Merge pull request #1435 from anosov1960/PAYG-transition

Payg transition

Author: anosov1960

samples/manage/azure-arc-enabled-sql-server/compliance/README.md

@@ -0,0 +1,130 @@
+# Paygo-SQLArc (Windows only)
+
+This Azure Policy ensures that all SQL Arc servers using `LicenseType = Paid` are marked as non-compliant. Servers with `LicenseType = LicenseOnly` are treated as compliant. The remediation task sets `LicenseType = PAYG`.
+
+Use Azure CLI or PowerShell to create the policy definition:
+
+## Artifacts
+
+- **policy.json**: Main policy definition referencing external parameter and rule files.
+- **params.json**: Defines policy parameters.
+- **rules.json**: Contains the policy rule logic.
+
+## Copy policy artifacts to your environment
+
+```PowerShell
+
+curl https://raw.githubusercontent.com/microsoft/sql-server-samples/refs/heads/master/samples/manage/azure-arc-enabled-sql-server/compliance/arc-sql-payg-compliance/params.json -o params.json
+curl https://raw.githubusercontent.com/microsoft/sql-server-samples/refs/heads/master/samples/manage/azure-arc-enabled-sql-server/compliance/arc-sql-payg-compliance/rules.json -o rules.json
+
+```
+
+## Create policy
+
+Use the following command to create policy
+
+```PowerShell
+
+$SubId    = "<your-subscription-id>"
+$PolicyName = "Paygo-SQLArc"
+
+az policy definition create `
+  --name $PolicyName `
+  --display-name $PolicyName `
+  --description "This Azure Policy ensures that all SQL Arc servers using LicenseType = Paid are marked as non-compliant. Servers with LicenseType = LicenseOnly are treated as compliant. The remediation task sets LicenseType = PAYG." `
+  --rules "@rules.json" `
+  --params "@params.json" `
+  --mode Indexed `
+  --subscription $SubId `
+  --only-show-errors | Out-Null
+```
+
+## Assign policy
+
+Use the following command to assign policy
+
+```PowerShell
+
+$SubId    = "<your-subscription-id>"
+$RgName   = "<your-resource-group>"    # optional; set to "" to target subscription scope
+$Location = "<your-azure-region>"      # e.g., eastus, westus2
+
+if ([string]::IsNullOrWhiteSpace($RgName)) {
+  $Scope = "/subscriptions/$SubId"
+} else {
+  $Scope = "/subscriptions/$SubId/resourceGroups/$RgName"
+}
+
+az account set --subscription $SubId
+
+az policy assignment create `
+  --name "Paygo-SQLArc-Assign" `
+  --policy "Paygo-SQLArc" `
+  --scope "$Scope" `
+  --params '{ "effect": { "value": "DeployIfNotExists" } }' `
+  --mi-system-assigned `
+  --role "Contributor" `
+  --identity-scope "$Scope" `
+  --location "$Location" `
+  --only-show-errors | Out-Null
+```
+
+## Create remediation task
+
+Use the following command to create a remediation task
+
+```PowerShell
+
+$RemediationName = "Remediate-Paygo-SQLArc"
+$PolicyAssignmentName = "Paygo-SQLArc-Assign"
+$SubId    = "<your-subscription-id>"
+$RgName   = "<your-resource-group>"
+
+az account set --subscription $SubId
+
+if ([string]::IsNullOrWhiteSpace($RgName)) {
+  az policy remediation create `
+    --name $RemediationName `
+    --policy-assignment $PolicyAssignmentName `
+    --resource-discovery-mode ReEvaluateCompliance `
+    --only-show-errors | Out-Null
+  } else {
+  az policy remediation create `
+    --name $RemediationName `
+    --policy-assignment $PolicyAssignmentName `
+    --resource-group "$RgName" `
+    --resource-discovery-mode ReEvaluateCompliance `
+    --only-show-errors | Out-Null
+}
+```
+
+## Remove remediation task
+
+```PowerShell
+
+$RemediationName = "Remediate-Paygo-SQLArc"
+$RgName = "<your-resource-group>"
+$SubId = "<your-subscription-id>"
+
+if ([string]::IsNullOrWhiteSpace($RgName)) {
+    az policy remediation cancel `
+      --name $RemediationName `
+      --subscription $SubId `
+      --only-show-errors | Out-Null
+    az policy remediation delete `
+      --name $RemediationName `
+      --subscription $SubId `
+      --only-show-errors | Out-Null
+} else {
+    az policy remediation cancel `
+      --name $RemediationName `
+      --resource-group $RgName `
+      --subscription $SubId `
+      --only-show-errors | Out-Null
+    az policy remediation delete `
+      --name $RemediationName `
+      --resource-group $RgName `
+      --subscription $SubId `
+      --only-show-errors | Out-Null
+}
+```

samples/manage/azure-arc-enabled-sql-server/compliance/arc-sql-payg-compliance/README.md

@@ -10,60 +10,121 @@ Use Azure CLI or PowerShell to create the policy definition:
 - **params.json**: Defines policy parameters.
 - **rules.json**: Contains the policy rule logic.
 
+## Copy policy artifacts to your environment
+
+```PowerShell
+
+curl https://raw.githubusercontent.com/microsoft/sql-server-samples/refs/heads/master/samples/manage/azure-hybrid-benefit/compliance/azure-sql-payg-compliance/sql-mi-payg-compliance/params.json -o params.json
+curl https://raw.githubusercontent.com/microsoft/sql-server-samples/refs/heads/master/samples/manage/azure-hybrid-benefit/compliance/azure-sql-payg-compliance/sql-mi-payg-compliance/rules.json -o rules.json
+
+```
+
 ## Create policy
+
 Use the following command to create policy
 
-```bash
+```PowerShell
 
-#!/bin/bash
+$SubId    = "<your-subscription-id>"
+$PolicyName = "Paygo-SQLMI"
 
-az policy definition create \
-  --name "Paygo-SQLArc" \
-  --display-name "Paygo-SQLMI" \
-  --description "This Azure Policy ensures that all SQL Managed Instance resources using LicenseType = BasePrice are marked as non-compliant. The remediation task sets LicenseType = LicenseIncluded." \
-  --rules @rules.json \
-  --params @params.json \
-  --mode Indexed \
-  --subscription "<your-subscription-id>"\
+az policy definition create `
+  --name $PolicyName `
+  --display-name $PolicyName `
+  --description "This Azure Policy ensures that all SQL Managed Instance resources using LicenseType = BasePrice are marked as non-compliant. The remediation task sets LicenseType = LicenseIncluded" `
+  --rules "@rules.json" `
+  --params "@params.json" `
+  --mode Indexed `
+  --subscription $SubId `
+  --only-show-errors | Out-Null
 ```
 
 ## Assign policy
 
 Use the following command to assign policy
 
-```bash
-#!/bin/bash
-
-# Set variables
-SUB_ID="<your-subscription-id>"
-RG_NAME="<your-resoure-group>" # optional
-SCOPE="/subscriptions/$SUB_ID/resourceGroups/$RG_NAME"
-LOCATION="<your-azure-region>"
-
-# Create policy assignment
-az policy assignment create \
-  --name "Paygo-SQLMI-Assign" \
-  --policy "Paygo-SQLArc" \
-  --scope "$SCOPE" \
-  --params '{ "effect": { "value": "DeployIfNotExists" } }' \
-  --mi-system-assigned \
-  --role "Contributor" \
-  --identity-scope "$SCOPE" \
-  --location "$LOCATION"
+```PowerShell
+
+$SubId    = "<your-subscription-id>"
+$RgName   = "<your-resource-group>"    # optional; set to "" to target subscription scope
+$Location = "<your-azure-region>"      # e.g., eastus, westus2
+
+if ([string]::IsNullOrWhiteSpace($RgName)) {
+  $Scope = "/subscriptions/$SubId"
+} else {
+  $Scope = "/subscriptions/$SubId/resourceGroups/$RgName"
+}
+
+az account set --subscription $SubId
+
+az policy assignment create `
+  --name "Paygo-SQLMI-Assign" `
+  --policy "Paygo-SQLMI" `
+  --scope "$Scope" `
+  --params '{ "effect": { "value": "DeployIfNotExists" } }' `
+  --mi-system-assigned `
+  --role "Contributor" `
+  --identity-scope "$Scope" `
+  --location "$Location" `
+  --only-show-errors | Out-Null
 ```
 
 ## Create remediation task
 
-Us the following command to create a remediation task
-
-```bash
-#!/bin/bash
-
-RG_NAME="<your-resoure-group>"
-
-az policy remediation create \
-  --name "Remediate-Paygo-SQLMI" \
-  --policy-assignment "Paygo-SQLMI-Assign" \
-  --resource-group "$RG_NAME" \
-  --resource-discovery-mode ReEvaluateCompliance
+Use the following command to create a remediation task
+
+```PowerShell
+
+$RemediationName = "Remediate-Paygo-SQLMI"
+$PolicyAssignmentName = "Paygo-SQLMI-Assign"
+$SubId    = "<your-subscription-id>"
+$RgName   = "<your-resource-group>"
+
+az account set --subscription $SubId
+
+if ([string]::IsNullOrWhiteSpace($RgName)) {
+  az policy remediation create `
+    --name $RemediationName `
+    --policy-assignment $PolicyAssignmentName `
+    --resource-discovery-mode ReEvaluateCompliance `
+    --only-show-errors | Out-Null
+  } else {
+  az policy remediation create `
+    --name $RemediationName `
+    --policy-assignment $PolicyAssignmentName `
+    --resource-group "$RgName" `
+    --resource-discovery-mode ReEvaluateCompliance `
+    --only-show-errors | Out-Null
+}
 ```
+
+## Remove remediation task
+
+```PowerShell
+
+$RemediationName = "Remediate-Paygo-SQLMI"
+$RgName = "<your-resource-group>"
+$SubId = "<your-subscription-id>"
+
+if ([string]::IsNullOrWhiteSpace($RgName)) {
+    az policy remediation cancel `
+      --name $RemediationName `
+      --subscription $SubId `
+      --only-show-errors | Out-Null
+    az policy remediation delete `
+      --name $RemediationName `
+      --subscription $SubId `
+      --only-show-errors | Out-Null
+} else {
+    az policy remediation cancel `
+      --name $RemediationName `
+      --resource-group $RgName `
+      --subscription $SubId `
+      --only-show-errors | Out-Null
+    az policy remediation delete `
+      --name $RemediationName `
+      --resource-group $RgName `
+      --subscription $SubId `
+      --only-show-errors | Out-Null
+}
+```

samples/manage/azure-hybrid-benefit/compliance/azure-sql-payg-compliance/sql-mi-payg-compliance/README.md

@@ -1,16 +1,14 @@
 {
-  "parameters": {
-    "effect": {
-      "type": "String",
-      "metadata": {
-        "displayName": "Effect",
-        "description": "Use DeployIfNotExists to remediate; use Disabled to turn off."
-      },
-      "allowedValues": [
-        "DeployIfNotExists",
-        "Disabled"
-      ],
-      "defaultValue": "DeployIfNotExists"
-    }
+  "effect": {
+    "type": "String",
+    "metadata": {
+      "displayName": "Effect",
+      "description": "Enable or disable the execution of the policy."
+    },
+    "allowedValues": [
+      "DeployIfNotExists",
+      "Disabled"
+    ],
+    "defaultValue": "DeployIfNotExists"
   }
 }