Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: Consider using EvaluationDelay:AfterProvisioningSuccess for Built in private DNS policies #1050

Open
anwojcie opened this issue Nov 9, 2022 · 8 comments
Open

Feature request: Consider using EvaluationDelay:AfterProvisioningSuccess for Built in private DNS policies #1050

anwojcie opened this issue Nov 9, 2022 · 8 comments

Comments

@anwojcie
Copy link

anwojcie commented Nov 9, 2022

Hi,

Currently:

All Built In policies to set the DNS config on private DNS
e.g.
https://github.com/Azure/azure-policy/blob/e8fff400e6eee3502c3f3b4e7ac8301870aeac3f/built-in-policies/policyDefinitions/Storage/StoragePrivateDnsZoneGroup_Blob.json
https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_PrivateZoneGroup_DINE.json
would be greatly enhanced if we put the evaluationDelay to AfterProvisioningSuccess.

Since the evaluationDelay is 10 min by default, creating a private Endpoint demands Application Teams to wait for 10min before they can actually use them, respectively before the private IP is resolvable by DNS.

This is especially painful if the Application Team uses CI/CD pipelines.
They currently need to build weird workarounds such as scripts in their pipeline, local provisioner (scripts) in tf or deployment scripts in Bicep only to wait for this default evaluationDelay to be reached.

Another issue arises if the creation of the private Endpoint needs more than 10min. For example on a busy day at lunchtime with a just created CosmosDB. Since this can take more than 10min (I've seen up to 12min) but the default 10min delay starts counting on private endpoint deployment, this would cause the PolicyDeployment failing with "Resource Not Ready".

Solution:

Both issues are easily resolved by setting "EvaluationDelay":"AfterProvisioningSuccess" within the deployment.
e.g.

{
  "properties": {
    ...
    "policyRule": {
      ...
      "then": {
        ...
        "details": {
          ...
          "EvaluationDelay":"AfterProvisioningSuccess",
          "deployment": {
            ...
          }
        }
      }
    }
  }
}
@earldata
Copy link

earldata commented Aug 4, 2023

I see this has been dormant for a while - this would be hugely beneficial.

@fearofweapons
Copy link

just hit this myself +1 from me

@olebru
Copy link

olebru commented Jan 25, 2024

+1 it would make life a whole lot better, allowing the apply stages of to both deploy and use the deployed resources in the same run.

@torgro
Copy link

torgro commented Jan 25, 2024
edited
Loading

+1 This, so much this. We need this for our CI/CD pipeline with terraform.

@sikksakk
Copy link

+1 need this aswell!

@Mtaddeo1010
Copy link

+1 any one? I need this as well.

@matt-buchanan
Copy link

+1 this would be very useful

@dewolfs
Copy link

dewolfs commented Mar 15, 2024

+1 need this

@kamilzzz kamilzzz mentioned this issue Jun 4, 2024
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@sikksakk @torgro @dewolfs @earldata @fearofweapons @anwojcie @olebru @matt-buchanan @Mtaddeo1010