Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to create an artifact with an initiative using json? #18

Closed
jpendyala opened this issue Dec 11, 2019 · 5 comments
Closed

How to create an artifact with an initiative using json? #18

jpendyala opened this issue Dec 11, 2019 · 5 comments

Comments

@jpendyala
Copy link

jpendyala commented Dec 11, 2019
edited
Loading

I'm working on Automation of blueprints and as part of that I would like to create the artifacts using the json files as shown in https://github.com/Azure/azure-blueprints. I was able to create a policy and add it to the blueprint but I'm unable to add an initiative with parameters?

{
    "kind": "policyAssignment",
    "properties": {
        "displayName": "nist-blueprint-template-bp-Audit NIST SP 800-53 R4 controls",
        "description": "This initiative includes audit and VM Extension deployment policies that address a subset of NIST SP 800-53 R4 controls.",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f",
        "parameters": {
            "logAnalyticsWorkspaceId": {
                "value": "[parameters('logAnalyticsWorkspaceId')]"
            },
            "listOfResourceTypes": {
                "metadata": {
                    "displayName": "Resource Types",
                    "strongType": "resourceTypes"
                  },
                "value": "[parameters('listOfResourceTypes')]"
            },
            "MembersToExclude": {
                "value": "[parameters('MembersToExclude')]"
            },
            "MembersToInclude": {
                "value": "[parameters('MembersToInclude')]"
            }
        }
    }
}

Is this a proper way to create initiative as an artifact?

And I get the below error when trying to create the blueprint using the REST API:
{'error': {'code': 'InvalidArtifact', 'message': "This artifact is invalid. Error: 'Parameter 'logAnalyticsWorkspaceId' does not exist in the policy definition specified by blueprint artifact '_Audit-NIST-SP-800-53-R4-controls'.'"}}
@jpendyala jpendyala changed the title How to create an artifact with an initiative using json How to create an artifact with an initiative using json? Dec 11, 2019
@alex-frankel
Copy link
Contributor

The error you are getting is saying the policy initiative does not have a parameter called logAnalyticsWorkspaceId. I looked at the initiative and it looks like that parameter is called logAnalyticsWorkspaceIdforVMReporting

Can you try that instead and see if it works?

@alex-frankel
Copy link
Contributor

Here is a gist with the full policy-initiative json for reference:
https://gist.github.com/alex-frankel/7c2aa7324ef82720ff8975014bbf7df4

@jpendyala
Copy link
Author

sure @alex-frankel , thanks for the quick reply. Let me try and get back to you!

@jpendyala
Copy link
Author

jpendyala commented Dec 12, 2019
edited
Loading

It worked.
The gist you provided is very helpful. How to find more for other initiatives? and how to find the correct parameter for others?

@alex-frankel
Copy link
Contributor

You can get the actual JSON of any built-in (or custom) initiative definition by doing the following:
az policy set-definition show -n "cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f" > policy-set.json

somewhat confusingly an initiative in the portal is called a policy-set in our backend.

Glad you were able to get this working.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alex-frankel @jpendyala