceId
       policyDefinitionId: policySetDef.definitionId
       parameters: policySetDef.definitionParameters
+      groupNames: policySetDef.groups
     }]
     policyDefinitionGroups: policySet.libSetDefinition.properties.policyDefinitionGroups
   }
diff --git a/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep b/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep
index d07a62306..89efeec08 100644
--- a/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep
+++ b/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep
@@ -1299,6 +1299,7 @@ resource resPolicySetDefinitions 'Microsoft.Authorization/policySetDefinitions@2
       policyDefinitionReferenceId: policySetDef.definitionReferenceId
       policyDefinitionId: policySetDef.definitionId
       parameters: policySetDef.definitionParameters
+      groupNames: policySetDef.groups
     }]
     policyDefinitionGroups: policySet.libSetDefinition.properties.policyDefinitionGroups
   }

From ec942218e73369083c5533d5010d10d6824450fd Mon Sep 17 00:00:00 2001
From: Veda Gudipati <vegudipa@microsoft.com>
Date: Mon, 31 Oct 2022 10:05:23 -0400
Subject: [PATCH 2/2] Addressed PR comments and code to support mooncake
 deployments

1) Added code in Invoke-PolicyToBicep-China.ps1 to support mooncake deployment
2) Addressed the PR comments with regards to naming
---
 .github/scripts/Invoke-PolicyToBicep-China.ps1    | 15 +++++++++++----
 .github/scripts/Invoke-PolicyToBicep.ps1          |  4 ++--
 .../definitions/customPolicyDefinitions.bicep     |  2 +-
 .../definitions/mc-customPolicyDefinitions.bicep  |  2 +-
 4 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/.github/scripts/Invoke-PolicyToBicep-China.ps1 b/.github/scripts/Invoke-PolicyToBicep-China.ps1
index ebd3522a2..078ce7bf8 100644
--- a/.github/scripts/Invoke-PolicyToBicep-China.ps1
+++ b/.github/scripts/Invoke-PolicyToBicep-China.ps1
@@ -154,7 +154,13 @@ function New-PolicySetDefinitionsBicepInputTxtFile {
     # Loop through child Policy Set/Initiative Definitions if HashTable not == 0
     if (($policyDefinitions.Count) -ne 0) {
       $policyDefinitions | Sort-Object | ForEach-Object {
-        $policySetDefinitionsOutputForBicep.Add($_.policyDefinitionReferenceId, $_.policyDefinitionId)
+        if ($null -ne $_.groupNames -and $_.groupNames.Count -ne 0) {
+          $joinedGroupNames = "'" + ($_.groupNames -join "','" ) + "'"
+          $policySetDefinitionsOutputForBicep.Add($_.policyDefinitionReferenceId, @($_.policyDefinitionId, $joinedGroupNames))
+        }
+        else {
+          $policySetDefinitionsOutputForBicep.Add($_.policyDefinitionReferenceId, @($_.policyDefinitionId, ""))
+        }
       }
     }
 
@@ -173,7 +179,8 @@ function New-PolicySetDefinitionsBicepInputTxtFile {
       $policySetDefinitionsOutputForBicep.Keys | Sort-Object | ForEach-Object {
         $definitionReferenceId = $_
         $definitionReferenceIdForParameters = $_
-        $definitionId = $($policySetDefinitionsOutputForBicep[$_])
+        $definitionId = $($policySetDefinitionsOutputForBicep[$_][0])
+        $groups = $($policySetDefinitionsOutputForBicep[$_][1])
 
         # If definitionReferenceId or definitionReferenceIdForParameters contains apostrophes, replace that apostrophe with a backslash and an apostrohphe for Bicep string escaping
         if ($definitionReferenceId.Contains("'")) {
@@ -189,11 +196,11 @@ function New-PolicySetDefinitionsBicepInputTxtFile {
           $definitionReferenceIdForParameters = "['$definitionReferenceIdForParameters']"
 
           # Add nested array of objects to each Policy Set/Initiative Definition in the Bicep variable, without the '.' before the definitionReferenceId to make it an accessor
-          Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t`t{`r`n`t`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`t`tdefinitionId: '$definitionId'`r`n`t`t`t`tdefinitionParameters: $policySetDefParamVarCreation$definitionReferenceIdForParameters.parameters`r`n`t`t`t}"
+          Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t`t{`r`n`t`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`t`tdefinitionId: '$definitionId'`r`n`t`t`t`tdefinitionParameters: $policySetDefParamVarCreation$definitionReferenceIdForParameters.parameters`r`n`t`t`t`tdefinitionGroups: [$groups]`r`n`t`t`t}"
         }
         else {
           # Add nested array of objects to each Policy Set/Initiative Definition in the Bicep variable
-          Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t`t{`r`n`t`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`t`tdefinitionId: '$definitionId'`r`n`t`t`t`tdefinitionParameters: $policySetDefParamVarCreation.$definitionReferenceIdForParameters.parameters`r`n`t`t`t}"
+          Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t`t{`r`n`t`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`t`tdefinitionId: '$definitionId'`r`n`t`t`t`tdefinitionParameters: $policySetDefParamVarCreation.$definitionReferenceIdForParameters.parameters`r`n`t`t`t`tdefinitionGroups: [$groups]`r`n`t`t`t}"
         }
       }
     }
diff --git a/.github/scripts/Invoke-PolicyToBicep.ps1 b/.github/scripts/Invoke-PolicyToBicep.ps1
index 0c3c0548e..67d053107 100644
--- a/.github/scripts/Invoke-PolicyToBicep.ps1
+++ b/.github/scripts/Invoke-PolicyToBicep.ps1
@@ -196,11 +196,11 @@ function New-PolicySetDefinitionsBicepInputTxtFile {
           $definitionReferenceIdForParameters = "['$definitionReferenceIdForParameters']"
 
           # Add nested array of objects to each Policy Set/Initiative Definition in the Bicep variable, without the '.' before the definitionReferenceId to make it an accessor
-          Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t`t{`r`n`t`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`t`tdefinitionId: '$definitionId'`r`n`t`t`t`tdefinitionParameters: $policySetDefParamVarCreation$definitionReferenceIdForParameters.parameters`r`n`t`t`t`tgroups: [$groups]`r`n`t`t`t}"
+          Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t`t{`r`n`t`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`t`tdefinitionId: '$definitionId'`r`n`t`t`t`tdefinitionParameters: $policySetDefParamVarCreation$definitionReferenceIdForParameters.parameters`r`n`t`t`t`tdefinitionGroups: [$groups]`r`n`t`t`t}"
         }
         else {
           # Add nested array of objects to each Policy Set/Initiative Definition in the Bicep variable
-          Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t`t{`r`n`t`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`t`tdefinitionId: '$definitionId'`r`n`t`t`t`tdefinitionParameters: $policySetDefParamVarCreation.$definitionReferenceIdForParameters.parameters`r`n`t`t`t`tgroups: [$groups]`r`n`t`t`t}"
+          Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t`t{`r`n`t`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`t`tdefinitionId: '$definitionId'`r`n`t`t`t`tdefinitionParameters: $policySetDefParamVarCreation.$definitionReferenceIdForParameters.parameters`r`n`t`t`t`tdefinitionGroups: [$groups]`r`n`t`t`t}"
         }
       }
     }
diff --git a/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep b/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep
index c6354ac99..283f457b4 100644
--- a/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep
+++ b/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep
@@ -1264,7 +1264,7 @@ resource resPolicySetDefinitions 'Microsoft.Authorization/policySetDefinitions@2
       policyDefinitionReferenceId: policySetDef.definitionReferenceId
       policyDefinitionId: policySetDef.definitionId
       parameters: policySetDef.definitionParameters
-      groupNames: policySetDef.groups
+      groupNames: policySetDef.definitionGroups
     }]
     policyDefinitionGroups: policySet.libSetDefinition.properties.policyDefinitionGroups
   }
diff --git a/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep b/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep
index 89efeec08..a0a52bb14 100644
--- a/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep
+++ b/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep
@@ -1299,7 +1299,7 @@ resource resPolicySetDefinitions 'Microsoft.Authorization/policySetDefinitions@2
       policyDefinitionReferenceId: policySetDef.definitionReferenceId
       policyDefinitionId: policySetDef.definitionId
       parameters: policySetDef.definitionParameters
-      groupNames: policySetDef.groups
+      groupNames: policySetDef.definitionGroups
     }]
     policyDefinitionGroups: policySet.libSetDefinition.properties.policyDefinitionGroups
   }