andrewmatveychuk/deploy-policy-assignments.ps1

## deploy-policy-assignments.ps1
# Define the following variables in a deployment pipeline
$deploymentLocation = "West US"
$resourceGroupName = "your_resource_group" # or $null if assign a policy to a subscription
$policyAssignmentMode = "DoNotEnforce"

#Creating the list of all template files in a folder to use for deployment
$parameterFiles = (Get-ChildItem -Path ".\policy-assignments\" -File -Filter "azuredeploy.parameters.json" -Recurse).FullName

#Initiating the deployment of policy assignment for each parameter file
$parameterFiles.foreach(
    {
        #Reading a parameter file and creating temporary in-memory hashtable
        $parameterFileText = [System.IO.File]::ReadAllText($_)
        $parameterObject = (ConvertFrom-Json $parameterFileText -AsHashtable).parameters

        #Extracting the values of nested 'value' objects to a resulting in-memory hashtable as policy parameters are stored as the object type in the parameter files
        $rawParameterObject = @{
            policyDefinitionName = $parameterObject.policyDefinitionName.value
            policyAssignmentName = $parameterObject.policyAssignmentName.value
        }

        #Adding additional deployment parameters from the defined script variables
        $rawParameterObject.Add("policyAssignmentMode", $policyAssignmentMode)

        #Conditional template deployment
        if ($resourceGroupName) {
            $rawParameterObject.Add("resourceGroupName", $resourceGroupName)
            #Use Resource Group deployment if scoping policy assignment to a specific resource group
            New-AzResourceGroupDeployment -ResourceGroupName $resourceGroupName -TemplateFile ".\policy-assignments\azuredeploy.json" -TemplateParameterObject $rawParameterObject -Verbose
        } else {
            #Use subscription-level deployment if policy assignment is not scoped to a specific resource group
            New-AzDeployment -Location $deploymentLocation -TemplateFile ".\policy-assignments\azuredeploy.json" -TemplateParameterObject $rawParameterObject -Verbose
        }
    }
)
	# Define the following variables in a deployment pipeline
	$deploymentLocation = "West US"
	$resourceGroupName = "your_resource_group" # or $null if assign a policy to a subscription
	$policyAssignmentMode = "DoNotEnforce"

	#Creating the list of all template files in a folder to use for deployment
	$parameterFiles = (Get-ChildItem -Path ".\policy-assignments\" -File -Filter "azuredeploy.parameters.json" -Recurse).FullName

	#Initiating the deployment of policy assignment for each parameter file
	$parameterFiles.foreach(
	{
	#Reading a parameter file and creating temporary in-memory hashtable
	$parameterFileText = [System.IO.File]::ReadAllText($_)
	$parameterObject = (ConvertFrom-Json $parameterFileText -AsHashtable).parameters

	#Extracting the values of nested 'value' objects to a resulting in-memory hashtable as policy parameters are stored as the object type in the parameter files
	$rawParameterObject = @{
	policyDefinitionName = $parameterObject.policyDefinitionName.value
	policyAssignmentName = $parameterObject.policyAssignmentName.value
	}

	#Adding additional deployment parameters from the defined script variables
	$rawParameterObject.Add("policyAssignmentMode", $policyAssignmentMode)

	#Conditional template deployment
	if ($resourceGroupName) {
	$rawParameterObject.Add("resourceGroupName", $resourceGroupName)
	#Use Resource Group deployment if scoping policy assignment to a specific resource group
	New-AzResourceGroupDeployment -ResourceGroupName $resourceGroupName -TemplateFile ".\policy-assignments\azuredeploy.json" -TemplateParameterObject $rawParameterObject -Verbose
	} else {
	#Use subscription-level deployment if policy assignment is not scoped to a specific resource group
	New-AzDeployment -Location $deploymentLocation -TemplateFile ".\policy-assignments\azuredeploy.json" -TemplateParameterObject $rawParameterObject -Verbose
	}
	}
	)