Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feat: Add Resource Locking to ALZ Bicep Modules #712

Merged
merged 22 commits into from
Jan 29, 2024

Conversation

DaFitRobsta
Copy link
Contributor

@DaFitRobsta DaFitRobsta commented Jan 12, 2024

Overview/Summary

Adds the support for resource locking in all modules for resources that support resource locks.
See AB#30524 for additional details of feature request.
In response to #608

This PR fixes/adds/changes/removes

  • Allows for setting resource locking globally or at each individual resource within the module.
  • Resource locking at the subscription level is not supported in this release.

Breaking Changes

None

Testing Evidence

Each module that was updated to support Resource Locking was tested with successful deployments. Testing included setting the global parameter to different values as individual resources to validate resource locking logic.

As part of this Pull Request I have

@DaFitRobsta DaFitRobsta marked this pull request as ready for review January 12, 2024 22:31
@oZakari
Copy link
Contributor

oZakari commented Jan 15, 2024

Thanks @DaFitRobsta! Will go through this PR later this week. 👍🏼

@jtracey93 jtracey93 linked an issue Jan 22, 2024 that may be closed by this pull request
2 tasks
@jtracey93 jtracey93 mentioned this pull request Jan 22, 2024
2 tasks
Copy link
Contributor

@oZakari oZakari left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @DaFitRobsta, for the resource group module I see there is a new module called resourceGroupLock.bicep. Can we instead just use the resource lock provider as you have done for the other modules instead?

@oZakari oZakari closed this Jan 25, 2024
@oZakari oZakari reopened this Jan 25, 2024
@DaFitRobsta
Copy link
Contributor Author

Hey @DaFitRobsta, for the resource group module I see there is a new module called resourceGroupLock.bicep. Can we instead just use the resource lock provider as you have done for the other modules instead?

Hey @oZakari,
Because the resource group module has a targetScope set to the subscription level, if placing the resource lock within the module, it locks the subscription and not the resource group. I used this site, https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=bicep#template, as an example to work around the issue. It's my understanding that I have to call a sub-module in order to set the resource lock at the resource group level. If you have other methods to execute this without the extra module, please let me know.

@microsoft-github-policy-service microsoft-github-policy-service bot added Needs: Attention 👋 Needs attention from the maintainers and removed Needs: Author Feedback labels Jan 25, 2024
DaFitRobsta and others added 3 commits January 25, 2024 07:24
LGTM

Co-authored-by: Zach Trocinski <30884663+oZakari@users.noreply.github.com>
Thanks for finding this!

Co-authored-by: Zach Trocinski <30884663+oZakari@users.noreply.github.com>
LGTM

Co-authored-by: Zach Trocinski <30884663+oZakari@users.noreply.github.com>
@oZakari
Copy link
Contributor

oZakari commented Jan 26, 2024

Hey @DaFitRobsta, for the resource group module I see there is a new module called resourceGroupLock.bicep. Can we instead just use the resource lock provider as you have done for the other modules instead?

Hey @oZakari, Because the resource group module has a targetScope set to the subscription level, if placing the resource lock within the module, it locks the subscription and not the resource group. I used this site, https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=bicep#template, as an example to work around the issue. It's my understanding that I have to call a sub-module in order to set the resource lock at the resource group level. If you have other methods to execute this without the extra module, please let me know.

Ah, that makes perfect sense. Thanks for the clarification on that!

@oZakari oZakari added enhancement and removed Needs: Attention 👋 Needs attention from the maintainers labels Jan 26, 2024
@oZakari
Copy link
Contributor

oZakari commented Jan 26, 2024

/azp run validateazcloud

Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@oZakari
Copy link
Contributor

oZakari commented Jan 26, 2024

Hey @DaFitRobsta, the ValidateAzCloud pipeline failed due to parPublicIPLock not being declared within the hub networking module. Could you add that in when you get chance please.

After adding the fix, you can run put /azp run validateazcloud in a comment to re-trigger the pipeline.

@DaFitRobsta
Copy link
Contributor Author

/azp run validateazcloud

Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@oZakari oZakari self-requested a review January 29, 2024 01:21
@oZakari oZakari merged commit 759030a into Azure:main Jan 29, 2024
10 checks passed
@DaFitRobsta DaFitRobsta deleted the ado-30524 branch February 6, 2024 17:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add resource locks to templates
2 participants