fix(platform/alz): defaults (#60)

* fix(platform/alz): consolidate to a single change tracking DCR Fixes #59 * fix(platform/alz): add missing ama MDFC SQL data collection rule id Fixes Default for Defender SQL DCR rule is missing #58 * fix(platform/alz): add missing defaults for vm insights and pass uami id to vm and vmss monitoring fixes Defaults for VM Monitoring policy assignments are missing #57 * docs(platform/alz): generate docs * docs: doc * docs: doc * docs(platform/alz): use ordered deefaults * doc: use fixed alzlibtool
Azure · Oct 3, 2024 · 6b00755 · 6b00755
1 parent 35f5d01
commit 6b00755
Show file tree

Hide file tree

Showing 3 changed files with 103 additions and 25 deletions.
diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml
@@ -57,7 +57,7 @@ jobs:
           go-version: 'stable'
 
       - name: Install alzlibtool
-        run: go install github.com/Azure/alzlib/cmd/alzlibtool@v0.20.0
+        run: go install github.com/Azure/alzlib/cmd/alzlibtool@v0.21.3
 
       - name: Azure login
         uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1

diff --git a/platform/alz/README.md b/platform/alz/README.md
@@ -416,6 +416,38 @@ flowchart TD
 
 The following policy default values are available in this library:
 
+### default name `ama_change_tracking_data_collection_rule_id`
+
+#### assignment `Deploy-VM-ChangeTrack`
+
+<details><summary>1 parameter names</summary>
+
+- dcrResourceId
+</details>
+
+#### assignment `Deploy-VMSS-ChangeTrack`
+
+<details><summary>1 parameter names</summary>
+
+- dcrResourceId
+</details>
+
+#### assignment `Deploy-vmArc-ChangeTrack`
+
+<details><summary>1 parameter names</summary>
+
+- dcrResourceId
+</details>
+
+### default name `ama_mdfc_sql_data_collection_rule_id`
+
+#### assignment `Deploy-MDFC-DefSQL-AMA`
+
+<details><summary>1 parameter names</summary>
+
+- dcrResourceId
+</details>
+
 ### default name `ama_user_assigned_managed_identity_id`
 
 #### assignment `Deploy-VM-ChangeTrack`
@@ -425,13 +457,27 @@ The following policy default values are available in this library:
 - userAssignedIdentityResourceId
 </details>
 
+#### assignment `Deploy-VM-Monitoring`
+
+<details><summary>1 parameter names</summary>
+
+- userAssignedIdentityResourceId
+</details>
+
 #### assignment `Deploy-VMSS-ChangeTrack`
 
 <details><summary>1 parameter names</summary>
 
 - userAssignedIdentityResourceId
 </details>
 
+#### assignment `Deploy-VMSS-Monitoring`
+
+<details><summary>1 parameter names</summary>
+
+- userAssignedIdentityResourceId
+</details>
+
 ### default name `ama_user_assigned_managed_identity_name`
 
 #### assignment `DenyAction-DeleteUAMIAMA`
@@ -441,27 +487,23 @@ The following policy default values are available in this library:
 - resourceName
 </details>
 
-### default name `ama_vm_change_tracking_data_collection_rule_id`
+### default name `ama_vm_insights_data_collection_rule_id`
 
-#### assignment `Deploy-VM-ChangeTrack`
+#### assignment `Deploy-VM-Monitoring`
 
 <details><summary>1 parameter names</summary>
 
 - dcrResourceId
 </details>
 
-### default name `ama_vmarc_change_tracking_data_collection_rule_id`
-
-#### assignment `Deploy-vmArc-ChangeTrack`
+#### assignment `Deploy-VMSS-Monitoring`
 
 <details><summary>1 parameter names</summary>
 
 - dcrResourceId
 </details>
 
-### default name `ama_vmss_change_tracking_data_collection_rule_id`
-
-#### assignment `Deploy-VMSS-ChangeTrack`
+#### assignment `Deploy-vmHybr-Monitoring`
 
 <details><summary>1 parameter names</summary>
 
@@ -497,46 +539,46 @@ The following policy default values are available in this library:
 
 ### default name `log_analytics_workspace_id`
 
-#### assignment `Deploy-MDFC-Config`
+#### assignment `Deploy-AzActivity-Log`
 
 <details><summary>1 parameter names</summary>
 
 - logAnalytics
 </details>
 
-#### assignment `Deploy-MDFC-DefSQL-AMA`
+#### assignment `Deploy-AzSqlDb-Auditing`
 
 <details><summary>1 parameter names</summary>
 
-- userWorkspaceResourceId
+- logAnalyticsWorkspaceId
 </details>
 
-#### assignment `Deploy-AzActivity-Log`
+#### assignment `Deploy-Diag-Logs`
 
 <details><summary>1 parameter names</summary>
 
 - logAnalytics
 </details>
 
-#### assignment `Deploy-AzSqlDb-Auditing`
+#### assignment `Deploy-MDFC-Config`
 
 <details><summary>1 parameter names</summary>
 
-- logAnalyticsWorkspaceId
+- logAnalytics
 </details>
 
-#### assignment `Deploy-Diag-Logs`
+#### assignment `Deploy-MDFC-Config-H224`
 
 <details><summary>1 parameter names</summary>
 
 - logAnalytics
 </details>
 
-#### assignment `Deploy-MDFC-Config-H224`
+#### assignment `Deploy-MDFC-DefSQL-AMA`
 
 <details><summary>1 parameter names</summary>
 
-- logAnalytics
+- userWorkspaceResourceId
 </details>
 
 ### default name `log_analytics_workspace_location`

diff --git a/platform/alz/alz_policy_default_values.json b/platform/alz/alz_policy_default_values.json
@@ -15,6 +15,18 @@
             "userAssignedIdentityResourceId"
           ],
           "policy_assignment_name": "Deploy-VMSS-ChangeTrack"
+        },
+        {
+          "policy_assignment_name": "Deploy-VM-Monitoring",
+          "parameter_names": [
+            "userAssignedIdentityResourceId"
+          ]
+        },
+        {
+          "policy_assignment_name": "Deploy-VMSS-Monitoring",
+          "parameter_names": [
+            "userAssignedIdentityResourceId"
+          ]
         }
       ]
     },
@@ -30,30 +42,54 @@
       ]
     },
     {
-      "default_name": "ama_vm_change_tracking_data_collection_rule_id",
+      "default_name": "ama_vm_insights_data_collection_rule_id",
       "policy_assignments": [
         {
+          "policy_assignment_name": "Deploy-VM-Monitoring",
           "parameter_names": [
             "dcrResourceId"
-          ],
-          "policy_assignment_name": "Deploy-VM-ChangeTrack"
+          ]
+        },
+        {
+          "policy_assignment_name": "Deploy-VMSS-Monitoring",
+          "parameter_names": [
+            "dcrResourceId"
+          ]
+        },
+        {
+          "policy_assignment_name": "Deploy-vmHybr-Monitoring",
+          "parameter_names": [
+            "dcrResourceId"
+          ]
         }
       ]
     },
     {
-      "default_name": "ama_vmarc_change_tracking_data_collection_rule_id",
+      "default_name": "ama_mdfc_sql_data_collection_rule_id",
       "policy_assignments": [
         {
+          "policy_assignment_name": "Deploy-MDFC-DefSQL-AMA",
           "parameter_names": [
             "dcrResourceId"
-          ],
-          "policy_assignment_name": "Deploy-vmArc-ChangeTrack"
+          ]
         }
       ]
     },
     {
-      "default_name": "ama_vmss_change_tracking_data_collection_rule_id",
+      "default_name": "ama_change_tracking_data_collection_rule_id",
       "policy_assignments": [
+        {
+          "parameter_names": [
+            "dcrResourceId"
+          ],
+          "policy_assignment_name": "Deploy-VM-ChangeTrack"
+        },
+        {
+          "parameter_names": [
+            "dcrResourceId"
+          ],
+          "policy_assignment_name": "Deploy-vmArc-ChangeTrack"
+        },
         {
           "parameter_names": [
             "dcrResourceId"