Fixes path normalization bug in deployment scripts #374
Fixes subscription filtering bug in deployment scripts #375
Adds CanadaPubSecALZ configuration JSON schema support for editors #376
Adds Scripts to generate CanadaPubSecALZ configuration files using existing environments as template #377
Adds Deploy landing zones to new Azure subscriptions in new primary tenant #378
* Squashed commit of the following:
commit 6d6b3e49855c365f49a4674534b985bacf9cd74c
Author: Barry Willis <bawillis@microsoft.com>
Date: Mon Feb 27 08:07:45 2023 -0800
changed the areacode on the logging service health alerts architype
commit 86b4505c2ffd5127978883c0bc6a1f9b0e7d3268
Author: Barry Willis <bawillis@microsoft.com>
Date: Fri Feb 24 16:39:08 2023 -0800
prepping for testing in ESLZ test environment
commit 0f92b6bf70aee1377b4d49db436fa7024f1bfd25
Merge: 2a3584a 7749e7b
Author: Barry Willis <bawillis@microsoft.com>
Date: Fri Feb 24 16:10:37 2023 -0800
Merge remote-tracking branch 'origin/main' into IdentityLZ
commit 7749e7bf7a
Merge: f6555a45337654
Author: Barry Willis <bawillis@microsoft.com>
Date: Fri Feb 24 16:08:54 2023 -0800
Merge remote-tracking branch 'github-CanadaPubSecALZ/main'
commit f6555a4122
Author: Barry Willis <bawillis@microsoft.com>
Date: Mon Feb 13 12:30:20 2023 -0800
Added the patch version to the AKS versions in the Data Archetypes
commit 8edcb63d83
Author: Barry Willis <bawillis@microsoft.com>
Date: Mon Feb 13 11:32:54 2023 -0800
Changed hte AKS version to only have the Major.Minor
commit 37123d7162
Author: Barry Willis <bawillis@microsoft.com>
Date: Mon Feb 13 11:17:38 2023 -0800
updated AKS version in the Data Archetypes
commit 459b3c6275
Author: Barry Willis <bawillis@microsoft.com>
Date: Mon Feb 13 08:55:13 2023 -0800
changed the servcie health number prefix to 604
commit cccf88662c
Author: Barry Willis <bawillis@microsoft.com>
Date: Mon Feb 13 07:42:52 2023 -0800
changed the invalid dummy service alert phone number to a valid phone number
commit 8e9628d26e
Author: Barry Willis <bawillis@microsoft.com>
Date: Mon Feb 13 07:01:36 2023 -0800
fixed linter warnings in policy files
commit 6c2b2f7d2d
Author: Barry Willis <bawillis@microsoft.com>
Date: Sat Feb 11 15:36:36 2023 -0800
Commit 95556ddd: changed the extensionResourceId function to tenantResourceId for all built-in polify definitions
commit c58ba48f50
Author: Barry Willis <bawillis@microsoft.com>
Date: Sat Feb 11 15:09:56 2023 -0800
Fixed the AKS policy deployment
commit f9e8418b7e
Author: Barry Willis <bawillis@microsoft.com>
Date: Sat Feb 11 14:04:22 2023 -0800
Fixed Bug on policy defnition
commit 1a3c82e446
Author: Barry Willis <bawillis@microsoft.com>
Date: Fri Feb 10 19:09:02 2023 -0800
updated the linter rules
commit 20e188051a
Author: Barry Willis <bawillis@microsoft.com>
Date: Fri Feb 10 18:52:18 2023 -0800
fixed the remaining linter errors in the policy definitions
commit 1610a28e35
Author: Barry Willis <bawillis@microsoft.com>
Date: Fri Feb 10 18:27:14 2023 -0800
fixed the remaining linter warnings
commit 9f0e049fa0
Author: Barry Willis <bawillis@microsoft.com>
Date: Fri Feb 10 17:31:21 2023 -0800
fixed BCP321 warning
commit 466d7b0c07
Author: Barry Willis <bawillis@microsoft.com>
Date: Fri Feb 10 17:22:46 2023 -0800
changed the pOlicyScopedId var to be set by using the MGResourceID Function
commit 9362967e50
Author: Barry Willis <bawillis@microsoft.com>
Date: Fri Feb 10 16:48:26 2023 -0800
Fixed Role Definition Id References to use the ResourceId function
commit 4bcbc28212
Author: Barry Willis <bawillis@microsoft.com>
Date: Fri Feb 10 16:07:33 2023 -0800
Fixed BCP321 Linter warning in networking files
commit 2a3584a7cac9c5822c7a226bc8a5d44f52d69a65
Author: Barry Willis <bawillis@microsoft.com>
Date: Fri Feb 10 15:07:43 2023 -0800
Removed Linter exception BCP321 - will fix in the linter PR
commit a0b48ec7710a5ee8023a066e4cb5394074002c1e
Author: Barry Willis <bawillis@microsoft.com>
Date: Fri Feb 10 10:39:36 2023 -0800
Fixed the bugs with conditionally deploying DNS Resolver
commit 4f24be78f48465b404c529b276db66496c9958db
Author: Barry Willis <bawillis@microsoft.com>
Date: Wed Feb 8 15:29:38 2023 -0800
Updated documentation and made the DNS Resolver subnets optional
commit 03fcb5e50b0670c67d1850063dd828ffa6945cf8
Merge: dfe0d9a 0fa01e8
Author: Barry Willis <bawillis@microsoft.com>
Date: Mon Feb 6 16:58:41 2023 -0800
Merge remote-tracking branch 'origin/main' into IdentityLZ
commit dfe0d9acab086df1d9dfbfbdae5770fbf5da999a
Author: Barry Willis <bawillis@microsoft.com>
Date: Wed Jan 11 15:52:06 2023 -0800
added Schema validation to the identity config file
commit fb88630b5d707db6b7f4ab1aa2455ff79920d5b3
Author: Barry Willis <bawillis@microsoft.com>
Date: Mon Jan 9 10:28:13 2023 -0800
changed the DNS Resolver ruleset to be an object-array
commit 78aaf4d6cdeff8d9832d8a309f26c10cefe97a22
Author: Barry Willis <bawillis@microsoft.com>
Date: Sat Jan 7 13:57:37 2023 -0800
first pass at creating conditional forwarding rulesets in the Identity LZ
commit e7b554d04daee83a55a985073ec0c59084c7f3c2
Author: Barry Willis <bawillis@microsoft.com>
Date: Fri Jan 6 08:54:27 2023 -0800
Configured Subnet Delegation for Az DNS Resolver
commit 978ab9925f876945ba02280493f7deba1c07e7ee
Author: Barry Willis <bawillis@microsoft.com>
Date: Thu Jan 5 19:52:24 2023 -0800
added Private DNS Resolver to the Identity LZ
commit 9735d58fc04d7a587a76a5387deb112c466390fe
Author: Barry Willis <bawillis@microsoft.com>
Date: Thu Jan 5 13:19:05 2023 -0800
Removed the optional Subnet
commit 4cd57ed41a09672b3cfbc1792c2edbdc3569a060
Author: Barry Willis <bawillis@microsoft.com>
Date: Thu Jan 5 13:09:36 2023 -0800
first cut at the identity LZ framework
commit a119eea02fca28a2028362f484aa2835c9313c1d
Author: Barry Willis <bawillis@microsoft.com>
Date: Wed Dec 21 11:54:58 2022 -0800
added identitypathfromroot in the branch config file
commit 75b6ccc2ab6efd55037e0a5a938d49f2eef32de4
Author: Barry Willis <bawillis@microsoft.com>
Date: Wed Dec 21 11:35:12 2022 -0800
Added: identity vars display
Changed: location reference to identity param file
commit e0cfc41b5a83c4c331689fcafa5edc9928e93d39
Author: Barry Willis <bawillis@microsoft.com>
Date: Wed Dec 21 11:22:35 2022 -0800
fixed misconfigured working directory
commit fb58b16999aeb9cc6b6b81647c76e95024e1267c
Author: Barry Willis <bawillis@microsoft.com>
Date: Wed Dec 21 11:18:46 2022 -0800
removed schema validation to test deployment
commit 240189de7e30fa57654c3ec76ec37c762ff80133
Author: Barry Willis <bawillis@microsoft.com>
Date: Wed Dec 21 11:15:43 2022 -0800
fixed bug - neworking region is now identity region
commit 89e63b5976cb5cdc4e85d0b25c01234ffe4853d7
Author: Barry Willis <bawillis@microsoft.com>
Date: Wed Dec 21 11:11:48 2022 -0800
initial identity lz deployment
commit d4b40b26b893b78d7a9250dffe24c3e9ce06d690
Author: Barry Willis <bawillis@microsoft.com>
Date: Wed Dec 21 11:03:29 2022 -0800
Added default region for Identity Subscription
commit 41e611818d09181b1a455f612425cae20f0683f7
Author: Barry Willis <bawillis@microsoft.com>
Date: Wed Dec 21 08:29:33 2022 -0800
Changed bastion subnet range in identity subnet
commit f5a43f2d44803e80db8a043d31e5c9f72fc51675
Author: Barry Willis <bawillis@microsoft.com>
Date: Wed Dec 21 07:33:03 2022 -0800
Param file for Identity LZ
commit 13d084b0fe74f39ca1423b2eb9f333a2b760b1f2
Author: Barry Willis <bawillis@microsoft.com>
Date: Tue Dec 20 15:19:23 2022 +0000
Deleted identity.parameteres.json
commit 5ba9a12fa8e8e02f60f3f2afea43681cc84d7446
Merge: 002b2be e395307
Author: Barry Willis <bawillis@microsoft.com>
Date: Tue Dec 20 07:18:40 2022 -0800
Merge branch 'IdentityLZ' of https://dev.azure.com/Tredell/CanadaALZ/_git/CanadaALZ into IdentityLZ
commit 002b2be1bb5b555a334f35cbb505e7a68f321649
Author: Barry Willis <bawillis@microsoft.com>
Date: Tue Dec 20 07:18:32 2022 -0800
id-lz - created param section for id lz
commit e395307b1c12786cc28cf3d4b00586dde69739d5
Author: Barry Willis <bawillis@microsoft.com>
Date: Tue Dec 20 07:13:54 2022 -0800
id-lz - created param section for id lz
commit 7f4a43eb4fdc7f6f37ebab8e661981cccbee9f50
Author: Barry Willis <bawillis@microsoft.com>
Date: Mon Dec 19 14:54:57 2022 -0800
disabled privatelink infrastructure to be deployed in hub lz
commit db85049ac94b5c394d586b6960343bc1286997f1
Author: Barry Willis <bawillis@microsoft.com>
Date: Mon Dec 19 14:46:36 2022 -0800
Configured hub networking parameter files
commit 8d772e868803d1b712013f7db21044d48ab730d2
Author: Barry Willis <bawillis@microsoft.com>
Date: Mon Dec 19 14:07:43 2022 -0800
removed comment from json - not supported
commit 89cde8d92704f1a41a123af46da6dd90568d99cb
Author: Barry Willis <bawillis@microsoft.com>
Date: Mon Dec 19 12:56:47 2022 -0800
Configuring Policies for deployment to Test enviornment
commit ba781ee844a4abd403071e072645988b63ada494
Author: Barry Willis <bawillis@microsoft.com>
Date: Mon Dec 19 12:40:53 2022 -0800
added a default security Group
commit 1269da21e08fdf4c29a53b38a4d18722c64461e0
Author: Barry Willis <bawillis@microsoft.com>
Date: Mon Dec 19 12:26:14 2022 -0800
setting up logging for my test environment
commit 4d6a41f4133380223f5895dba270cbce4ae5a39b
Author: Barry Willis <bawillis@microsoft.com>
Date: Mon Dec 19 12:13:08 2022 -0800
testing the path to the logging configuraiton file
commit 75d0b99caf6aed5f809c28566cad35569d78be58
Author: Barry Willis <bawillis@microsoft.com>
Date: Mon Dec 19 12:00:14 2022 -0800
added the full path to the logging parameters file
commit 32e8382bcb8deaaaab0c7bc1c2791483ef439971
Author: Barry Willis <bawillis@microsoft.com>
Date: Mon Dec 19 11:55:00 2022 -0800
path to logging parameters file was incorrect
commit 5757d36a486e7f3b707f00848d19cfe64de83358
Author: Barry Willis <bawillis@microsoft.com>
Date: Mon Dec 19 11:37:20 2022 -0800
Changed MG Root to match test enviornment
commit 1fdd02db1638420decf5ab021fb617b95920aada
Author: Barry Willis <bawillis@microsoft.com>
Date: Mon Dec 19 11:09:46 2022 -0800
Adding config file for IdentityLZ branch
* PowerShell Deployment Files created
* GitHub Action Pipelines modified to add the Identity Archetype
* made the Identity GitHub Action optional
* put the boolean option in single quotes
* fixed a few bugs (BCP321 & references to the wrong tenant)
* changed the sub id for the logging subscription
* Removed the hardcoded reference to the LAW in the identity param file
* updated the param file with the LAW ID
* disabled private dns zone deployment in the identity sub
* removed the config files from my custom branch
* uncommented the validation in the Identity ADO Pipeline
* removed commented trigger code from ADO Identity Pipeline
* renenabled the dployment of the DNSPrivateEndPoints policyset
* removed the provider registration for containerservices in the deploy-identity-pipeline yaml
* added an explanation comment to the dnsforwardingruleset file
* Added telemetry tracking for the identity subscription
* fixed cut and paste errors
* Updated test cases & documentation
* added the consistency check & pull request checks for github actions
* fixed spelling error
* Fixed BCP321 Linter warning in networking files
* Fixed Role Definition Id References to use the ResourceId function
* changed the pOlicyScopedId var to be set by using the MGResourceID Function
* fixed BCP321 warning
* fixed the remaining linter warnings
* fixed the remaining linter errors in the policy definitions
* updated the linter rules
* Fixed Bug on policy defnition
* Fixed the AKS policy deployment
* Commit 95556ddd: changed the extensionResourceId function to tenantResourceId for all built-in polify definitions
* fixed linter warnings in policy files
* changed the invalid dummy service alert phone number to a valid phone number
* changed the servcie health number prefix to 604
* updated AKS version in the Data Archetypes
* Changed hte AKS version to only have the Major.Minor
* Added the patch version to the AKS versions in the Data Archetypes
* Add instructions for backfilling management group hierarchy
* Update section titles, links and reference backfill instruction as part of MG setup
* Instructions for installing AzCLI and jq
* Clearfy that Tenant Root Group could have been renamed in the organization
* Windows Shell example
* Update instructions to delete pipeline variables that will be automatically created when MG heirarchy is used
* Note on YAML indentation
* Instructions for setting up service connection in ADO
* Add instructions to selectively grant access to pipelines
* Update docs/onboarding/ado.md
Co-authored-by: hudua <40040433+hudua@users.noreply.github.com>
Co-authored-by: hudua <40040433+hudua@users.noreply.github.com>
* Add instructions to integrate Azure DevOps audit stream with Log Analytics Workspace
* Add toc
* Fix toc links
* Instructions for setting up SPN and RBAC via CLI
* Update Service Connection and Logging LZ instructions
* Fix formatting
* Update docs/onboarding/ado.md
Co-authored-by: Steve Keeler <skeeler@users.noreply.github.com>
* Update docs/onboarding/ado.md
Co-authored-by: Steve Keeler <skeeler@users.noreply.github.com>
* Update docs/onboarding/ado.md
Co-authored-by: Steve Keeler <skeeler@users.noreply.github.com>
* Update docs/onboarding/ado.md
Co-authored-by: Steve Keeler <skeeler@users.noreply.github.com>
* Update docs/onboarding/ado.md
Co-authored-by: Steve Keeler <skeeler@users.noreply.github.com>
* Update docs/onboarding/ado.md
Co-authored-by: Steve Keeler <skeeler@users.noreply.github.com>
* Update docs/onboarding/ado.md
Co-authored-by: Steve Keeler <skeeler@users.noreply.github.com>
* Update docs/onboarding/ado.md
Co-authored-by: Steve Keeler <skeeler@users.noreply.github.com>
* Update ado.md
* Restored full Hub Networking sample configuration
* Add JSON schema validation to PR check
* Rename action name
* add manual trigger
* Set subscription configuration file path
* update job name
* Move config paths to job env
* fix env variable references
* fix env vars
* fix env vars
* fix env vars
* fix env vars
* Parameterize log analytics workspace retention days
* Infer log analytics retention days from config for policy assignments
* Test case set log retention to 270 days
* Set log retention to 730 days
* Add log retention parameter to onboarding doc
* Update archetype diagram
* Remove default log retention period
* Fix typo
* Set Log Analytics workspace retention in days for deployment tests
* Support Azure Bastion with Standard SKU
* Don't set scale unit when SKU is Basic
* Don't set scale unit when SKU is Basic
* Test: Set Bastion to Standard with 2 units
* Update onboarding doc
* Set Bastion scale unit to 1
* Update logging section title
* Update management group title
* Set minimum value for scale unit to 2 as its the supported minimum for standard sku
Co-authored-by: Steve Keeler <skeeler@users.noreply.github.com>
Steve Keeler
Barrington Willis
Luke Murray
Senthuran Sivananthan
Ifyagolu
Preston K. Parsard
Senthuran Sivananthan
nataliakon
Matt