Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Policy refactoring with automation and testing #1020

Closed
wants to merge 124 commits into from
Closed

Policy refactoring with automation and testing #1020

wants to merge 124 commits into from

Conversation

krowlandson
Copy link
Contributor

Overview/Summary

This PR makes a fundamental change to the how we manage and test custom policies implemented as part of Azure landing zones.

This PR fixes/adds/changes/removes

  1. Adds a new resource library containing individual policy definition and policy set definition resources as individual files
  2. Adds a Bicep template used to programmatically generate a new policies.json file for the eslzArm Portal deployment
  3. The new policies.json template is now designed to universally work across AzureCloud, AzureChinaCloud and AzureUsGovernment clouds
  4. Adds new GitHub Action to automatically regenerate policies.json when relevant changes are detected in a PR
  5. Adds new GitHub Action to perform static code analysis (linting) of the new src folder (also scans eslzArm folder but for reporting only)
  6. Adds a new GitHub Action to perform automated testing of the eslzArm deployment, including a complete deployment and tear-down
  7. Adds an updated version of the original EnterpriseScaleLibraryTools PowerShell module from the Terraform implementation, now rebranded as Alz.Tools and extended to include new functionality needed for broader use (will be re-usable for Terraform and Bicep implementations)
  8. Adds a new GitHub Action to keep the Alz.Tools module up to date with the latest API versions
  9. Includes minor (primarily cosmetic) updates to the eslzArm deployment to improve maintainability and control whilst running programmatically

Breaking Changes

None identified

Testing Evidence

See test pipelines in GitHub Actions.

Testing evidence for AzureChinaCloud and AzureUsGovernment to follow.

Testing URLs

n/a

As part of this Pull Request I have

  • Checked for duplicate Pull Requests
  • Associated it with relevant issues, for tracking and closure.
  • Ensured my code/branch is up-to-date with the latest changes in the main branch
  • Performed testing and provided evidence.
  • Updated relevant and associated documentation.
  • Updated the "What's New?" wiki page (located: /docs/wiki/whats-new.md)

Kevin Rowlandson and others added 30 commits July 19, 2022 11:17
Add Alz.Tools PowerShell module
f15e22c
Add script to generate policy resource files
cfe9c02 
from `policies.json`
Add programatically generated resource files
4327089 
- Policy Definitions
- Policy Set Definitions
Update defaults to run from repository root directory
f28c2bd
Add script and template to auto-generate policies.json
bd49029
Add auto-generated policies.json for testing
696c8bc
Update file naming logic
3cd0ae2
Update file names
b12e2cf
Stage policies.json from Bicep for testing
911d863
Update policy resources in src for sov. clouds
ce54b09 
+ AzureChinaCloud
+ AzureUSGovernment
Replace policies.json template with policies.bicep
52b3e3d
Update eslzArm to use new unified policies.json
8ffa084
Fix template reference error
692f581
Fix depends_on for Policy Assignment deployments
cf6cb3a
Update logic for setting deployment location
6513335
Update policy metadata (add source)
96cb56a
Allow scope to be set at deployment
0a8a682
Add linting for src directory
845fa26
Update ProviderApiVersions.zip
57a99c6
Add automation to GitHub Actions
bfa8f26
Update actions
45e9b44
Update cron schedule
18f0462
Update paths for FileList entries
59d86a5
Fix error in module
f5b4fca
Add environment and login steps
3ed4110
Set permissions on workflow
b5533d8
Update permissions for workflow
d511386
Udpate RequiredModules
3b1ce6f
Update to powershell task
f3b0935
Auto-update ALZ.Tools [krowlandson/f3b09359]
036c391
Kevin Rowlandson and others added 25 commits August 3, 2022 08:43
Fix linting issues
df37544
Fix bug on Ubuntu and add WhatIf support
11c8329
Fix bug on Ubuntu and add WhatIf support
bdb2a6b
Wrap output to information messages
8ffc424
Remove trailing whitespace
ce0e479
Reduce default value for delayCount
e83c9ee
Update Set-AzureSubscriptionAlias function
cab6f1a 
- Rename from Register-AzureSubscription
- Add ParameterSetNames
- Add retry logic
- Can handle GET or PUT
- Can create alias for new or existing Subscription
Update WhatIf messages
4d40601
Update what if responses
62d28d2
Convert steps to scripts
238f09b
Set execution bit
81425a5
Revert to uses azure/powershell
029f7f7
Point to correct scripts
bbd6c65
Enable deployment steps
0769e3c
Remove always() condition
4d354d4
Update information messages and formatting
f8c96f6
Remove PSScriptAnalyzer comments
0068ab6
Convert destroy steps to scripts
a9fc259
Fix linting errors
ae13eb9
@github-actions
Auto-update Portal experience [krowlandson/bd3bc86c]
9f57f29
List available pwsh modules
ab6a2e0
Merge branch 'policy-refactor' of github.com:krowlandson/Enterprise-S…
84d51e1 
…cale into policy-refactor
Update required version for Az.Resources
bd7c713
Improve workflow
a3490df
Update step label
9f76aee
@krowlandson krowlandson added enhancement New feature or request engineering engineering work labels Aug 9, 2022
@krowlandson krowlandson self-assigned this Aug 9, 2022
@krowlandson
Copy link
Contributor Author

Closing in favour of #1022 where we can test the initial GitHub Action workflows which require access to GitHub secrets

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@krowlandson krowlandson

Labels
engineering engineering work enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@krowlandson