Skip to content

Commit

Permalink
Add cross subscription support for some built-in AMA related policies (
Browse files Browse the repository at this point in the history
…#430)

* add 2 Virtual Machines AMA related policies for cross subscription supportability

* add 2 windows vmss AMA related policies for cross subscription supportability

* adjust descriptions

* add 2 Linux AMA related policies for cross subscription supportability

* rename effect

* rename effect

* rename effect

* rename display Name and descriptions

---------

Co-authored-by: Hugo Ribeiro <[email protected]>
  • Loading branch information
mitramcc and hribeiro-msft authored May 15, 2024
1 parent b532fdb commit e61ff6a
Show file tree
Hide file tree
Showing 18 changed files with 5,626 additions and 0 deletions.

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
{
"bringYourOwnUserAssignedManagedIdentity": {
"type": "Boolean",
"metadata": {
"displayName": "Bring Your Own User-Assigned Identity",
"description": "Enable this to use your pre-created user-assigned managed identity. The pre-created identity MUST exist within the subscription otherwise the policy deployment will fail. If enabled, ensure that the User-Assigned Identity Name and Identity Resource Group Name parameters match the pre-created identity. If not enabled, the policy will create per subscription, per resource user-assigned managed identities in a new resource group named 'Built-In-Identity-RG'."
},
"allowedValues": [
true,
false
]
},
"userAssignedIdentityName": {
"type": "String",
"metadata": {
"displayName": "User-Assigned Managed Identity Name",
"description": "The name of the pre-created user-assigned managed identity."
},
"defaultValue": ""
},
"identityResourceGroup": {
"type": "String",
"metadata": {
"displayName": "User-Assigned Managed Identity Resource Group Name",
"description": "The resource group in which the pre-created user-assigned managed identity resides."
},
"defaultValue": ""
},
"identitySubscription": {
"type": "String",
"metadata": {
"displayName": "User-Assigned Managed Identity Subscription ID",
"description": "The Subscription id of the pre-created user-assigned managed identity."
},
"defaultValue": ""
},
"builtInIdentityResourceGroupLocation": {
"type": "String",
"metadata": {
"displayName": "Built-In-Identity-RG Location",
"description": "The location of the resource group 'Built-In-Identity-RG' created by the policy. This parameter is only used when 'Bring Your Own User Assigned Identity' parameter is false."
},
"defaultValue": "eastus"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "The effect determines what happens when the policy rule is evaluated to match."
},
"allowedValues": [
"AuditIfNotExists",
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
}

Large diffs are not rendered by default.

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
{
"bringYourOwnUserAssignedManagedIdentity": {
"type": "Boolean",
"metadata": {
"displayName": "Bring Your Own User-Assigned Identity",
"description": "Enable this to use your pre-created user-assigned managed identity. The pre-created identity MUST exist within the subscription otherwise the policy deployment will fail. If enabled, ensure that the User-Assigned Identity Name and Identity Resource Group Name parameters match the pre-created identity. If not enabled, the policy will create per subscription, per resource user-assigned managed identities in a new resource group named 'Built-In-Identity-RG'."
},
"allowedValues": [
true,
false
]
},
"userAssignedIdentityName": {
"type": "String",
"metadata": {
"displayName": "User-Assigned Managed Identity Name",
"description": "The name of the pre-created user-assigned managed identity."
},
"defaultValue": ""
},
"identityResourceGroup": {
"type": "String",
"metadata": {
"displayName": "User-Assigned Managed Identity Resource Group Name",
"description": "The resource group in which the pre-created user-assigned managed identity resides."
},
"defaultValue": ""
},
"identitySubscription": {
"type": "String",
"metadata": {
"displayName": "User-Assigned Managed Identity Subscription ID",
"description": "The Subscription id of the pre-created user-assigned managed identity."
},
"defaultValue": ""
},
"builtInIdentityResourceGroupLocation": {
"type": "String",
"metadata": {
"displayName": "Built-In-Identity-RG Location",
"description": "The location of the resource group 'Built-In-Identity-RG' created by the policy. This parameter is only used when 'Bring Your Own User Assigned Identity' parameter is false."
},
"defaultValue": "eastus"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "The effect determines what happens when the policy rule is evaluated to match."
},
"allowedValues": [
"AuditIfNotExists",
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
}
Loading

0 comments on commit e61ff6a

Please sign in to comment.