Skip to content

Commit ad3aa8a

Browse files
mikebijlMike Bijlanwather
authored
Issue953 improve sync function (#954)
* refactor: streamline directory creation and file handling in Sync-ALZPolicies.ps1 * refactor: optimize JSON processing and file creation in Sync-ALZPolicies.ps1 by lowering disk write action * refactor: change hashtable to ordered hashtable for policy templates in Sync-ALZPolicies.ps1 to retain the order in the file written to disk * refactor: replace hashtable with ordered hashtable for consistency in policy definitions * refactor: simplify file creation and content processing in Sync-ALZPolicyFromLibrary.ps1 * refactor: change hashtables to ordered hashtables for consistency in policy definitions and assignments * refactor: streamline directory creation and file handling in Sync-ALZPolicies.ps1 * refactor: optimize JSON processing and file creation in Sync-ALZPolicies.ps1 by lowering disk write action * refactor: change hashtable to ordered hashtable for policy templates in Sync-ALZPolicies.ps1 to retain the order in the file written to disk * refactor: replace hashtable with ordered hashtable for consistency in policy definitions * refactor: simplify file creation and content processing in Sync-ALZPolicyFromLibrary.ps1 * refactor: change hashtables to ordered hashtables for consistency in policy definitions and assignments * refactor: ensure directory creation for policy assignments in Sync-ALZPolicies.ps1 * refactor: add schema references to policy definition * proper syntax * refactor: ensure directory creation for policy assignments in Sync-ALZPolicies.ps1 * refactor: add schema references to policy definition * proper syntax --------- Co-authored-by: Mike Bijl <m.bijl@rubicon.nl> Co-authored-by: Anthony Watherston <anwather@microsoft.com>
1 parent 382a808 commit ad3aa8a

File tree

2 files changed

+30
-62
lines changed

2 files changed

+30
-62
lines changed

Scripts/CloudAdoptionFramework/Sync-ALZPolicies.ps1

Lines changed: 9 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -64,13 +64,6 @@ try {
6464
}
6565
catch {}
6666

67-
New-Item -Path "$DefinitionsRootFolder\policyDefinitions" -ItemType Directory -Force -ErrorAction SilentlyContinue
68-
New-Item -Path "$DefinitionsRootFolder\policyDefinitions\ALZ" -ItemType Directory -Force -ErrorAction SilentlyContinue
69-
New-Item -Path "$DefinitionsRootFolder\policySetDefinitions" -ItemType Directory -Force -ErrorAction SilentlyContinue
70-
New-Item -Path "$DefinitionsRootFolder\policySetDefinitions\ALZ" -ItemType Directory -Force -ErrorAction SilentlyContinue
71-
New-Item -Path "$DefinitionsRootFolder\policyAssignments" -ItemType Directory -Force -ErrorAction SilentlyContinue
72-
New-Item -Path "$DefinitionsRootFolder\policyAssignments\ALZ" -ItemType Directory -Force -ErrorAction SilentlyContinue
73-
7467
. "$PSScriptRoot/../Helpers/ConvertTo-HashTable.ps1"
7568

7669
foreach ($policyUri in $defaultPolicyURIs) {
@@ -83,20 +76,16 @@ foreach ($policyUri in $defaultPolicyURIs) {
8376
$name = $_.Value | ConvertFrom-Json | Select-Object -ExpandProperty Name
8477
$environments = ($_.Value | ConvertFrom-Json | Select-Object -ExpandProperty Properties).metadata.alzCloudEnvironments
8578
if ($environments -contains $CloudEnvironment) {
86-
$baseTemplate = @{
79+
$baseTemplate = [ordered]@{
8780
schema = "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json"
8881
name = $_.Value | ConvertFrom-Json | Select-Object -ExpandProperty Name
8982
properties = $_.Value | ConvertFrom-Json | Select-Object -ExpandProperty Properties
9083
}
9184
$category = $baseTemplate.properties.Metadata.category
92-
if (!(Test-Path $DefinitionsRootFolder\policyDefinitions\ALZ\$category)) {
93-
New-Item -Path $DefinitionsRootFolder\policyDefinitions\ALZ\$category -ItemType Directory -Force -ErrorAction SilentlyContinue
94-
}
95-
$baseTemplate | ConvertTo-Json -Depth 50 | Out-File -FilePath $DefinitionsRootFolder\policyDefinitions\ALZ\$category\$name.json -Force
96-
(Get-Content $DefinitionsRootFolder\policyDefinitions\ALZ\$category\$name.json) -replace "\[\[", "[" | Set-Content $DefinitionsRootFolder\policyDefinitions\ALZ\$category\$name.json
85+
($baseTemplate | ConvertTo-Json -Depth 50) -replace "\[\[", "[" | New-Item -Path $DefinitionsRootFolder\policyDefinitions\ALZ\$category -ItemType File -Name "$name.json" -Force -ErrorAction SilentlyContinue
9786
}
98-
9987
}
88+
10089
if ($type -match 'Microsoft.Authorization/policySetDefinitions') {
10190
$name = $_.Value | ConvertFrom-Json | Select-Object -ExpandProperty Name
10291
$environments = ($_.Value | ConvertFrom-Json | Select-Object -ExpandProperty Properties).metadata.alzCloudEnvironments
@@ -111,22 +100,17 @@ foreach ($policyUri in $defaultPolicyURIs) {
111100
"AzureCloud" { $fileName = $name }
112101
}
113102
}
114-
$baseTemplate = @{
103+
$baseTemplate = [ordered]@{
115104
schema = "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-set-definition-schema.json"
116105
name = $_.Value | ConvertFrom-Json | Select-Object -ExpandProperty Name
117106
properties = $_.Value | ConvertFrom-Json | Select-Object -ExpandProperty Properties
118107
}
119108
$category = $baseTemplate.properties.Metadata.category
120-
if (!(Test-Path $DefinitionsRootFolder\policySetDefinitions\ALZ\$category)) {
121-
New-Item -Path $DefinitionsRootFolder\policySetDefinitions\ALZ\$category -ItemType Directory -Force -ErrorAction SilentlyContinue
122-
}
123-
$baseTemplate | ConvertTo-Json -Depth 50 | Out-File -FilePath $DefinitionsRootFolder\policySetDefinitions\ALZ\$category\$fileName.json -Force
124-
(Get-Content $DefinitionsRootFolder\policySetDefinitions\ALZ\$category\$fileName.json) -replace "\[\[", "[" | Set-Content $DefinitionsRootFolder\policySetDefinitions\ALZ\$category\$fileName.json
125-
(Get-Content $DefinitionsRootFolder\policySetDefinitions\ALZ\$category\$fileName.json) -replace "variables\('scope'\)", "'/providers/Microsoft.Management/managementGroups/$managementGroupId'" | Set-Content $DefinitionsRootFolder\policySetDefinitions\ALZ\$category\$fileName.json
126-
(Get-Content $DefinitionsRootFolder\policySetDefinitions\ALZ\$category\$fileName.json) -replace "', '", "" | Set-Content $DefinitionsRootFolder\policySetDefinitions\ALZ\$category\$fileName.json
127-
(Get-Content $DefinitionsRootFolder\policySetDefinitions\ALZ\$category\$fileName.json) -replace "\[concat\(('(.+)')\)\]", "`$2" | Set-Content $DefinitionsRootFolder\policySetDefinitions\ALZ\$category\$fileName.json
109+
($baseTemplate | ConvertTo-Json -Depth 50) -replace "\[\[", "[" `
110+
-replace "variables\('scope'\)", "'/providers/Microsoft.Management/managementGroups/$managementGroupId'" `
111+
-replace "', '", "" `
112+
-replace "\[concat\(('(.+)')\)\]", "`$2" | New-Item -Path $DefinitionsRootFolder\policySetDefinitions\ALZ\$category -ItemType File -Name "$fileName.json" -Force -ErrorAction SilentlyContinue
128113
}
129-
130114
}
131115
}
132116
}
@@ -144,6 +128,7 @@ foreach ($policySetFile in Get-ChildItem "$DefinitionsRootFolder\policySetDefini
144128
$jsonContent | ConvertTo-Json -Depth 20 | Set-Content $policySetFile
145129
}
146130

131+
New-Item -Path "$DefinitionsRootFolder\policyAssignments\ALZ" -ItemType Directory -Force -ErrorAction SilentlyContinue
147132
if ($ModuleRoot) {
148133
Copy-Item -Path "$ModuleRoot/policyAssignments/*.*" -Destination "$DefinitionsRootFolder\policyAssignments\ALZ\" -Force
149134
}

Scripts/CloudAdoptionFramework/Sync-ALZPolicyFromLibrary.ps1

Lines changed: 21 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -50,36 +50,27 @@ try {
5050
}
5151
catch {}
5252

53-
New-Item -Path "$DefinitionsRootFolder\policyDefinitions" -ItemType Directory -Force -ErrorAction SilentlyContinue
54-
New-Item -Path "$DefinitionsRootFolder\policyDefinitions\$Type" -ItemType Directory -Force -ErrorAction SilentlyContinue
55-
New-Item -Path "$DefinitionsRootFolder\policySetDefinitions" -ItemType Directory -Force -ErrorAction SilentlyContinue
56-
New-Item -Path "$DefinitionsRootFolder\policySetDefinitions\$Type" -ItemType Directory -Force -ErrorAction SilentlyContinue
57-
New-Item -Path "$DefinitionsRootFolder\policyAssignments" -ItemType Directory -Force -ErrorAction SilentlyContinue
58-
New-Item -Path "$DefinitionsRootFolder\policyAssignments\$Type" -ItemType Directory -Force -ErrorAction SilentlyContinue
59-
6053
# Create policy definition objects
6154

62-
foreach ($file in Get-ChildItem -Path "$LibraryPath\platform\$($Type.ToLower())\policy_definitions" -Recurse -File -Include *.json) {
55+
foreach ($file in Get-ChildItem -Path "$LibraryPath/platform/$($Type.ToLower())/policy_definitions" -Recurse -File -Include *.json) {
6356
$fileContent = Get-Content -Path $file.FullName -Raw | ConvertFrom-Json
64-
$baseTemplate = @{
57+
$baseTemplate = [ordered]@{
58+
'$schema' = "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json"
6559
name = $fileContent.name
6660
properties = $fileContent.properties
6761
}
6862
$category = $baseTemplate.properties.Metadata.category
69-
if (!(Test-Path $DefinitionsRootFolder\policyDefinitions\$Type\$category)) {
70-
New-Item -Path $DefinitionsRootFolder\policyDefinitions\$Type\$category -ItemType Directory -Force -ErrorAction SilentlyContinue
71-
}
72-
$baseTemplate | Select-Object name, properties | ConvertTo-Json -Depth 50 | Out-File -FilePath $DefinitionsRootFolder\policyDefinitions\$Type\$category\$($fileContent.name).json -Force
73-
(Get-Content $DefinitionsRootFolder\policyDefinitions\$Type\$category\$($fileContent.name).json) -replace "\[\[", "[" | Set-Content $DefinitionsRootFolder\policyDefinitions\$Type\$category\$($fileContent.name).json
63+
([PSCustomObject]$baseTemplate | Select-Object -Property "`$schema", name, properties | ConvertTo-Json -Depth 50) -replace "\[\[", "[" | New-Item -Path $DefinitionsRootFolder\policyDefinitions\$Type\$category -ItemType File -Name "$($fileContent.name).json" -Force -ErrorAction SilentlyContinue
7464
}
7565

7666
# Create policy set definition objects
7767

7868
foreach ($file in Get-ChildItem -Path "$LibraryPath\platform\$($Type.ToLower())\policy_set_definitions" -Recurse -File -Include *.json) {
7969
$fileContent = Get-Content -Path $file.FullName -Raw | ConvertFrom-Json
80-
$baseTemplate = @{
70+
$baseTemplate = [ordered]@{
71+
"`$schema" = "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-set-definition-schema.json"
8172
name = $fileContent.name
82-
properties = @{
73+
properties = [ordered]@{
8374
description = $fileContent.properties.description
8475
displayName = $fileContent.properties.displayName
8576
metadata = $fileContent.properties.metadata
@@ -91,13 +82,13 @@ foreach ($file in Get-ChildItem -Path "$LibraryPath\platform\$($Type.ToLower())\
9182
$policyDefinitions = @()
9283
# Fix the policyDefinitionIds for custom policies
9384
foreach ($policyDefinition in $fileContent.properties.policyDefinitions) {
94-
$obj = @{
85+
$obj = [ordered]@{
9586
parameters = $policyDefinition.parameters
9687
groupNames = $policyDefinition.groupNames
9788
policyDefinitionReferenceId = $policyDefinition.policyDefinitionReferenceId
9889
}
9990
if ($policyDefinition.policyDefinitionId -match "managementGroups") {
100-
$obj.Add("policyDefinitionName", $policyDefinition.policyDefinitionId.split("/")[-1])
91+
$obj.Add("policyDefinitionName", $policyDefinition.policyDefinitionId.split("/")[ - 1])
10192
}
10293
else {
10394
$obj.Add("policyDefinitionId", $policyDefinition.policyDefinitionId)
@@ -107,14 +98,10 @@ foreach ($file in Get-ChildItem -Path "$LibraryPath\platform\$($Type.ToLower())\
10798
$baseTemplate.properties.policyDefinitions = $policyDefinitions
10899

109100
$category = $baseTemplate.properties.Metadata.category
110-
if (!(Test-Path $DefinitionsRootFolder\policySetDefinitions\$Type\$category)) {
111-
New-Item -Path $DefinitionsRootFolder\policySetDefinitions\$Type\$category -ItemType Directory -Force -ErrorAction SilentlyContinue
112-
}
113-
$baseTemplate | Select-Object name, properties | ConvertTo-Json -Depth 50 | Out-File -FilePath $DefinitionsRootFolder\policySetDefinitions\$Type\$category\$($fileContent.name).json -Force
114-
(Get-Content $DefinitionsRootFolder\policySetDefinitions\$Type\$category\$($fileContent.name).json) -replace "\[\[", "[" | Set-Content $DefinitionsRootFolder\policySetDefinitions\$Type\$category\$($fileContent.name).json
115-
(Get-Content $DefinitionsRootFolder\policySetDefinitions\$Type\$category\$($fileContent.name).json) -replace "variables\('scope'\)", "'/providers/Microsoft.Management/managementGroups/$managementGroupId'" | Set-Content $DefinitionsRootFolder\policySetDefinitions\$Type\$category\$($fileContent.name).json
116-
(Get-Content $DefinitionsRootFolder\policySetDefinitions\$Type\$category\$($fileContent.name).json) -replace "', '", "" | Set-Content $DefinitionsRootFolder\policySetDefinitions\$Type\$category\$($fileContent.name).json
117-
(Get-Content $DefinitionsRootFolder\policySetDefinitions\$Type\$category\$($fileContent.name).json) -replace "\[concat\(('(.+)')\)\]", "`$2" | Set-Content $DefinitionsRootFolder\policySetDefinitions\$Type\$category\$($fileContent.name).json
101+
([PSCustomObject]$baseTemplate | Select-Object -Property "`$schema", name, properties | ConvertTo-Json -Depth 50) -replace "\[\[", "[" `
102+
-replace "variables\('scope'\)", "'/providers/Microsoft.Management/managementGroups/$managementGroupId'" `
103+
-replace "', '", "" `
104+
-replace "\[concat\(('(.+)')\)\]", "`$2" | New-Item -Path $DefinitionsRootFolder\policySetDefinitions\$Type\$category -ItemType File -Name "$($fileContent.name).json" -Force -ErrorAction SilentlyContinue
118105
}
119106

120107
# Create assignment objects
@@ -141,18 +128,18 @@ foreach ($file in Get-ChildItem -Path "$LibraryPath\platform\$($Type.ToLower())\
141128
}
142129

143130

144-
$baseTemplate = @{
131+
$baseTemplate = [ordered]@{
145132
"`$schema" = "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-assignment-schema.json"
146133
nodeName = "$($archetypeContent.name)/$($fileContent.name)"
147-
assignment = @{
134+
assignment = [ordered]@{
148135
name = $fileContent.Name
149136
displayName = $fileContent.properties.displayName
150137
description = $fileContent.properties.description
151138
}
152-
definitionEntry = @{
139+
definitionEntry = [ordered]@{
153140
displayName = $fileContent.properties.displayName
154141
}
155-
parameters = @{}
142+
parameters = [ordered]@{}
156143
enforcementMode = $structureFile.enforcementMode
157144
}
158145

@@ -163,10 +150,10 @@ foreach ($file in Get-ChildItem -Path "$LibraryPath\platform\$($Type.ToLower())\
163150

164151
# Definition Entry
165152
if ($fileContent.properties.policyDefinitionId -match "placeholder.+policySetDefinition") {
166-
$baseTemplate.definitionEntry.Add("policySetName", ($fileContent.properties.policyDefinitionId).Split("/")[-1])
153+
$baseTemplate.definitionEntry.Add("policySetName", ($fileContent.properties.policyDefinitionId).Split("/")[ - 1])
167154
}
168155
elseif ($fileContent.properties.policyDefinitionId -match "placeholder.+policyDefinition") {
169-
$baseTemplate.definitionEntry.Add("policyName", ($fileContent.properties.policyDefinitionId).Split("/")[-1])
156+
$baseTemplate.definitionEntry.Add("policyName", ($fileContent.properties.policyDefinitionId).Split("/")[ - 1])
170157
}
171158
else {
172159
if ($fileContent.properties.policyDefinitionId -match "policySetDefinitions") {
@@ -186,7 +173,7 @@ foreach ($file in Get-ChildItem -Path "$LibraryPath\platform\$($Type.ToLower())\
186173
if ($scopeTrim -eq "landing_zones") {
187174
$scopeTrim = "landingzones"
188175
}
189-
$scope = @{
176+
$scope = [ordered]@{
190177
$PacEnvironmentSelector = @(
191178
$structureFile.managementGroupNameMappings.$scopeTrim.value
192179
)
@@ -233,11 +220,7 @@ foreach ($file in Get-ChildItem -Path "$LibraryPath\platform\$($Type.ToLower())\
233220

234221

235222
$category = $structureFile.managementGroupNameMappings.$scopeTrim.management_group_function
236-
if (!(Test-Path $DefinitionsRootFolder\policyAssignments\$Type\$category)) {
237-
New-Item -Path $DefinitionsRootFolder\policyAssignments\$Type\$category -ItemType Directory -Force -ErrorAction SilentlyContinue
238-
}
239-
$baseTemplate | Select-Object "`$schema", nodeName, assignment, definitionEntry, definitionVersion, enforcementMode, parameters, nonComplianceMessages, scope | ConvertTo-Json -Depth 50 | Out-File -FilePath $DefinitionsRootFolder\policyAssignments\$Type\$category\$($fileContent.name).json -Force
240-
(Get-Content $DefinitionsRootFolder\policyAssignments\$Type\$category\$($fileContent.name).json) -replace "\[\[", "[" | Set-Content $DefinitionsRootFolder\policyAssignments\$Type\$category\$($fileContent.name).json
223+
([PSCustomObject]$baseTemplate | Select-Object -Property "`$schema", nodeName, assignment, definitionEntry, definitionVersion, enforcementMode, parameters, nonComplianceMessages, scope | ConvertTo-Json -Depth 50) -replace "\[\[", "[" | New-Item -Path $DefinitionsRootFolder\policyAssignments\$Type\$category -ItemType File -Name "$($fileContent.name).json" -Force -ErrorAction SilentlyContinue
241224
if ($fileContent.name -eq "Deploy-Private-DNS-Zones") {
242225
(Get-Content $DefinitionsRootFolder\policyAssignments\$Type\$category\$($fileContent.name).json) -replace "\.ne\.", ".$dnsZoneRegion." | Set-Content $DefinitionsRootFolder\policyAssignments\$Type\$category\$($fileContent.name).json
243226
}

0 commit comments

Comments
 (0)