Improve usability of Arc SQL license type policy sample#1476
Merged
anosov1960 merged 7 commits intomicrosoft:masterfrom Apr 8, 2026
Merged
Improve usability of Arc SQL license type policy sample#1476anosov1960 merged 7 commits intomicrosoft:masterfrom
anosov1960 merged 7 commits intomicrosoft:masterfrom
Conversation
Remove the full-repo git clone instruction and replace it with targeted curl commands that download only the three required files (policy/azurepolicy.json, scripts/deployment.ps1, scripts/start-remediation.ps1). This avoids cloning the entire sql-server-samples repository, reducing setup time and bandwidth for users who only need the Arc SQL license type policy. Changes: - Add optional mkdir/cd step for a clean local working directory - Add curl commands to fetch individual files into the expected policy/ and scripts/ folder structure - Add note about curl alias on Windows PowerShell 5.1 - Remove git clone and deep cd instructions No script changes required: deployment.ps1 resolves the policy JSON via Join-Path relative to PSScriptRoot, which is preserved by the new folder layout.
Change ManagementGroupId from required to optional in both deployment.ps1 and start-remediation.ps1. When not specified, the scripts resolve the tenant root management group ID automatically via (Get-AzContext).Tenant.Id. Changes: - deployment.ps1: ManagementGroupId parameter now Mandatory=false; auto-resolves to tenant root group with informational output - start-remediation.ps1: same parameter change and auto-resolve - README.md: updated both parameter tables (Required=No, default shown as 'Tenant root group'); simplified examples to omit ManagementGroupId where the default suffices; added explicit management group examples for users who need a custom scope
Remove hardcoded license type references from policy displayName and description. The actual target license type is controlled by parameters at assignment time, so the definition metadata should not imply a specific value. Changes: - azurepolicy.json: displayName and description now use generic 'Configure Arc-enabled SQL Server license type' wording - deployment.ps1: collapsed the PAYG/SA conditional display name logic into a single generic label per platform
Include the selected target license type in the policy definition and assignment display names for clarity in the Azure Portal. Format: Configure Arc-enabled SQL Server (<platform>) license type to '<label>' Examples: - Configure Arc-enabled SQL Server (All platforms) license type to 'Pay-as-you-go' - Configure Arc-enabled SQL Server (Linux) license type to 'License With Software Assurance' The azurepolicy.json description remains generic since the display name is overridden by the script at definition creation time.
Restructure both Deploy Policy and Start Remediation usage instructions to guide users through setting variables before running scripts. Clearly separates required vs optional parameters with inline comments, shows progressively detailed invocations (minimal, with subscription, with all options), and streamlines scenario examples with descriptive comments.
Sync changes from claestom/sql-arc-policy-license-config into the sql-server-samples fork. azurepolicy.json: - Add ConsentToRecurringPAYG compliance checks in existenceCondition: when target is PAYG, resources must also have the consent property to be considered compliant (handles both new transitions and backward compatibility for pre-consent PAYG extensions) - Add ConsentToRecurringPAYG to the deployment template: when target is PAYG, the remediation sets Consented=true with a UTC timestamp; non-PAYG targets use the base LicenseType-only settings - Add consentTimestamp template parameter (auto-generated via utcNow) deployment.ps1: - Add retry loop (5 attempts, 10s delay) for managed identity role assignments to handle replication delays after policy assignment creation; also handles Conflict responses gracefully README.md: - Add Recurring Billing Consent (PAYG) section documenting the consent behavior, compliance evaluation, and immutability note
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Improve usability and add ConsentToRecurringPAYG support for Arc SQL license type policy
Follow-up improvements to the Arc-enabled SQL Server license type policy sample introduced in #1475. These changes reduce friction for users deploying the policy and add recurring billing consent support for PAYG transitions.
Changes
1. Replace
git clonewithcurldownloadsUsers no longer need to clone the entire
sql-server-samplesrepository. The README now providescurlcommands that download only the three required files (policy/azurepolicy.json,scripts/deployment.ps1,scripts/start-remediation.ps1) into the expected folder structure.An optional
mkdir sql-arc-lt-compliance/cdstep is included for users who want a clean working directory.2. Make
ManagementGroupIdoptional (default: tenant root management group)Both
deployment.ps1andstart-remediation.ps1now defaultManagementGroupIdto the tenant root management group via(Get-AzContext).Tenant.Idwhen not specified. Users can still pass an explicit value to target a different scope.3. Dynamic policy display names
The policy definition and assignment display names now include the selected target license type and platform, e.g. "Configure Arc-enabled SQL Server (All platforms) license type to 'Pay-as-you-go'". The
azurepolicy.jsondescription remains generic since the display name is overridden by the script at definition creation time.4. Improved README usage instructions
Both the Deploy Policy and Start Remediation sections now guide users through setting variables before running scripts. Required vs optional parameters are clearly separated with inline comments, and progressively detailed invocations are shown (minimal, with subscription, with all options).
5. ConsentToRecurringPAYG support
When
TargetLicenseTypeisPAYG, the policy now:ConsentToRecurringPAYGwithConsented: trueand a UTC timestamp (required for recurring PAYG billing per Microsoft documentation)6. Retry logic for managed identity role assignments
deployment.ps1now retries role assignments (5 attempts, 10s delay) to handle managed identity replication delays after policy assignment creation.Conflictresponses are handled gracefully.7. README cleanup
Renamed "What Is In This Repo" to "What Is In This Folder" and removed the Screenshots section.
Files changed
samples/manage/azure-arc-enabled-sql-server/compliance/arc-sql-license-type-compliance/README.mdsamples/manage/azure-arc-enabled-sql-server/compliance/arc-sql-license-type-compliance/policy/azurepolicy.jsonsamples/manage/azure-arc-enabled-sql-server/compliance/arc-sql-license-type-compliance/scripts/deployment.ps1samples/manage/azure-arc-enabled-sql-server/compliance/arc-sql-license-type-compliance/scripts/start-remediation.ps1