Fixed the AKS policy deployment

tredell · tredell · commit c58ba48f5073 · 2023-02-11T15:09:56.000-08:00
diff --git a/policy/custom/definitions/policyset/AKS.bicep b/policy/custom/definitions/policyset/AKS.bicep
@@ -10,9 +10,6 @@
 targetScope = 'managementGroup'
 
 @description('Management Group scope for the policy definition.')
-param policyDefinitionManagementGroupId string
-
-var customPolicyDefinitionMgScope = tenantResourceId('Microsoft.Management/managementGroups', policyDefinitionManagementGroupId)
 
 resource aksPolicySet 'Microsoft.Authorization/policySetDefinitions@2020-03-01' = {
   name: 'custom-aks'
@@ -29,15 +26,15 @@ resource aksPolicySet 'Microsoft.Authorization/policySetDefinitions@2020-03-01'
         groupNames: [
           'AKS'
         ]
-        policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', 'a8eff44f-8c92-45c3-a3fb-9880802d67a7')
+        policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', 'a8eff44f-8c92-45c3-a3fb-9880802d67a7')
         policyDefinitionReferenceId: toLower(replace('Deploy Azure Policy Add-on to Azure Kubernetes Service clusters', ' ', '-'))
         parameters: {}
       }
       {
         groupNames: [
           'AKS'
         ]
-        policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e')
+        policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e')
         policyDefinitionReferenceId: toLower(replace('Kubernetes clusters should use internal load balancers', ' ', '-'))
         parameters: {}
       }
diff --git a/policy/custom/definitions/policyset/AKS.parameters.json b/policy/custom/definitions/policyset/AKS.parameters.json
@@ -2,8 +2,6 @@
     "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
     "contentVersion": "1.0.0.0",
     "parameters": {
-        "policyDefinitionManagementGroupId": {
-            "value": "{{var-topLevelManagementGroupName}}"
-        }
+
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -10,9 +10,6 @@`
`10`	`10`	`targetScope = 'managementGroup'`
`11`	`11`
`12`	`12`	`@description('Management Group scope for the policy definition.')`
`13`		`-param policyDefinitionManagementGroupId string`
`14`		`-`
`15`		`-var customPolicyDefinitionMgScope = tenantResourceId('Microsoft.Management/managementGroups', policyDefinitionManagementGroupId)`
`16`	`13`
`17`	`14`	`resource aksPolicySet 'Microsoft.Authorization/policySetDefinitions@2020-03-01' = {`
`18`	`15`	`name: 'custom-aks'`
`@@ -29,15 +26,15 @@ resource aksPolicySet 'Microsoft.Authorization/policySetDefinitions@2020-03-01'`
`29`	`26`	`groupNames: [`
`30`	`27`	`'AKS'`
`31`	`28`	`]`
`32`		`- policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', 'a8eff44f-8c92-45c3-a3fb-9880802d67a7')`
	`29`	`+ policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', 'a8eff44f-8c92-45c3-a3fb-9880802d67a7')`
`33`	`30`	`policyDefinitionReferenceId: toLower(replace('Deploy Azure Policy Add-on to Azure Kubernetes Service clusters', ' ', '-'))`
`34`	`31`	`parameters: {}`
`35`	`32`	`}`
`36`	`33`	`{`
`37`	`34`	`groupNames: [`
`38`	`35`	`'AKS'`
`39`	`36`	`]`
`40`		`- policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e')`
	`37`	`+ policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e')`
`41`	`38`	`policyDefinitionReferenceId: toLower(replace('Kubernetes clusters should use internal load balancers', ' ', '-'))`
`42`	`39`	`parameters: {}`
`43`	`40`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2,8 +2,6 @@`
`2`	`2`	`"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",`
`3`	`3`	`"contentVersion": "1.0.0.0",`
`4`	`4`	`"parameters": {`
`5`		`- "policyDefinitionManagementGroupId": {`
`6`		`- "value": "{{var-topLevelManagementGroupName}}"`
`7`		`- }`
	`5`	`+`
`8`	`6`	`}`
`9`	`7`	`}`