Skip to content

Commit

Permalink
fixed linter warnings in policy files
Browse files Browse the repository at this point in the history
  • Loading branch information
tredell committed Feb 13, 2023
1 parent 6c2b2f7 commit 8e9628d
Show file tree
Hide file tree
Showing 5 changed files with 13 additions and 13 deletions.
12 changes: 6 additions & 6 deletions policy/custom/assignments/AKS.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ targetScope = 'managementGroup'
@description('Location for the deployment.')
param location string = deployment().location

@description('Management Group scope for the policy definition.')
//@description('Management Group scope for the policy definition.')
param policyDefinitionManagementGroupId string

@description('Management Group scope for the policy assignment.')
Expand All @@ -29,10 +29,10 @@ var policyId = 'custom-aks'
var assignmentName = 'Custom - Azure Kubernetes Service'

var scope = tenantResourceId('Microsoft.Management/managementGroups', policyAssignmentManagementGroupId)
var policyDefinitionScope = tenantResourceId('Microsoft.Management/managementGroups', policyDefinitionManagementGroupId)
var policyDefinitionScope = resourceId('Microsoft.Management/managementGroups', policyDefinitionManagementGroupId)
var policyScopedId = extensionResourceId(policyDefinitionScope, 'Microsoft.Authorization/policySetDefinitions', policyId)


output PolicyDefinitionId string = policyScopedId

// Telemetry - Azure customer usage attribution
// Reference: https://learn.microsoft.com/azure/marketplace/azure-partner-customer-usage-attribution
Expand Down Expand Up @@ -61,7 +61,7 @@ resource podSecurityRestrictedStandardsPolicySetAssignment 'Microsoft.Authorizat
name: 'aks-res-${uniqueString(policyAssignmentManagementGroupId)}'
properties: {
displayName: 'Kubernetes cluster pod security restricted standards for Linux-based workloads'
policyDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','42b8ef37-b724-4e24-bbc8-7a7708edfe00')
policyDefinitionId: tenantResourceId('Microsoft.Authorization/policySetDefinitions','42b8ef37-b724-4e24-bbc8-7a7708edfe00')
scope: scope
notScopes: []
parameters: {}
Expand All @@ -77,7 +77,7 @@ resource podSecurityBaselineStandardsPolicySetAssignment 'Microsoft.Authorizatio
name: 'aks-std-${uniqueString(policyAssignmentManagementGroupId)}'
properties: {
displayName: 'Kubernetes cluster pod security baseline standards for Linux-based workloads'
policyDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','a8640138-9b0a-4a28-b8cb-1666c838647d')
policyDefinitionId: tenantResourceId('Microsoft.Authorization/policySetDefinitions','a8640138-9b0a-4a28-b8cb-1666c838647d')
scope: scope
notScopes: []
parameters: {}
Expand All @@ -96,7 +96,7 @@ resource policySetRoleAssignmentContributor 'Microsoft.Authorization/roleAssignm
name: guid(policyAssignmentManagementGroupId, 'aks', 'Contributor')
scope: managementGroup()
properties: {
roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','b24988ac-6180-42a0-ab88-20f7382dd24c')
roleDefinitionId: tenantResourceId('Microsoft.Authorization/roleDefinitions','b24988ac-6180-42a0-ab88-20f7382dd24c')
principalId: policySetAssignment.identity.principalId
principalType: 'ServicePrincipal'
}
Expand Down
2 changes: 1 addition & 1 deletion policy/custom/assignments/DDoS.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ resource policySetRoleAssignmentNetworkContributor 'Microsoft.Authorization/role
name: guid(policyAssignmentManagementGroupId, 'ddos-standard', 'Network Contributor')
scope: managementGroup()
properties: {
roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','4d97b98b-1d4f-4787-a291-c67834d212e7')
roleDefinitionId: tenantResourceId('Microsoft.Authorization/roleDefinitions','4d97b98b-1d4f-4787-a291-c67834d212e7')
principalId: policySetAssignment.identity.principalId
principalType: 'ServicePrincipal'
}
Expand Down
2 changes: 1 addition & 1 deletion policy/custom/assignments/DNSPrivateEndpoints.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ resource policySetRoleAssignmentNetworkContributor 'Microsoft.Authorization/role
name: guid(policyAssignmentManagementGroupId, 'dns-private-endpoint', 'Network Contributor')
scope: managementGroup()
properties: {
roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','4d97b98b-1d4f-4787-a291-c67834d212e7')
roleDefinitionId: tenantResourceId('Microsoft.Authorization/roleDefinitions','4d97b98b-1d4f-4787-a291-c67834d212e7')
principalId: policySetAssignment.identity.principalId
principalType: 'ServicePrincipal'
}
Expand Down
4 changes: 2 additions & 2 deletions policy/custom/assignments/DefenderForCloud.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ resource policySetRoleAssignmentSecurityAdmin 'Microsoft.Authorization/roleAssig
name: guid(policyAssignmentManagementGroupId, 'asc', 'Security Admin')
scope: managementGroup()
properties: {
roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','fb1c8493-542b-48eb-b624-b4c8fea62acd')
roleDefinitionId: tenantResourceId('Microsoft.Authorization/roleDefinitions','fb1c8493-542b-48eb-b624-b4c8fea62acd')
principalId: policySetAssignment.identity.principalId
principalType: 'ServicePrincipal'
}
Expand All @@ -72,7 +72,7 @@ resource policySetRoleAssignmentVirtualMachineContributor 'Microsoft.Authorizati
name: guid(policyAssignmentManagementGroupId, 'asc', 'Virtual Machine Contributor')
scope: managementGroup()
properties: {
roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','9980e02c-c2be-4d73-94e8-173b1dc7cf3c')
roleDefinitionId: tenantResourceId('Microsoft.Authorization/roleDefinitions','9980e02c-c2be-4d73-94e8-173b1dc7cf3c')
principalId: policySetAssignment.identity.principalId
principalType: 'ServicePrincipal'
}
Expand Down
6 changes: 3 additions & 3 deletions policy/custom/assignments/LogAnalytics.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ resource policySetRoleAssignmentLogAnalyticsContributor 'Microsoft.Authorization
name: guid(policyAssignmentManagementGroupId, 'loganalytics', 'Log Analytics Contributor')
scope: managementGroup()
properties: {
roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','92aaf0da-9dab-42b6-94a3-d43ce8d16293')
roleDefinitionId: tenantResourceId('Microsoft.Authorization/roleDefinitions','92aaf0da-9dab-42b6-94a3-d43ce8d16293')
principalId: policySetAssignment.identity.principalId
principalType: 'ServicePrincipal'
}
Expand All @@ -85,7 +85,7 @@ resource policySetRoleAssignmentVirtualMachineContributor 'Microsoft.Authorizati
name: guid(policyAssignmentManagementGroupId, 'loganalytics', 'Virtual Machine Contributor')
scope: managementGroup()
properties: {
roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','9980e02c-c2be-4d73-94e8-173b1dc7cf3c')
roleDefinitionId: tenantResourceId('Microsoft.Authorization/roleDefinitions','9980e02c-c2be-4d73-94e8-173b1dc7cf3c')
principalId: policySetAssignment.identity.principalId
principalType: 'ServicePrincipal'
}
Expand All @@ -95,7 +95,7 @@ resource policySetRoleAssignmentMonitoringContributor 'Microsoft.Authorization/r
name: guid(policyAssignmentManagementGroupId, 'loganalytics', 'Monitoring Contributor')
scope: managementGroup()
properties: {
roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','749f88d5-cbae-40b8-bcfc-e573ddc772fa')
roleDefinitionId: tenantResourceId('Microsoft.Authorization/roleDefinitions','749f88d5-cbae-40b8-bcfc-e573ddc772fa')
principalId: policySetAssignment.identity.principalId
principalType: 'ServicePrincipal'
}
Expand Down

0 comments on commit 8e9628d

Please sign in to comment.