Batch Deployment of Policies not working

[mattjames1978]

Hi Vishal, I hope you are well. I don't know if you are still monitoring this repository or have any newer versions of the scripts that you can share but I have been trying to use them for a project but ran into the following issues that I wanted to share.

Firstly the first script, batchcreatepolicies.ps1 using my pipeline works fine and I was able to successfully deploy the definitions in your sample repository. However I ran into issues trying to use the policies exported to Json and stored in the task variable to then assign them at the management group level. I have also tried saving the policyDefinitions variable to CSV and text file to no avail.

The problem seems to be in the way the contents of the policy definition class is stored in the json or CSV.

I even tried including the type so that is isn't seen as a CustomPSObject but type Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.PolicyDefinition

However the new assignment command cannot work with the way it is imported.

See my attached screenshots.

I hope you can help with this which has been causing me endless amounts of pain. As a work around I have combined the scripts into one so I can just use $PolicyDefinitions in the second commands rather than worrying about sharing the environment variable between tasks and converting to and from Json. This works fine as $PolicyDefinitions that gets created with the policies function works ok.

Error | Cannot bind parameter 'PolicyDefinition'. Cannot convert the "@{Name=AllowedLocationsForRG; | ResourceId=/providers/Microsoft.Management/managementGroups/management/providers/Microsoft.Authorization/policyDefinitions/AllowedLocationsForRG; | ResourceName=AllowedLocationsForRG; ResourceType=Microsoft.Authorization/policyDefinitions; SubscriptionId=; | Properties=Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.Policy.PsPolicyDefinitionProperties; | PolicyDefinitionId=/providers/Microsoft.Management/managementGroups/management/providers/Microsoft.Authorization/policyDefinitions/AllowedLocationsForRG}" value | of type "Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.Policy.PsPolicyDefinition" to type | "Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.Policy.PsPolicyDefinition".

$policyimportcsv | Get-Member

TypeName: Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.Policy.PsPolicyDefinition

Name MemberType Definition

---

Equals Method bool Equals(System.Object obj) GetHashCode Method int GetHashCode() GetType Method type GetType() ToString Method string ToString() Name NoteProperty string Name=AllowedLocationsForRG PolicyDefinitionId NoteProperty string PolicyDefinitionId=/providers/Microsoft.Management/managementGroups/management/providers/Microsoft.Authorization/policyDefinitions/Allowed… Properties NoteProperty string Properties=Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.Policy.PsPolicyDefinitionProperties ResourceId NoteProperty string ResourceId=/providers/Microsoft.Management/managementGroups/management/providers/Microsoft.Authorization/policyDefinitions/AllowedLocation… ResourceName NoteProperty string ResourceName=AllowedLocationsForRG ResourceType NoteProperty string ResourceType=Microsoft.Authorization/policyDefinitions SubscriptionId NoteProperty string SubscriptionId=

$policydefinitions | Get-Member

TypeName: Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.Policy.PsPolicyDefinition

Name MemberType Definition

---

Equals Method bool Equals(System.Object obj) GetHashCode Method int GetHashCode() GetType Method type GetType() ToString Method string ToString() Name Property string Name {get;set;} PolicyDefinitionId Property string PolicyDefinitionId {get;set;} Properties Property Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.Policy.PsPolicyDefinitionProperties Properties {get;set;} ResourceId Property string ResourceId {get;set;} ResourceName Property string ResourceName {get;set;} ResourceType Property string ResourceType {get;set;} SubscriptionId Property string SubscriptionId {get;set;}

[mattjames1978]

[mattjames1978]

[mattjames1978]

The other odd thing I noticed with the Convert From Json was the properties get added as @{Description=; etc

[mattjames1978]

Oh and line 9 in your script doesn't make sense as variable $selectedObj doesn't get populated anywhere? write-Host Creating assignment for: $selectedObj

[mattjames1978]