-
Notifications
You must be signed in to change notification settings - Fork 1
/
naming-convention-generic.bicep
53 lines (49 loc) · 1.17 KB
/
naming-convention-generic.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
targetScope = 'subscription'
param pattern string
param policyName string
param assignmentName string
param type string
@allowed([
'Deny'
'Audit'
'Disabled'
])
@description('The effect determines what happens when the policy rule is evaluated to match')
param effect string = 'Deny'
@allowed([
'Default'
'DoNotEnforce'
])
@description('When enforcement mode is disabled, the policy effect isn\'t enforced (i.e. deny policy won\'t deny resources). Compliance assessment results are still available.')
param enforcementMode string = 'Default'
resource genericPolicy 'Microsoft.Authorization/policyDefinitions@2020-03-01' = {
name: policyName
properties: {
policyType: 'Custom'
mode: 'All'
policyRule: {
if: {
allOf: [
{
field: 'type'
equals: type
}
{
field: 'name'
notLike: pattern
}
]
}
then: {
effect: effect
}
}
}
}
resource genericAssignment 'Microsoft.Authorization/policyAssignments@2020-03-01' = {
name: assignmentName
properties: {
policyDefinitionId: genericPolicy.id
enforcementMode: enforcementMode
}
}