-
Notifications
You must be signed in to change notification settings - Fork 328
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add cross subscription support for some built-in AMA related policies (…
…#430) * add 2 Virtual Machines AMA related policies for cross subscription supportability * add 2 windows vmss AMA related policies for cross subscription supportability * adjust descriptions * add 2 Linux AMA related policies for cross subscription supportability * rename effect * rename effect * rename effect * rename display Name and descriptions --------- Co-authored-by: Hugo Ribeiro <[email protected]>
- Loading branch information
1 parent
b532fdb
commit e61ff6a
Showing
18 changed files
with
5,626 additions
and
0 deletions.
There are no files selected for viewing
407 changes: 407 additions & 0 deletions
407
...subscription-user-assigned-managed-identity-to-virtual-machine-scale-set/azurepolicy.json
Large diffs are not rendered by default.
Oops, something went wrong.
58 changes: 58 additions & 0 deletions
58
...n-user-assigned-managed-identity-to-virtual-machine-scale-set/azurepolicy.parameters.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
{ | ||
"bringYourOwnUserAssignedManagedIdentity": { | ||
"type": "Boolean", | ||
"metadata": { | ||
"displayName": "Bring Your Own User-Assigned Identity", | ||
"description": "Enable this to use your pre-created user-assigned managed identity. The pre-created identity MUST exist within the subscription otherwise the policy deployment will fail. If enabled, ensure that the User-Assigned Identity Name and Identity Resource Group Name parameters match the pre-created identity. If not enabled, the policy will create per subscription, per resource user-assigned managed identities in a new resource group named 'Built-In-Identity-RG'." | ||
}, | ||
"allowedValues": [ | ||
true, | ||
false | ||
] | ||
}, | ||
"userAssignedIdentityName": { | ||
"type": "String", | ||
"metadata": { | ||
"displayName": "User-Assigned Managed Identity Name", | ||
"description": "The name of the pre-created user-assigned managed identity." | ||
}, | ||
"defaultValue": "" | ||
}, | ||
"identityResourceGroup": { | ||
"type": "String", | ||
"metadata": { | ||
"displayName": "User-Assigned Managed Identity Resource Group Name", | ||
"description": "The resource group in which the pre-created user-assigned managed identity resides." | ||
}, | ||
"defaultValue": "" | ||
}, | ||
"identitySubscription": { | ||
"type": "String", | ||
"metadata": { | ||
"displayName": "User-Assigned Managed Identity Subscription ID", | ||
"description": "The Subscription id of the pre-created user-assigned managed identity." | ||
}, | ||
"defaultValue": "" | ||
}, | ||
"builtInIdentityResourceGroupLocation": { | ||
"type": "String", | ||
"metadata": { | ||
"displayName": "Built-In-Identity-RG Location", | ||
"description": "The location of the resource group 'Built-In-Identity-RG' created by the policy. This parameter is only used when 'Bring Your Own User Assigned Identity' parameter is false." | ||
}, | ||
"defaultValue": "eastus" | ||
}, | ||
"effect": { | ||
"type": "String", | ||
"metadata": { | ||
"displayName": "Effect", | ||
"description": "The effect determines what happens when the policy rule is evaluated to match." | ||
}, | ||
"allowedValues": [ | ||
"AuditIfNotExists", | ||
"DeployIfNotExists", | ||
"Disabled" | ||
], | ||
"defaultValue": "DeployIfNotExists" | ||
} | ||
} |
336 changes: 336 additions & 0 deletions
336
...iption-user-assigned-managed-identity-to-virtual-machine-scale-set/azurepolicy.rules.json
Large diffs are not rendered by default.
Oops, something went wrong.
407 changes: 407 additions & 0 deletions
407
...gn-cross-subscription-user-assigned-managed-identity-to-virtual-machines/azurepolicy.json
Large diffs are not rendered by default.
Oops, something went wrong.
58 changes: 58 additions & 0 deletions
58
...bscription-user-assigned-managed-identity-to-virtual-machines/azurepolicy.parameters.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
{ | ||
"bringYourOwnUserAssignedManagedIdentity": { | ||
"type": "Boolean", | ||
"metadata": { | ||
"displayName": "Bring Your Own User-Assigned Identity", | ||
"description": "Enable this to use your pre-created user-assigned managed identity. The pre-created identity MUST exist within the subscription otherwise the policy deployment will fail. If enabled, ensure that the User-Assigned Identity Name and Identity Resource Group Name parameters match the pre-created identity. If not enabled, the policy will create per subscription, per resource user-assigned managed identities in a new resource group named 'Built-In-Identity-RG'." | ||
}, | ||
"allowedValues": [ | ||
true, | ||
false | ||
] | ||
}, | ||
"userAssignedIdentityName": { | ||
"type": "String", | ||
"metadata": { | ||
"displayName": "User-Assigned Managed Identity Name", | ||
"description": "The name of the pre-created user-assigned managed identity." | ||
}, | ||
"defaultValue": "" | ||
}, | ||
"identityResourceGroup": { | ||
"type": "String", | ||
"metadata": { | ||
"displayName": "User-Assigned Managed Identity Resource Group Name", | ||
"description": "The resource group in which the pre-created user-assigned managed identity resides." | ||
}, | ||
"defaultValue": "" | ||
}, | ||
"identitySubscription": { | ||
"type": "String", | ||
"metadata": { | ||
"displayName": "User-Assigned Managed Identity Subscription ID", | ||
"description": "The Subscription id of the pre-created user-assigned managed identity." | ||
}, | ||
"defaultValue": "" | ||
}, | ||
"builtInIdentityResourceGroupLocation": { | ||
"type": "String", | ||
"metadata": { | ||
"displayName": "Built-In-Identity-RG Location", | ||
"description": "The location of the resource group 'Built-In-Identity-RG' created by the policy. This parameter is only used when 'Bring Your Own User Assigned Identity' parameter is false." | ||
}, | ||
"defaultValue": "eastus" | ||
}, | ||
"effect": { | ||
"type": "String", | ||
"metadata": { | ||
"displayName": "Effect", | ||
"description": "The effect determines what happens when the policy rule is evaluated to match." | ||
}, | ||
"allowedValues": [ | ||
"AuditIfNotExists", | ||
"DeployIfNotExists", | ||
"Disabled" | ||
], | ||
"defaultValue": "DeployIfNotExists" | ||
} | ||
} |
Oops, something went wrong.