From afe242fafdae3bacf5e53f17d4f030b6ddb28d26 Mon Sep 17 00:00:00 2001
From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com>
Date: Fri, 25 Oct 2024 15:13:23 +0100
Subject: [PATCH 01/10] fix(alz): deploy-diag-logcat rename, fixes #78
---
platform/alz/alz_policy_default_values.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/platform/alz/alz_policy_default_values.json b/platform/alz/alz_policy_default_values.json
index ff117d7..4096ae0 100644
--- a/platform/alz/alz_policy_default_values.json
+++ b/platform/alz/alz_policy_default_values.json
@@ -134,7 +134,7 @@
"parameter_names": [
"logAnalytics"
],
- "policy_assignment_name": "Deploy-Diag-Logs"
+ "policy_assignment_name": "Deploy-Diag-LogsCat"
},
{
"parameter_names": [
From e76c9bcb344c6bb7a22a270d51fe77dab2dfe7da Mon Sep 17 00:00:00 2001
From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com>
Date: Fri, 25 Oct 2024 15:25:41 +0100
Subject: [PATCH 02/10] fix(alz): add missing private dns zones to list of
defaults. fixes #79
---
platform/alz/alz_policy_default_values.json | 127 +++++++++++++++++---
1 file changed, 113 insertions(+), 14 deletions(-)
diff --git a/platform/alz/alz_policy_default_values.json b/platform/alz/alz_policy_default_values.json
index 4096ae0..1ff4d86 100644
--- a/platform/alz/alz_policy_default_values.json
+++ b/platform/alz/alz_policy_default_values.json
@@ -1,6 +1,105 @@
{
"$schema": "https://raw.githubusercontent.com/Azure/Azure-Landing-Zones-Library/main/schemas/default_policy_values.json",
"defaults": [
+ {
+ "default_name": "private_dns_zone_acr",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "azureAcrPrivateDnsZoneId"
+ ],
+ "policy_assignment_name": "Deploy-Private-DNS-Zones"
+ }
+ ]
+ },
+ {
+ "default_name": "private_dns_bot_service",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "azureBotServicePrivateDnsZoneId"
+ ],
+ "policy_assignment_name": "Deploy-Private-DNS-Zones"
+ }
+ ]
+ },
+ {
+ "default_name": "private_dns_databricks",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "azureDatabricksPrivateDnsZoneId"
+ ],
+ "policy_assignment_name": "Deploy-Private-DNS-Zones"
+ }
+ ]
+ },
+ {
+ "default_name": "private_dns_iot_central",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "azureIotCentralPrivateDnsZoneId"
+ ],
+ "policy_assignment_name": "Deploy-Private-DNS-Zones"
+ }
+ ]
+ },
+ {
+ "default_name": "private_dns_iot_device_update",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "azureIotDeviceupdatePrivateDnsZoneId"
+ ],
+ "policy_assignment_name": "Deploy-Private-DNS-Zones"
+ }
+ ]
+ },
+ {
+ "default_name": "private_dns_zone_site_recovery_backup",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "azureSiteRecoveryBackupPrivateDnsZoneID"
+ ],
+ "policy_assignment_name": "Deploy-Private-DNS-Zones"
+ }
+ ]
+ },
+ {
+ "default_name": "private_dns_zone_storage_table",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "azureStorageTablePrivateDnsZoneId"
+ ],
+ "policy_assignment_name": "Deploy-Private-DNS-Zones"
+ }
+ ]
+ },
+ {
+ "default_name": "private_dns_zone_storage_table_secondary",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "azureStorageTableSecondaryPrivateDnsZoneId"
+ ],
+ "policy_assignment_name": "Deploy-Private-DNS-Zones"
+ }
+ ]
+ },
+ {
+ "default_name": "private_dns_zone_machine_learning_workspace_second",
+ "policy_assignments": [
+ {
+ "parameter_names": [
+ "azureMachineLearningWorkspaceSecondPrivateDnsZoneId"
+ ],
+ "policy_assignment_name": "Deploy-Private-DNS-Zones"
+ }
+ ]
+ },
{
"default_name": "ama_user_assigned_managed_identity_id",
"policy_assignments": [
@@ -17,22 +116,22 @@
"policy_assignment_name": "Deploy-VMSS-ChangeTrack"
},
{
- "policy_assignment_name": "Deploy-VM-Monitoring",
"parameter_names": [
"userAssignedIdentityResourceId"
- ]
+ ],
+ "policy_assignment_name": "Deploy-VM-Monitoring"
},
{
- "policy_assignment_name": "Deploy-VMSS-Monitoring",
"parameter_names": [
"userAssignedIdentityResourceId"
- ]
+ ],
+ "policy_assignment_name": "Deploy-VMSS-Monitoring"
},
{
- "policy_assignment_name": "Deploy-MDFC-DefSQL-AMA",
"parameter_names": [
"userAssignedIdentityResourceId"
- ]
+ ],
+ "policy_assignment_name": "Deploy-MDFC-DefSQL-AMA"
}
]
},
@@ -51,22 +150,22 @@
"default_name": "ama_vm_insights_data_collection_rule_id",
"policy_assignments": [
{
- "policy_assignment_name": "Deploy-VM-Monitoring",
"parameter_names": [
"dcrResourceId"
- ]
+ ],
+ "policy_assignment_name": "Deploy-VM-Monitoring"
},
{
- "policy_assignment_name": "Deploy-VMSS-Monitoring",
"parameter_names": [
"dcrResourceId"
- ]
+ ],
+ "policy_assignment_name": "Deploy-VMSS-Monitoring"
},
{
- "policy_assignment_name": "Deploy-vmHybr-Monitoring",
"parameter_names": [
"dcrResourceId"
- ]
+ ],
+ "policy_assignment_name": "Deploy-vmHybr-Monitoring"
}
]
},
@@ -74,10 +173,10 @@
"default_name": "ama_mdfc_sql_data_collection_rule_id",
"policy_assignments": [
{
- "policy_assignment_name": "Deploy-MDFC-DefSQL-AMA",
"parameter_names": [
"dcrResourceId"
- ]
+ ],
+ "policy_assignment_name": "Deploy-MDFC-DefSQL-AMA"
}
]
},
From bd21a570118a663b46a2f6a6fcbe7c9846509a3a Mon Sep 17 00:00:00 2001
From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com>
Date: Fri, 25 Oct 2024 15:59:53 +0100
Subject: [PATCH 03/10] fix:(alz) remove old default value
---
platform/alz/alz_policy_default_values.json | 6 ------
1 file changed, 6 deletions(-)
diff --git a/platform/alz/alz_policy_default_values.json b/platform/alz/alz_policy_default_values.json
index 1ff4d86..41e54a6 100644
--- a/platform/alz/alz_policy_default_values.json
+++ b/platform/alz/alz_policy_default_values.json
@@ -241,12 +241,6 @@
],
"policy_assignment_name": "Deploy-MDFC-Config-H224"
},
- {
- "parameter_names": [
- "logAnalytics"
- ],
- "policy_assignment_name": "Deploy-MDFC-Config"
- },
{
"parameter_names": [
"userWorkspaceResourceId"
From 5595c4cdd6d04033e6815b07e7cc646d8e4123ba Mon Sep 17 00:00:00 2001
From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com>
Date: Sun, 27 Oct 2024 17:54:04 +0000
Subject: [PATCH 04/10] ci: migrate to alzlibtool binary dist
---
.github/workflows/update-alz.yml | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/.github/workflows/update-alz.yml b/.github/workflows/update-alz.yml
index 80e19c4..a3732ff 100644
--- a/.github/workflows/update-alz.yml
+++ b/.github/workflows/update-alz.yml
@@ -11,6 +11,7 @@ permissions:
contents: write
env:
+ alzlibtool_version: "0.22.0"
remote_repository: "Azure/Enterprise-Scale"
alzlib_repository: "Azure/alzlib"
library_dir: "platform/alz"
@@ -25,6 +26,11 @@ jobs:
runs-on: ubuntu-latest
environment: libupdate
steps:
+ - name: Install alzlibtool
+ run: |
+ curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_0.22.0_darwin_arm64.tar.gz | tar -xv
+ sudo cp alzlibtool /usr/local/bin
+
- name: Local repository checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
@@ -38,14 +44,6 @@ jobs:
path: ${{ env.remote_repository }}
ref: main
- - name: setup go
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
- with:
- go-version: 'stable'
-
- - name: install alzlibtool
- run: go install github.com/Azure/alzlib/cmd/alzlibtool@v0.21.7
-
- uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
id: generate-token
with:
From 1fa168a20915d79c3a8fa1fd81b92e4d4f60d1b8 Mon Sep 17 00:00:00 2001
From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com>
Date: Sun, 27 Oct 2024 17:56:08 +0000
Subject: [PATCH 05/10] ci: migrate to alzlibtool binary dist
---
.github/workflows/pr-check.yml | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml
index 839f003..8de2166 100644
--- a/.github/workflows/pr-check.yml
+++ b/.github/workflows/pr-check.yml
@@ -12,6 +12,9 @@ on:
- main
workflow_dispatch:
+env:
+ alzlibtool_version: "0.22.0"
+
jobs:
libschanged:
runs-on: ubuntu-latest
@@ -48,17 +51,14 @@ jobs:
matrix:
lib: ${{ fromJson(needs.libschanged.outputs.list) }}
steps:
+ - name: Install alzlibtool
+ run: |
+ curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_0.22.0_darwin_arm64.tar.gz | tar -xv
+ sudo cp alzlibtool /usr/local/bin
+
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- - name: Set up go
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
- with:
- go-version: 'stable'
-
- - name: Install alzlibtool
- run: go install github.com/Azure/alzlib/cmd/alzlibtool@v0.21.7
-
- name: Azure login
uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1
with:
From aa56467c2b2db75bfc7f2e64a22b32061d751f79 Mon Sep 17 00:00:00 2001
From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com>
Date: Sun, 27 Oct 2024 17:58:33 +0000
Subject: [PATCH 06/10] ci: add missing z flag to tar
---
.github/workflows/pr-check.yml | 2 +-
.github/workflows/update-alz.yml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml
index 8de2166..b603f82 100644
--- a/.github/workflows/pr-check.yml
+++ b/.github/workflows/pr-check.yml
@@ -53,7 +53,7 @@ jobs:
steps:
- name: Install alzlibtool
run: |
- curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_0.22.0_darwin_arm64.tar.gz | tar -xv
+ curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_0.22.0_darwin_arm64.tar.gz | tar -xvz
sudo cp alzlibtool /usr/local/bin
- name: Checkout code
diff --git a/.github/workflows/update-alz.yml b/.github/workflows/update-alz.yml
index a3732ff..5bc0489 100644
--- a/.github/workflows/update-alz.yml
+++ b/.github/workflows/update-alz.yml
@@ -28,7 +28,7 @@ jobs:
steps:
- name: Install alzlibtool
run: |
- curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_0.22.0_darwin_arm64.tar.gz | tar -xv
+ curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_0.22.0_darwin_arm64.tar.gz | tar -xvz
sudo cp alzlibtool /usr/local/bin
- name: Local repository checkout
From 69bf448811f1195f2b1ec110841bd2e48ba17fcf Mon Sep 17 00:00:00 2001
From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com>
Date: Sun, 27 Oct 2024 18:00:29 +0000
Subject: [PATCH 07/10] ci: fix dist binary
---
.github/workflows/pr-check.yml | 2 +-
.github/workflows/update-alz.yml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml
index b603f82..d87364b 100644
--- a/.github/workflows/pr-check.yml
+++ b/.github/workflows/pr-check.yml
@@ -53,7 +53,7 @@ jobs:
steps:
- name: Install alzlibtool
run: |
- curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_0.22.0_darwin_arm64.tar.gz | tar -xvz
+ curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_0.22.0_linux_amd64.tar.gz | tar -xvz
sudo cp alzlibtool /usr/local/bin
- name: Checkout code
diff --git a/.github/workflows/update-alz.yml b/.github/workflows/update-alz.yml
index 5bc0489..49edb68 100644
--- a/.github/workflows/update-alz.yml
+++ b/.github/workflows/update-alz.yml
@@ -28,7 +28,7 @@ jobs:
steps:
- name: Install alzlibtool
run: |
- curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_0.22.0_darwin_arm64.tar.gz | tar -xvz
+ curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_0.22.0_linux_amd64.tar.gz | tar -xvz
sudo cp alzlibtool /usr/local/bin
- name: Local repository checkout
From 56b6e0e4c339212aa2e8f24178af2c05298ab199 Mon Sep 17 00:00:00 2001
From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com>
Date: Sun, 27 Oct 2024 18:12:12 +0000
Subject: [PATCH 08/10] doc(alz): gen docs
---
platform/alz/README.md | 86 +++++++++++++++++++++++++++++++++++++++---
1 file changed, 80 insertions(+), 6 deletions(-)
diff --git a/platform/alz/README.md b/platform/alz/README.md
index 7b193b8..55c6282 100644
--- a/platform/alz/README.md
+++ b/platform/alz/README.md
@@ -545,32 +545,70 @@ The following policy default values are available in this library:
- logAnalyticsWorkspaceId
-#### assignment `Deploy-Diag-Logs`
+#### assignment `Deploy-Diag-LogsCat`
1 parameter names
- logAnalytics
-#### assignment `Deploy-MDFC-Config`
+#### assignment `Deploy-MDFC-Config-H224`
1 parameter names
- logAnalytics
-#### assignment `Deploy-MDFC-Config-H224`
+#### assignment `Deploy-MDFC-DefSQL-AMA`
1 parameter names
-- logAnalytics
+- userWorkspaceResourceId
-#### assignment `Deploy-MDFC-DefSQL-AMA`
+### default name `private_dns_bot_service`
+
+#### assignment `Deploy-Private-DNS-Zones`
1 parameter names
-- userWorkspaceResourceId
+- azureBotServicePrivateDnsZoneId
+
+
+### default name `private_dns_databricks`
+
+#### assignment `Deploy-Private-DNS-Zones`
+
+1 parameter names
+
+- azureDatabricksPrivateDnsZoneId
+
+
+### default name `private_dns_iot_central`
+
+#### assignment `Deploy-Private-DNS-Zones`
+
+1 parameter names
+
+- azureIotCentralPrivateDnsZoneId
+
+
+### default name `private_dns_iot_device_update`
+
+#### assignment `Deploy-Private-DNS-Zones`
+
+1 parameter names
+
+- azureIotDeviceupdatePrivateDnsZoneId
+
+
+### default name `private_dns_zone_acr`
+
+#### assignment `Deploy-Private-DNS-Zones`
+
+1 parameter names
+
+- azureAcrPrivateDnsZoneId
### default name `private_dns_zone_app`
@@ -825,6 +863,15 @@ The following policy default values are available in this library:
- azureMachineLearningWorkspacePrivateDnsZoneId
+### default name `private_dns_zone_machine_learning_workspace_second`
+
+#### assignment `Deploy-Private-DNS-Zones`
+
+1 parameter names
+
+- azureMachineLearningWorkspaceSecondPrivateDnsZoneId
+
+
### default name `private_dns_zone_managed_grafana_workspace`
#### assignment `Deploy-Private-DNS-Zones`
@@ -942,6 +989,15 @@ The following policy default values are available in this library:
- azureSignalRPrivateDnsZoneId
+### default name `private_dns_zone_site_recovery_backup`
+
+#### assignment `Deploy-Private-DNS-Zones`
+
+1 parameter names
+
+- azureSiteRecoveryBackupPrivateDnsZoneID
+
+
### default name `private_dns_zone_site_recovery_blob`
#### assignment `Deploy-Private-DNS-Zones`
@@ -1041,6 +1097,24 @@ The following policy default values are available in this library:
- azureStorageStaticWebSecPrivateDnsZoneId
+### default name `private_dns_zone_storage_table`
+
+#### assignment `Deploy-Private-DNS-Zones`
+
+1 parameter names
+
+- azureStorageTablePrivateDnsZoneId
+
+
+### default name `private_dns_zone_storage_table_secondary`
+
+#### assignment `Deploy-Private-DNS-Zones`
+
+1 parameter names
+
+- azureStorageTableSecondaryPrivateDnsZoneId
+
+
### default name `private_dns_zone_synapse_dev`
#### assignment `Deploy-Private-DNS-Zones`
From 528574acca9fbadfdc5eccde0e2402619db7b34c Mon Sep 17 00:00:00 2001
From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com>
Date: Mon, 28 Oct 2024 18:17:43 +0000
Subject: [PATCH 09/10] feat: update alzlib 0.22.1
---
.github/workflows/pr-check.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml
index d87364b..6ece095 100644
--- a/.github/workflows/pr-check.yml
+++ b/.github/workflows/pr-check.yml
@@ -13,7 +13,7 @@ on:
workflow_dispatch:
env:
- alzlibtool_version: "0.22.0"
+ alzlibtool_version: "0.22.1"
jobs:
libschanged:
@@ -53,7 +53,7 @@ jobs:
steps:
- name: Install alzlibtool
run: |
- curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_0.22.0_linux_amd64.tar.gz | tar -xvz
+ curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_linux_amd64.tar.gz | tar -xvz
sudo cp alzlibtool /usr/local/bin
- name: Checkout code
From 6ce5c586d330553d19b223fc7a948137818c3cdf Mon Sep 17 00:00:00 2001
From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com>
Date: Mon, 28 Oct 2024 18:19:56 +0000
Subject: [PATCH 10/10] ci: fix tool url
---
.github/workflows/pr-check.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml
index 6ece095..aaf21a4 100644
--- a/.github/workflows/pr-check.yml
+++ b/.github/workflows/pr-check.yml
@@ -53,7 +53,7 @@ jobs:
steps:
- name: Install alzlibtool
run: |
- curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlib_linux_amd64.tar.gz | tar -xvz
+ curl -L https://github.com/Azure/alzlib/releases/download/v${{ env.alzlibtool_version }}/alzlibtool_linux_amd64.tar.gz | tar -xvz
sudo cp alzlibtool /usr/local/bin
- name: Checkout code