From f40fc72ecbec2e2388a7995e4c523b6529d2d134 Mon Sep 17 00:00:00 2001 From: Jesse Loudon Date: Fri, 12 Mar 2021 07:19:08 +1100 Subject: [PATCH] refactor based on PR 1763 changes --- .../actionGroup.bicep | 17 +- .../actionGroup.json | 20 +- .../main.bicep | 101 ++--- .../main.json | 234 +++++----- .../policyAssignment.bicep | 15 +- .../policyAssignment.json | 12 +- .../policyDefinition.bicep | 405 +++++++++--------- .../policyDefinition.json | 16 +- .../resourceGroup.bicep | 18 - .../resourceGroup.json | 38 -- 10 files changed, 425 insertions(+), 451 deletions(-) delete mode 100644 deployifnotexists-policy-with-initiative-and-assignment/resourceGroup.bicep delete mode 100644 deployifnotexists-policy-with-initiative-and-assignment/resourceGroup.json diff --git a/deployifnotexists-policy-with-initiative-and-assignment/actionGroup.bicep b/deployifnotexists-policy-with-initiative-and-assignment/actionGroup.bicep index 4fea793..82de3c1 100644 --- a/deployifnotexists-policy-with-initiative-and-assignment/actionGroup.bicep +++ b/deployifnotexists-policy-with-initiative-and-assignment/actionGroup.bicep @@ -1,15 +1,12 @@ -// DEPLOYMENT SCOPE targetScope = 'resourceGroup' // PARAMETERS -param actionGroupName string = 'AzureSpringCleanAG' -param actionGroupEnabled bool = true -param actionGroupShortName string = 'azspgcln' -param actionGroupEmailName string = 'jloudon' -param actionGroupEmail string = 'jesse.loudon@lab3.com.au' -param actionGroupAlertSchema bool = true - -// VARIABLES +param actionGroupName string +param actionGroupEnabled bool +param actionGroupShortName string +param actionGroupEmailName string +param actionGroupEmail string +param actionGroupAlertSchema bool // OUTPUTS output actionGroupId string = actionGroup.id @@ -19,7 +16,7 @@ output actionGroupName string = actionGroup.name resource actionGroup 'microsoft.insights/actionGroups@2019-06-01' = { location: 'global' name: actionGroupName - properties:{ + properties: { enabled: actionGroupEnabled groupShortName: actionGroupShortName emailReceivers: [ diff --git a/deployifnotexists-policy-with-initiative-and-assignment/actionGroup.json b/deployifnotexists-policy-with-initiative-and-assignment/actionGroup.json index a3637cc..0d83a1e 100644 --- a/deployifnotexists-policy-with-initiative-and-assignment/actionGroup.json +++ b/deployifnotexists-policy-with-initiative-and-assignment/actionGroup.json @@ -3,28 +3,22 @@ "contentVersion": "1.0.0.0", "parameters": { "actionGroupName": { - "type": "string", - "defaultValue": "AzureSpringCleanAG" + "type": "string" }, "actionGroupEnabled": { - "type": "bool", - "defaultValue": true + "type": "bool" }, "actionGroupShortName": { - "type": "string", - "defaultValue": "azspgcln" + "type": "string" }, "actionGroupEmailName": { - "type": "string", - "defaultValue": "jloudon" + "type": "string" }, "actionGroupEmail": { - "type": "string", - "defaultValue": "jesse.loudon@lab3.com.au" + "type": "string" }, "actionGroupAlertSchema": { - "type": "bool", - "defaultValue": true + "type": "bool" } }, "functions": [], @@ -61,7 +55,7 @@ "_generator": { "name": "bicep", "version": "0.3.1.62928", - "templateHash": "2965522816963686339" + "templateHash": "4471586566873631585" } } } \ No newline at end of file diff --git a/deployifnotexists-policy-with-initiative-and-assignment/main.bicep b/deployifnotexists-policy-with-initiative-and-assignment/main.bicep index 8d84ddb..b472bbd 100644 --- a/deployifnotexists-policy-with-initiative-and-assignment/main.bicep +++ b/deployifnotexists-policy-with-initiative-and-assignment/main.bicep @@ -1,74 +1,79 @@ -// DEPLOYMENT SCOPE targetScope = 'subscription' // PARAMETERS param resourceGroupName string = 'BicepExampleRG' -param location string = 'australiaeast' +param resourceGrouplocation string = 'australiaeast' param actionGroupName string = 'BicepExampleAG' - -// VARIABLES - -// OUTPUTS +param actionGroupEnabled bool = true +param actionGroupShortName string = 'bicepag' +param actionGroupEmailName string = 'jloudon' +param actionGroupEmail string = 'jesse.loudon@lab3.com.au' +param actionGroupAlertSchema bool = true +param metricAlertResourceNamespace string = 'Microsoft.Network/loadBalancers' +param metricAlertName string = 'DipAvailability' +param metricAlertDimension1 string = 'ProtocolType' +param metricAlertDimension2 string = 'FrontendIPAddress' +param metricAlertDimension3 string = 'BackendIPAddress' +param metricAlertDescription string = 'Average Load Balancer health probe status per time duration' +param metricAlertSeverity string = '2' +param metricAlertEnabled string = 'true' +param metricAlertEvaluationFrequency string = 'PT15M' +param metricAlertWindowSize string = 'PT1H' +param metricAlertSensitivity string = 'Medium' +param metricAlertOperator string = 'LessThan' +param metricAlertTimeAggregation string = 'Average' +param metricAlertCriterionType string = 'DynamicThresholdCriterion' +param metricAlertAutoMitigate string = 'true' +param assignmentEnforcementMode string = 'Default' // RESOURCES -module rg './resourceGroup.bicep' = { - scope: subscription() - name: 'resourceGroup' - params: { - resourceGroupName: resourceGroupName - location: location - } +resource rg 'Microsoft.Resources/resourceGroups@2020-06-01' = { + name: resourceGroupName + location: resourceGrouplocation } module ag './actionGroup.bicep' = { - scope: resourceGroup(resourceGroupName) + scope: rg name: 'actionGroup' params: { - actionGroupName: actionGroupName - actionGroupEnabled: true - actionGroupShortName: 'azspgcln' - actionGroupEmailName: 'jloudon' - actionGroupEmail: 'jesse.loudon@lab3.com.au' - actionGroupAlertSchema: true + actionGroupName: actionGroupName + actionGroupEnabled: actionGroupEnabled + actionGroupShortName: actionGroupShortName + actionGroupEmailName: actionGroupEmailName + actionGroupEmail: actionGroupEmail + actionGroupAlertSchema: actionGroupAlertSchema } - dependsOn:[ - rg - ] } module policy './policyDefinition.bicep' = { - scope: subscription() name: 'policy' params: { - actionGroupName: ag.outputs.actionGroupName - actionGroupRG: resourceGroupName - actionGroupId: ag.outputs.actionGroupId - metricAlertResourceNamespace: 'Microsoft.Network/loadBalancers' - metricAlertName: 'DipAvailability' - metricAlertDimension1: 'ProtocolType' - metricAlertDimension2: 'FrontendIPAddress' - metricAlertDimension3: 'BackendIPAddress' - metricAlertDescription: 'Average Load Balancer health probe status per time duration' - metricAlertSeverity: '2' - metricAlertEnabled: 'true' - metricAlertEvaluationFrequency: 'PT15M' - metricAlertWindowSize: 'PT1H' - metricAlertSensitivity: 'Medium' - metricAlertOperator: 'LessThan' - metricAlertTimeAggregation: 'Average' - metricAlertCriterionType: 'DynamicThresholdCriterion' - metricAlertAutoMitigate: 'true' + actionGroupName: ag.outputs.actionGroupName + actionGroupRG: resourceGroupName + actionGroupId: ag.outputs.actionGroupId + metricAlertResourceNamespace: metricAlertResourceNamespace + metricAlertName: metricAlertName + metricAlertDimension1: metricAlertDimension1 + metricAlertDimension2: metricAlertDimension2 + metricAlertDimension3: metricAlertDimension3 + metricAlertDescription: metricAlertDescription + metricAlertSeverity: metricAlertSeverity + metricAlertEnabled: metricAlertEnabled + metricAlertEvaluationFrequency: metricAlertEvaluationFrequency + metricAlertWindowSize: metricAlertWindowSize + metricAlertSensitivity: metricAlertSensitivity + metricAlertOperator: metricAlertOperator + metricAlertTimeAggregation: metricAlertTimeAggregation + metricAlertCriterionType: metricAlertCriterionType + metricAlertAutoMitigate: metricAlertAutoMitigate } } module assignment './policyAssignment.bicep' = { - scope: subscription() name: 'assignment' params: { - location: location - bicepExampleInitiativeId: policy.outputs.bicepExampleInitiativeId + bicepExampleInitiativeId: policy.outputs.bicepExampleInitiativeId + assignmentIdentityLocation: resourceGrouplocation + assignmentEnforcementMode: assignmentEnforcementMode } - dependsOn: [ - policy - ] } \ No newline at end of file diff --git a/deployifnotexists-policy-with-initiative-and-assignment/main.json b/deployifnotexists-policy-with-initiative-and-assignment/main.json index 6265d5d..ed20023 100644 --- a/deployifnotexists-policy-with-initiative-and-assignment/main.json +++ b/deployifnotexists-policy-with-initiative-and-assignment/main.json @@ -6,67 +6,106 @@ "type": "string", "defaultValue": "BicepExampleRG" }, - "location": { + "resourceGrouplocation": { "type": "string", "defaultValue": "australiaeast" }, "actionGroupName": { "type": "string", "defaultValue": "BicepExampleAG" + }, + "actionGroupEnabled": { + "type": "bool", + "defaultValue": true + }, + "actionGroupShortName": { + "type": "string", + "defaultValue": "bicepag" + }, + "actionGroupEmailName": { + "type": "string", + "defaultValue": "jloudon" + }, + "actionGroupEmail": { + "type": "string", + "defaultValue": "jesse.loudon@lab3.com.au" + }, + "actionGroupAlertSchema": { + "type": "bool", + "defaultValue": true + }, + "metricAlertResourceNamespace": { + "type": "string", + "defaultValue": "Microsoft.Network/loadBalancers" + }, + "metricAlertName": { + "type": "string", + "defaultValue": "DipAvailability" + }, + "metricAlertDimension1": { + "type": "string", + "defaultValue": "ProtocolType" + }, + "metricAlertDimension2": { + "type": "string", + "defaultValue": "FrontendIPAddress" + }, + "metricAlertDimension3": { + "type": "string", + "defaultValue": "BackendIPAddress" + }, + "metricAlertDescription": { + "type": "string", + "defaultValue": "Average Load Balancer health probe status per time duration" + }, + "metricAlertSeverity": { + "type": "string", + "defaultValue": "2" + }, + "metricAlertEnabled": { + "type": "string", + "defaultValue": "true" + }, + "metricAlertEvaluationFrequency": { + "type": "string", + "defaultValue": "PT15M" + }, + "metricAlertWindowSize": { + "type": "string", + "defaultValue": "PT1H" + }, + "metricAlertSensitivity": { + "type": "string", + "defaultValue": "Medium" + }, + "metricAlertOperator": { + "type": "string", + "defaultValue": "LessThan" + }, + "metricAlertTimeAggregation": { + "type": "string", + "defaultValue": "Average" + }, + "metricAlertCriterionType": { + "type": "string", + "defaultValue": "DynamicThresholdCriterion" + }, + "metricAlertAutoMitigate": { + "type": "string", + "defaultValue": "true" + }, + "assignmentEnforcementMode": { + "type": "string", + "defaultValue": "Default" } }, "functions": [], "resources": [ { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "resourceGroup", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "resourceGroupName": { - "value": "[parameters('resourceGroupName')]" - }, - "location": { - "value": "[parameters('location')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "resourceGroupName": { - "type": "string" - }, - "location": { - "type": "string" - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Resources/resourceGroups", - "apiVersion": "2020-06-01", - "name": "[parameters('resourceGroupName')]", - "location": "[parameters('location')]" - } - ], - "outputs": { - "rgId": { - "type": "string", - "value": "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('resourceGroupName'))]" - }, - "rgName": { - "type": "string", - "value": "[parameters('resourceGroupName')]" - } - } - } - } + "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2020-06-01", + "name": "[parameters('resourceGroupName')]", + "location": "[parameters('resourceGrouplocation')]" }, { "type": "Microsoft.Resources/deployments", @@ -83,19 +122,19 @@ "value": "[parameters('actionGroupName')]" }, "actionGroupEnabled": { - "value": true + "value": "[parameters('actionGroupEnabled')]" }, "actionGroupShortName": { - "value": "azspgcln" + "value": "[parameters('actionGroupShortName')]" }, "actionGroupEmailName": { - "value": "jloudon" + "value": "[parameters('actionGroupEmailName')]" }, "actionGroupEmail": { - "value": "jesse.loudon@lab3.com.au" + "value": "[parameters('actionGroupEmail')]" }, "actionGroupAlertSchema": { - "value": true + "value": "[parameters('actionGroupAlertSchema')]" } }, "template": { @@ -103,28 +142,22 @@ "contentVersion": "1.0.0.0", "parameters": { "actionGroupName": { - "type": "string", - "defaultValue": "AzureSpringCleanAG" + "type": "string" }, "actionGroupEnabled": { - "type": "bool", - "defaultValue": true + "type": "bool" }, "actionGroupShortName": { - "type": "string", - "defaultValue": "azspgcln" + "type": "string" }, "actionGroupEmailName": { - "type": "string", - "defaultValue": "jloudon" + "type": "string" }, "actionGroupEmail": { - "type": "string", - "defaultValue": "jesse.loudon@lab3.com.au" + "type": "string" }, "actionGroupAlertSchema": { - "type": "bool", - "defaultValue": true + "type": "bool" } }, "functions": [], @@ -160,7 +193,7 @@ } }, "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', 'resourceGroup')]" + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('resourceGroupName'))]" ] }, { @@ -184,49 +217,49 @@ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'actionGroup'), '2019-10-01').outputs.actionGroupId.value]" }, "metricAlertResourceNamespace": { - "value": "Microsoft.Network/loadBalancers" + "value": "[parameters('metricAlertResourceNamespace')]" }, "metricAlertName": { - "value": "DipAvailability" + "value": "[parameters('metricAlertName')]" }, "metricAlertDimension1": { - "value": "ProtocolType" + "value": "[parameters('metricAlertDimension1')]" }, "metricAlertDimension2": { - "value": "FrontendIPAddress" + "value": "[parameters('metricAlertDimension2')]" }, "metricAlertDimension3": { - "value": "BackendIPAddress" + "value": "[parameters('metricAlertDimension3')]" }, "metricAlertDescription": { - "value": "Average Load Balancer health probe status per time duration" + "value": "[parameters('metricAlertDescription')]" }, "metricAlertSeverity": { - "value": "2" + "value": "[parameters('metricAlertSeverity')]" }, "metricAlertEnabled": { - "value": "true" + "value": "[parameters('metricAlertEnabled')]" }, "metricAlertEvaluationFrequency": { - "value": "PT15M" + "value": "[parameters('metricAlertEvaluationFrequency')]" }, "metricAlertWindowSize": { - "value": "PT1H" + "value": "[parameters('metricAlertWindowSize')]" }, "metricAlertSensitivity": { - "value": "Medium" + "value": "[parameters('metricAlertSensitivity')]" }, "metricAlertOperator": { - "value": "LessThan" + "value": "[parameters('metricAlertOperator')]" }, "metricAlertTimeAggregation": { - "value": "Average" + "value": "[parameters('metricAlertTimeAggregation')]" }, "metricAlertCriterionType": { - "value": "DynamicThresholdCriterion" + "value": "[parameters('metricAlertCriterionType')]" }, "metricAlertAutoMitigate": { - "value": "true" + "value": "[parameters('metricAlertAutoMitigate')]" } }, "template": { @@ -341,7 +374,7 @@ }, { "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[format('[concat(subscription().id, ''/resourceGroups/'', resourceGroup().name, ''/providers/{0}/'', {1}(''fullName''))]', parameters('metricAlertResourceNamespace'), 'field')]" + "equals": "[format('[concat(subscription().id, ''/resourceGroups/'', resourceGroup().name, ''/providers/{0}/'', field(''fullName''))]', parameters('metricAlertResourceNamespace'))]" } ] }, @@ -400,14 +433,14 @@ { "type": "Microsoft.Insights/metricAlerts", "apiVersion": "2018-03-01", - "name": "[format('[concat({0}''resourceName''), ''-{1}'')]', 'parameters(', parameters('metricAlertName'))]", + "name": "[format('[concat(parameters(''resourceName''), ''-{0}'')]', parameters('metricAlertName'))]", "location": "global", "properties": { "description": "[parameters('metricAlertDescription')]", "severity": "[parameters('metricAlertResourceNamespace')]", "enabled": "[parameters('metricAlertEnabled')]", "scopes": [ - "[format('[{0}''resourceId'')]', 'parameters(')]" + "[[parameters('resourceId')]" ], "evaluationFrequency": "[parameters('metricAlertEvaluationFrequency')]", "windowSize": "[parameters('metricAlertWindowSize')]", @@ -454,7 +487,7 @@ }, "autoMitigate": "[parameters('metricAlertAutoMitigate')]", "targetResourceType": "[parameters('metricAlertResourceNamespace')]", - "targetResourceRegion": "[format('[{0}''resourceLocation'')]', 'parameters(')]", + "targetResourceRegion": "[[parameters('resourceLocation')]", "actions": [ { "actionGroupId": "[parameters('actionGroupId')]", @@ -467,13 +500,13 @@ }, "parameters": { "resourceName": { - "value": "[format('[{0}(''name'')]', 'field')]" + "value": "[[field('name')]" }, "resourceId": { - "value": "[format('[{0}(''id'')]', 'field')]" + "value": "[[field('id')]" }, "resourceLocation": { - "value": "[format('[{0}(''location'')]', 'field')]" + "value": "[[field('location')]" }, "actionGroupName": { "value": "[parameters('actionGroupName')]" @@ -541,11 +574,14 @@ }, "mode": "Incremental", "parameters": { - "location": { - "value": "[parameters('location')]" - }, "bicepExampleInitiativeId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'policy'), '2019-10-01').outputs.bicepExampleInitiativeId.value]" + }, + "assignmentIdentityLocation": { + "value": "[parameters('resourceGrouplocation')]" + }, + "assignmentEnforcementMode": { + "value": "[parameters('assignmentEnforcementMode')]" } }, "template": { @@ -555,7 +591,10 @@ "bicepExampleInitiativeId": { "type": "string" }, - "location": { + "assignmentIdentityLocation": { + "type": "string" + }, + "assignmentEnforcementMode": { "type": "string" } }, @@ -565,20 +604,19 @@ "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2020-09-01", "name": "bicepExampleAssignment", - "location": "[parameters('location')]", + "location": "[parameters('assignmentIdentityLocation')]", "identity": { "type": "SystemAssigned" }, "properties": { "displayName": "Bicep Example Assignment", "description": "Bicep Example Assignment", - "enforcementMode": "Default", + "enforcementMode": "[parameters('assignmentEnforcementMode')]", "metadata": { "source": "Bicep", "version": "0.1.0" }, "policyDefinitionId": "[parameters('bicepExampleInitiativeId')]", - "parameters": {}, "nonComplianceMessages": [ { "message": "Resource is not compliant with a DeployIfNotExists policy" @@ -598,7 +636,7 @@ "_generator": { "name": "bicep", "version": "0.3.1.62928", - "templateHash": "1192602054325006482" + "templateHash": "14501545516933283152" } } } \ No newline at end of file diff --git a/deployifnotexists-policy-with-initiative-and-assignment/policyAssignment.bicep b/deployifnotexists-policy-with-initiative-and-assignment/policyAssignment.bicep index a18d118..ff40f6a 100644 --- a/deployifnotexists-policy-with-initiative-and-assignment/policyAssignment.bicep +++ b/deployifnotexists-policy-with-initiative-and-assignment/policyAssignment.bicep @@ -1,31 +1,26 @@ -// DEPLOYMENT SCOPE targetScope = 'subscription' // PARAMETERS param bicepExampleInitiativeId string -param location string - -// VARIABLES - -// OUTPUTS +param assignmentIdentityLocation string +param assignmentEnforcementMode string // RESOURCES resource bicepExampleAssignment 'Microsoft.Authorization/policyAssignments@2020-09-01' = { name: 'bicepExampleAssignment' - location: location - identity:{ + location: assignmentIdentityLocation + identity: { type: 'SystemAssigned' } properties: { displayName: 'Bicep Example Assignment' description: 'Bicep Example Assignment' - enforcementMode:'Default' + enforcementMode: assignmentEnforcementMode metadata: { source: 'Bicep' version: '0.1.0' } policyDefinitionId: bicepExampleInitiativeId - parameters: {} nonComplianceMessages: [ { message: 'Resource is not compliant with a DeployIfNotExists policy' diff --git a/deployifnotexists-policy-with-initiative-and-assignment/policyAssignment.json b/deployifnotexists-policy-with-initiative-and-assignment/policyAssignment.json index e648329..2340250 100644 --- a/deployifnotexists-policy-with-initiative-and-assignment/policyAssignment.json +++ b/deployifnotexists-policy-with-initiative-and-assignment/policyAssignment.json @@ -5,7 +5,10 @@ "bicepExampleInitiativeId": { "type": "string" }, - "location": { + "assignmentIdentityLocation": { + "type": "string" + }, + "assignmentEnforcementMode": { "type": "string" } }, @@ -15,20 +18,19 @@ "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2020-09-01", "name": "bicepExampleAssignment", - "location": "[parameters('location')]", + "location": "[parameters('assignmentIdentityLocation')]", "identity": { "type": "SystemAssigned" }, "properties": { "displayName": "Bicep Example Assignment", "description": "Bicep Example Assignment", - "enforcementMode": "Default", + "enforcementMode": "[parameters('assignmentEnforcementMode')]", "metadata": { "source": "Bicep", "version": "0.1.0" }, "policyDefinitionId": "[parameters('bicepExampleInitiativeId')]", - "parameters": {}, "nonComplianceMessages": [ { "message": "Resource is not compliant with a DeployIfNotExists policy" @@ -41,7 +43,7 @@ "_generator": { "name": "bicep", "version": "0.3.1.62928", - "templateHash": "2797024266100348937" + "templateHash": "7870791294115762722" } } } \ No newline at end of file diff --git a/deployifnotexists-policy-with-initiative-and-assignment/policyDefinition.bicep b/deployifnotexists-policy-with-initiative-and-assignment/policyDefinition.bicep index 4adda7b..c7cae71 100644 --- a/deployifnotexists-policy-with-initiative-and-assignment/policyDefinition.bicep +++ b/deployifnotexists-policy-with-initiative-and-assignment/policyDefinition.bicep @@ -1,7 +1,6 @@ -// DEPLOYMENT SCOPE targetScope = 'subscription' -// PARAMETERS +// PARAMETERS param actionGroupName string param actionGroupRG string param actionGroupId string @@ -30,219 +29,219 @@ output bicepExampleInitiativeId string = bicepExampleInitiative.id // RESOURCES resource bicepExampleDINEpolicy 'Microsoft.Authorization/policyDefinitions@2020-09-01' = { - name: 'bicepExampleDINEpolicy' - properties:{ - displayName: 'DINE metric alert to Load Balancer for dipAvailability' - description: 'DeployIfNotExists a metric alert to Load Balancers for dipAvailability (Average Load Balancer health probe status per time duration)' - policyType: 'Custom' - mode: 'All' - metadata: { - category: policyDefCategory - source: policySource - version: '0.1.0' - } - parameters: {} - policyRule: { - if: { - allOf: [ - { - field: 'type' - equals: metricAlertResourceNamespace - } - { - field: 'Microsoft.Network/loadBalancers/sku.name' - equals: 'Standard' // only Standard SKU support metric alerts - } - ] - } - then: { - effect: 'deployIfNotExists' - details: { - roleDefinitionIds: [ - '/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c' // contributor RBAC role for deployIfNotExists effect - ] - type: 'Microsoft.Insights/metricAlerts' - existenceCondition: { - allOf: [ - { - field: 'Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace' - equals: metricAlertResourceNamespace - } - { - field: 'Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName' - equals: metricAlertName - } - { - field: 'Microsoft.Insights/metricalerts/scopes[*]' - equals: '[concat(subscription().id, \'/resourceGroups/\', resourceGroup().name, \'/providers/${metricAlertResourceNamespace}/\', ${'field'}(\'fullName\'))]' - } - ] - } - deployment: { - properties: { - mode: 'incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - parameters: { - resourceName: { - type: 'String' - metadata: { - displayName: 'resourceName' - description: 'Name of the resource' - } - } - resourceId: { - type: 'String' - metadata: { - displayName: 'resourceId' - description: 'Resource ID of the resource emitting the metric that will be used for the comparison' - } - } - resourceLocation: { - type: 'String' - metadata: { - displayName: 'resourceLocation' - description: 'Location of the resource' - } - } - actionGroupName: { - type: 'String' - metadata: { - displayName: 'actionGroupName' - description: 'Name of the Action Group' + name: 'bicepExampleDINEpolicy' + properties: { + displayName: 'DINE metric alert to Load Balancer for dipAvailability' + description: 'DeployIfNotExists a metric alert to Load Balancers for dipAvailability (Average Load Balancer health probe status per time duration)' + policyType: 'Custom' + mode: 'All' + metadata: { + category: policyDefCategory + source: policySource + version: '0.1.0' + } + parameters: {} + policyRule: { + if: { + allOf: [ + { + field: 'type' + equals: metricAlertResourceNamespace + } + { + field: 'Microsoft.Network/loadBalancers/sku.name' + equals: 'Standard' // only Standard SKU support metric alerts + } + ] + } + then: { + effect: 'deployIfNotExists' + details: { + roleDefinitionIds: [ + '/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c' // contributor RBAC role for deployIfNotExists effect + ] + type: 'Microsoft.Insights/metricAlerts' + existenceCondition: { + allOf: [ + { + field: 'Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace' + equals: metricAlertResourceNamespace } - } - actionGroupRG: { - type: 'String' - metadata: { - displayName: 'actionGroupRG' - description: 'Resource Group containing the Action Group' + { + field: 'Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName' + equals: metricAlertName } - } - actionGroupId: { - type: 'String' - metadata: { - displayName: 'actionGroupId' - description: 'The ID of the action group that is triggered when the alert is activated or deactivated' + { + field: 'Microsoft.Insights/metricalerts/scopes[*]' + equals: '[concat(subscription().id, \'/resourceGroups/\', resourceGroup().name, \'/providers/${metricAlertResourceNamespace}/\', field(\'fullName\'))]' } - } + ] } - variables: {} - resources: [ - { - type: 'Microsoft.Insights/metricAlerts' - apiVersion: '2018-03-01' - name: '[concat(${'parameters('}\'resourceName\'), \'-${metricAlertName}\')]' - location: 'global' - properties: { - description: metricAlertDescription - severity: metricAlertResourceNamespace - enabled: metricAlertEnabled - scopes: [ - '[${'parameters('}\'resourceId\')]' - ] - evaluationFrequency: metricAlertEvaluationFrequency - windowSize: metricAlertWindowSize - criteria: { - allOf: [ - { - alertSensitivity: metricAlertSensitivity - failingPeriods: { - numberOfEvaluationPeriods: '2' - minFailingPeriodsToAlert: '1' - } - name: 'Metric1' - metricNamespace: metricAlertResourceNamespace - metricName: metricAlertName - dimensions: [ - { - name: metricAlertDimension1 - operator: 'Include' - values: [ - '*' - ] - } - { - name: metricAlertDimension2 - operator: 'Include' - values: [ - '*' - ] - } - { - name: metricAlertDimension3 - operator: 'Include' - values: [ - '*' - ] - } - ] - operator: metricAlertOperator - timeAggregation: metricAlertTimeAggregation - criterionType: metricAlertCriterionType - } - ] - 'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria' - } - autoMitigate: metricAlertAutoMitigate - targetResourceType: metricAlertResourceNamespace - targetResourceRegion: '[${'parameters('}\'resourceLocation\')]' - actions: [ + deployment: { + properties: { + mode: 'incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + parameters: { + resourceName: { + type: 'String' + metadata: { + displayName: 'resourceName' + description: 'Name of the resource' + } + } + resourceId: { + type: 'String' + metadata: { + displayName: 'resourceId' + description: 'Resource ID of the resource emitting the metric that will be used for the comparison' + } + } + resourceLocation: { + type: 'String' + metadata: { + displayName: 'resourceLocation' + description: 'Location of the resource' + } + } + actionGroupName: { + type: 'String' + metadata: { + displayName: 'actionGroupName' + description: 'Name of the Action Group' + } + } + actionGroupRG: { + type: 'String' + metadata: { + displayName: 'actionGroupRG' + description: 'Resource Group containing the Action Group' + } + } + actionGroupId: { + type: 'String' + metadata: { + displayName: 'actionGroupId' + description: 'The ID of the action group that is triggered when the alert is activated or deactivated' + } + } + } + variables: {} + resources: [ { - actionGroupId: actionGroupId - webHookProperties: {} + type: 'Microsoft.Insights/metricAlerts' + apiVersion: '2018-03-01' + name: '[concat(parameters(\'resourceName\'), \'-${metricAlertName}\')]' + location: 'global' + properties: { + description: metricAlertDescription + severity: metricAlertResourceNamespace + enabled: metricAlertEnabled + scopes: [ + '[parameters(\'resourceId\')]' + ] + evaluationFrequency: metricAlertEvaluationFrequency + windowSize: metricAlertWindowSize + criteria: { + allOf: [ + { + alertSensitivity: metricAlertSensitivity + failingPeriods: { + numberOfEvaluationPeriods: '2' + minFailingPeriodsToAlert: '1' + } + name: 'Metric1' + metricNamespace: metricAlertResourceNamespace + metricName: metricAlertName + dimensions: [ + { + name: metricAlertDimension1 + operator: 'Include' + values: [ + '*' + ] + } + { + name: metricAlertDimension2 + operator: 'Include' + values: [ + '*' + ] + } + { + name: metricAlertDimension3 + operator: 'Include' + values: [ + '*' + ] + } + ] + operator: metricAlertOperator + timeAggregation: metricAlertTimeAggregation + criterionType: metricAlertCriterionType + } + ] + 'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria' + } + autoMitigate: metricAlertAutoMitigate + targetResourceType: metricAlertResourceNamespace + targetResourceRegion: '[parameters(\'resourceLocation\')]' + actions: [ + { + actionGroupId: actionGroupId + webHookProperties: {} + } + ] + } } ] - } - } - ] - } - parameters: { - resourceName: { - value: '[${'field'}(\'name\')]' - } - resourceId: { - value: '[${'field'}(\'id\')]' - } - resourceLocation: { - value: '[${'field'}(\'location\')]' - } - actionGroupName: { - value: actionGroupName - } - actionGroupRG: { - value: actionGroupRG - } - actionGroupID: { - value: actionGroupId - } - } - } - } + } + parameters: { + resourceName: { + value: '[field(\'name\')]' + } + resourceId: { + value: '[field(\'id\')]' + } + resourceLocation: { + value: '[field(\'location\')]' + } + actionGroupName: { + value: actionGroupName + } + actionGroupRG: { + value: actionGroupRG + } + actionGroupID: { + value: actionGroupId + } + } + } + } + } + } } - } - } -} + } } resource bicepExampleInitiative 'Microsoft.Authorization/policySetDefinitions@2020-09-01' = { name: 'bicepExampleInitiative' properties: { - policyType: 'Custom' - displayName: 'Bicep Example Initiative' - description: 'Bicep Example Initiative' - metadata: { - category: policyDefCategory - source: policySource - version: '0.1.0' - } - parameters: {} - policyDefinitions: [ - { - policyDefinitionId: bicepExampleDINEpolicy.id - parameters: {} + policyType: 'Custom' + displayName: 'Bicep Example Initiative' + description: 'Bicep Example Initiative' + metadata: { + category: policyDefCategory + source: policySource + version: '0.1.0' } - ] + parameters: {} + policyDefinitions: [ + { + policyDefinitionId: bicepExampleDINEpolicy.id + parameters: {} + } + ] } - } \ No newline at end of file +} \ No newline at end of file diff --git a/deployifnotexists-policy-with-initiative-and-assignment/policyDefinition.json b/deployifnotexists-policy-with-initiative-and-assignment/policyDefinition.json index a668e4c..ce9296b 100644 --- a/deployifnotexists-policy-with-initiative-and-assignment/policyDefinition.json +++ b/deployifnotexists-policy-with-initiative-and-assignment/policyDefinition.json @@ -110,7 +110,7 @@ }, { "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[format('[concat(subscription().id, ''/resourceGroups/'', resourceGroup().name, ''/providers/{0}/'', {1}(''fullName''))]', parameters('metricAlertResourceNamespace'), 'field')]" + "equals": "[format('[concat(subscription().id, ''/resourceGroups/'', resourceGroup().name, ''/providers/{0}/'', field(''fullName''))]', parameters('metricAlertResourceNamespace'))]" } ] }, @@ -169,14 +169,14 @@ { "type": "Microsoft.Insights/metricAlerts", "apiVersion": "2018-03-01", - "name": "[format('[concat({0}''resourceName''), ''-{1}'')]', 'parameters(', parameters('metricAlertName'))]", + "name": "[format('[concat(parameters(''resourceName''), ''-{0}'')]', parameters('metricAlertName'))]", "location": "global", "properties": { "description": "[parameters('metricAlertDescription')]", "severity": "[parameters('metricAlertResourceNamespace')]", "enabled": "[parameters('metricAlertEnabled')]", "scopes": [ - "[format('[{0}''resourceId'')]', 'parameters(')]" + "[[parameters('resourceId')]" ], "evaluationFrequency": "[parameters('metricAlertEvaluationFrequency')]", "windowSize": "[parameters('metricAlertWindowSize')]", @@ -223,7 +223,7 @@ }, "autoMitigate": "[parameters('metricAlertAutoMitigate')]", "targetResourceType": "[parameters('metricAlertResourceNamespace')]", - "targetResourceRegion": "[format('[{0}''resourceLocation'')]', 'parameters(')]", + "targetResourceRegion": "[[parameters('resourceLocation')]", "actions": [ { "actionGroupId": "[parameters('actionGroupId')]", @@ -236,13 +236,13 @@ }, "parameters": { "resourceName": { - "value": "[format('[{0}(''name'')]', 'field')]" + "value": "[[field('name')]" }, "resourceId": { - "value": "[format('[{0}(''id'')]', 'field')]" + "value": "[[field('id')]" }, "resourceLocation": { - "value": "[format('[{0}(''location'')]', 'field')]" + "value": "[[field('location')]" }, "actionGroupName": { "value": "[parameters('actionGroupName')]" @@ -297,7 +297,7 @@ "_generator": { "name": "bicep", "version": "0.3.1.62928", - "templateHash": "5478957533167413899" + "templateHash": "15485990835438598085" } } } \ No newline at end of file diff --git a/deployifnotexists-policy-with-initiative-and-assignment/resourceGroup.bicep b/deployifnotexists-policy-with-initiative-and-assignment/resourceGroup.bicep deleted file mode 100644 index 57096e1..0000000 --- a/deployifnotexists-policy-with-initiative-and-assignment/resourceGroup.bicep +++ /dev/null @@ -1,18 +0,0 @@ -// DEPLOYMENT SCOPE -targetScope = 'subscription' - -// PARAMETERS -param resourceGroupName string -param location string - -// VARIABLES - -// OUTPUTS -output rgId string = rg.id -output rgName string = rg.name - -// RESOURCES -resource rg 'Microsoft.Resources/resourceGroups@2020-06-01' = { - name: resourceGroupName - location: location -} \ No newline at end of file diff --git a/deployifnotexists-policy-with-initiative-and-assignment/resourceGroup.json b/deployifnotexists-policy-with-initiative-and-assignment/resourceGroup.json deleted file mode 100644 index 6c941c6..0000000 --- a/deployifnotexists-policy-with-initiative-and-assignment/resourceGroup.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "resourceGroupName": { - "type": "string" - }, - "location": { - "type": "string" - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Resources/resourceGroups", - "apiVersion": "2020-06-01", - "name": "[parameters('resourceGroupName')]", - "location": "[parameters('location')]" - } - ], - "outputs": { - "rgId": { - "type": "string", - "value": "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('resourceGroupName'))]" - }, - "rgName": { - "type": "string", - "value": "[parameters('resourceGroupName')]" - } - }, - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.3.1.62928", - "templateHash": "10102168824125442384" - } - } -} \ No newline at end of file