Skip to content

Commit

Permalink
Adding additional controls for resource discovery (#609)
Browse files Browse the repository at this point in the history 
* ExpandResourceDiscovery

* ExpandResourceDiscoveryUpdate

* ExpandResourceDiscoveryUpdate1

* Update src/internal/functions/Get-AzOpsResourceDefinition.ps1

Co-authored-by: Johan Dahlbom <johan@dahlbom.eu>

* Update src/internal/functions/Get-AzOpsResourceDefinition.ps1

Co-authored-by: Johan Dahlbom <johan@dahlbom.eu>

* Update src/localized/en-us/Strings.psd1

Co-authored-by: Johan Dahlbom <johan@dahlbom.eu>

Co-authored-by: Johan Dahlbom <johan@dahlbom.eu>
  • Loading branch information
@Jefajers @daltondhcp
Jefajers and daltondhcp authored May 5, 2022
1 parent 219d8ae commit d6a64f0
Show file tree
Hide file tree
Showing 6 changed files with 246 additions and 74 deletions.
91 changes: 87 additions & 4 deletions docs/wiki/Frequently-Asked-Questions.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,16 @@ This article answers frequently asked questions relating to AzOps.

## In this Section

- [Subscriptions or resources not showing up in repository](#subscriptions-or-resources-not-showing-up-in-repository)
- [Push fail with deployment already exists in location error](#push-fail-with-deployment-already-exists-in-location-error)
- [Pull fail with active pull request already exists error](#pull-fail-with-active-pull-request-already-exists-error)
- [AzOps FAQ](#azops-faq)
- [In this Section](#in-this-section)
- [Subscriptions or resources not showing up in repository](#subscriptions-or-resources-not-showing-up-in-repository)
- [Push fail with deployment already exists in location error](#push-fail-with-deployment-already-exists-in-location-error)
- [Pull fail with active pull request already exists error](#pull-fail-with-active-pull-request-already-exists-error)
- [Discovery scenarios and settings](#discovery-scenarios-and-settings)
- [**I want to discover all resources across all resource groups in one specific subscription**](#i-want-to-discover-all-resources-across-all-resource-groups-in-one-specific-subscription)
- [**I want to discover all resources in specific resource groups in one specific subscription**](#i-want-to-discover-all-resources-in-specific-resource-groups-in-one-specific-subscription)
- [**I want to discover a specific resource type in specific resource group in one specific subscription**](#i-want-to-discover-a-specific-resource-type-in-specific-resource-group-in-one-specific-subscription)
- [**I want to discover and manage several Azure Firewall Policy's and rule collections spread out across several resource groups and subscriptions**](#i-want-to-discover-and-manage-several-azure-firewall-policys-and-rule-collections-spread-out-across-several-resource-groups-and-subscriptions)

## Subscriptions or resources not showing up in repository

Expand Down Expand Up @@ -47,4 +54,80 @@ This happens because it is not supported in Azure DevOps to create a pull reques

To resolve the error, [complete or abandon the existing pull request (PR)](https://docs.microsoft.com/en-us/azure/devops/repos/git/complete-pull-requests?view=azure-devops&tabs=browser) first and then rerun the pipeline.

![PR](./Media/FAQ/pr.png)
![PR](./Media/FAQ/pr.png)

## Discovery scenarios and settings

### **I want to discover all resources across all resource groups in one specific subscription**

Can AzOps settings be configured to enable this?

Yes, ensure the following setting combinations are applied (replace `SubscriptionId` with your specific information)

```bash
"Core.IncludeResourcesInResourceGroup": ["*"]

"Core.IncludeResourceType": ["*"]

"Core.SkipResource": false

"Core.SkipResourceGroup": false

"Core.SubscriptionsToIncludeResourceGroups": ["SubscriptionId"]
```

### **I want to discover all resources in specific resource groups in one specific subscription**

Can AzOps settings be configured to enable this?

Yes, ensure the following setting combinations are applied (replace `rgname1`, `rgname2`, `rgname3` and `SubscriptionId` with your specific information)

```bash
"Core.IncludeResourcesInResourceGroup": ["rgname1","rgname2","rgname3"]

"Core.IncludeResourceType": ["*"]

"Core.SkipResource": false

"Core.SkipResourceGroup": false

"Core.SubscriptionsToIncludeResourceGroups": ["SubscriptionId"]
```

### **I want to discover a specific resource type in specific resource group in one specific subscription**

Can AzOps settings be configured to enable this?

Yes, ensure the following setting combinations are applied (replace `rgname1`, `resource-provider/resource-type` and `SubscriptionId` with your specific information)

```bash
"Core.IncludeResourcesInResourceGroup": ["rgname1"]

"Core.IncludeResourceType": ["resource-provider/resource-type"]

"Core.SkipResource": false

"Core.SkipResourceGroup": false

"Core.SubscriptionsToIncludeResourceGroups": ["SubscriptionId"]
```

### **I want to discover and manage several Azure Firewall Policy's and rule collections spread out across several resource groups and subscriptions**

Can AzOps settings be configured to enable this?

Yes, ensure the following setting combinations are applied (replace `rgname1`, `rgname2`, `Microsoft.Network/firewallPolicies` and `SubscriptionId1`, `SubscriptionId2` with your specific information)

```bash
"Core.IncludeResourcesInResourceGroup": ["rgname1","rgname2"]

"Core.IncludeResourceType": ["Microsoft.Network/firewallPolicies"]

"Core.SkipResource": false

"Core.SkipChildResource": false

"Core.SkipResourceGroup": false

"Core.SubscriptionsToIncludeResourceGroups": ["SubscriptionId1","SubscriptionId2"]
```
36 changes: 20 additions & 16 deletions docs/wiki/Settings.md
View file
Original file line number Diff line number Diff line change
@@ -1,26 +1,30 @@
# AzOps Settings

The following configuration values can be modified within the `settings.json` file to change the default behavior of AzOps.

| Id | Name | Description | Example |
| ID | Name | Description | Example |
| --- | ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------- |
| 01 | AutoGeneratedTemplateFolderPath | Generate sub folder for composite resources (/.Az) | ![Auto-Generated-Template-FolderPath](./Media/Pipelines/Auto-Generated-Template-FolderPath.PNG) |
| 02 | AutoInitialize | Run Initialize-AzOpsEnvironment when module is loaded. *Not recommended to change* | `"Core.AutoInitialize": true` |
| 03 | DefaultDeploymentRegion | Default region for deployments | `"Core.DefaultDeploymentRegion": "northeurope"` |
| 04 | EnrollmentAccountPrincipalName | Default enrollment account for Subscription creation | `"Core.EnrollmentAccountPrincipalName": ""` |
| 05 | ExcludedSubOffer | Exclude specific Subscription offer types from pull | `"Core.ExcludedSubOffer": [ "AzurePass_2014-09-01","FreeTrial_2014-09-01","AAD_2015-09-01"]` |
| 05 | ExcludedSubOffer | Exclude specific Subscription offer types from pull | `"Core.ExcludedSubOffer": ["AzurePass_2014-09-01","FreeTrial_2014-09-01","AAD_2015-09-01"]` |
| 06 | ExcludedSubState | Exclude specific states of Subscription from pull | `"Core.ExcludedSubState": ["Disabled","Deleted","Warned","Expired"]` |
| 07 | ExportRawTemplate | Export generic templates without embedding them in the parameter block | `"Core.ExportRawTemplate": true` |
| 08 | IgnoreContextCheck | Skip Azure PowerShell context validation. *Not recommended to change* | `"Core.IgnoreContextCheck": false` |
| 09 | InvalidateCache | Invalidate cached Subscriptions and Management Groups and do a full discovery. *Not recommended to change* | `"Core.InvalidateCache": false` |
| 10 | OfferType | Default offer type for Subscription creation | `"Core.OfferType": "MS-AZR-0017P"` |
| 11 | PartialMgDiscoveryRoot | Generate folder hierachy for specific Management Groups | `"Core.PartialMgDiscoveryRoot": []"` |
| 12 | SkipPolicy | Do not include Azure Policy state in pull | `"Core.SkipPolicy": false` |
| 13 | SkipResource | Do not include Resources within Resource Groups | `"Core.SkipResource": false` |
| 14 | SkipChildResource | Do not include Azure child resources | `"Core.SkipChildResource": false` |
| 15 | SkipResourceGroup | Do not include Resource Groups in pull | `"Core.SkipResourceGroup": false` |
| 16 | SkipResourceType | Skip specific [Resource Types](https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types) (only targets Resource Group scoped resources) |
| 17 | SkipRole | Do not include Role types in pull | `"Core.SkipRole": false` |
| 18 | State | Folder to store AzOpsState artefact, defaults to `root` | ![State](./Media/Pipelines/State.PNG) |
| 19 | SubscriptionsToIncludeResourceGroups | Filter which Subscriptions should include Resource Groups in pull | `"Core.SubscriptionsToIncludeResourceGroups": "*"` |
| 20 | TemplateParameterFileSuffix | Default template file suffix. *Not recommended to change* | `"Core.TemplateParameterFileSuffix": ".json"` |
| 21 | ThrottleLimit | Default template file suffix. *Not recommended to change* | `"Core.ThrottleLimit": 10` |
| 22 | WhatifExcludedChangeTypes | Exclude specific change types from WhatIf operations | `"Core.WhatifExcludedChangeTypes": ["NoChange","Ignore"]` |
| 09 | IncludeResourcesInResourceGroup | Discover only resources in these resource groups | `"Core.IncludeResourcesInResourceGroup": ["rg1","rg2"]` |
| 10 | IncludeResourceType | Discover only specific resource types [Resource Types](https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types) (only targets Resource Group scoped resources) | `"Core.IncludeResourceType": ["Microsoft.Network/privateDnsZones","Microsoft.Network/firewallPolicies"]` |
| 11 | InvalidateCache | Invalidate cached Subscriptions and Management Groups and do a full discovery. *Not recommended to change* | `"Core.InvalidateCache": false` |
| 12 | OfferType | Default offer type for Subscription creation | `"Core.OfferType": "MS-AZR-0017P"` |
| 13 | PartialMgDiscoveryRoot | Generate folder hierachy for specific Management Groups | `"Core.PartialMgDiscoveryRoot": []` |
| 14 | SkipPolicy | Do not include Azure Policy state in pull | `"Core.SkipPolicy": false` |
| 15 | SkipResource | Do not include Resources within Resource Groups | `"Core.SkipResource": false` |
| 16 | SkipChildResource | Do not include Azure child resources | `"Core.SkipChildResource": false` |
| 17 | SkipResourceGroup | Do not include Resource Groups in pull | `"Core.SkipResourceGroup": false` |
| 18 | SkipResourceType | Skip specific [Resource Types](https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types) (only targets Resource Group scoped resources) | `"Core.SkipResourceType": ["Microsoft.VSOnline/plans"]` |
| 19 | SkipRole | Do not include Role types in pull | `"Core.SkipRole": false` |
| 20 | State | Folder to store AzOpsState artefact, defaults to `root` | ![State](./Media/Pipelines/State.PNG) |
| 21 | SubscriptionsToIncludeResourceGroups | Filter which Subscriptions should include Resource Groups in pull | `"Core.SubscriptionsToIncludeResourceGroups": ["*"]` |
| 22 | TemplateParameterFileSuffix | Default template file suffix. *Not recommended to change* | `"Core.TemplateParameterFileSuffix": ".json"` |
| 23 | ThrottleLimit | Default template file suffix. *Not recommended to change* | `"Core.ThrottleLimit": 10` |
| 24 | WhatifExcludedChangeTypes | Exclude specific change types from WhatIf operations | `"Core.WhatifExcludedChangeTypes": ["NoChange","Ignore"]` |
Loading

0 comments on commit d6a64f0

Please sign in to comment.