From b74f56c9defce9de837d0fa69822dffe49191cab Mon Sep 17 00:00:00 2001
From: ntaheij <noah@taheij.nl>
Date: Fri, 26 May 2023 13:31:46 +0200
Subject: [PATCH 1/2] No Existing Tag Deletion

---
 modules/resources/tags/README.md              |  2 +-
 modules/resources/tags/main.bicep             |  2 +-
 .../helper/Invoke-ResourceRemoval.ps1         | 24 +++++++++++++++++++
 3 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/modules/resources/tags/README.md b/modules/resources/tags/README.md
index 455994718d..c4a1da0eac 100644
--- a/modules/resources/tags/README.md
+++ b/modules/resources/tags/README.md
@@ -24,7 +24,7 @@ This module deploys Resources Tags on a subscription or resource group scope.
 | :-- | :-- | :-- | :-- |
 | `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
 | `location` | string | `[deployment().location]` | Location deployment metadata. |
-| `onlyUpdate` | bool | `False` | Instead of overwriting the existing tags, combine them with the new tags. |
+| `onlyUpdate` | bool | `True` | Instead of overwriting the existing tags, combine them with the new tags. |
 | `resourceGroupName` | string | `''` | Name of the Resource Group to assign the tags to. If no Resource Group name is provided, and Subscription ID is provided, the module deploys at subscription level, therefore assigns the provided tags to the subscription. |
 | `subscriptionId` | string | `[subscription().id]` | Subscription ID of the subscription to assign the tags to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided tags to the subscription. |
 | `tags` | object | `{object}` | Tags for the resource group. If not provided, removes existing tags. |
diff --git a/modules/resources/tags/main.bicep b/modules/resources/tags/main.bicep
index d9f936d741..b704ac6971 100644
--- a/modules/resources/tags/main.bicep
+++ b/modules/resources/tags/main.bicep
@@ -4,7 +4,7 @@ targetScope = 'subscription'
 param tags object = {}
 
 @description('Optional. Instead of overwriting the existing tags, combine them with the new tags.')
-param onlyUpdate bool = false
+param onlyUpdate bool = true
 
 @description('Optional. Name of the Resource Group to assign the tags to. If no Resource Group name is provided, and Subscription ID is provided, the module deploys at subscription level, therefore assigns the provided tags to the subscription.')
 param resourceGroupName string = ''
diff --git a/utilities/pipelines/resourceRemoval/helper/Invoke-ResourceRemoval.ps1 b/utilities/pipelines/resourceRemoval/helper/Invoke-ResourceRemoval.ps1
index 1840663af6..77b5182e9b 100644
--- a/utilities/pipelines/resourceRemoval/helper/Invoke-ResourceRemoval.ps1
+++ b/utilities/pipelines/resourceRemoval/helper/Invoke-ResourceRemoval.ps1
@@ -150,7 +150,31 @@ function Invoke-ResourceRemoval {
             }
             break
         }
+        'Microsoft.Resources/tags' {
+            # Get current tags on the subscription
+            $subscriptionId = $resourceId.Split('/')[2]
+            $currentTags = $(Get-AzTag -ResourceId /subscriptions/$subscriptionId).Properties
+
+            # Get the tags to remove
+            $tagsToRemove = @('Test', 'TestToo')
+            $tagsToKeep = @{}
+
+            #Loop over each key and add it to the new tags if it is not in the list of tags to remove
+            $currentTags.TagsProperty.Keys | ForEach-Object {
+                $key = $_
+                if ($tagsToRemove -notcontains $key) {
+                    $value = $currentTags.TagsProperty.$key
+                    $tagsToKeep.Add($key, $value)
+                }
+            }
+
+            $null = Remove-AzTag -ResourceId /subscriptions/$subscriptionId
 
+            if ($tagsToKeep.count -ne 0) {
+                $null = Update-AzTag -ResourceId /subscriptions/$subscriptionId -Tag $tagsToKeep -Operation Replace
+            }
+            break
+        }
         ### CODE LOCATION: Add custom removal action here
         Default {
             $null = Remove-AzResource -ResourceId $resourceId -Force -ErrorAction 'Stop'

From d9b12b4c89508cd091cdf5f8a60dac46ba35b30d Mon Sep 17 00:00:00 2001
From: ntaheij <noah@taheij.nl>
Date: Fri, 26 May 2023 13:52:12 +0200
Subject: [PATCH 2/2] Fixed format

---
 .../pipelines/resourceRemoval/helper/Invoke-ResourceRemoval.ps1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utilities/pipelines/resourceRemoval/helper/Invoke-ResourceRemoval.ps1 b/utilities/pipelines/resourceRemoval/helper/Invoke-ResourceRemoval.ps1
index 77b5182e9b..e90c66381c 100644
--- a/utilities/pipelines/resourceRemoval/helper/Invoke-ResourceRemoval.ps1
+++ b/utilities/pipelines/resourceRemoval/helper/Invoke-ResourceRemoval.ps1
@@ -159,7 +159,7 @@ function Invoke-ResourceRemoval {
             $tagsToRemove = @('Test', 'TestToo')
             $tagsToKeep = @{}
 
-            #Loop over each key and add it to the new tags if it is not in the list of tags to remove
+            # Loop over each key and add it to the new tags if it is not in the list of tags to remove
             $currentTags.TagsProperty.Keys | ForEach-Object {
                 $key = $_
                 if ($tagsToRemove -notcontains $key) {