Home / server / Questions / 1061083
Accepted
JohnLBevan
Asked: 2021-04-22 04:09:43 +0800 CST

Azure policy definitions as code: avoiding duplicate parameter definitions

  • 772

I'm looking to create a number of Azure policies using infrastructure as code.

The MS Documentation advises a structure as below:

.
|
|- policies/  ________________________ # Root folder for policy resources
|  |- policy1/  ______________________ # Subfolder for a policy
|     |- policy.json _________________ # Policy definition
|     |- policy.parameters.json ______ # Policy definition of parameters
|     |- policy.rules.json ___________ # Policy rule
|     |- assign.<name1>.json _________ # Assignment 1 for this policy definition
|     |- assign.<name2>.json _________ # Assignment 2 for this policy definition
|  |- policy2/  ______________________ # Subfolder for a policy
|     |- policy.json _________________ # Policy definition
|     |- policy.parameters.json ______ # Policy definition of parameters
|     |- policy.rules.json ___________ # Policy rule
|     |- assign.<name1>.json _________ # Assignment 1 for this policy definition
|     |- assign.<name2>.json _________ # Assignment 2 for this policy definition
|

This makes sense, but all examples of policy definitions I've seen include the parameter definitions; so I don't see the value in having the separate policy.parameters.json file if it's just duplicating information.

Question

Is there a way to avoid this duplication; e.g. by having the policy.json file refer to the policy.parameters.json file instead of copying its content, or is there some value added by having this duplication?

(The same scenario occurs for the rules file; I assume the answer for that section would be the same...)

Example of this duplication

From the Azure Community Policies repo:

Policy File includes these lines:

"parameters": {
  "tagName": {
    "type": "String",
    "defaultValue": "DateCreated",
    "metadata": {
      "displayName": "Tag Name",
      "description": "Name of the tag, such as 'Date'"
    }
  }
}

Parameters file exactly duplicates the content found under the above parameters section above (well almost; in this case the description differs slightly, but that feels like a mistake rather than a justification):

{
  "tagName": {
    "type": "String",
    "defaultValue": "DateCreated",
    "metadata": {
      "displayName": "Tag Name",
      "description": "Name of the tag, such as 'DateCreated'"
    }
  }
}
azure json azure-policies

1 Answers

  1. Best Answer

    Answer from the MS Docs team:

    The structure is partially to help with some of the SDK functions that take those components as a standalone file. For example, in Azure CLI the command for creating a policy assignment, az policy assignment create, uses a params (or p) parameter that expects a JSON string or path of just the parameter node. While you could add extra steps in your pipeline to shard the "core" file that has this information, the team felt it was a cleaner path to have each file used as part of the source.

    • 0