From 16bf85c8f4f0ff3380cc0907cec032dd13f5da79 Mon Sep 17 00:00:00 2001 From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com> Date: Thu, 7 Jul 2022 10:23:16 +1000 Subject: [PATCH 1/3] updated policy assignment nonCompliance messages --- .../.test/mg.parameters.json | 8 +++- .../.test/rg.parameters.json | 8 +++- .../.test/sub.parameters.json | 8 +++- .../policyAssignments/deploy.bicep | 8 ++-- .../managementGroup/deploy.bicep | 8 +--- .../managementGroup/readme.md | 2 +- .../policyAssignments/readme.md | 44 ++++++++++++++----- .../resourceGroup/deploy.bicep | 8 +--- .../policyAssignments/resourceGroup/readme.md | 2 +- .../subscription/deploy.bicep | 8 +--- .../policyAssignments/subscription/readme.md | 2 +- 11 files changed, 65 insertions(+), 41 deletions(-) diff --git a/modules/Microsoft.Authorization/policyAssignments/.test/mg.parameters.json b/modules/Microsoft.Authorization/policyAssignments/.test/mg.parameters.json index f140b8c7ed..d0c1451ff8 100644 --- a/modules/Microsoft.Authorization/policyAssignments/.test/mg.parameters.json +++ b/modules/Microsoft.Authorization/policyAssignments/.test/mg.parameters.json @@ -24,8 +24,12 @@ } } }, - "nonComplianceMessage": { - "value": "Violated Policy Assignment - This is a Non Compliance Message" + "nonComplianceMessages": { + "value": [ + { + "message": "Violated Policy Assignment - This is a Non Compliance Message" + } + ] }, "enforcementMode": { "value": "DoNotEnforce" diff --git a/modules/Microsoft.Authorization/policyAssignments/.test/rg.parameters.json b/modules/Microsoft.Authorization/policyAssignments/.test/rg.parameters.json index f1f4a19d74..a42c54dc26 100644 --- a/modules/Microsoft.Authorization/policyAssignments/.test/rg.parameters.json +++ b/modules/Microsoft.Authorization/policyAssignments/.test/rg.parameters.json @@ -24,8 +24,12 @@ } } }, - "nonComplianceMessage": { - "value": "Violated Policy Assignment - This is a Non Compliance Message" + "nonComplianceMessages": { + "value": [ + { + "message": "Violated Policy Assignment - This is a Non Compliance Message" + } + ] }, "enforcementMode": { "value": "DoNotEnforce" diff --git a/modules/Microsoft.Authorization/policyAssignments/.test/sub.parameters.json b/modules/Microsoft.Authorization/policyAssignments/.test/sub.parameters.json index 420a48df1d..09f7c95bfc 100644 --- a/modules/Microsoft.Authorization/policyAssignments/.test/sub.parameters.json +++ b/modules/Microsoft.Authorization/policyAssignments/.test/sub.parameters.json @@ -24,8 +24,12 @@ } } }, - "nonComplianceMessage": { - "value": "Violated Policy Assignment - This is a Non Compliance Message" + "nonComplianceMessages": { + "value": [ + { + "message": "Violated Policy Assignment - This is a Non Compliance Message" + } + ] }, "enforcementMode": { "value": "DoNotEnforce" diff --git a/modules/Microsoft.Authorization/policyAssignments/deploy.bicep b/modules/Microsoft.Authorization/policyAssignments/deploy.bicep index 764383db90..6aa7fbf82a 100644 --- a/modules/Microsoft.Authorization/policyAssignments/deploy.bicep +++ b/modules/Microsoft.Authorization/policyAssignments/deploy.bicep @@ -34,7 +34,7 @@ param roleDefinitionIds array = [] param metadata object = {} @sys.description('Optional. The messages that describe why a resource is non-compliant with the policy.') -param nonComplianceMessage string = '' +param nonComplianceMessages array = [] @sys.description('Optional. The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce.') @allowed([ @@ -89,7 +89,7 @@ module policyAssignment_mg 'managementGroup/deploy.bicep' = if (empty(subscripti userAssignedIdentityId: userAssignedIdentityId roleDefinitionIds: !empty(roleDefinitionIds) ? roleDefinitionIds : [] metadata: !empty(metadata) ? metadata : {} - nonComplianceMessage: !empty(nonComplianceMessage) ? nonComplianceMessage : '' + nonComplianceMessages: !empty(nonComplianceMessages) ? nonComplianceMessages : [] enforcementMode: enforcementMode notScopes: !empty(notScopes) ? notScopes : [] managementGroupId: managementGroupId @@ -111,7 +111,7 @@ module policyAssignment_sub 'subscription/deploy.bicep' = if (!empty(subscriptio userAssignedIdentityId: userAssignedIdentityId roleDefinitionIds: !empty(roleDefinitionIds) ? roleDefinitionIds : [] metadata: !empty(metadata) ? metadata : {} - nonComplianceMessage: !empty(nonComplianceMessage) ? nonComplianceMessage : '' + nonComplianceMessages: !empty(nonComplianceMessages) ? nonComplianceMessages : [] enforcementMode: enforcementMode notScopes: !empty(notScopes) ? notScopes : [] subscriptionId: subscriptionId @@ -133,7 +133,7 @@ module policyAssignment_rg 'resourceGroup/deploy.bicep' = if (!empty(resourceGro userAssignedIdentityId: userAssignedIdentityId roleDefinitionIds: !empty(roleDefinitionIds) ? roleDefinitionIds : [] metadata: !empty(metadata) ? metadata : {} - nonComplianceMessage: !empty(nonComplianceMessage) ? nonComplianceMessage : '' + nonComplianceMessages: !empty(nonComplianceMessages) ? nonComplianceMessages : [] enforcementMode: enforcementMode notScopes: !empty(notScopes) ? notScopes : [] subscriptionId: subscriptionId diff --git a/modules/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep b/modules/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep index 70c6e10a0d..4d8b181860 100644 --- a/modules/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep +++ b/modules/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep @@ -35,7 +35,7 @@ param roleDefinitionIds array = [] param metadata object = {} @sys.description('Optional. The messages that describe why a resource is non-compliant with the policy.') -param nonComplianceMessage string = '' +param nonComplianceMessages array = [] @sys.description('Optional. The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce.') @allowed([ @@ -53,10 +53,6 @@ param notScopes array = [] @sys.description('Optional. Location for all resources.') param location string = deployment().location -var nonComplianceMessage_var = { - message: !empty(nonComplianceMessage) ? nonComplianceMessage : null -} - @sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') param enableDefaultTelemetry bool = true @@ -91,7 +87,7 @@ resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' description: !empty(description) ? description : null policyDefinitionId: policyDefinitionId parameters: parameters - nonComplianceMessages: !empty(nonComplianceMessage) ? array(nonComplianceMessage_var) : [] + nonComplianceMessages: !empty(nonComplianceMessages) ? nonComplianceMessages : [] enforcementMode: enforcementMode notScopes: !empty(notScopes) ? notScopes : [] } diff --git a/modules/Microsoft.Authorization/policyAssignments/managementGroup/readme.md b/modules/Microsoft.Authorization/policyAssignments/managementGroup/readme.md index 4eff559a18..ce314b3a1a 100644 --- a/modules/Microsoft.Authorization/policyAssignments/managementGroup/readme.md +++ b/modules/Microsoft.Authorization/policyAssignments/managementGroup/readme.md @@ -35,7 +35,7 @@ With this module you can perform policy assignments on a management group level. | `location` | string | `[deployment().location]` | | Location for all resources. | | `managementGroupId` | string | `[managementGroup().name]` | | The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. | | `metadata` | object | `{object}` | | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `nonComplianceMessage` | string | `''` | | The messages that describe why a resource is non-compliant with the policy. | +| `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. | | `notScopes` | array | `[]` | | The policy excluded scopes. | | `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. | | `userAssignedIdentityId` | string | `''` | | The Resource ID for the user assigned identity to assign to the policy assignment. | diff --git a/modules/Microsoft.Authorization/policyAssignments/readme.md b/modules/Microsoft.Authorization/policyAssignments/readme.md index f0d77958d9..c7ce95ebe3 100644 --- a/modules/Microsoft.Authorization/policyAssignments/readme.md +++ b/modules/Microsoft.Authorization/policyAssignments/readme.md @@ -37,7 +37,7 @@ With this module you can perform policy assignments across the management group, | `location` | string | `[deployment().location]` | | Location for all resources. | | `managementGroupId` | string | `[managementGroup().name]` | | The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. | | `metadata` | object | `{object}` | | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `nonComplianceMessage` | string | `''` | | The messages that describe why a resource is non-compliant with the policy. | +| `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. | | `notScopes` | array | `[]` | | The policy excluded scopes. | | `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. | | `resourceGroupName` | string | `''` | | The Target Scope for the Policy. The name of the resource group for the policy assignment. | @@ -241,8 +241,12 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic } } }, - "nonComplianceMessage": { - "value": "Violated Policy Assignment - This is a Non Compliance Message" + "nonComplianceMessages": { + "value": [ + { + "message": "Violated Policy Assignment - This is a Non Compliance Message" + } + ] }, "enforcementMode": { "value": "DoNotEnforce" @@ -298,7 +302,11 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic value: 'prod' } } - nonComplianceMessage: 'Violated Policy Assignment - This is a Non Compliance Message' + nonComplianceMessages: [ + { + message: 'Violated Policy Assignment - This is a Non Compliance Message' + } + ] enforcementMode: 'DoNotEnforce' metadata: { category: 'Security' @@ -401,8 +409,12 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic } } }, - "nonComplianceMessage": { - "value": "Violated Policy Assignment - This is a Non Compliance Message" + "nonComplianceMessages": { + "value": [ + { + "message": "Violated Policy Assignment - This is a Non Compliance Message" + } + ] }, "enforcementMode": { "value": "DoNotEnforce" @@ -464,7 +476,11 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic value: 'prod' } } - nonComplianceMessage: 'Violated Policy Assignment - This is a Non Compliance Message' + nonComplianceMessages: [ + { + message: 'Violated Policy Assignment - This is a Non Compliance Message' + } + ] enforcementMode: 'DoNotEnforce' metadata: { category: 'Security' @@ -565,8 +581,12 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic } } }, - "nonComplianceMessage": { - "value": "Violated Policy Assignment - This is a Non Compliance Message" + "nonComplianceMessages": { + "value": [ + { + "message": "Violated Policy Assignment - This is a Non Compliance Message" + } + ] }, "enforcementMode": { "value": "DoNotEnforce" @@ -625,7 +645,11 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic value: 'prod' } } - nonComplianceMessage: 'Violated Policy Assignment - This is a Non Compliance Message' + nonComplianceMessages: [ + { + message: 'Violated Policy Assignment - This is a Non Compliance Message' + } + ] enforcementMode: 'DoNotEnforce' metadata: { category: 'Security' diff --git a/modules/Microsoft.Authorization/policyAssignments/resourceGroup/deploy.bicep b/modules/Microsoft.Authorization/policyAssignments/resourceGroup/deploy.bicep index 0b7c233715..f6da6c336e 100644 --- a/modules/Microsoft.Authorization/policyAssignments/resourceGroup/deploy.bicep +++ b/modules/Microsoft.Authorization/policyAssignments/resourceGroup/deploy.bicep @@ -35,7 +35,7 @@ param roleDefinitionIds array = [] param metadata object = {} @sys.description('Optional. The messages that describe why a resource is non-compliant with the policy.') -param nonComplianceMessage string = '' +param nonComplianceMessages array = [] @sys.description('Optional. The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce.') @allowed([ @@ -50,10 +50,6 @@ param notScopes array = [] @sys.description('Optional. Location for all resources.') param location string = resourceGroup().location -var nonComplianceMessage_var = { - message: !empty(nonComplianceMessage) ? nonComplianceMessage : null -} - @sys.description('Optional. The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment.') param subscriptionId string = subscription().subscriptionId @@ -93,7 +89,7 @@ resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' description: !empty(description) ? description : null policyDefinitionId: policyDefinitionId parameters: parameters - nonComplianceMessages: !empty(nonComplianceMessage) ? array(nonComplianceMessage_var) : [] + nonComplianceMessages: !empty(nonComplianceMessages) ? nonComplianceMessages : [] enforcementMode: enforcementMode notScopes: !empty(notScopes) ? notScopes : [] } diff --git a/modules/Microsoft.Authorization/policyAssignments/resourceGroup/readme.md b/modules/Microsoft.Authorization/policyAssignments/resourceGroup/readme.md index 5d9b3c2238..a96aa580cc 100644 --- a/modules/Microsoft.Authorization/policyAssignments/resourceGroup/readme.md +++ b/modules/Microsoft.Authorization/policyAssignments/resourceGroup/readme.md @@ -34,7 +34,7 @@ With this module you can perform policy assignments on a resource group level | `identity` | string | `'SystemAssigned'` | `[SystemAssigned, UserAssigned, None]` | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | | `location` | string | `[resourceGroup().location]` | | Location for all resources. | | `metadata` | object | `{object}` | | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `nonComplianceMessage` | string | `''` | | The messages that describe why a resource is non-compliant with the policy. | +| `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. | | `notScopes` | array | `[]` | | The policy excluded scopes. | | `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. | | `resourceGroupName` | string | `[resourceGroup().name]` | | The Target Scope for the Policy. The name of the resource group for the policy assignment. If not provided, will use the current scope for deployment. | diff --git a/modules/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep b/modules/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep index 8d5bfe0b39..53406f3f2b 100644 --- a/modules/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep +++ b/modules/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep @@ -35,7 +35,7 @@ param roleDefinitionIds array = [] param metadata object = {} @sys.description('Optional. The messages that describe why a resource is non-compliant with the policy.') -param nonComplianceMessage string = '' +param nonComplianceMessages array = [] @sys.description('Optional. The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce.') @allowed([ @@ -50,10 +50,6 @@ param notScopes array = [] @sys.description('Optional. Location for all resources.') param location string = deployment().location -var nonComplianceMessage_var = { - message: !empty(nonComplianceMessage) ? nonComplianceMessage : null -} - @sys.description('Optional. The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment.') param subscriptionId string = subscription().subscriptionId @@ -91,7 +87,7 @@ resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' description: !empty(description) ? description : null policyDefinitionId: policyDefinitionId parameters: parameters - nonComplianceMessages: !empty(nonComplianceMessage) ? array(nonComplianceMessage_var) : [] + nonComplianceMessages: !empty(nonComplianceMessages) ? nonComplianceMessages : [] enforcementMode: enforcementMode notScopes: !empty(notScopes) ? notScopes : [] } diff --git a/modules/Microsoft.Authorization/policyAssignments/subscription/readme.md b/modules/Microsoft.Authorization/policyAssignments/subscription/readme.md index 2d54ce0747..b2b2ce58a5 100644 --- a/modules/Microsoft.Authorization/policyAssignments/subscription/readme.md +++ b/modules/Microsoft.Authorization/policyAssignments/subscription/readme.md @@ -34,7 +34,7 @@ With this module you can perform policy assignments on a subscription level. | `identity` | string | `'SystemAssigned'` | `[SystemAssigned, UserAssigned, None]` | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | | `location` | string | `[deployment().location]` | | Location for all resources. | | `metadata` | object | `{object}` | | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `nonComplianceMessage` | string | `''` | | The messages that describe why a resource is non-compliant with the policy. | +| `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. | | `notScopes` | array | `[]` | | The policy excluded scopes. | | `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. | | `subscriptionId` | string | `[subscription().subscriptionId]` | | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. | From bf74fe9da06a7be52fe78c085b559bfdbf4dd015 Mon Sep 17 00:00:00 2001 From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com> Date: Thu, 7 Jul 2022 15:57:36 +1000 Subject: [PATCH 2/3] added new urls to lycheeignore --- .lycheeignore | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.lycheeignore b/.lycheeignore index 597fa274e7..83e95488f0 100644 --- a/.lycheeignore +++ b/.lycheeignore @@ -8,3 +8,14 @@ http://validurltoconfiglocation/ https://mycustomdependencylocation/ http://tools.ietf.org/html/rfc6749#section-3.2 @parameters.json +https://adp/ +dummy@contoso.com +'@odata.type +test2@contoso.com +test1@contoso.com +https://adp-/ +https://www.contoso.com/webhook +test@contoso.com +foo@contoso.com +https://teststringforvalidation.com/ +http://localhost/ From d6b57ac1165ed70c6a405b47b0adf06bb6be08f4 Mon Sep 17 00:00:00 2001 From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com> Date: Fri, 8 Jul 2022 11:23:09 +1000 Subject: [PATCH 3/3] ordered list and fetched latest changes from main --- .lycheeignore | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.lycheeignore b/.lycheeignore index 83e95488f0..7807dd7d23 100644 --- a/.lycheeignore +++ b/.lycheeignore @@ -1,5 +1,6 @@ https://foo.psd1/ -file:///github +https://teststringforvalidation.com/ +http://localhost/ https://mystorageaccount.blob.core.windows.net https://mykeyvault.vault.azure.net https://www.powershellgallery.com @@ -7,15 +8,14 @@ https://github.com/myProject http://validurltoconfiglocation/ https://mycustomdependencylocation/ http://tools.ietf.org/html/rfc6749#section-3.2 -@parameters.json +https://adp-/ +https://www.contoso.com/webhook https://adp/ +file:///github dummy@contoso.com -'@odata.type test2@contoso.com test1@contoso.com -https://adp-/ -https://www.contoso.com/webhook test@contoso.com foo@contoso.com -https://teststringforvalidation.com/ -http://localhost/ +@parameters.json +'@odata.type