Last active
December 1, 2019 09:02
-
-
Save andrewmatveychuk/f7a69bc79eec6cb33f172b3ce3ee3d4c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Define the following variables in a deployment pipeline | |
$deploymentLocation = "West US" | |
$resourceGroupName = "your_resource_group" # or $null if assign a policy to a subscription | |
$policyAssignmentMode = "DoNotEnforce" | |
#Creating the list of all template files in a folder to use for deployment | |
$parameterFiles = (Get-ChildItem -Path ".\policy-assignments\" -File -Filter "azuredeploy.parameters.json" -Recurse).FullName | |
#Initiating the deployment of policy assignment for each parameter file | |
$parameterFiles.foreach( | |
{ | |
#Reading a parameter file and creating temporary in-memory hashtable | |
$parameterFileText = [System.IO.File]::ReadAllText($_) | |
$parameterObject = (ConvertFrom-Json $parameterFileText -AsHashtable).parameters | |
#Extracting the values of nested 'value' objects to a resulting in-memory hashtable as policy parameters are stored as the object type in the parameter files | |
$rawParameterObject = @{ | |
policyDefinitionName = $parameterObject.policyDefinitionName.value | |
policyAssignmentName = $parameterObject.policyAssignmentName.value | |
} | |
#Adding additional deployment parameters from the defined script variables | |
$rawParameterObject.Add("policyAssignmentMode", $policyAssignmentMode) | |
#Conditional template deployment | |
if ($resourceGroupName) { | |
$rawParameterObject.Add("resourceGroupName", $resourceGroupName) | |
#Use Resource Group deployment if scoping policy assignment to a specific resource group | |
New-AzResourceGroupDeployment -ResourceGroupName $resourceGroupName -TemplateFile ".\policy-assignments\azuredeploy.json" -TemplateParameterObject $rawParameterObject -Verbose | |
} else { | |
#Use subscription-level deployment if policy assignment is not scoped to a specific resource group | |
New-AzDeployment -Location $deploymentLocation -TemplateFile ".\policy-assignments\azuredeploy.json" -TemplateParameterObject $rawParameterObject -Verbose | |
} | |
} | |
) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment