Skip to content

Connectivity and identity landing zone support
Compare
Choose a tag to compare
@krowlandson krowlandson released this 06 Aug 16:10
· 267 commits to main since this release
v0.4.0
652e5df
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This release includes a number of changes to bring the module up to date with the latest from the Azure/Enterprise-scale repository, introduces new capabilities for deploying resources in the Connectivity landing zone, and additional configuration options for the Identity landing zone.

As part of these updates, this release also introduces provider configuraiton in the module, allowing deployment of resources to multiple Subscriptions from a single module block.

This release fixes/adds/changes/removes

  1. Updated Enterprise Scale Library Tools to pull policy updates from the new eslzArm deployment in Azure/Enterprise-scale
  2. Updated API Versions cache
  3. Updated Wiki Sync to enable workflow dispatch and forked repository support
  4. Updated documentation in README.md and Wiki, including improved coverage of variables and examples (Fixes #118)
  5. Added the ability to deploy Connectivity resources into the Connectivity Subscription
  6. Added the ability to configure Identity policies through input variables
  7. Updated test framework to provide coverage for latest updates
  8. Standardised naming convention for advanced settings in management and connectivity modules
  9. Added "module tags" for resources to identify them as deployed by the module - these will be appended to any user-defined tags and can be disabled or overridden as required
  10. Added the ability to deploy "non-demo" versions of the SAP, Corp and Online landing zones using feature flags
  11. Consolidated the archetypes for connectivity to use a single common archetype named es_connectivity
  12. Added logic to map Platform Subscriptions to their respective Management Groups using the subscription_id_{connectivity|identity|management} input variables, including logic to allow the same Subscription to be used for multiple roles. (Fixes #127)
  13. Updated display names for "Demo" landing zones to indicate that they are for demo purposes only
  14. Updated Role Assignments to create clear seperation between those created for user access vs. for Policy Assignments with Managed Identity
  15. Fixed RegEx bug in logic used to determine the Management Group name when determining Role Assignments used for Policy Assignments with Managed Identity
  16. Policy update to Deny-Subnets-Without-NSG fixes #38
  17. Updates to logic may help with #51 but requires further testing

Breaking Changes

  1. Added provider configuration requirement in module block (Fixes #102)
  2. Updated the deprecated azurerm_policy_assignment resource type to azurerm_management_group_policy_assignment (will cause resployment of these resources)
  3. Multiple policy updates will cause reployment of many policies
  4. Renamed Management resources to enable deployment to specified Subscription using provider blocks

For more information on the changes introduced by this release please refer to the new Upgrade from v0.3.3 to v0.4.0 documentation.

Assets 2
Loading