Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Import existing Azure Policy resources as Pulumi policies #285

Open
praneetloke opened this issue Sep 16, 2022 · 1 comment
Open

Import existing Azure Policy resources as Pulumi policies #285

praneetloke opened this issue Sep 16, 2022 · 1 comment
Labels
feature/pac Impacts the Policy as Code offering kind/enhancement Improvements or new features

Comments

@praneetloke
Copy link

praneetloke commented Sep 16, 2022
edited
Loading

Hello!

  • Vote on this issue by adding a 👍 reaction
  • If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

I have policies created using Azure Policy. I'd like to convert them to Pulumi policies by importing them.

Expand to see an example of a policy definition 
{
  "properties": {
    "displayName": "Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Ensure that an email address is provided for the 'Send scan reports to' field in the Vulnerability Assessment settings. This email address receives scan result summary after a periodic scan runs on SQL servers.",
    "metadata": {
      "version": "2.0.0",
      "category": "SQL"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Sql/servers"
      },
      "then": {
        "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Sql/servers/vulnerabilityAssessments",
          "name": "default",
          "existenceCondition": {
            "allOf": [
              {
                "field": "Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]",
                "notEquals": ""
              },
              {
                "count": {
                  "field": "Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]"
                },
                "notEquals": 0
              }
            ]
          }
        }
      }
    }
  },
  ...
}

Affected area/feature
@praneetloke praneetloke added kind/enhancement Improvements or new features needs-triage Needs attention from the triage team labels Sep 16, 2022
@justinvp justinvp added feature/pac Impacts the Policy as Code offering and removed needs-triage Needs attention from the triage team labels Sep 19, 2022
@KamilLach
Copy link

That would be really cool to reuse existing policy definitions and import them as cross guards.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature/pac Impacts the Policy as Code offering kind/enhancement Improvements or new features
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@justinvp @praneetloke @KamilLach