What's the proper syntax for policy when using deploy.ps1

[sbugalski]

Hi, I am trying to use deploy-policyDef.ps1 using .\deploy.ps1 -managementGroupName "$mgtGroup" -definitionFile "$file"

I do receive following error:

New-AzPolicyDefinition : Cannot validate argument on parameter 'Name'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
At azurepolicydeploy-policyDef.ps1:70 char:44
+     $deployResult = New-AzPolicyDefinition @deployParams
    + CategoryInfo          : InvalidData: (:) [New-AzPolicyDefinition], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzurePolicyDefinitionCmdlet

My policy definition looks like this:

{
    "properties": {
        "name": "xxx",
        "displayName": "xxx",
        "mode": "Indexed",
        "description": "xxx",
        "metadata": {
            "category": "General"
        },
        "parameters": {
            "regions": {
                "type": "Array",
                "metadata": {
                    "description": "The list of locations that can be specified when deploying resources.",
                    "strongType": "location",
                    "displayName": "Allowed locations"
                },
                "defaultValue": ["westeurope", "northeurope"]
            },
            "effect": {
                "type": "String",
                "metadata": {
                    "displayName": "Effect",
                    "description": "Enable or disable the execution of the policy"
                },
                "allowedValues": [
                    "Audit",
                    "Deny"
                ],
                "defaultValue": "Audit"
            }
        },
        "policyRule": {
            "if": {
                "allOf": [
                    {
                        "field": "location",
                        "notIn": "[parameters('regions')]"
                    },
                    {
                        "field": "location",
                        "notEquals": "global"
                    },
                    {
                        "field": "type",
                        "notEquals": "Microsoft.AzureActiveDirectory/b2cDirectories"
                    }
                ]
            },
            "then": {
                "effect": "[parameters('effect')]"
            }
        }
    }
} 

[tyconsulting]

Hi, I am trying to use deploy-policyDef.ps1 using .\deploy.ps1 -managementGroupName "$mgtGroup" -definitionFile "$file"

I do receive following error:

New-AzPolicyDefinition : Cannot validate argument on parameter 'Name'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
At azurepolicydeploy-policyDef.ps1:70 char:44
+     $deployResult = New-AzPolicyDefinition @deployParams
    + CategoryInfo          : InvalidData: (:) [New-AzPolicyDefinition], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzurePolicyDefinitionCmdlet

My policy definition looks like this:

{
  "properties": {
      "name": "xxx",
      "displayName": "xxx",
      "mode": "Indexed",
      "description": "xxx",
      "metadata": {
          "category": "General"
      },
      "parameters": {
          "regions": {
              "type": "Array",
              "metadata": {
                  "description": "The list of locations that can be specified when deploying resources.",
                  "strongType": "location",
                  "displayName": "Allowed locations"
              },
              "defaultValue": ["westeurope", "northeurope"]
          },
          "effect": {
              "type": "String",
              "metadata": {
                  "displayName": "Effect",
                  "description": "Enable or disable the execution of the policy"
              },
              "allowedValues": [
                  "Audit",
                  "Deny"
              ],
              "defaultValue": "Audit"
          }
      },
      "policyRule": {
          "if": {
              "allOf": [
                  {
                      "field": "location",
                      "notIn": "[parameters('regions')]"
                  },
                  {
                      "field": "location",
                      "notEquals": "global"
                  },
                  {
                      "field": "type",
                      "notEquals": "Microsoft.AzureActiveDirectory/b2cDirectories"
                  }
              ]
          },
          "then": {
              "effect": "[parameters('effect')]"
          }
      }
  }
} 

you need to provide a JSON file looks like any of the azurepolicy.json in this repo. not the actual azurepolicy.rule.json. please refer to my blog post for more details: https://blog.tyang.org/2019/05/19/deploying-azure-policy-definitions-via-azure-devops-part-1/