From 7e8db15aa7135e77086dc30cee583983d93c32d7 Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Mon, 28 Oct 2024 18:54:34 +0000 Subject: [PATCH] fix(alz): missing and incorrect defaults (#80) --- .github/workflows/pr-check.yml | 16 +-- .github/workflows/update-alz.yml | 14 +- platform/alz/README.md | 86 ++++++++++++- platform/alz/alz_policy_default_values.json | 135 +++++++++++++++++--- 4 files changed, 208 insertions(+), 43 deletions(-) diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index 839f003..aaf21a4 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -12,6 +12,9 @@ on: - main workflow_dispatch: +env: + alzlibtool_version: "0.22.1" + jobs: libschanged: runs-on: ubuntu-latest @@ -48,17 +51,14 @@ jobs: matrix: lib: ${{ fromJson(needs.libschanged.outputs.list) }} steps: + - name: Install alzlibtool + run: | + curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlibtool_linux_amd64.tar.gz | tar -xvz + sudo cp alzlibtool /usr/local/bin + - name: Checkout code uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: Set up go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 - with: - go-version: 'stable' - - - name: Install alzlibtool - run: go install github.com/Azure/alzlib/cmd/alzlibtool@v0.21.7 - - name: Azure login uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 with: diff --git a/.github/workflows/update-alz.yml b/.github/workflows/update-alz.yml index 80e19c4..49edb68 100644 --- a/.github/workflows/update-alz.yml +++ b/.github/workflows/update-alz.yml @@ -11,6 +11,7 @@ permissions: contents: write env: + alzlibtool_version: "0.22.0" remote_repository: "Azure/Enterprise-Scale" alzlib_repository: "Azure/alzlib" library_dir: "platform/alz" @@ -25,6 +26,11 @@ jobs: runs-on: ubuntu-latest environment: libupdate steps: + - name: Install alzlibtool + run: | + curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_0.22.0_linux_amd64.tar.gz | tar -xvz + sudo cp alzlibtool /usr/local/bin + - name: Local repository checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: @@ -38,14 +44,6 @@ jobs: path: ${{ env.remote_repository }} ref: main - - name: setup go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 - with: - go-version: 'stable' - - - name: install alzlibtool - run: go install github.com/Azure/alzlib/cmd/alzlibtool@v0.21.7 - - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 id: generate-token with: diff --git a/platform/alz/README.md b/platform/alz/README.md index 7b193b8..55c6282 100644 --- a/platform/alz/README.md +++ b/platform/alz/README.md @@ -545,32 +545,70 @@ The following policy default values are available in this library: - logAnalyticsWorkspaceId -#### assignment `Deploy-Diag-Logs` +#### assignment `Deploy-Diag-LogsCat`
1 parameter names - logAnalytics
-#### assignment `Deploy-MDFC-Config` +#### assignment `Deploy-MDFC-Config-H224`
1 parameter names - logAnalytics
-#### assignment `Deploy-MDFC-Config-H224` +#### assignment `Deploy-MDFC-DefSQL-AMA`
1 parameter names -- logAnalytics +- userWorkspaceResourceId
-#### assignment `Deploy-MDFC-DefSQL-AMA` +### default name `private_dns_bot_service` + +#### assignment `Deploy-Private-DNS-Zones`
1 parameter names -- userWorkspaceResourceId +- azureBotServicePrivateDnsZoneId +
+ +### default name `private_dns_databricks` + +#### assignment `Deploy-Private-DNS-Zones` + +
1 parameter names + +- azureDatabricksPrivateDnsZoneId +
+ +### default name `private_dns_iot_central` + +#### assignment `Deploy-Private-DNS-Zones` + +
1 parameter names + +- azureIotCentralPrivateDnsZoneId +
+ +### default name `private_dns_iot_device_update` + +#### assignment `Deploy-Private-DNS-Zones` + +
1 parameter names + +- azureIotDeviceupdatePrivateDnsZoneId +
+ +### default name `private_dns_zone_acr` + +#### assignment `Deploy-Private-DNS-Zones` + +
1 parameter names + +- azureAcrPrivateDnsZoneId
### default name `private_dns_zone_app` @@ -825,6 +863,15 @@ The following policy default values are available in this library: - azureMachineLearningWorkspacePrivateDnsZoneId +### default name `private_dns_zone_machine_learning_workspace_second` + +#### assignment `Deploy-Private-DNS-Zones` + +
1 parameter names + +- azureMachineLearningWorkspaceSecondPrivateDnsZoneId +
+ ### default name `private_dns_zone_managed_grafana_workspace` #### assignment `Deploy-Private-DNS-Zones` @@ -942,6 +989,15 @@ The following policy default values are available in this library: - azureSignalRPrivateDnsZoneId +### default name `private_dns_zone_site_recovery_backup` + +#### assignment `Deploy-Private-DNS-Zones` + +
1 parameter names + +- azureSiteRecoveryBackupPrivateDnsZoneID +
+ ### default name `private_dns_zone_site_recovery_blob` #### assignment `Deploy-Private-DNS-Zones` @@ -1041,6 +1097,24 @@ The following policy default values are available in this library: - azureStorageStaticWebSecPrivateDnsZoneId +### default name `private_dns_zone_storage_table` + +#### assignment `Deploy-Private-DNS-Zones` + +
1 parameter names + +- azureStorageTablePrivateDnsZoneId +
+ +### default name `private_dns_zone_storage_table_secondary` + +#### assignment `Deploy-Private-DNS-Zones` + +
1 parameter names + +- azureStorageTableSecondaryPrivateDnsZoneId +
+ ### default name `private_dns_zone_synapse_dev` #### assignment `Deploy-Private-DNS-Zones` diff --git a/platform/alz/alz_policy_default_values.json b/platform/alz/alz_policy_default_values.json index ff117d7..41e54a6 100644 --- a/platform/alz/alz_policy_default_values.json +++ b/platform/alz/alz_policy_default_values.json @@ -1,6 +1,105 @@ { "$schema": "https://raw.githubusercontent.com/Azure/Azure-Landing-Zones-Library/main/schemas/default_policy_values.json", "defaults": [ + { + "default_name": "private_dns_zone_acr", + "policy_assignments": [ + { + "parameter_names": [ + "azureAcrPrivateDnsZoneId" + ], + "policy_assignment_name": "Deploy-Private-DNS-Zones" + } + ] + }, + { + "default_name": "private_dns_bot_service", + "policy_assignments": [ + { + "parameter_names": [ + "azureBotServicePrivateDnsZoneId" + ], + "policy_assignment_name": "Deploy-Private-DNS-Zones" + } + ] + }, + { + "default_name": "private_dns_databricks", + "policy_assignments": [ + { + "parameter_names": [ + "azureDatabricksPrivateDnsZoneId" + ], + "policy_assignment_name": "Deploy-Private-DNS-Zones" + } + ] + }, + { + "default_name": "private_dns_iot_central", + "policy_assignments": [ + { + "parameter_names": [ + "azureIotCentralPrivateDnsZoneId" + ], + "policy_assignment_name": "Deploy-Private-DNS-Zones" + } + ] + }, + { + "default_name": "private_dns_iot_device_update", + "policy_assignments": [ + { + "parameter_names": [ + "azureIotDeviceupdatePrivateDnsZoneId" + ], + "policy_assignment_name": "Deploy-Private-DNS-Zones" + } + ] + }, + { + "default_name": "private_dns_zone_site_recovery_backup", + "policy_assignments": [ + { + "parameter_names": [ + "azureSiteRecoveryBackupPrivateDnsZoneID" + ], + "policy_assignment_name": "Deploy-Private-DNS-Zones" + } + ] + }, + { + "default_name": "private_dns_zone_storage_table", + "policy_assignments": [ + { + "parameter_names": [ + "azureStorageTablePrivateDnsZoneId" + ], + "policy_assignment_name": "Deploy-Private-DNS-Zones" + } + ] + }, + { + "default_name": "private_dns_zone_storage_table_secondary", + "policy_assignments": [ + { + "parameter_names": [ + "azureStorageTableSecondaryPrivateDnsZoneId" + ], + "policy_assignment_name": "Deploy-Private-DNS-Zones" + } + ] + }, + { + "default_name": "private_dns_zone_machine_learning_workspace_second", + "policy_assignments": [ + { + "parameter_names": [ + "azureMachineLearningWorkspaceSecondPrivateDnsZoneId" + ], + "policy_assignment_name": "Deploy-Private-DNS-Zones" + } + ] + }, { "default_name": "ama_user_assigned_managed_identity_id", "policy_assignments": [ @@ -17,22 +116,22 @@ "policy_assignment_name": "Deploy-VMSS-ChangeTrack" }, { - "policy_assignment_name": "Deploy-VM-Monitoring", "parameter_names": [ "userAssignedIdentityResourceId" - ] + ], + "policy_assignment_name": "Deploy-VM-Monitoring" }, { - "policy_assignment_name": "Deploy-VMSS-Monitoring", "parameter_names": [ "userAssignedIdentityResourceId" - ] + ], + "policy_assignment_name": "Deploy-VMSS-Monitoring" }, { - "policy_assignment_name": "Deploy-MDFC-DefSQL-AMA", "parameter_names": [ "userAssignedIdentityResourceId" - ] + ], + "policy_assignment_name": "Deploy-MDFC-DefSQL-AMA" } ] }, @@ -51,22 +150,22 @@ "default_name": "ama_vm_insights_data_collection_rule_id", "policy_assignments": [ { - "policy_assignment_name": "Deploy-VM-Monitoring", "parameter_names": [ "dcrResourceId" - ] + ], + "policy_assignment_name": "Deploy-VM-Monitoring" }, { - "policy_assignment_name": "Deploy-VMSS-Monitoring", "parameter_names": [ "dcrResourceId" - ] + ], + "policy_assignment_name": "Deploy-VMSS-Monitoring" }, { - "policy_assignment_name": "Deploy-vmHybr-Monitoring", "parameter_names": [ "dcrResourceId" - ] + ], + "policy_assignment_name": "Deploy-vmHybr-Monitoring" } ] }, @@ -74,10 +173,10 @@ "default_name": "ama_mdfc_sql_data_collection_rule_id", "policy_assignments": [ { - "policy_assignment_name": "Deploy-MDFC-DefSQL-AMA", "parameter_names": [ "dcrResourceId" - ] + ], + "policy_assignment_name": "Deploy-MDFC-DefSQL-AMA" } ] }, @@ -134,7 +233,7 @@ "parameter_names": [ "logAnalytics" ], - "policy_assignment_name": "Deploy-Diag-Logs" + "policy_assignment_name": "Deploy-Diag-LogsCat" }, { "parameter_names": [ @@ -142,12 +241,6 @@ ], "policy_assignment_name": "Deploy-MDFC-Config-H224" }, - { - "parameter_names": [ - "logAnalytics" - ], - "policy_assignment_name": "Deploy-MDFC-Config" - }, { "parameter_names": [ "userWorkspaceResourceId"