data/template/template.json
{ "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "input": { "type": "object" }, "_artifactsLocation": { "type": "string", "defaultValue": "https://raw.githubusercontent.com/Azure/AzOps/main/src/data/template/template.json", "metadata": { "description": "This is the link to the nested template that must to be accessible to ARM to be able to use as a part of nested deployment. Please feel free to use template hosted here or override with choice of your location. If you chose to do so, please ensure future bug fixes are incorporated from above location to your private location." } }, "_artifactsLocationSasToken": { "type": "string", "defaultValue": "" }, "roleAssignmentEnabledForPolicy": { "type": "bool", "defaultValue": true }, "deploymentEnabledForPolicy": { "type": "bool", "defaultValue": true }, "remediationEnabledForPolicy": { "type": "bool", "defaultValue": false }, "debug": { "type": "bool", "defaultValue": true } }, "variables": { "debug": "[parameters('debug')]", "roleAssignmentEnabledForPolicy": "[parameters('roleAssignmentEnabledForPolicy')]", "deploymentEnabledForPolicy": "[parameters('deploymentEnabledForPolicy')]", "remediationEnabledForPolicy": "[parameters('remediationEnabledForPolicy')]", "input": "[parameters('input')]", "resourceType": "[if( and(contains(parameters('input'), 'ResourceType'),not(empty(parameters('input').ResourceType))), parameters('input').ResourceType, json('null') )]", "ExtensionResourceType": "[if( and(contains(parameters('input'), 'ExtensionResourceType'),not(empty(parameters('input').ExtensionResourceType))), parameters('input').ExtensionResourceType, json('null') )]", "type": "[if( and(contains(parameters('input'), 'type'),not(empty(parameters('input').type))), parameters('input').type, json('null') )]", "effectiveResourceType": "[coalesce( variables('ExtensionResourceType'), variables('ResourceType'), variables('type') )]", "identity": "[if( and( contains(variables('input'),'identity'), not(empty(variables('input').identity)) ), variables('input').identity, json('null') )]", "location": "[if( and( contains(variables('input'),'Location'), not(empty(variables('input').location)) ), variables('input').location, deployment().location )]", "tags": "[if( and( contains(variables('input'),'tags'), not(empty(variables('input').tags)) ), variables('input').tags, json('null') )]", "apiVersionLookup": { "Microsoft.Resources/resourceGroups":"2023-07-01", "Microsoft.Authorization/policyAssignments": "2023-04-01", "Microsoft.Authorization/policyDefinitions": "2023-04-01", "Microsoft.Authorization/policySetDefinitions": "2023-04-01", "Microsoft.Authorization/roleDefinitions": "2022-04-01", "Microsoft.Authorization/roleAssignments": "2022-04-01", "Microsoft.PolicyInsights/remediations": "2021-10-01", "Microsoft.ContainerService/managedClusters": "2024-02-01", "Microsoft.KeyVault/vaults":"2023-07-01", "Microsoft.Network/virtualWans": "2020-05-01", "Microsoft.Network/virtualHubs": "2020-05-01", "Microsoft.Network/virtualNetworks": "2020-06-01", "Microsoft.Network/azureFirewalls": "2020-06-01", "/providers/Microsoft.Management/managementGroups": "2023-04-01", "/subscriptions": "2021-10-01", "na": "9999-99-99", "": "0000-00-00" }, "apiVersion": "[if(empty(variables('effectiveResourceType')),variables('apiVersionLookup')[''], variables('apiVersionLookup')[variables('effectiveResourceType')])]" }, "resources": [ { "condition": "[equals(toLower(variables('effectiveResourceType')),toLower('Microsoft.Resources/resourceGroups'))]", "type": "Microsoft.Resources/resourceGroups", "name": "[variables('input').name]", "apiVersion": "[variables('apiversion')]", "location": "[variables('location')]", "tags": "[variables('tags')]", "Properties": "[variables('input').Properties]" }, { "condition": "[equals(toLower(variables('effectiveResourceType')),toLower('Microsoft.Authorization/policyDefinitions'))]", "type": "Microsoft.Authorization/policyDefinitions", "name": "[variables('input').name]", "apiVersion": "[variables('apiversion')]", "location": "[deployment().location]", "Properties": "[variables('input').Properties]" }, { "condition": "[equals(toLower(variables('effectiveResourceType')),toLower('Microsoft.Authorization/policySetDefinitions'))]", "type": "Microsoft.Authorization/policySetDefinitions", "name": "[variables('input').name]", "apiVersion": "[variables('apiversion')]", "location": "[deployment().location]", "Properties": "[variables('input').Properties]" }, { "condition": "[equals(toLower(variables('effectiveResourceType')),toLower('Microsoft.Authorization/policyAssignments'))]", "type": "Microsoft.Authorization/policyAssignments", "name": "[variables('input').name]", "apiVersion": "[variables('apiversion')]", "identity": "[variables('identity')]", "location": "[variables('location')]", "Properties": "[variables('input').Properties]" }, { "condition": "[equals(toLower(variables('effectiveResourceType')),toLower('Microsoft.Authorization/roleDefinitions'))]", "type": "Microsoft.Authorization/roleDefinitions", "name": "[variables('input').name]", "apiVersion": "[variables('apiversion')]", "location": "[deployment().location]", "Properties": "[variables('input').Properties]" }, { "condition": "[and( variables('roleAssignmentEnabledForPolicy'), equals( toLower(variables('effectiveResourceType')), toLower('Microsoft.Authorization/policyAssignments') ), contains(variables('input'),'Identity'), not(empty(variables('input').Identity)) )]", "type": "Microsoft.Authorization/roleAssignments", "name": "[guid(variables('input').name)]", "apiVersion": "2019-04-01-preview", "location": "[deployment().location]", "Properties": { "principalType": "ServicePrincipal", //"roleDefinitionId": "[concat('/providers/Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", "roleDefinitionId": "[ if( and( variables('roleAssignmentEnabledForPolicy'), equals(toLower(variables('effectiveResourceType')),toLower('Microsoft.Authorization/policyAssignments')), and( contains(reference(variables('input').Properties.policyDefinitionId,'2019-06-01'), 'policyRule'), contains(reference(variables('input').Properties.policyDefinitionId,'2019-06-01').policyRule, 'then'), contains(reference(variables('input').Properties.policyDefinitionId,'2019-06-01').policyRule.then.details, 'roleDefinitionIds') ) ), reference(variables('input').Properties.policyDefinitionId,'2019-06-01').policyRule.then.details.roleDefinitionIds[0], 'na' )]", "principalId": "[ if( and( variables('roleAssignmentEnabledForPolicy'), equals(toLower(variables('effectiveResourceType')),toLower('Microsoft.Authorization/policyAssignments')), contains(reference(concat('Microsoft.Authorization/policyAssignments/' , variables('input').name), '2018-05-01', 'Full'),'identity') ), reference(concat('Microsoft.Authorization/policyAssignments/' , variables('input').name), '2018-05-01', 'Full').identity.principalId, 'na' )]" } }, { "condition": "[equals(toLower(variables('effectiveResourceType')),toLower('Microsoft.Authorization/roleAssignments'))]", "type": "Microsoft.Authorization/roleAssignments", "name": "[variables('input').name]", "apiVersion": "[variables('apiversion')]", "location": "[deployment().location]", "Properties": "[variables('input').Properties]" }, { "condition": "[equals(toLower(variables('effectiveResourceType')),toLower('Microsoft.PolicyInsights/remediations'))]", "type": "Microsoft.PolicyInsights/remediations", "name": "[variables('input').name]", "apiVersion": "[variables('apiversion')]", "location": "[deployment().location]", "Properties": "[variables('input').Properties]" }, { "condition": "[equals(toLower(variables('effectiveResourceType')),toLower('Microsoft.Network/virtualWans'))]", "type": "Microsoft.Network/virtualWans", "name": "[variables('input').name]", "apiVersion": "[variables('apiversion')]", "location": "[deployment().location]", "Properties": "[variables('input').Properties]" }, { "condition": "[equals(toLower(variables('effectiveResourceType')),toLower('Microsoft.Network/virtualHubs'))]", "type": "Microsoft.Network/virtualHubs", "name": "[variables('input').name]", "apiVersion": "[variables('apiversion')]", "location": "[deployment().location]", "Properties": "[variables('input').Properties]" }, { "condition": "[equals(toLower(variables('effectiveResourceType')),toLower('Microsoft.Network/azureFirewalls'))]", "type": "Microsoft.Network/azureFirewalls", "name": "[variables('input').name]", "apiVersion": "[variables('apiversion')]", "location": "[deployment().location]", "Properties": "[variables('input').Properties]" }, { "condition": "[equals(toLower(variables('effectiveResourceType')),toLower('Microsoft.KeyVault/vaults'))]", "type": "Microsoft.KeyVault/vaults", "name": "[variables('input').name]", "apiVersion": "[variables('apiversion')]", "location": "[deployment().location]", "Properties": "[variables('input').Properties]" }, { /* Intent: Upsert Management Group Required Parameters: 1. Name: Management Group Name 2. DisplayName: Management Group Display Name 3. ParentID - To determine where to place Management Group. It could be root or any other valid ID of the Management Group. For the top level manage 4. Id - ResourceID of the management group '/providers/Microsoft.Management/managementGroups/<name>' Scope: Tenant root Condition: We have Parent ID available to ensure inadvertently place Management Group directly the root. Details: If ParentID do not exist, then it is a child and creation of Management Group would have happened when parent's children were iterated upon. Change Log: 1. Initial Definition */ "condition": "[contains(tolower(variables('effectiveResourceType')),toLower('Microsoft.Management/managementGroups'))]", "type": "Microsoft.Management/managementGroups", "apiVersion": "2020-05-01", "name": "[parameters('input').Name]", "scope": "/", "properties": { "displayName": "[parameters('input').DisplayName]", "details": "[if( and(contains(parameters('input'), 'ParentId'), not(empty(parameters('input').ParentId)) ), json(concat('{\"parent\": {\"id\": \"', replace(parameters('input').ParentId,'/','\/') ,'\"}}')), json('{}') )]" } }, { /* Intent: Upsert Management Group Children Required Parameters: 1. Name: Management Group Name 2. DisplayName: Management Group Display Name 3. ParentID - To determine where to place Management Group. It could be root or any other valid ID of the Management Group. For the top level manage Scope: Tenant root Condition: If Children property bag not null or empty. Change Log: 1. Initial Definition */ "condition": "[and( contains(tolower(variables('effectiveResourceType')),toLower('Microsoft.Management/managementGroups')), contains(parameters('input'), 'children'), not(empty(parameters('input').children)) )]", "dependsOn": [ "[parameters('input').Name]" ], "copy": { "name": "create-mg-child", "count": "[length( if( and(contains(parameters('input'), 'Children'),not(empty(parameters('input').Children))), parameters('input').Children, json('[]') ) )]" }, /* Note: Disabling scoped deployment for child management group due to validation API error. Issue: Validation API throws an error for nested deployment for the scope that is yet to be created. "scope": "[concat('Microsoft.Management/managementGroups/',parameters('input').name)]", */ "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", "location": "[deployment().location]", "name": "[if( and(contains(parameters('input'), 'children'),not(empty(parameters('input').children))), if( greaterOrEquals(length(concat(parameters('input').Name,'-',parameters('input').children[copyIndex()].Name)),63), take(concat(parameters('input').Name,'-',parameters('input').children[copyIndex()].Name),63), concat(parameters('input').Name,'-',parameters('input').children[copyIndex()].Name) ), 'create-mg-child-na' )]", "properties": { "mode": "Incremental", "templateLink": { "uri": "[uri(parameters('_artifactsLocation'), concat('template.json', parameters('_artifactsLocationSasToken')))]", "contentVersion": "1.0.0.0" }, "parameters": { "input": { "value": { "Name": "[parameters('input').children[copyIndex()].Name]", "DisplayName": "[parameters('input').children[copyIndex()].DisplayName]", "Id": "[parameters('input').children[copyIndex()].Id]", "ParentId": "[parameters('input').Id]", "Type": "[parameters('input').children[copyIndex()].Type]", "Children": "[if(and(contains(parameters('input').children[copyIndex()], 'Children'),not(empty(parameters('input').children[copyIndex()].Children))),parameters('input').children[copyIndex()].Children,json('[]'))]", "properties": "[if( and( contains(parameters('input').children[copyIndex()], 'properties'), not(empty(parameters('input').children[copyIndex()].properties)) ), parameters('input').children[copyIndex()].properties, json('{}') )]" } }, "_artifactsLocation": { "value": "[parameters('_artifactsLocation')]" }, "_artifactsLocationSasToken": { "value": "[parameters('_artifactsLocationSasToken')]" }, "roleAssignmentEnabledForPolicy": { "value": "[variables('roleAssignmentEnabledForPolicy')]" }, "deploymentEnabledForPolicy": { "value": "[variables('deploymentEnabledForPolicy')]" }, "remediationEnabledForPolicy": { "value": "[variables('remediationEnabledForPolicy')]" } } } }, { /* Intent: Create Nested Deployment for properties.policyDefinitions Required Parameters: 1. Name: Management Group Name 3. Properties.policyDefinitions[] Scope: Management Group Condition: If properties.policyDefinitions[] not null or empty. Change Log: 1. Initial Definition */ "condition": "[and( contains(tolower(variables('effectiveResourceType')),toLower('Microsoft.Management/managementGroups')), contains(variables('input'),'Properties'), not(empty(variables('input').Properties)), contains(variables('input').Properties, 'policyDefinitions'), not(empty(variables('input').Properties.policyDefinitions)) )]", "dependsOn": [ "[variables('input').Name]" ], "copy": { "name": "copy-properties-policyDefinitions", "count": "[if( and( contains(tolower(variables('effectiveResourceType')),toLower('Microsoft.Management/managementGroups')), contains(variables('input'),'Properties'), not(empty(variables('input').Properties)), contains(variables('input').Properties, 'policyDefinitions'), not(empty(variables('input').Properties.policyDefinitions)) ), length(variables('input').Properties.policyDefinitions), 0) ]" }, "scope": "[concat('Microsoft.Management/managementGroups/',parameters('input').name)]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", "location": "[deployment().location]", "name": "[if( and( contains(tolower(variables('effectiveResourceType')),toLower('Microsoft.Management/managementGroups')), contains(variables('input'),'Properties'), not(empty(variables('input').Properties)), contains(variables('input').Properties, 'policyDefinitions'), not(empty(variables('input').Properties.policyDefinitions)) ), if( greaterOrEquals(length(concat('PolicyDefinition-', parameters('input').properties.policyDefinitions[copyIndex()].Name)),63), take(concat('PolicyDefinition-', parameters('input').properties.policyDefinitions[copyIndex()].Name),63), concat('PolicyDefinition-', parameters('input').properties.policyDefinitions[copyIndex()].Name) ), 'PolicyDefinition-na' )]", "properties": { "mode": "Incremental", "templateLink": { "uri": "[uri(parameters('_artifactsLocation'), concat('template.json', parameters('_artifactsLocationSasToken')))]", "contentVersion": "1.0.0.0" }, "parameters": { "input": { "value": "[ if( and( contains(tolower(variables('effectiveResourceType')),toLower('Microsoft.Management/managementGroups')), contains(variables('input'),'Properties'), not(empty(variables('input').Properties)), contains(variables('input').Properties, 'policyDefinitions'), not(empty(variables('input').Properties.policyDefinitions)) ), parameters('input').properties.policyDefinitions[copyIndex()], json('[]') )]" }, "_artifactsLocation": { "value": "[parameters('_artifactsLocation')]" }, "_artifactsLocationSasToken": { "value": "[parameters('_artifactsLocationSasToken')]" }, "roleAssignmentEnabledForPolicy": { "value": "[variables('roleAssignmentEnabledForPolicy')]" }, "deploymentEnabledForPolicy": { "value": "[variables('deploymentEnabledForPolicy')]" }, "remediationEnabledForPolicy": { "value": "[variables('remediationEnabledForPolicy')]" } } } }, { /* Intent: Create Nested Deployment for properties.policySetDefinitions Required Parameters: 1. Name: Management Group Name 3. Properties.policySetDefinitions[] Scope: Management Group Condition: If properties.policySetDefinitions[] not null or empty. Change Log: 1. Initial Definition */ "condition": "[and( contains(tolower(variables('effectiveResourceType')),toLower('Microsoft.Management/managementGroups')), contains(variables('input'),'Properties'), not(empty(variables('input').Properties)), contains(variables('input').Properties, 'policySetDefinitions'), not(empty(variables('input').Properties.policySetDefinitions)) )]", "dependsOn": [ "[variables('input').Name]", "copy-properties-policyDefinitions" ], "copy": { "name": "copy-properties-policySetDefinitions", "count": "[if( and( contains(tolower(variables('effectiveResourceType')),toLower('Microsoft.Management/managementGroups')), contains(variables('input'),'Properties'), not(empty(variables('input').Properties)), contains(variables('input').Properties, 'policySetDefinitions'), not(empty(variables('input').Properties.policySetDefinitions)) ), length(variables('input').Properties.policySetDefinitions), 0) ]" }, "scope": "[concat('Microsoft.Management/managementGroups/',parameters('input').name)]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", "location": "[deployment().location]", "name": "[if( and( contains(tolower(variables('effectiveResourceType')),toLower('Microsoft.Management/managementGroups')), contains(variables('input'),'Properties'), not(empty(variables('input').Properties)), contains(variables('input').Properties, 'policySetDefinitions'), not(empty(variables('input').Properties.policySetDefinitions)) ), if( greaterOrEquals(length(concat('policySetDefinitions-', parameters('input').properties.policySetDefinitions[copyIndex()].Name)),63), take(concat('policySetDefinitions-', parameters('input').properties.policySetDefinitions[copyIndex()].Name),63), concat('policySetDefinitions-', parameters('input').properties.policySetDefinitions[copyIndex()].Name) ), 'policySetDefinitions-na' )]", "properties": { "mode": "Incremental", "templateLink": { "uri": "[uri(parameters('_artifactsLocation'), concat('template.json', parameters('_artifactsLocationSasToken')))]", "contentVersion": "1.0.0.0" }, "parameters": { "input": { "value": "[ if( and( contains(tolower(variables('effectiveResourceType')),toLower('Microsoft.Management/managementGroups')), contains(variables('input'),'Properties'), not(empty(variables('input').Properties)), contains(variables('input').Properties, 'policySetDefinitions'), not(empty(variables('input').Properties.policySetDefinitions)) ), parameters('input').properties.policySetDefinitions[copyIndex()], json('[]') )]" }, "_artifactsLocation": { "value": "[parameters('_artifactsLocation')]" }, "_artifactsLocationSasToken": { "value": "[parameters('_artifactsLocationSasToken')]" }, "roleAssignmentEnabledForPolicy": { "value": "[variables('roleAssignmentEnabledForPolicy')]" }, "deploymentEnabledForPolicy": { "value": "[variables('deploymentEnabledForPolicy')]" }, "remediationEnabledForPolicy": { "value": "[variables('remediationEnabledForPolicy')]" } } } }, { /* Intent: Create Nested Deployment for properties.policyAssignments Required Parameters: 1. Name: Management Group Name 3. Properties.policyAssignments[] Scope: Management Group Condition: If properties.policyAssignments[] not null or empty. Change Log: 1. Initial Definition */ "condition": "[and( contains(tolower(variables('effectiveResourceType')),toLower('Microsoft.Management/managementGroups')), contains(variables('input'),'Properties'), not(empty(variables('input').Properties)), contains(variables('input').Properties, 'policyAssignments'), not(empty(variables('input').Properties.policyAssignments)) )]", "dependsOn": [ "[variables('input').Name]", "copy-properties-policyDefinitions", "copy-properties-policySetDefinitions" ], "copy": { "name": "copy-properties-policyAssignments", "count": "[if( and( contains(tolower(variables('effectiveResourceType')),toLower('Microsoft.Management/managementGroups')), contains(variables('input'),'Properties'), not(empty(variables('input').Properties)), contains(variables('input').Properties, 'policyAssignments'), not(empty(variables('input').Properties.policyAssignments)) ), length(variables('input').Properties.policyAssignments), 0) ]" }, "scope": "[concat('Microsoft.Management/managementGroups/',parameters('input').name)]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", "location": "[deployment().location]", "name": "[if( and( contains(tolower(variables('effectiveResourceType')),toLower('Microsoft.Management/managementGroups')), contains(variables('input'),'Properties'), not(empty(variables('input').Properties)), contains(variables('input').Properties, 'policyAssignments'), not(empty(variables('input').Properties.policyAssignments)) ), if( greaterOrEquals(length(concat('PolicyAssignments-', parameters('input').properties.policyAssignments[copyIndex()].Name)),63), take(concat('PolicyAssignments-', parameters('input').properties.policyAssignments[copyIndex()].Name),63), concat('PolicyAssignments-', parameters('input').properties.policyAssignments[copyIndex()].Name) ), 'PolicyAssignments-na' )]", "properties": { "mode": "Incremental", "templateLink": { "uri": "[uri(parameters('_artifactsLocation'), concat('template.json', parameters('_artifactsLocationSasToken')))]", "contentVersion": "1.0.0.0" }, "parameters": { "input": { "value": "[ if( and( contains(tolower(variables('effectiveResourceType')),toLower('Microsoft.Management/managementGroups')), contains(variables('input'),'Properties'), not(empty(variables('input').Properties)), contains(variables('input').Properties, 'policyAssignments'), not(empty(variables('input').Properties.policyAssignments)) ), parameters('input').properties.policyAssignments[copyIndex()], json('[]') )]" }, "_artifactsLocation": { "value": "[parameters('_artifactsLocation')]" }, "_artifactsLocationSasToken": { "value": "[parameters('_artifactsLocationSasToken')]" }, "roleAssignmentEnabledForPolicy": { "value": "[variables('roleAssignmentEnabledForPolicy')]" }, "deploymentEnabledForPolicy": { "value": "[variables('deploymentEnabledForPolicy')]" }, "remediationEnabledForPolicy": { "value": "[variables('remediationEnabledForPolicy')]" } } } }, { /* Intent: Create Nested Deployment for properties.roleDefinitions Required Parameters: 1. Name: Management Group Name 3. Properties.roleDefinitions[] Scope: Management Group Condition: If properties.roleDefinitions[] not null or empty. Change Log: 1. Initial Definition */ "condition": "[and( contains(tolower(variables('effectiveResourceType')),toLower('Microsoft.Management/managementGroups')), contains(variables('input'),'Properties'), not(empty(variables('input').Properties)), contains(variables('input').Properties, 'roleDefinitions'), not(empty(variables('input').Properties.roleDefinitions)) )]", "dependsOn": [ "[variables('input').Name]" ], "copy": { "name": "copy-properties-roleDefinitions", "count": "[if( and( contains(tolower(variables('effectiveResourceType')),toLower('Microsoft.Management/managementGroups')), contains(variables('input'),'Properties'), not(empty(variables('input').Properties)), contains(variables('input').Properties, 'roleDefinitions'), not(empty(variables('input').Properties.roleDefinitions)) ), length(variables('input').Properties.roleDefinitions), 0) ]" }, "scope": "[concat('Microsoft.Management/managementGroups/',parameters('input').name)]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", "location": "[deployment().location]", "name": "[if( and( contains(tolower(variables('effectiveResourceType')),toLower('Microsoft.Management/managementGroups')), contains(variables('input'),'Properties'), not(empty(variables('input').Properties)), contains(variables('input').Properties, 'roleDefinitions'), not(empty(variables('input').Properties.roleDefinitions)) ), if( greaterOrEquals(length(concat('RoleDefinitions-', parameters('input').properties.roleDefinitions[copyIndex()].Name)),63), take(concat('RoleDefinitions-', parameters('input').properties.roleDefinitions[copyIndex()].Name),63), concat('RoleDefinitions-', parameters('input').properties.roleDefinitions[copyIndex()].Name) ), 'RoleDefinitions-na' )]", "properties": { "mode": "Incremental", "templateLink": { "uri": "[uri(parameters('_artifactsLocation'), concat('template.json', parameters('_artifactsLocationSasToken')))]", "contentVersion": "1.0.0.0" }, "parameters": { "input": { "value": "[ if( and( contains(tolower(variables('effectiveResourceType')),toLower('Microsoft.Management/managementGroups')), contains(variables('input'),'Properties'), not(empty(variables('input').Properties)), contains(variables('input').Properties, 'roleDefinitions'), not(empty(variables('input').Properties.roleDefinitions)) ), parameters('input').properties.roleDefinitions[copyIndex()], json('[]') )]" }, "_artifactsLocation": { "value": "[parameters('_artifactsLocation')]" }, "_artifactsLocationSasToken": { "value": "[parameters('_artifactsLocationSasToken')]" }, "roleAssignmentEnabledForPolicy": { "value": "[variables('roleAssignmentEnabledForPolicy')]" }, "deploymentEnabledForPolicy": { "value": "[variables('deploymentEnabledForPolicy')]" }, "remediationEnabledForPolicy": { "value": "[variables('remediationEnabledForPolicy')]" } } } }, { /* Intent: Create Nested Deployment for properties.roleAssignments Required Parameters: 1. Name: Management Group Name 3. Properties.roleAssignments[] Scope: Management Group Condition: If properties.roleAssignments[] not null or empty. Change Log: 1. Initial Definition */ "condition": "[and( contains(tolower(variables('effectiveResourceType')),toLower('Microsoft.Management/managementGroups')), contains(variables('input'),'Properties'), not(empty(variables('input').Properties)), contains(variables('input').Properties, 'roleAssignments'), not(empty(variables('input').Properties.roleAssignments)) )]", "dependsOn": [ "[variables('input').Name]" ], "copy": { "name": "copy-properties-roleAssignments", "count": "[if( and( contains(tolower(variables('effectiveResourceType')),toLower('Microsoft.Management/managementGroups')), contains(variables('input'),'Properties'), not(empty(variables('input').Properties)), contains(variables('input').Properties, 'roleAssignments'), not(empty(variables('input').Properties.roleAssignments)) ), length(variables('input').Properties.roleAssignments), 0) ]" }, "scope": "[concat('Microsoft.Management/managementGroups/',parameters('input').name)]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", "location": "[deployment().location]", "name": "[if( and( contains(tolower(variables('effectiveResourceType')),toLower('Microsoft.Management/managementGroups')), contains(variables('input'),'Properties'), not(empty(variables('input').Properties)), contains(variables('input').Properties, 'roleAssignments'), not(empty(variables('input').Properties.roleAssignments)) ), if( greaterOrEquals(length(concat('RoleAssignments-', parameters('input').properties.roleAssignments[copyIndex()].Name)),63), take(concat('RoleAssignments-', parameters('input').properties.roleAssignments[copyIndex()].Name),63), concat('RoleAssignments-', parameters('input').properties.roleAssignments[copyIndex()].Name) ), 'RoleAssignments-na' )]", "properties": { "mode": "Incremental", "templateLink": { "uri": "[uri(parameters('_artifactsLocation'), concat('template.json', parameters('_artifactsLocationSasToken')))]", "contentVersion": "1.0.0.0" }, "parameters": { "input": { "value": "[ if( and( contains(tolower(variables('effectiveResourceType')),toLower('Microsoft.Management/managementGroups')), contains(variables('input'),'Properties'), not(empty(variables('input').Properties)), contains(variables('input').Properties, 'roleAssignments'), not(empty(variables('input').Properties.roleAssignments)) ), parameters('input').properties.roleAssignments[copyIndex()], json('[]') )]" }, "_artifactsLocation": { "value": "[parameters('_artifactsLocation')]" }, "_artifactsLocationSasToken": { "value": "[parameters('_artifactsLocationSasToken')]" }, "roleAssignmentEnabledForPolicy": { "value": "[variables('roleAssignmentEnabledForPolicy')]" }, "deploymentEnabledForPolicy": { "value": "[variables('deploymentEnabledForPolicy')]" }, "remediationEnabledForPolicy": { "value": "[variables('remediationEnabledForPolicy')]" } } } } ], "outputs": { "hobo": { "condition": "[and(variables('debug'),bool('false'))]", "type": "object", "value": "[variables('input')]" }, "effectiveResourceType": { "condition": "[variables('debug')]", "type": "string", "value": "[variables('effectiveResourceType')]" }, "apiversion": { "condition": "[variables('debug')]", "type": "string", "value": "[if( empty(variables('effectiveResourceType')), variables('apiVersionLookup')[''], variables('apiVersionLookup')[variables('effectiveResourceType')] )]" }, "templateLocation": { "condition": "[variables('debug')]", "type": "string", "value": "[uri(parameters('_artifactsLocation'), concat('template.json', parameters('_artifactsLocationSasToken')))]" } } } |