From afe242fafdae3bacf5e53f17d4f030b6ddb28d26 Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Fri, 25 Oct 2024 15:13:23 +0100 Subject: [PATCH 01/10] fix(alz): deploy-diag-logcat rename, fixes #78 --- platform/alz/alz_policy_default_values.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/platform/alz/alz_policy_default_values.json b/platform/alz/alz_policy_default_values.json index ff117d7..4096ae0 100644 --- a/platform/alz/alz_policy_default_values.json +++ b/platform/alz/alz_policy_default_values.json @@ -134,7 +134,7 @@ "parameter_names": [ "logAnalytics" ], - "policy_assignment_name": "Deploy-Diag-Logs" + "policy_assignment_name": "Deploy-Diag-LogsCat" }, { "parameter_names": [ From e76c9bcb344c6bb7a22a270d51fe77dab2dfe7da Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Fri, 25 Oct 2024 15:25:41 +0100 Subject: [PATCH 02/10] fix(alz): add missing private dns zones to list of defaults. fixes #79 --- platform/alz/alz_policy_default_values.json | 127 +++++++++++++++++--- 1 file changed, 113 insertions(+), 14 deletions(-) diff --git a/platform/alz/alz_policy_default_values.json b/platform/alz/alz_policy_default_values.json index 4096ae0..1ff4d86 100644 --- a/platform/alz/alz_policy_default_values.json +++ b/platform/alz/alz_policy_default_values.json @@ -1,6 +1,105 @@ { "$schema": "https://raw.githubusercontent.com/Azure/Azure-Landing-Zones-Library/main/schemas/default_policy_values.json", "defaults": [ + { + "default_name": "private_dns_zone_acr", + "policy_assignments": [ + { + "parameter_names": [ + "azureAcrPrivateDnsZoneId" + ], + "policy_assignment_name": "Deploy-Private-DNS-Zones" + } + ] + }, + { + "default_name": "private_dns_bot_service", + "policy_assignments": [ + { + "parameter_names": [ + "azureBotServicePrivateDnsZoneId" + ], + "policy_assignment_name": "Deploy-Private-DNS-Zones" + } + ] + }, + { + "default_name": "private_dns_databricks", + "policy_assignments": [ + { + "parameter_names": [ + "azureDatabricksPrivateDnsZoneId" + ], + "policy_assignment_name": "Deploy-Private-DNS-Zones" + } + ] + }, + { + "default_name": "private_dns_iot_central", + "policy_assignments": [ + { + "parameter_names": [ + "azureIotCentralPrivateDnsZoneId" + ], + "policy_assignment_name": "Deploy-Private-DNS-Zones" + } + ] + }, + { + "default_name": "private_dns_iot_device_update", + "policy_assignments": [ + { + "parameter_names": [ + "azureIotDeviceupdatePrivateDnsZoneId" + ], + "policy_assignment_name": "Deploy-Private-DNS-Zones" + } + ] + }, + { + "default_name": "private_dns_zone_site_recovery_backup", + "policy_assignments": [ + { + "parameter_names": [ + "azureSiteRecoveryBackupPrivateDnsZoneID" + ], + "policy_assignment_name": "Deploy-Private-DNS-Zones" + } + ] + }, + { + "default_name": "private_dns_zone_storage_table", + "policy_assignments": [ + { + "parameter_names": [ + "azureStorageTablePrivateDnsZoneId" + ], + "policy_assignment_name": "Deploy-Private-DNS-Zones" + } + ] + }, + { + "default_name": "private_dns_zone_storage_table_secondary", + "policy_assignments": [ + { + "parameter_names": [ + "azureStorageTableSecondaryPrivateDnsZoneId" + ], + "policy_assignment_name": "Deploy-Private-DNS-Zones" + } + ] + }, + { + "default_name": "private_dns_zone_machine_learning_workspace_second", + "policy_assignments": [ + { + "parameter_names": [ + "azureMachineLearningWorkspaceSecondPrivateDnsZoneId" + ], + "policy_assignment_name": "Deploy-Private-DNS-Zones" + } + ] + }, { "default_name": "ama_user_assigned_managed_identity_id", "policy_assignments": [ @@ -17,22 +116,22 @@ "policy_assignment_name": "Deploy-VMSS-ChangeTrack" }, { - "policy_assignment_name": "Deploy-VM-Monitoring", "parameter_names": [ "userAssignedIdentityResourceId" - ] + ], + "policy_assignment_name": "Deploy-VM-Monitoring" }, { - "policy_assignment_name": "Deploy-VMSS-Monitoring", "parameter_names": [ "userAssignedIdentityResourceId" - ] + ], + "policy_assignment_name": "Deploy-VMSS-Monitoring" }, { - "policy_assignment_name": "Deploy-MDFC-DefSQL-AMA", "parameter_names": [ "userAssignedIdentityResourceId" - ] + ], + "policy_assignment_name": "Deploy-MDFC-DefSQL-AMA" } ] }, @@ -51,22 +150,22 @@ "default_name": "ama_vm_insights_data_collection_rule_id", "policy_assignments": [ { - "policy_assignment_name": "Deploy-VM-Monitoring", "parameter_names": [ "dcrResourceId" - ] + ], + "policy_assignment_name": "Deploy-VM-Monitoring" }, { - "policy_assignment_name": "Deploy-VMSS-Monitoring", "parameter_names": [ "dcrResourceId" - ] + ], + "policy_assignment_name": "Deploy-VMSS-Monitoring" }, { - "policy_assignment_name": "Deploy-vmHybr-Monitoring", "parameter_names": [ "dcrResourceId" - ] + ], + "policy_assignment_name": "Deploy-vmHybr-Monitoring" } ] }, @@ -74,10 +173,10 @@ "default_name": "ama_mdfc_sql_data_collection_rule_id", "policy_assignments": [ { - "policy_assignment_name": "Deploy-MDFC-DefSQL-AMA", "parameter_names": [ "dcrResourceId" - ] + ], + "policy_assignment_name": "Deploy-MDFC-DefSQL-AMA" } ] }, From bd21a570118a663b46a2f6a6fcbe7c9846509a3a Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Fri, 25 Oct 2024 15:59:53 +0100 Subject: [PATCH 03/10] fix:(alz) remove old default value --- platform/alz/alz_policy_default_values.json | 6 ------ 1 file changed, 6 deletions(-) diff --git a/platform/alz/alz_policy_default_values.json b/platform/alz/alz_policy_default_values.json index 1ff4d86..41e54a6 100644 --- a/platform/alz/alz_policy_default_values.json +++ b/platform/alz/alz_policy_default_values.json @@ -241,12 +241,6 @@ ], "policy_assignment_name": "Deploy-MDFC-Config-H224" }, - { - "parameter_names": [ - "logAnalytics" - ], - "policy_assignment_name": "Deploy-MDFC-Config" - }, { "parameter_names": [ "userWorkspaceResourceId" From 5595c4cdd6d04033e6815b07e7cc646d8e4123ba Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Sun, 27 Oct 2024 17:54:04 +0000 Subject: [PATCH 04/10] ci: migrate to alzlibtool binary dist --- .github/workflows/update-alz.yml | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/.github/workflows/update-alz.yml b/.github/workflows/update-alz.yml index 80e19c4..a3732ff 100644 --- a/.github/workflows/update-alz.yml +++ b/.github/workflows/update-alz.yml @@ -11,6 +11,7 @@ permissions: contents: write env: + alzlibtool_version: "0.22.0" remote_repository: "Azure/Enterprise-Scale" alzlib_repository: "Azure/alzlib" library_dir: "platform/alz" @@ -25,6 +26,11 @@ jobs: runs-on: ubuntu-latest environment: libupdate steps: + - name: Install alzlibtool + run: | + curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_0.22.0_darwin_arm64.tar.gz | tar -xv + sudo cp alzlibtool /usr/local/bin + - name: Local repository checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: @@ -38,14 +44,6 @@ jobs: path: ${{ env.remote_repository }} ref: main - - name: setup go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 - with: - go-version: 'stable' - - - name: install alzlibtool - run: go install github.com/Azure/alzlib/cmd/alzlibtool@v0.21.7 - - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 id: generate-token with: From 1fa168a20915d79c3a8fa1fd81b92e4d4f60d1b8 Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Sun, 27 Oct 2024 17:56:08 +0000 Subject: [PATCH 05/10] ci: migrate to alzlibtool binary dist --- .github/workflows/pr-check.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index 839f003..8de2166 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -12,6 +12,9 @@ on: - main workflow_dispatch: +env: + alzlibtool_version: "0.22.0" + jobs: libschanged: runs-on: ubuntu-latest @@ -48,17 +51,14 @@ jobs: matrix: lib: ${{ fromJson(needs.libschanged.outputs.list) }} steps: + - name: Install alzlibtool + run: | + curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_0.22.0_darwin_arm64.tar.gz | tar -xv + sudo cp alzlibtool /usr/local/bin + - name: Checkout code uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: Set up go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 - with: - go-version: 'stable' - - - name: Install alzlibtool - run: go install github.com/Azure/alzlib/cmd/alzlibtool@v0.21.7 - - name: Azure login uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 with: From aa56467c2b2db75bfc7f2e64a22b32061d751f79 Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Sun, 27 Oct 2024 17:58:33 +0000 Subject: [PATCH 06/10] ci: add missing z flag to tar --- .github/workflows/pr-check.yml | 2 +- .github/workflows/update-alz.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index 8de2166..b603f82 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -53,7 +53,7 @@ jobs: steps: - name: Install alzlibtool run: | - curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_0.22.0_darwin_arm64.tar.gz | tar -xv + curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_0.22.0_darwin_arm64.tar.gz | tar -xvz sudo cp alzlibtool /usr/local/bin - name: Checkout code diff --git a/.github/workflows/update-alz.yml b/.github/workflows/update-alz.yml index a3732ff..5bc0489 100644 --- a/.github/workflows/update-alz.yml +++ b/.github/workflows/update-alz.yml @@ -28,7 +28,7 @@ jobs: steps: - name: Install alzlibtool run: | - curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_0.22.0_darwin_arm64.tar.gz | tar -xv + curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_0.22.0_darwin_arm64.tar.gz | tar -xvz sudo cp alzlibtool /usr/local/bin - name: Local repository checkout From 69bf448811f1195f2b1ec110841bd2e48ba17fcf Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Sun, 27 Oct 2024 18:00:29 +0000 Subject: [PATCH 07/10] ci: fix dist binary --- .github/workflows/pr-check.yml | 2 +- .github/workflows/update-alz.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index b603f82..d87364b 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -53,7 +53,7 @@ jobs: steps: - name: Install alzlibtool run: | - curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_0.22.0_darwin_arm64.tar.gz | tar -xvz + curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_0.22.0_linux_amd64.tar.gz | tar -xvz sudo cp alzlibtool /usr/local/bin - name: Checkout code diff --git a/.github/workflows/update-alz.yml b/.github/workflows/update-alz.yml index 5bc0489..49edb68 100644 --- a/.github/workflows/update-alz.yml +++ b/.github/workflows/update-alz.yml @@ -28,7 +28,7 @@ jobs: steps: - name: Install alzlibtool run: | - curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_0.22.0_darwin_arm64.tar.gz | tar -xvz + curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_0.22.0_linux_amd64.tar.gz | tar -xvz sudo cp alzlibtool /usr/local/bin - name: Local repository checkout From 56b6e0e4c339212aa2e8f24178af2c05298ab199 Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Sun, 27 Oct 2024 18:12:12 +0000 Subject: [PATCH 08/10] doc(alz): gen docs --- platform/alz/README.md | 86 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 80 insertions(+), 6 deletions(-) diff --git a/platform/alz/README.md b/platform/alz/README.md index 7b193b8..55c6282 100644 --- a/platform/alz/README.md +++ b/platform/alz/README.md @@ -545,32 +545,70 @@ The following policy default values are available in this library: - logAnalyticsWorkspaceId -#### assignment `Deploy-Diag-Logs` +#### assignment `Deploy-Diag-LogsCat`
1 parameter names - logAnalytics
-#### assignment `Deploy-MDFC-Config` +#### assignment `Deploy-MDFC-Config-H224`
1 parameter names - logAnalytics
-#### assignment `Deploy-MDFC-Config-H224` +#### assignment `Deploy-MDFC-DefSQL-AMA`
1 parameter names -- logAnalytics +- userWorkspaceResourceId
-#### assignment `Deploy-MDFC-DefSQL-AMA` +### default name `private_dns_bot_service` + +#### assignment `Deploy-Private-DNS-Zones`
1 parameter names -- userWorkspaceResourceId +- azureBotServicePrivateDnsZoneId +
+ +### default name `private_dns_databricks` + +#### assignment `Deploy-Private-DNS-Zones` + +
1 parameter names + +- azureDatabricksPrivateDnsZoneId +
+ +### default name `private_dns_iot_central` + +#### assignment `Deploy-Private-DNS-Zones` + +
1 parameter names + +- azureIotCentralPrivateDnsZoneId +
+ +### default name `private_dns_iot_device_update` + +#### assignment `Deploy-Private-DNS-Zones` + +
1 parameter names + +- azureIotDeviceupdatePrivateDnsZoneId +
+ +### default name `private_dns_zone_acr` + +#### assignment `Deploy-Private-DNS-Zones` + +
1 parameter names + +- azureAcrPrivateDnsZoneId
### default name `private_dns_zone_app` @@ -825,6 +863,15 @@ The following policy default values are available in this library: - azureMachineLearningWorkspacePrivateDnsZoneId +### default name `private_dns_zone_machine_learning_workspace_second` + +#### assignment `Deploy-Private-DNS-Zones` + +
1 parameter names + +- azureMachineLearningWorkspaceSecondPrivateDnsZoneId +
+ ### default name `private_dns_zone_managed_grafana_workspace` #### assignment `Deploy-Private-DNS-Zones` @@ -942,6 +989,15 @@ The following policy default values are available in this library: - azureSignalRPrivateDnsZoneId +### default name `private_dns_zone_site_recovery_backup` + +#### assignment `Deploy-Private-DNS-Zones` + +
1 parameter names + +- azureSiteRecoveryBackupPrivateDnsZoneID +
+ ### default name `private_dns_zone_site_recovery_blob` #### assignment `Deploy-Private-DNS-Zones` @@ -1041,6 +1097,24 @@ The following policy default values are available in this library: - azureStorageStaticWebSecPrivateDnsZoneId +### default name `private_dns_zone_storage_table` + +#### assignment `Deploy-Private-DNS-Zones` + +
1 parameter names + +- azureStorageTablePrivateDnsZoneId +
+ +### default name `private_dns_zone_storage_table_secondary` + +#### assignment `Deploy-Private-DNS-Zones` + +
1 parameter names + +- azureStorageTableSecondaryPrivateDnsZoneId +
+ ### default name `private_dns_zone_synapse_dev` #### assignment `Deploy-Private-DNS-Zones` From 528574acca9fbadfdc5eccde0e2402619db7b34c Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Mon, 28 Oct 2024 18:17:43 +0000 Subject: [PATCH 09/10] feat: update alzlib 0.22.1 --- .github/workflows/pr-check.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index d87364b..6ece095 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -13,7 +13,7 @@ on: workflow_dispatch: env: - alzlibtool_version: "0.22.0" + alzlibtool_version: "0.22.1" jobs: libschanged: @@ -53,7 +53,7 @@ jobs: steps: - name: Install alzlibtool run: | - curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_0.22.0_linux_amd64.tar.gz | tar -xvz + curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_linux_amd64.tar.gz | tar -xvz sudo cp alzlibtool /usr/local/bin - name: Checkout code From 6ce5c586d330553d19b223fc7a948137818c3cdf Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Mon, 28 Oct 2024 18:19:56 +0000 Subject: [PATCH 10/10] ci: fix tool url --- .github/workflows/pr-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index 6ece095..aaf21a4 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -53,7 +53,7 @@ jobs: steps: - name: Install alzlibtool run: | - curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_linux_amd64.tar.gz | tar -xvz + curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlibtool_linux_amd64.tar.gz | tar -xvz sudo cp alzlibtool /usr/local/bin - name: Checkout code