From a592a68b39b34f19ad6e9019f2db0aaaee38b76b Mon Sep 17 00:00:00 2001 From: uday31in <14359777+uday31in@users.noreply.github.com> Date: Thu, 16 Mar 2023 02:37:03 +0000 Subject: [PATCH 1/5] jq-template --- .../policyAssignments.template.jq | 50 +++++++++++++++++++ .../policyDefinitions.jq | 1 - .../policyDefinitions.template.jq | 31 ++++++++++++ .../policySetDefinitions.jq | 1 - .../policySetDefinitions.template.jq | 31 ++++++++++++ .../roleAssignments.jq | 1 - .../roleAssignments.template.jq | 46 +++++++++++++++++ .../userAssignedIdentities.template.jq | 20 ++++++++ .../ddosProtectionPlans.template.jq | 28 +++++++++++ .../privateDnsZones.template.jq | 22 ++++++++ .../virtualnetworklinks.template.jq | 29 +++++++++++ .../Microsoft.Network/virtualnetworks.jq | 2 +- src/internal/classes/AzOpsScope.ps1 | 9 +--- 13 files changed, 259 insertions(+), 12 deletions(-) create mode 100644 src/data/template/Microsoft.Authorization/policyAssignments.template.jq delete mode 100644 src/data/template/Microsoft.Authorization/policyDefinitions.jq create mode 100644 src/data/template/Microsoft.Authorization/policyDefinitions.template.jq delete mode 100644 src/data/template/Microsoft.Authorization/policySetDefinitions.jq create mode 100644 src/data/template/Microsoft.Authorization/policySetDefinitions.template.jq delete mode 100644 src/data/template/Microsoft.Authorization/roleAssignments.jq create mode 100644 src/data/template/Microsoft.Authorization/roleAssignments.template.jq create mode 100644 src/data/template/Microsoft.ManagedIdentity/userAssignedIdentities.template.jq create mode 100644 src/data/template/Microsoft.Network/ddosProtectionPlans.template.jq create mode 100644 src/data/template/Microsoft.Network/privateDnsZones.template.jq create mode 100644 src/data/template/Microsoft.Network/privateDnsZones/virtualnetworklinks.template.jq diff --git a/src/data/template/Microsoft.Authorization/policyAssignments.template.jq b/src/data/template/Microsoft.Authorization/policyAssignments.template.jq new file mode 100644 index 00000000..1adc845a --- /dev/null +++ b/src/data/template/Microsoft.Authorization/policyAssignments.template.jq @@ -0,0 +1,50 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "AzOps" + } + }, + "parameters": { + "scope": { + "type": "string", + "defaultValue": .properties.scope + }, + "location": { + "type": "string", + "defaultValue": .location + }, + "enforcementMode": { + "type": "string", + "defaultValue": .properties.enforcementMode + }, + "policyparameters": { + "type": "object", + "defaultValue": .properties.parameters + }, + "identity": { + "type": "object", + "defaultValue": ( if (.identity.type == "UserAssigned") then { type: .identity.type, userAssignedIdentities : { (.identity.userAssignedIdentities | to_entries[] | .key) : {} } } else { type: .identity.type , principalId:.identity.principalId, tenantId:.identity.tenantId } end) + } + }, + "variables": {}, + "resources": [ + { + "type": .Type, + "name": .name, + "apiVersion": "2022-06-01", + "location": "[parameters('location')]", + "identity": "[if(empty(parameters('identity').type), null(), parameters('identity'))]", + "properties": { + "description": .properties.description, + "displayName": .properties.displayName, + "enforcementMode": "[parameters('enforcementMode')]", + "policyDefinitionId": .properties.policyDefinitionId, + "scope": "[parameters('scope')]", + "parameters": "[parameters('policyparameters')]" + } + } + ], + "outputs": {} +} \ No newline at end of file diff --git a/src/data/template/Microsoft.Authorization/policyDefinitions.jq b/src/data/template/Microsoft.Authorization/policyDefinitions.jq deleted file mode 100644 index a9f183f3..00000000 --- a/src/data/template/Microsoft.Authorization/policyDefinitions.jq +++ /dev/null @@ -1 +0,0 @@ -del(.ResourceId, .id, .tenantId, .subscriptionId, .properties.policyType, .properties.metadata.createdOn, .properties.metadata.updatedOn, .properties.metadata.createdBy, .properties.metadata.createdBy, .properties.metadata.updatedBy) \ No newline at end of file diff --git a/src/data/template/Microsoft.Authorization/policyDefinitions.template.jq b/src/data/template/Microsoft.Authorization/policyDefinitions.template.jq new file mode 100644 index 00000000..86b8fad3 --- /dev/null +++ b/src/data/template/Microsoft.Authorization/policyDefinitions.template.jq @@ -0,0 +1,31 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "AzOps" + } + }, + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": .Type, + "name": .name, + "apiVersion": "2021-06-01", + "properties": { + "description": .properties.description, + "displayName": .properties.displayName, + "metadata": { + "version": .properties.metadata.version, + "category": .properties.metadata.category + }, + "mode": .properties.mode, + "parameters": .properties.parameters, + "policyRule": .properties.policyRule | walk(if type == "string" and (.|startswith("[")) then "[" + sub("^\\["; "[") else . end), + "policyType": .properties.policyType + } + } + ], + "outputs": {} +} \ No newline at end of file diff --git a/src/data/template/Microsoft.Authorization/policySetDefinitions.jq b/src/data/template/Microsoft.Authorization/policySetDefinitions.jq deleted file mode 100644 index a9f183f3..00000000 --- a/src/data/template/Microsoft.Authorization/policySetDefinitions.jq +++ /dev/null @@ -1 +0,0 @@ -del(.ResourceId, .id, .tenantId, .subscriptionId, .properties.policyType, .properties.metadata.createdOn, .properties.metadata.updatedOn, .properties.metadata.createdBy, .properties.metadata.createdBy, .properties.metadata.updatedBy) \ No newline at end of file diff --git a/src/data/template/Microsoft.Authorization/policySetDefinitions.template.jq b/src/data/template/Microsoft.Authorization/policySetDefinitions.template.jq new file mode 100644 index 00000000..df5e6f5c --- /dev/null +++ b/src/data/template/Microsoft.Authorization/policySetDefinitions.template.jq @@ -0,0 +1,31 @@ +del(.properties.policyDefinitions[].definitionVersion, .properties.policyDefinitions[].effectiveDefinitionVersion, .properties.policyDefinitions[].latestDefinitionVersion) | +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "AzOps" + } + }, + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": .ResourceType, + "name": .name, + "apiVersion": "2021-06-01", + "properties": { + "description": .properties.description, + "displayName": .properties.displayName, + "metadata": { + "version": .properties.metadata.version, + "category": .properties.metadata.category + }, + "parameters": .properties.parameters, + "policyDefinitionGroups" : .properties.policyDefinitionGroups, + "policyDefinitions": .properties.policyDefinitions | walk(if type == "string" and (.|startswith("[")) then "[" + sub("^\\["; "[") else . end) + } + } + ], + "outputs": {} +} \ No newline at end of file diff --git a/src/data/template/Microsoft.Authorization/roleAssignments.jq b/src/data/template/Microsoft.Authorization/roleAssignments.jq deleted file mode 100644 index 11f8f66d..00000000 --- a/src/data/template/Microsoft.Authorization/roleAssignments.jq +++ /dev/null @@ -1 +0,0 @@ -del(.properties.createdOn, .properties.updatedOn, .properties.createdBy, .properties.createdBy, .properties.updatedBy) \ No newline at end of file diff --git a/src/data/template/Microsoft.Authorization/roleAssignments.template.jq b/src/data/template/Microsoft.Authorization/roleAssignments.template.jq new file mode 100644 index 00000000..0a23cd18 --- /dev/null +++ b/src/data/template/Microsoft.Authorization/roleAssignments.template.jq @@ -0,0 +1,46 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "AzOps" + } + }, + "parameters": { + "name": { + "type": "string", + "defaultValue": .name + }, + "principalId": { + "type": "string", + "defaultValue": .properties.principalId + }, + "principalType": { + "type": "string", + "defaultValue": .properties.principalType + }, + "roleDefinitionId": { + "type": "string", + "defaultValue": .properties.roleDefinitionId + }, + "scope": { + "type": "string", + "defaultValue": .properties.scope + } + }, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Authorization/roleAssignments", + "name": "[parameters('name')]", + "apiVersion": "2022-04-01", + "properties": { + "principalId": "[parameters('principalId')]", + "principalType": "[parameters('principalType')]", + "roleDefinitionId": "[parameters('roleDefinitionId')]", + "scope": "[parameters('scope')]" + } + } + ], + "outputs": {} +} \ No newline at end of file diff --git a/src/data/template/Microsoft.ManagedIdentity/userAssignedIdentities.template.jq b/src/data/template/Microsoft.ManagedIdentity/userAssignedIdentities.template.jq new file mode 100644 index 00000000..33994357 --- /dev/null +++ b/src/data/template/Microsoft.ManagedIdentity/userAssignedIdentities.template.jq @@ -0,0 +1,20 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "AzOps" + } + }, + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": .Type, + "name": .name, + "apiVersion": "2023-01-31", + "location":.location + } + ], + "outputs": {} +} \ No newline at end of file diff --git a/src/data/template/Microsoft.Network/ddosProtectionPlans.template.jq b/src/data/template/Microsoft.Network/ddosProtectionPlans.template.jq new file mode 100644 index 00000000..dd3ac4fb --- /dev/null +++ b/src/data/template/Microsoft.Network/ddosProtectionPlans.template.jq @@ -0,0 +1,28 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "AzOps" + } + }, + "parameters": { + "virtualNetworks": { + "type": "array", + "defaultValue": .properties.virtualNetworks + } + }, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Network/ddosProtectionPlans", + "name": "gs-co-ddos-eastus", + "apiVersion": "2022-11-01", + "location": .location, + "properties": { + "virtualNetworks": "[parameters('virtualNetworks')]" + } + } + ], + "outputs": {} +} diff --git a/src/data/template/Microsoft.Network/privateDnsZones.template.jq b/src/data/template/Microsoft.Network/privateDnsZones.template.jq new file mode 100644 index 00000000..9c567bd6 --- /dev/null +++ b/src/data/template/Microsoft.Network/privateDnsZones.template.jq @@ -0,0 +1,22 @@ +del(.properties.internalId,.properties.numberOfRecordSets,.properties.numberOfVirtualNetworkLinks,.properties.numberOfVirtualNetworkLinksWithRegistration) | +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "AzOps" + } + }, + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Network/privateDnsZones", + "name": .name, + "apiVersion": "2020-06-01", + "location": .location, + "properties": .properties + } + ], + "outputs": {} +} diff --git a/src/data/template/Microsoft.Network/privateDnsZones/virtualnetworklinks.template.jq b/src/data/template/Microsoft.Network/privateDnsZones/virtualnetworklinks.template.jq new file mode 100644 index 00000000..7690b082 --- /dev/null +++ b/src/data/template/Microsoft.Network/privateDnsZones/virtualnetworklinks.template.jq @@ -0,0 +1,29 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "AzOps" + } + }, + "parameters": { + "virtualNetwork": { + "type": "object", + "defaultValue": .properties.virtualNetwork + } + }, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Network/privateDnsZones/virtualnetworklinks", + "name": .name, + "apiVersion": "2020-06-01", + "location": .location, + "properties": { + "registrationEnabled": false, + "virtualNetwork": "[parameters('virtualNetwork')]" + } + } + ], + "outputs": {} +} diff --git a/src/data/template/Microsoft.Network/virtualnetworks.jq b/src/data/template/Microsoft.Network/virtualnetworks.jq index ca4ed9df..0168606a 100644 --- a/src/data/template/Microsoft.Network/virtualnetworks.jq +++ b/src/data/template/Microsoft.Network/virtualnetworks.jq @@ -1 +1 @@ -del(.. | .resourceGuid?, .resourceId?, .identity?, .kind?, .resourceName?, .extensionResourceName?, .parentResource?, .plan?, .etag? , .provisioningState?) \ No newline at end of file +del(.. | .resourceGuid?, .resourceId?, .identity?, .kind?, .resourceName?, .extensionResourceName?, .parentResource?, .plan?, .etag? , .provisioningState?) | del (.properties.subnets[].id) \ No newline at end of file diff --git a/src/internal/classes/AzOpsScope.ps1 b/src/internal/classes/AzOpsScope.ps1 index b5c99586..e2f0db39 100644 --- a/src/internal/classes/AzOpsScope.ps1 +++ b/src/internal/classes/AzOpsScope.ps1 @@ -283,14 +283,7 @@ $this.ResourceGroup = $this.GetResourceGroup() $this.ResourceProvider = $this.IsResourceProvider() $this.Resource = $this.GetResource() - if ( (Get-PSFConfigValue -FullName 'AzOps.Core.TemplateParameterFileSuffix') -notcontains 'parameters.json' -and - ("$($this.ResourceProvider)/$($this.Resource)" -in 'Microsoft.Authorization/policyDefinitions', 'Microsoft.Authorization/policySetDefinitions') - ) { - $this.StatePath = ($this.GetAzOpsResourcePath() + '.parameters' + (Get-PSFConfigValue -FullName 'AzOps.Core.TemplateParameterFileSuffix')) - } - else { - $this.StatePath = ($this.GetAzOpsResourcePath() + (Get-PSFConfigValue -FullName 'AzOps.Core.TemplateParameterFileSuffix')) - } + $this.StatePath = ($this.GetAzOpsResourcePath() + (Get-PSFConfigValue -FullName 'AzOps.Core.TemplateParameterFileSuffix')) } elseif ($this.IsResourceGroup()) { $this.Type = "resourcegroups" From b185c021fda11153c736b89ae8f3e0143060f2bb Mon Sep 17 00:00:00 2001 From: uday31in <14359777+uday31in@users.noreply.github.com> Date: Thu, 16 Mar 2023 02:59:04 +0000 Subject: [PATCH 2/5] law jq template --- .../workspaces.template.jq | 32 +++++++++++++++++ .../solutions.template.jq | 34 +++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 src/data/template/Microsoft.OperationalInsights/workspaces.template.jq create mode 100644 src/data/template/Microsoft.OperationsManagement/solutions.template.jq diff --git a/src/data/template/Microsoft.OperationalInsights/workspaces.template.jq b/src/data/template/Microsoft.OperationalInsights/workspaces.template.jq new file mode 100644 index 00000000..5e3b83df --- /dev/null +++ b/src/data/template/Microsoft.OperationalInsights/workspaces.template.jq @@ -0,0 +1,32 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "AzOps" + } + }, + "parameters": { + "name": { + "type": "string", + "defaultValue": .name + } + }, + "variables": {}, + "resources": [ + { + "type": "Microsoft.OperationalInsights/workspaces", + "name": "[parameters('name')]", + "apiVersion": "2022-10-01", + "location": .location, + "properties": { + "retentionInDays": 30, + "sku": { + "name": "pergb2018" + }, + "enableLogAccessUsingOnlyResourcePermissions": true + } + } + ], + "outputs": {} +} diff --git a/src/data/template/Microsoft.OperationsManagement/solutions.template.jq b/src/data/template/Microsoft.OperationsManagement/solutions.template.jq new file mode 100644 index 00000000..3ab3ce3b --- /dev/null +++ b/src/data/template/Microsoft.OperationsManagement/solutions.template.jq @@ -0,0 +1,34 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "AzOps" + } + }, + "parameters": { + "containedResources": { + "type": "array", + "defaultValue": .properties.containedResources + }, + "workspaceResourceId": { + "type": "string", + "defaultValue": .properties.workspaceResourceId + }, + }, + "variables": {}, + "resources": [ + { + "type": "Microsoft.OperationsManagement/solutions", + "name": .name, + "apiVersion": "2015-11-01-preview", + "location": .location, + "properties": { + "containedResources": "[parameters('containedResources')]", + "workbookTemplates": [], + "workspaceResourceId": "[parameters('workspaceResourceId')]" + } + } + ], + "outputs": {} +} From 91263407c580e170b9ab47d733c482b0cb91f0c5 Mon Sep 17 00:00:00 2001 From: uday31in <14359777+uday31in@users.noreply.github.com> Date: Thu, 16 Mar 2023 16:15:51 +0000 Subject: [PATCH 3/5] networking jq --- .../azureFirewalls.template.jq | 43 +++++++++++++++++ .../dnsResolvers.template.jq | 28 +++++++++++ .../dnsResolvers/inboundendpoints.template.jq | 34 ++++++++++++++ .../outboundendpoints.template.jq | 34 ++++++++++++++ .../firewallPolicies.template.jq | 34 ++++++++++++++ .../networkSecurityGroups.template.jq | 31 +++++++++++++ .../virtualnetworklinks.template.jq | 12 +++-- .../publicIPAddresses.template.jq | 46 +++++++++++++++++++ .../Microsoft.Network/routeTables.template.jq | 30 ++++++++++++ .../functions/ConvertTo-AzOpsState.ps1 | 25 ++++++---- src/localized/en-us/Strings.psd1 | 1 + 11 files changed, 305 insertions(+), 13 deletions(-) create mode 100644 src/data/template/Microsoft.Network/azureFirewalls.template.jq create mode 100644 src/data/template/Microsoft.Network/dnsResolvers.template.jq create mode 100644 src/data/template/Microsoft.Network/dnsResolvers/inboundendpoints.template.jq create mode 100644 src/data/template/Microsoft.Network/dnsResolvers/outboundendpoints.template.jq create mode 100644 src/data/template/Microsoft.Network/firewallPolicies.template.jq create mode 100644 src/data/template/Microsoft.Network/networkSecurityGroups.template.jq create mode 100644 src/data/template/Microsoft.Network/publicIPAddresses.template.jq create mode 100644 src/data/template/Microsoft.Network/routeTables.template.jq diff --git a/src/data/template/Microsoft.Network/azureFirewalls.template.jq b/src/data/template/Microsoft.Network/azureFirewalls.template.jq new file mode 100644 index 00000000..ae3d3dec --- /dev/null +++ b/src/data/template/Microsoft.Network/azureFirewalls.template.jq @@ -0,0 +1,43 @@ +del(.properties.ipConfigurations[].etag, .properties.ipConfigurations[].id, .properties.ipConfigurations[].properties.provisioningState) | +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "AzOps" + } + }, + "parameters": { + "firewallPolicy": { + "type": "object", + "defaultValue": .properties.firewallPolicy + }, + "ipConfigurations": { + "type": "array", + "defaultValue": .properties.ipConfigurations + } + }, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Network/azureFirewalls", + "name": "gs-co-fw-eastus", + "apiVersion": "2022-11-01", + "location": .location, + "properties": { + "additionalProperties": .properties.additionalProperties, + "applicationRuleCollections": .properties.applicationRuleCollections, + "firewallPolicy": "[parameters('firewallPolicy')]", + "ipConfigurations": "[parameters('ipConfigurations')]", + "natRuleCollections": .properties.natRuleCollections, + "networkRuleCollections": .properties.networkRuleCollections, + "sku": { + "name": "AZFW_VNet", + "tier": "Standard" + }, + "threatIntelMode": "Alert" + } + } + ], + "outputs": {} +} diff --git a/src/data/template/Microsoft.Network/dnsResolvers.template.jq b/src/data/template/Microsoft.Network/dnsResolvers.template.jq new file mode 100644 index 00000000..652a9346 --- /dev/null +++ b/src/data/template/Microsoft.Network/dnsResolvers.template.jq @@ -0,0 +1,28 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "AzOps" + } + }, + "parameters": { + "virtualNetwork": { + "type": "object", + "defaultValue": .properties.virtualNetwork + } + }, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Network/dnsResolvers", + "name": .name, + "apiVersion": "2022-07-01", + "location": .location, + "properties": { + "virtualNetwork": "[parameters('virtualNetwork')]" + } + } + ], + "outputs": {} +} diff --git a/src/data/template/Microsoft.Network/dnsResolvers/inboundendpoints.template.jq b/src/data/template/Microsoft.Network/dnsResolvers/inboundendpoints.template.jq new file mode 100644 index 00000000..68e04f9f --- /dev/null +++ b/src/data/template/Microsoft.Network/dnsResolvers/inboundendpoints.template.jq @@ -0,0 +1,34 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "AzOps" + } + }, + "parameters": { + "ipConfigurations": { + "type": "array", + "defaultValue": .properties.ipConfigurations + }, + "resourceId": { + "type": "string", + "defaultValue": .ResourceId + } + }, + "variables": { + "name": "[concat(split(parameters('resourceId'),'/')[8],'/',split(parameters('resourceId'),'/')[10])]" + }, + "resources": [ + { + "type": "Microsoft.Network/dnsResolvers/inboundendpoints", + "name": "[variables('name')]", + "apiVersion": "2022-07-01", + "location": .location, + "properties": { + "ipConfigurations": "[parameters('ipConfigurations')]" + } + } + ], + "outputs": {} +} diff --git a/src/data/template/Microsoft.Network/dnsResolvers/outboundendpoints.template.jq b/src/data/template/Microsoft.Network/dnsResolvers/outboundendpoints.template.jq new file mode 100644 index 00000000..fd20a19d --- /dev/null +++ b/src/data/template/Microsoft.Network/dnsResolvers/outboundendpoints.template.jq @@ -0,0 +1,34 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "AzOps" + } + }, + "parameters": { + "subnet": { + "type": "object", + "defaultValue": .properties.subnet + }, + "resourceId": { + "type": "string", + "defaultValue": .ResourceId + } + }, + "variables": { + "name": "[concat(split(parameters('resourceId'),'/')[8],'/',split(parameters('resourceId'),'/')[10])]" + }, + "resources": [ + { + "type": "Microsoft.Network/dnsResolvers/outboundendpoints", + "name": "[variables('name')]", + "apiVersion": "2022-07-01", + "location": .location, + "properties": { + "subnet": "[parameters('subnet')]" + } + } + ], + "outputs": {} +} diff --git a/src/data/template/Microsoft.Network/firewallPolicies.template.jq b/src/data/template/Microsoft.Network/firewallPolicies.template.jq new file mode 100644 index 00000000..0e8b92a7 --- /dev/null +++ b/src/data/template/Microsoft.Network/firewallPolicies.template.jq @@ -0,0 +1,34 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "AzOps" + } + }, + "parameters": { + "firewalls": { + "type": "array", + "defaultValue": .properties.firewalls + } + }, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Network/firewallPolicies", + "name": .name, + "apiVersion": "2022-11-01", + "location": .location, + "properties": { + "childPolicies": [], + "firewalls": "[parameters('firewalls')]", + "ruleCollectionGroups": [], + "sku": { + "tier": "Standard" + }, + "threatIntelMode": "Alert" + } + } + ], + "outputs": {} +} diff --git a/src/data/template/Microsoft.Network/networkSecurityGroups.template.jq b/src/data/template/Microsoft.Network/networkSecurityGroups.template.jq new file mode 100644 index 00000000..95ce8f84 --- /dev/null +++ b/src/data/template/Microsoft.Network/networkSecurityGroups.template.jq @@ -0,0 +1,31 @@ +del(.properties.defaultSecurityRules[].etag, .properties.defaultSecurityRules[].id) | +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "AzOps" + } + }, + "parameters": { + "subnets": { + "type": "array", + "defaultValue": .properties.subnets + } + }, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Network/networkSecurityGroups", + "name": .name, + "apiVersion": "2022-11-01", + "location": .location, + "properties": { + "defaultSecurityRules": .properties.defaultSecurityRules, + "securityRules": .properties.securityRules, + "subnets": "[parameters('subnets')]" + } + } + ], + "outputs": {} +} diff --git a/src/data/template/Microsoft.Network/privateDnsZones/virtualnetworklinks.template.jq b/src/data/template/Microsoft.Network/privateDnsZones/virtualnetworklinks.template.jq index 7690b082..e8be7558 100644 --- a/src/data/template/Microsoft.Network/privateDnsZones/virtualnetworklinks.template.jq +++ b/src/data/template/Microsoft.Network/privateDnsZones/virtualnetworklinks.template.jq @@ -10,13 +10,19 @@ "virtualNetwork": { "type": "object", "defaultValue": .properties.virtualNetwork + }, + "resourceId": { + "type": "string", + "defaultValue": .ResourceId } }, - "variables": {}, + "variables": { + "name": "[concat(split(parameters('resourceId'),'/')[8],'/',split(parameters('resourceId'),'/')[10])]" + }, "resources": [ { "type": "Microsoft.Network/privateDnsZones/virtualnetworklinks", - "name": .name, + "name": "[variables('name')]", "apiVersion": "2020-06-01", "location": .location, "properties": { @@ -26,4 +32,4 @@ } ], "outputs": {} -} +} \ No newline at end of file diff --git a/src/data/template/Microsoft.Network/publicIPAddresses.template.jq b/src/data/template/Microsoft.Network/publicIPAddresses.template.jq new file mode 100644 index 00000000..18e834ec --- /dev/null +++ b/src/data/template/Microsoft.Network/publicIPAddresses.template.jq @@ -0,0 +1,46 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "AzOps" + } + }, + "parameters": { + "ipAddress": { + "type": "string", + "defaultValue": .properties.ipAddress + }, + "ipConfiguration": { + "type": "object", + "defaultValue": .properties.ipConfiguration + } + }, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Network/publicIPAddresses", + "name": .name, + "sku": { + "name": "Standard", + "tier": "Regional" + }, + "apiVersion": "2022-11-01", + "location": .location, + "properties": { + "idleTimeoutInMinutes": 4, + "ipAddress": "[parameters('ipAddress')]", + "ipConfiguration":"[parameters('ipConfiguration')]", + "ipTags": [], + "publicIPAddressVersion": .properties.publicIPAddressVersion, + "publicIPAllocationMethod": .properties.publicIPAllocationMethod + }, + "zones": [ + "1", + "2", + "3" + ] + } + ], + "outputs": {} +} diff --git a/src/data/template/Microsoft.Network/routeTables.template.jq b/src/data/template/Microsoft.Network/routeTables.template.jq new file mode 100644 index 00000000..9a2e70b4 --- /dev/null +++ b/src/data/template/Microsoft.Network/routeTables.template.jq @@ -0,0 +1,30 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "AzOps" + } + }, + "parameters": { + "subnets": { + "type": "array", + "defaultValue": .properties.subnets + } + }, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Network/routeTables", + "name": .name, + "apiVersion": "2022-11-01", + "location": .location, + "properties": { + "disableBgpRoutePropagation": false, + "routes": [], + "subnets": "[parameters('subnets')]" + } + } + ], + "outputs": {} +} diff --git a/src/internal/functions/ConvertTo-AzOpsState.ps1 b/src/internal/functions/ConvertTo-AzOpsState.ps1 index 328f72a2..9e00f436 100644 --- a/src/internal/functions/ConvertTo-AzOpsState.ps1 +++ b/src/internal/functions/ConvertTo-AzOpsState.ps1 @@ -219,21 +219,26 @@ #endregion #region Replace Resource Type and API Version - if ( - ($Script:AzOpsResourceProvider | Where-Object { $_.ProviderNamespace -eq $providerNamespace }) -and + if ($object.resources[0].apiVersion -ne "0000-00-00") + { + if(($Script:AzOpsResourceProvider | Where-Object { $_.ProviderNamespace -eq $providerNamespace }) -and (($Script:AzOpsResourceProvider | Where-Object { $_.ProviderNamespace -eq $providerNamespace }).ResourceTypes | Where-Object { $_.ResourceTypeName -eq $resourceApiTypeName }) - ) { - $apiVersions = (($Script:AzOpsResourceProvider | Where-Object { $_.ProviderNamespace -eq $providerNamespace }).ResourceTypes | Where-Object { $_.ResourceTypeName -eq $resourceApiTypeName }).ApiVersions[0] - Write-PSFMessage -Level Verbose -String 'ConvertTo-AzOpsState.GenerateTemplate.ApiVersion' -StringValues $resourceType, $apiVersions -FunctionName 'ConvertTo-AzOpsState' + ) { + $apiVersions = (($Script:AzOpsResourceProvider | Where-Object { $_.ProviderNamespace -eq $providerNamespace }).ResourceTypes | Where-Object { $_.ResourceTypeName -eq $resourceApiTypeName }).ApiVersions[0] + Write-PSFMessage -Level Verbose -String 'ConvertTo-AzOpsState.GenerateTemplate.ApiVersion' -StringValues $resourceType, $apiVersions -FunctionName 'ConvertTo-AzOpsState' - $object.resources[0].apiVersion = $apiVersions - $object.resources[0].type = $resourceType + $object.resources[0].apiVersion = $apiVersions + $object.resources[0].type = $resourceType + } + else { + Write-PSFMessage -Level Verbose -String 'ConvertTo-AzOpsState.GenerateTemplate.NoApiVersion' -StringValues $resourceType -FunctionName 'ConvertTo-AzOpsState' + } + #endregion } else { - Write-PSFMessage -Level Warning -String 'ConvertTo-AzOpsState.GenerateTemplate.NoApiVersion' -StringValues $resourceType -FunctionName 'ConvertTo-AzOpsState' + #No need to retrive the API version dynamically + Write-PSFMessage -Level Warning -String 'ConvertTo-AzOpsState.GenerateTemplate.NoApiVersionRequired' -StringValues $resourceType -FunctionName 'ConvertTo-AzOpsState' } - #endregion - #region Append Name for child resource # [Patch] Temporary until mangementGroup() is fully implemented if ($resourceType -eq "Microsoft.Management/managementGroups/subscriptions") { diff --git a/src/localized/en-us/Strings.psd1 b/src/localized/en-us/Strings.psd1 index 5385543e..7a222296 100644 --- a/src/localized/en-us/Strings.psd1 +++ b/src/localized/en-us/Strings.psd1 @@ -68,6 +68,7 @@ 'ConvertTo-AzOpsState.GenerateTemplate.ResourceApiTypeName' = 'Resource api type: {0}' # $resourceApiTypeName 'ConvertTo-AzOpsState.GenerateTemplate.ApiVersion' = 'Determined api version: {1} for resource type name: {0}' # $resourceType, $apiVersions 'ConvertTo-AzOpsState.GenerateTemplate.NoApiVersion' = 'Unable to determine api version from resource type name: {0}' # $resourceTypeName + 'ConvertTo-AzOpsState.GenerateTemplate.NoApiVersionRequired' = 'Template already contains api version from resource type name: {0}' # $resourceTypeName 'ConvertTo-AzOpsState.GenerateTemplate.ChildResource' = 'Appending child resource name: {0}' # $resourceName 'ConvertTo-AzOpsState.ObjectType.Resolved.Generic' = 'Unable to determine object type: {0}' # $($_.GetType()) 'ConvertTo-AzOpsState.ObjectType.Resolved.PSObject' = 'Determined object type based on PowerShell class {0}' # $($_.GetType()) From fdac14eb94473e095f317dda2d54777ccb8eae4c Mon Sep 17 00:00:00 2001 From: uday31in <14359777+uday31in@users.noreply.github.com> Date: Sat, 18 Mar 2023 16:29:28 +0000 Subject: [PATCH 4/5] moving scope for policyassignment outside of property bag --- src/data/template/Microsoft.Authorization/policyAssignments.jq | 1 - .../Microsoft.Authorization/policyAssignments.template.jq | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) delete mode 100644 src/data/template/Microsoft.Authorization/policyAssignments.jq diff --git a/src/data/template/Microsoft.Authorization/policyAssignments.jq b/src/data/template/Microsoft.Authorization/policyAssignments.jq deleted file mode 100644 index 61349ed8..00000000 --- a/src/data/template/Microsoft.Authorization/policyAssignments.jq +++ /dev/null @@ -1 +0,0 @@ -del(.ResourceId, .resourceGroup, .subscriptionId, .properties.metadata.createdOn, .properties.metadata.updatedOn, .properties.metadata.createdBy, .properties.metadata.createdBy, .properties.metadata.updatedBy, .properties.metadata.assignedBy) \ No newline at end of file diff --git a/src/data/template/Microsoft.Authorization/policyAssignments.template.jq b/src/data/template/Microsoft.Authorization/policyAssignments.template.jq index 1adc845a..64f69eae 100644 --- a/src/data/template/Microsoft.Authorization/policyAssignments.template.jq +++ b/src/data/template/Microsoft.Authorization/policyAssignments.template.jq @@ -34,6 +34,7 @@ "type": .Type, "name": .name, "apiVersion": "2022-06-01", + "scope": "[parameters('scope')]", "location": "[parameters('location')]", "identity": "[if(empty(parameters('identity').type), null(), parameters('identity'))]", "properties": { @@ -41,7 +42,6 @@ "displayName": .properties.displayName, "enforcementMode": "[parameters('enforcementMode')]", "policyDefinitionId": .properties.policyDefinitionId, - "scope": "[parameters('scope')]", "parameters": "[parameters('policyparameters')]" } } From c2500767f4a3d511fc086b3660d73b675663c429 Mon Sep 17 00:00:00 2001 From: uday31in <14359777+uday31in@users.noreply.github.com> Date: Sat, 18 Mar 2023 22:50:36 +0000 Subject: [PATCH 5/5] fix to include plan information --- .../Microsoft.OperationsManagement/solutions.template.jq | 1 + 1 file changed, 1 insertion(+) diff --git a/src/data/template/Microsoft.OperationsManagement/solutions.template.jq b/src/data/template/Microsoft.OperationsManagement/solutions.template.jq index 3ab3ce3b..93574c6a 100644 --- a/src/data/template/Microsoft.OperationsManagement/solutions.template.jq +++ b/src/data/template/Microsoft.OperationsManagement/solutions.template.jq @@ -23,6 +23,7 @@ "name": .name, "apiVersion": "2015-11-01-preview", "location": .location, + "plan": .plan, "properties": { "containedResources": "[parameters('containedResources')]", "workbookTemplates": [],