Created
June 14, 2017 13:30
-
-
Save rcabr/ae9717fe5f6cfd9f7f5792621a2a3d77 to your computer and use it in GitHub Desktop.
Azure Resource Policies: Assign all resource policies (*.json files) in the current folder to a resource group
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Assigns all resource policies in the current folder to the specified resource group. | |
[CmdletBinding()] | |
Param( | |
[Parameter(Mandatory=$True)] | |
[string]$ResourceGroupName | |
) | |
# get subscription or ask user to log in | |
$subscription = Get-AzureRmSubscription; | |
if ($subscription -eq $null) { | |
$login = Login-AzureRmAccount; | |
$subscription = $login.Context.Subscription; | |
} | |
# find resource group to apply policies to | |
$resourceGroup = Get-AzureRmResourceGroup -Name $ResourceGroupName; | |
$scope = $resourceGroup.ResourceId; | |
# get all .JSON files from current folder, and assume they are all resource policy definitions | |
$policyTemplateFiles = Get-ChildItem | Where-Object {$_ -like "*.json"}; | |
Write-Output "Found $($policyTemplateFiles.Count) resource policies to assign to $scope."; | |
# Create policy definitions for all files in this folder | |
$policyDefinitionList = New-Object System.Collections.ArrayList; | |
foreach ($file in $policyTemplateFiles) | |
{ | |
$policyName = $file.Name.Replace(".json", ""); | |
Write-Output "Defining resource policy $policyName."; | |
# see if it already exists | |
$ErrorActionPreference = "SilentlyContinue"; | |
$policyDefinition = $null; | |
$policyDefinition = Get-AzureRmPolicyDefinition -Name $policyName; | |
$ErrorActionPreference = "Continue"; | |
# if exists | |
if ($policyDefinition -ne $null) { | |
$ignore = $policyDefinitionList.Add($policyDefinition); | |
Write-Warning "Policy definition $policyName already exists in subscription $($subscription.SubscriptionId). Will not re-define it."; | |
continue; | |
} | |
# create definition | |
$ErrorActionPreference = "Stop"; | |
$policyDefinition = New-AzureRmPolicyDefinition ` | |
-Name $policyName ` | |
-DisplayName $policyName.Replace("-", " ") ` | |
-Description $policyName.Replace("-", " ") ` | |
-Policy $file.FullName; | |
$ErrorActionPreference = "Continue"; | |
$ignore = $policyDefinitionList.Add($policyDefinition); | |
} | |
# Assign policies to scope | |
foreach ($policyDefinition in $policyDefinitionList) | |
{ | |
$policyAssignmentName = "$ResourceGroupName-$($policyDefinition.Name)"; | |
Write-Output "Assigning $($policyDefinition.Name) to $ResourceGroupName."; | |
# check for existing assignment to this scope | |
$ErrorActionPreference = "SilentlyContinue"; | |
$policyAssignment = $null; | |
$policyAssignment = Get-AzureRmPolicyAssignment -Name $policyAssignmentName -Scope $scope; | |
$ErrorActionPreference = "Continue"; | |
if ($policyAssignment -ne $null) | |
{ | |
# remove existing assignment (we'll update it, in case it's changed) | |
$ErrorActionPreference = "SilentlyContinue"; | |
$removed = Remove-AzureRmPolicyAssignment -Id $policyAssignment.ResourceId; | |
$ErrorActionPreference = "Continue"; | |
if ($removed -eq $True) { | |
Write-Warning "Found existing assignment for $policyAssignmentName in scope $scope. Removed it."; | |
} | |
else { | |
Write-Error "Found existing assignment for $policyAssignmentName in scope $scope. Could not remove it. $($error[0])"; | |
} | |
} | |
$policyAssignment = New-AzureRmPolicyAssignment -Name $policyAssignmentName ` | |
-Scope $scope ` | |
-PolicyDefinition $policyDefinition ` | |
-DisplayName $policyAssignmentName; | |
Write-Verbose "Created resource policy assignment $policyAssignmentName."; | |
} | |
Write-Output "All resource policy assignments completed."; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment