Azure
/
terraform-azurerm-caf-enterprise-scale
зеркало из https://github.com/Azure/terraform-azurerm-caf-enterprise-scale.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
terraform-azurerm-caf-enter.../resources.policy_assignment...

115 строки
6.5 KiB
Terraform
Исходник Постоянная ссылка Обычный вид История

Add connectivity and identity capabilities, plus fixes (#142) * Add Policy Assignment for Deny-Public-IP * Update archetype definition for identity * Update description on management module variable * Add identity child module * Update order of values * Integrate identity module * Add root_id to identity module Fix missing integration for parameters Fix missing integration for enforcement_mode * Add dependency to fix #109 * Update comments for solutions depends_on block * Add super-linter outputs to gitignore * Update to latest version of github/super-linter * Add initial connectivity-hub-spoke logic * Improve coverage for custom settings * Fix resource type for virtualNetworkGateways * Update for future Virtual WAN support * Add initial connectivity support to module * Add Azure Firewall to connectivity resources * Update Azure logo * Add diagrams for connectivity and identity * Add workflow dispatch to Wiki Sync * Add connectivity and identity info * Initial connectivity and identity content for wiki * Fix linting errors * Enable running Wiki Sync in forks * Update env values * Update module descriptions * Remove logo from readme * Update module version references and root IDs * Refine wiki examples * Update default resource count * Update default values and formatting * Rename management and connectivity resources * Add connectivity resources to outputs * Linting fix for outputs * Add multi-provider support to module * Add multi-provider support to test framework * Update OPA test baseline * Fix linting error * Update provider aliases * Remove configuration_aliases * Update provider config * Update terraform.tf * Remove provider declarations * Update test matrix strategy * Initial wiki update for release v0.4.0 * Fix link for upgrade guide * Initial readme update for release v0.4.0 * Update resource changes * Update provider configuration details in wiki * Update provider configuration details in readme * Add DNS resources to connectivity * adding variables page * Add outbound virtual network peering from hubs * Rename enable_ddos_protection_standard flag * Update variables doc in Wiki * Resolve linting errors * Seperate role assignments by type for #90 This update will create separation between Role Assignments created for Policy vs. user-defined. * Simplify regex pattern * Update policy assignment resource to latest type * Use default location when no private_link_locations * Add dependency for virtual network links * Add new resources to outputs * Update test framework for new connectivity resources * Improve logic to generate outputs * Further improve logic to generate outputs * Remove old comments * Improve custom settings consistency * Add single platform subscription support * Update description in comments * Add new policy source to library tools * Add utility to update ProviderApiVersions.zip * Add WhatIf support * Fix incorrect scope on DNS links * Add logic to handle standard resources for policy imports * Major policy refresh from ES * Update Deploy-Log-Analytics Policy Assignment * Add Corp, Online and SAP landing zones * Fix sku error on Deploy-Log-Analytics policy * Update Policy Assignment Deploy-ASC-Defender Rename to Deploy-ASC-Configuration * removed duplicate "management" key in custom name for management resource group (#140) Co-authored-by: wuest01 <jonas.wueste@bertelsmann.de> * Update Policy Assignments and Archetypes * Fix incorrect casing on pricingTierVMs parameter * Add archetype_config_overrides for connectivity * Add connectivity and identity to parameters and enforcement_mode * Add base tags and update corresponding wiki pages * Add language to fenced code blocks * Add disable_base_module_tags * Fix incorrect whitespace character * Update planned_values.json to reflect latest tests * Update variables documentation * Updating mgmt pages, sidebar, and upgrade to 0.4.0 links (#137) Add management documentation to wiki * Update examples * Fix linting errors * Update to fix #104 * Add latest release information Co-authored-by: sblair01 <cerruleancity@gmail.com> Co-authored-by: jwueste <37145409+jwueste@users.noreply.github.com> Co-authored-by: wuest01 <jonas.wueste@bertelsmann.de>
2021-08-06 18:36:38 +03:00
resource "azurerm_management_group_policy_assignment" "enterprise_scale" {
for_each = local.azurerm_management_group_policy_assignment_enterprise_scale
Initial module upload to repository
2020-09-25 22:39:19 +03:00
# Mandatory resource attributes
# The policy assignment name length must not exceed '24' characters, but Terraform plan is unable to validate this in the plan stage. The following logic forces an error during plan if an invalid name length is specified.
name = tonumber(length(each.value.template.name) > 24 ? "The policy assignment name '${each.value.template.name}' is invalid. The policy assignment name length must not exceed '24' characters." : length(each.value.template.name)) > 24 ? null : each.value.template.name
Add connectivity and identity capabilities, plus fixes (#142) * Add Policy Assignment for Deny-Public-IP * Update archetype definition for identity * Update description on management module variable * Add identity child module * Update order of values * Integrate identity module * Add root_id to identity module Fix missing integration for parameters Fix missing integration for enforcement_mode * Add dependency to fix #109 * Update comments for solutions depends_on block * Add super-linter outputs to gitignore * Update to latest version of github/super-linter * Add initial connectivity-hub-spoke logic * Improve coverage for custom settings * Fix resource type for virtualNetworkGateways * Update for future Virtual WAN support * Add initial connectivity support to module * Add Azure Firewall to connectivity resources * Update Azure logo * Add diagrams for connectivity and identity * Add workflow dispatch to Wiki Sync * Add connectivity and identity info * Initial connectivity and identity content for wiki * Fix linting errors * Enable running Wiki Sync in forks * Update env values * Update module descriptions * Remove logo from readme * Update module version references and root IDs * Refine wiki examples * Update default resource count * Update default values and formatting * Rename management and connectivity resources * Add connectivity resources to outputs * Linting fix for outputs * Add multi-provider support to module * Add multi-provider support to test framework * Update OPA test baseline * Fix linting error * Update provider aliases * Remove configuration_aliases * Update provider config * Update terraform.tf * Remove provider declarations * Update test matrix strategy * Initial wiki update for release v0.4.0 * Fix link for upgrade guide * Initial readme update for release v0.4.0 * Update resource changes * Update provider configuration details in wiki * Update provider configuration details in readme * Add DNS resources to connectivity * adding variables page * Add outbound virtual network peering from hubs * Rename enable_ddos_protection_standard flag * Update variables doc in Wiki * Resolve linting errors * Seperate role assignments by type for #90 This update will create separation between Role Assignments created for Policy vs. user-defined. * Simplify regex pattern * Update policy assignment resource to latest type * Use default location when no private_link_locations * Add dependency for virtual network links * Add new resources to outputs * Update test framework for new connectivity resources * Improve logic to generate outputs * Further improve logic to generate outputs * Remove old comments * Improve custom settings consistency * Add single platform subscription support * Update description in comments * Add new policy source to library tools * Add utility to update ProviderApiVersions.zip * Add WhatIf support * Fix incorrect scope on DNS links * Add logic to handle standard resources for policy imports * Major policy refresh from ES * Update Deploy-Log-Analytics Policy Assignment * Add Corp, Online and SAP landing zones * Fix sku error on Deploy-Log-Analytics policy * Update Policy Assignment Deploy-ASC-Defender Rename to Deploy-ASC-Configuration * removed duplicate "management" key in custom name for management resource group (#140) Co-authored-by: wuest01 <jonas.wueste@bertelsmann.de> * Update Policy Assignments and Archetypes * Fix incorrect casing on pricingTierVMs parameter * Add archetype_config_overrides for connectivity * Add connectivity and identity to parameters and enforcement_mode * Add base tags and update corresponding wiki pages * Add language to fenced code blocks * Add disable_base_module_tags * Fix incorrect whitespace character * Update planned_values.json to reflect latest tests * Update variables documentation * Updating mgmt pages, sidebar, and upgrade to 0.4.0 links (#137) Add management documentation to wiki * Update examples * Fix linting errors * Update to fix #104 * Add latest release information Co-authored-by: sblair01 <cerruleancity@gmail.com> Co-authored-by: jwueste <37145409+jwueste@users.noreply.github.com> Co-authored-by: wuest01 <jonas.wueste@bertelsmann.de>
2021-08-06 18:36:38 +03:00
management_group_id = each.value.scope_id
Initial module upload to repository
2020-09-25 22:39:19 +03:00
policy_definition_id = each.value.template.properties.policyDefinitionId
# Optional resource attributes
Add connectivity and identity capabilities, plus fixes (#142) * Add Policy Assignment for Deny-Public-IP * Update archetype definition for identity * Update description on management module variable * Add identity child module * Update order of values * Integrate identity module * Add root_id to identity module Fix missing integration for parameters Fix missing integration for enforcement_mode * Add dependency to fix #109 * Update comments for solutions depends_on block * Add super-linter outputs to gitignore * Update to latest version of github/super-linter * Add initial connectivity-hub-spoke logic * Improve coverage for custom settings * Fix resource type for virtualNetworkGateways * Update for future Virtual WAN support * Add initial connectivity support to module * Add Azure Firewall to connectivity resources * Update Azure logo * Add diagrams for connectivity and identity * Add workflow dispatch to Wiki Sync * Add connectivity and identity info * Initial connectivity and identity content for wiki * Fix linting errors * Enable running Wiki Sync in forks * Update env values * Update module descriptions * Remove logo from readme * Update module version references and root IDs * Refine wiki examples * Update default resource count * Update default values and formatting * Rename management and connectivity resources * Add connectivity resources to outputs * Linting fix for outputs * Add multi-provider support to module * Add multi-provider support to test framework * Update OPA test baseline * Fix linting error * Update provider aliases * Remove configuration_aliases * Update provider config * Update terraform.tf * Remove provider declarations * Update test matrix strategy * Initial wiki update for release v0.4.0 * Fix link for upgrade guide * Initial readme update for release v0.4.0 * Update resource changes * Update provider configuration details in wiki * Update provider configuration details in readme * Add DNS resources to connectivity * adding variables page * Add outbound virtual network peering from hubs * Rename enable_ddos_protection_standard flag * Update variables doc in Wiki * Resolve linting errors * Seperate role assignments by type for #90 This update will create separation between Role Assignments created for Policy vs. user-defined. * Simplify regex pattern * Update policy assignment resource to latest type * Use default location when no private_link_locations * Add dependency for virtual network links * Add new resources to outputs * Update test framework for new connectivity resources * Improve logic to generate outputs * Further improve logic to generate outputs * Remove old comments * Improve custom settings consistency * Add single platform subscription support * Update description in comments * Add new policy source to library tools * Add utility to update ProviderApiVersions.zip * Add WhatIf support * Fix incorrect scope on DNS links * Add logic to handle standard resources for policy imports * Major policy refresh from ES * Update Deploy-Log-Analytics Policy Assignment * Add Corp, Online and SAP landing zones * Fix sku error on Deploy-Log-Analytics policy * Update Policy Assignment Deploy-ASC-Defender Rename to Deploy-ASC-Configuration * removed duplicate "management" key in custom name for management resource group (#140) Co-authored-by: wuest01 <jonas.wueste@bertelsmann.de> * Update Policy Assignments and Archetypes * Fix incorrect casing on pricingTierVMs parameter * Add archetype_config_overrides for connectivity * Add connectivity and identity to parameters and enforcement_mode * Add base tags and update corresponding wiki pages * Add language to fenced code blocks * Add disable_base_module_tags * Fix incorrect whitespace character * Update planned_values.json to reflect latest tests * Update variables documentation * Updating mgmt pages, sidebar, and upgrade to 0.4.0 links (#137) Add management documentation to wiki * Update examples * Fix linting errors * Update to fix #104 * Add latest release information Co-authored-by: sblair01 <cerruleancity@gmail.com> Co-authored-by: jwueste <37145409+jwueste@users.noreply.github.com> Co-authored-by: wuest01 <jonas.wueste@bertelsmann.de>
2021-08-06 18:36:38 +03:00
location = try(each.value.template.location, null)
description = try(each.value.template.properties.description, "${each.value.template.name} Policy Assignment at scope ${each.value.scope_id}")
display_name = try(each.value.template.properties.displayName, each.value.template.name)
metadata = try(length(each.value.template.properties.metadata) > 0, false) ? jsonencode(each.value.template.properties.metadata) : null
parameters = try(length(each.value.parameters) > 0, false) ? jsonencode(each.value.parameters) : null
not_scopes = try(each.value.template.properties.notScopes, local.empty_list)
enforce = each.value.enforcement_mode
Policy Refresh April 2023 (#691) Co-authored-by: github-actions <action@github.com> Co-authored-by: Matt White <16320656+matt-FFFFFF@users.noreply.github.com>
2023-05-03 17:06:28 +03:00
# Dynamic configuration blocks for overrides
# More details can be found here: https://learn.microsoft.com/en-gb/azure/governance/policy/concepts/assignment-structure#overrides-preview
dynamic "overrides" {
for_each = try({ for i, override in each.value.template.properties.overrides : i => override }, local.empty_map)
content {
value = overrides.value.value
dynamic "selectors" {
for_each = try({ for i, selector in overrides.value.selectors : i => selector }, local.empty_map)
content {
Update dynamic overrides section for in and not_in (#840) Co-authored-by: Matt White <16320656+matt-FFFFFF@users.noreply.github.com>
2023-10-17 16:51:31 +03:00
in = try(selectors.value.in, local.empty_list)
not_in = try(selectors.value.not_in, local.empty_list)
Policy Refresh April 2023 (#691) Co-authored-by: github-actions <action@github.com> Co-authored-by: Matt White <16320656+matt-FFFFFF@users.noreply.github.com>
2023-05-03 17:06:28 +03:00
}
}
}
}
Add connectivity and identity capabilities, plus fixes (#142) * Add Policy Assignment for Deny-Public-IP * Update archetype definition for identity * Update description on management module variable * Add identity child module * Update order of values * Integrate identity module * Add root_id to identity module Fix missing integration for parameters Fix missing integration for enforcement_mode * Add dependency to fix #109 * Update comments for solutions depends_on block * Add super-linter outputs to gitignore * Update to latest version of github/super-linter * Add initial connectivity-hub-spoke logic * Improve coverage for custom settings * Fix resource type for virtualNetworkGateways * Update for future Virtual WAN support * Add initial connectivity support to module * Add Azure Firewall to connectivity resources * Update Azure logo * Add diagrams for connectivity and identity * Add workflow dispatch to Wiki Sync * Add connectivity and identity info * Initial connectivity and identity content for wiki * Fix linting errors * Enable running Wiki Sync in forks * Update env values * Update module descriptions * Remove logo from readme * Update module version references and root IDs * Refine wiki examples * Update default resource count * Update default values and formatting * Rename management and connectivity resources * Add connectivity resources to outputs * Linting fix for outputs * Add multi-provider support to module * Add multi-provider support to test framework * Update OPA test baseline * Fix linting error * Update provider aliases * Remove configuration_aliases * Update provider config * Update terraform.tf * Remove provider declarations * Update test matrix strategy * Initial wiki update for release v0.4.0 * Fix link for upgrade guide * Initial readme update for release v0.4.0 * Update resource changes * Update provider configuration details in wiki * Update provider configuration details in readme * Add DNS resources to connectivity * adding variables page * Add outbound virtual network peering from hubs * Rename enable_ddos_protection_standard flag * Update variables doc in Wiki * Resolve linting errors * Seperate role assignments by type for #90 This update will create separation between Role Assignments created for Policy vs. user-defined. * Simplify regex pattern * Update policy assignment resource to latest type * Use default location when no private_link_locations * Add dependency for virtual network links * Add new resources to outputs * Update test framework for new connectivity resources * Improve logic to generate outputs * Further improve logic to generate outputs * Remove old comments * Improve custom settings consistency * Add single platform subscription support * Update description in comments * Add new policy source to library tools * Add utility to update ProviderApiVersions.zip * Add WhatIf support * Fix incorrect scope on DNS links * Add logic to handle standard resources for policy imports * Major policy refresh from ES * Update Deploy-Log-Analytics Policy Assignment * Add Corp, Online and SAP landing zones * Fix sku error on Deploy-Log-Analytics policy * Update Policy Assignment Deploy-ASC-Defender Rename to Deploy-ASC-Configuration * removed duplicate "management" key in custom name for management resource group (#140) Co-authored-by: wuest01 <jonas.wueste@bertelsmann.de> * Update Policy Assignments and Archetypes * Fix incorrect casing on pricingTierVMs parameter * Add archetype_config_overrides for connectivity * Add connectivity and identity to parameters and enforcement_mode * Add base tags and update corresponding wiki pages * Add language to fenced code blocks * Add disable_base_module_tags * Fix incorrect whitespace character * Update planned_values.json to reflect latest tests * Update variables documentation * Updating mgmt pages, sidebar, and upgrade to 0.4.0 links (#137) Add management documentation to wiki * Update examples * Fix linting errors * Update to fix #104 * Add latest release information Co-authored-by: sblair01 <cerruleancity@gmail.com> Co-authored-by: jwueste <37145409+jwueste@users.noreply.github.com> Co-authored-by: wuest01 <jonas.wueste@bertelsmann.de>
2021-08-06 18:36:38 +03:00
# Dynamic configuration blocks
# The identity block only supports a single value
# for type = "SystemAssigned" so the following logic
# ensures the block is only created when this value
# is specified in the source template
dynamic "identity" {
Add support for user managed identity for policy assignments (re-submission) (#867) Co-authored-by: Luke Taylor <77284962+luke-taylor@users.noreply.github.com> Co-authored-by: luke-taylor <lukejamestaylor98@outlook.com> Co-authored-by: github-actions <action@github.com>
2024-03-13 13:00:05 +03:00
for_each = (
try(each.value.template.identity, local.empty_map) == local.empty_map
? []
: [for ik, iv in tomap({ "type" = each.value.template.identity.type }) : each.value.template.identity if iv != "None"]
)
Add connectivity and identity capabilities, plus fixes (#142) * Add Policy Assignment for Deny-Public-IP * Update archetype definition for identity * Update description on management module variable * Add identity child module * Update order of values * Integrate identity module * Add root_id to identity module Fix missing integration for parameters Fix missing integration for enforcement_mode * Add dependency to fix #109 * Update comments for solutions depends_on block * Add super-linter outputs to gitignore * Update to latest version of github/super-linter * Add initial connectivity-hub-spoke logic * Improve coverage for custom settings * Fix resource type for virtualNetworkGateways * Update for future Virtual WAN support * Add initial connectivity support to module * Add Azure Firewall to connectivity resources * Update Azure logo * Add diagrams for connectivity and identity * Add workflow dispatch to Wiki Sync * Add connectivity and identity info * Initial connectivity and identity content for wiki * Fix linting errors * Enable running Wiki Sync in forks * Update env values * Update module descriptions * Remove logo from readme * Update module version references and root IDs * Refine wiki examples * Update default resource count * Update default values and formatting * Rename management and connectivity resources * Add connectivity resources to outputs * Linting fix for outputs * Add multi-provider support to module * Add multi-provider support to test framework * Update OPA test baseline * Fix linting error * Update provider aliases * Remove configuration_aliases * Update provider config * Update terraform.tf * Remove provider declarations * Update test matrix strategy * Initial wiki update for release v0.4.0 * Fix link for upgrade guide * Initial readme update for release v0.4.0 * Update resource changes * Update provider configuration details in wiki * Update provider configuration details in readme * Add DNS resources to connectivity * adding variables page * Add outbound virtual network peering from hubs * Rename enable_ddos_protection_standard flag * Update variables doc in Wiki * Resolve linting errors * Seperate role assignments by type for #90 This update will create separation between Role Assignments created for Policy vs. user-defined. * Simplify regex pattern * Update policy assignment resource to latest type * Use default location when no private_link_locations * Add dependency for virtual network links * Add new resources to outputs * Update test framework for new connectivity resources * Improve logic to generate outputs * Further improve logic to generate outputs * Remove old comments * Improve custom settings consistency * Add single platform subscription support * Update description in comments * Add new policy source to library tools * Add utility to update ProviderApiVersions.zip * Add WhatIf support * Fix incorrect scope on DNS links * Add logic to handle standard resources for policy imports * Major policy refresh from ES * Update Deploy-Log-Analytics Policy Assignment * Add Corp, Online and SAP landing zones * Fix sku error on Deploy-Log-Analytics policy * Update Policy Assignment Deploy-ASC-Defender Rename to Deploy-ASC-Configuration * removed duplicate "management" key in custom name for management resource group (#140) Co-authored-by: wuest01 <jonas.wueste@bertelsmann.de> * Update Policy Assignments and Archetypes * Fix incorrect casing on pricingTierVMs parameter * Add archetype_config_overrides for connectivity * Add connectivity and identity to parameters and enforcement_mode * Add base tags and update corresponding wiki pages * Add language to fenced code blocks * Add disable_base_module_tags * Fix incorrect whitespace character * Update planned_values.json to reflect latest tests * Update variables documentation * Updating mgmt pages, sidebar, and upgrade to 0.4.0 links (#137) Add management documentation to wiki * Update examples * Fix linting errors * Update to fix #104 * Add latest release information Co-authored-by: sblair01 <cerruleancity@gmail.com> Co-authored-by: jwueste <37145409+jwueste@users.noreply.github.com> Co-authored-by: wuest01 <jonas.wueste@bertelsmann.de>
2021-08-06 18:36:38 +03:00
content {
Add support for user managed identity for policy assignments (re-submission) (#867) Co-authored-by: Luke Taylor <77284962+luke-taylor@users.noreply.github.com> Co-authored-by: luke-taylor <lukejamestaylor98@outlook.com> Co-authored-by: github-actions <action@github.com>
2024-03-13 13:00:05 +03:00
type = identity.value.type
identity_ids = can(identity.value.userAssignedIdentities) ? toset(keys(identity.value.userAssignedIdentities)) : null
Add connectivity and identity capabilities, plus fixes (#142) * Add Policy Assignment for Deny-Public-IP * Update archetype definition for identity * Update description on management module variable * Add identity child module * Update order of values * Integrate identity module * Add root_id to identity module Fix missing integration for parameters Fix missing integration for enforcement_mode * Add dependency to fix #109 * Update comments for solutions depends_on block * Add super-linter outputs to gitignore * Update to latest version of github/super-linter * Add initial connectivity-hub-spoke logic * Improve coverage for custom settings * Fix resource type for virtualNetworkGateways * Update for future Virtual WAN support * Add initial connectivity support to module * Add Azure Firewall to connectivity resources * Update Azure logo * Add diagrams for connectivity and identity * Add workflow dispatch to Wiki Sync * Add connectivity and identity info * Initial connectivity and identity content for wiki * Fix linting errors * Enable running Wiki Sync in forks * Update env values * Update module descriptions * Remove logo from readme * Update module version references and root IDs * Refine wiki examples * Update default resource count * Update default values and formatting * Rename management and connectivity resources * Add connectivity resources to outputs * Linting fix for outputs * Add multi-provider support to module * Add multi-provider support to test framework * Update OPA test baseline * Fix linting error * Update provider aliases * Remove configuration_aliases * Update provider config * Update terraform.tf * Remove provider declarations * Update test matrix strategy * Initial wiki update for release v0.4.0 * Fix link for upgrade guide * Initial readme update for release v0.4.0 * Update resource changes * Update provider configuration details in wiki * Update provider configuration details in readme * Add DNS resources to connectivity * adding variables page * Add outbound virtual network peering from hubs * Rename enable_ddos_protection_standard flag * Update variables doc in Wiki * Resolve linting errors * Seperate role assignments by type for #90 This update will create separation between Role Assignments created for Policy vs. user-defined. * Simplify regex pattern * Update policy assignment resource to latest type * Use default location when no private_link_locations * Add dependency for virtual network links * Add new resources to outputs * Update test framework for new connectivity resources * Improve logic to generate outputs * Further improve logic to generate outputs * Remove old comments * Improve custom settings consistency * Add single platform subscription support * Update description in comments * Add new policy source to library tools * Add utility to update ProviderApiVersions.zip * Add WhatIf support * Fix incorrect scope on DNS links * Add logic to handle standard resources for policy imports * Major policy refresh from ES * Update Deploy-Log-Analytics Policy Assignment * Add Corp, Online and SAP landing zones * Fix sku error on Deploy-Log-Analytics policy * Update Policy Assignment Deploy-ASC-Defender Rename to Deploy-ASC-Configuration * removed duplicate "management" key in custom name for management resource group (#140) Co-authored-by: wuest01 <jonas.wueste@bertelsmann.de> * Update Policy Assignments and Archetypes * Fix incorrect casing on pricingTierVMs parameter * Add archetype_config_overrides for connectivity * Add connectivity and identity to parameters and enforcement_mode * Add base tags and update corresponding wiki pages * Add language to fenced code blocks * Add disable_base_module_tags * Fix incorrect whitespace character * Update planned_values.json to reflect latest tests * Update variables documentation * Updating mgmt pages, sidebar, and upgrade to 0.4.0 links (#137) Add management documentation to wiki * Update examples * Fix linting errors * Update to fix #104 * Add latest release information Co-authored-by: sblair01 <cerruleancity@gmail.com> Co-authored-by: jwueste <37145409+jwueste@users.noreply.github.com> Co-authored-by: wuest01 <jonas.wueste@bertelsmann.de>
2021-08-06 18:36:38 +03:00
}
Initial module upload to repository
2020-09-25 22:39:19 +03:00
}
Feature Request - Update Policy Assignment Code to use parameters fro… (#725) Co-authored-by: Matt White <16320656+matt-FFFFFF@users.noreply.github.com>
2023-06-29 01:01:08 +03:00
# Optional Resource selectors block
# Only one of "in" or "not_in" should be used
# Each kind can be used only once
dynamic "resource_selectors" {
for_each = try({ for i, resourceSelector in each.value.template.properties.resourceSelectors : i => resourceSelector }, local.empty_map)
content {
name = resource_selectors.value.name
dynamic "selectors" {
for_each = try({ for i, selector in resource_selectors.value.selectors : i => selector }, local.empty_map)
content {
in = try(selectors.value.in, local.empty_list)
kind = selectors.value.kind
not_in = try(selectors.value.not_in, local.empty_list)
}
}
}
}
Add non compliance message support for policy assignments (#601) * Update policy assignment to include optional non Compliance Message * Update to make the message dynamic based on enforcement mode * Update documentation * Make usage of a full default optional * Update release notes * Update to include proposed azurerm changes, but fall back to hack. * Update tests * Add updates to baseline_values.json --------- Co-authored-by: github-actions <action@github.com>
2023-02-15 10:43:36 +03:00
# Optional Non-compliance messages
feat!: ama (#968)
2024-06-17 15:01:21 +03:00
# The message will have the placeholder replaced with 'must' or 'should' by default dependent on the enforcement mode
Add non compliance message support for policy assignments (#601) * Update policy assignment to include optional non Compliance Message * Update to make the message dynamic based on enforcement mode * Update documentation * Make usage of a full default optional * Update release notes * Update to include proposed azurerm changes, but fall back to hack. * Update tests * Add updates to baseline_values.json --------- Co-authored-by: github-actions <action@github.com>
2023-02-15 10:43:36 +03:00
# The language can the altered or localised using the variables
dynamic "non_compliance_message" {
feat!: ama (#968)
2024-06-17 15:01:21 +03:00
for_each = local.policy_non_compliance_message_enabled ? (contains( # if noncompliance msgs enabled...
local.non_compliance_message_supported_policy_modes, # if non_compliance_message_supported_policy_modes contains
lookup(local.all_policy_modes, # ...the policy definition mode
each.value.template.properties.policyDefinitionId, #
local.policy_set_mode) # default use policy set mode
) ? lookup( # then... if the mode is supported then
each.value.template.properties, "nonComplianceMessages", local.default_non_compliance_message_list # lookup any custom non-compliance message if not use default
) : local.empty_list) : local.empty_list # if mode not supported then empty list, or is not enabled then empty list
Add non compliance message support for policy assignments (#601) * Update policy assignment to include optional non Compliance Message * Update to make the message dynamic based on enforcement mode * Update documentation * Make usage of a full default optional * Update release notes * Update to include proposed azurerm changes, but fall back to hack. * Update tests * Add updates to baseline_values.json --------- Co-authored-by: github-actions <action@github.com>
2023-02-15 10:43:36 +03:00
content {
Add ability to disable non-compliance messages and standardise variable naming (#621) * Add enabled var and standardise names * Fix typos * Refactor vars to use locals.tf
2023-02-21 19:30:02 +03:00
content = replace(lookup(non_compliance_message.value, "message", local.policy_non_compliance_message_default), local.non_compliance_message_enforcement_mode_placeholder, each.value.enforcement_mode ? local.non_compliance_message_enforcement_mode_replacements.default : local.non_compliance_message_enforcement_mode_replacements.donotenforce)
Add non compliance message support for policy assignments (#601) * Update policy assignment to include optional non Compliance Message * Update to make the message dynamic based on enforcement mode * Update documentation * Make usage of a full default optional * Update release notes * Update to include proposed azurerm changes, but fall back to hack. * Update tests * Add updates to baseline_values.json --------- Co-authored-by: github-actions <action@github.com>
2023-02-15 10:43:36 +03:00
policy_definition_reference_id = lookup(non_compliance_message.value, "policyDefinitionReferenceId", null)
}
}
feat!: ama (#968)
2024-06-17 15:01:21 +03:00
# Set explicit dependency on Management Group, Policy Definition and Policy Set Definition deployments.
# Additionally ensure the Policy Assignment is created after and destroyed before the User Assigned Identity
# this is to ensure that the deny delete policy is deleted before the identity is removed.
Initial module upload to repository
2020-09-25 22:39:19 +03:00
depends_on = [
feat!: ama (#968)
2024-06-17 15:01:21 +03:00
azurerm_user_assigned_identity.management,
Library template update automation, and bug fixes (#44) - Update Unit and E2E test pipelines to use YML templates and dynamic matrix generation. - Add custom PS module for `Enterprise Scale Library Tools` to handle automated library template updates. - Add script and GitHub Action to enable automated library template updates from [Azure/Enterprise-Scale](https://github.com/Azure/Enterprise-Scale) repository using a CI pipeline. - Add offline ProviderApiVersions cache in `Enterprise Scale Library Tools` to negate the need for Azure credentials. - Update Library Templates (automated) using new CI process. - Manual remediations to updated library templates to ensure full compatibility with Terraform (needs to be fixed at source to prevent regression). - Update Policy Assignments and archetypes to provide parity with [WingTip reference Enterprise-Scale foundations](https://github.com/Azure/Enterprise-Scale/blob/main/docs/reference/wingtip/README.md). - Update Resource definitions in base module to use `name` field instead of `properties.displayName` to allow setting a more "human-friendly" displayName on policies and roles. - Fix bug where duplicate roles are created at the same scope for policy assignments with managed identity. - Add customizable delay between deployment of different resource types to reduce deployment errors due to caching and replication in the Azure API (Improvement to help Fix #37). - Update `root_parent_id` validation regex to include support for additional supported characters (Fix #43).
2021-03-06 22:29:26 +03:00
time_sleep.after_azurerm_management_group,
time_sleep.after_azurerm_policy_definition,
time_sleep.after_azurerm_policy_set_definition,
Initial module upload to repository
2020-09-25 22:39:19 +03:00
]
}
Library template update automation, and bug fixes (#44) - Update Unit and E2E test pipelines to use YML templates and dynamic matrix generation. - Add custom PS module for `Enterprise Scale Library Tools` to handle automated library template updates. - Add script and GitHub Action to enable automated library template updates from [Azure/Enterprise-Scale](https://github.com/Azure/Enterprise-Scale) repository using a CI pipeline. - Add offline ProviderApiVersions cache in `Enterprise Scale Library Tools` to negate the need for Azure credentials. - Update Library Templates (automated) using new CI process. - Manual remediations to updated library templates to ensure full compatibility with Terraform (needs to be fixed at source to prevent regression). - Update Policy Assignments and archetypes to provide parity with [WingTip reference Enterprise-Scale foundations](https://github.com/Azure/Enterprise-Scale/blob/main/docs/reference/wingtip/README.md). - Update Resource definitions in base module to use `name` field instead of `properties.displayName` to allow setting a more "human-friendly" displayName on policies and roles. - Fix bug where duplicate roles are created at the same scope for policy assignments with managed identity. - Add customizable delay between deployment of different resource types to reduce deployment errors due to caching and replication in the Azure API (Improvement to help Fix #37). - Update `root_parent_id` validation regex to include support for additional supported characters (Fix #43).
2021-03-06 22:29:26 +03:00
resource "time_sleep" "after_azurerm_policy_assignment" {
depends_on = [
time_sleep.after_azurerm_management_group,
time_sleep.after_azurerm_policy_definition,
time_sleep.after_azurerm_policy_set_definition,
Add connectivity and identity capabilities, plus fixes (#142) * Add Policy Assignment for Deny-Public-IP * Update archetype definition for identity * Update description on management module variable * Add identity child module * Update order of values * Integrate identity module * Add root_id to identity module Fix missing integration for parameters Fix missing integration for enforcement_mode * Add dependency to fix #109 * Update comments for solutions depends_on block * Add super-linter outputs to gitignore * Update to latest version of github/super-linter * Add initial connectivity-hub-spoke logic * Improve coverage for custom settings * Fix resource type for virtualNetworkGateways * Update for future Virtual WAN support * Add initial connectivity support to module * Add Azure Firewall to connectivity resources * Update Azure logo * Add diagrams for connectivity and identity * Add workflow dispatch to Wiki Sync * Add connectivity and identity info * Initial connectivity and identity content for wiki * Fix linting errors * Enable running Wiki Sync in forks * Update env values * Update module descriptions * Remove logo from readme * Update module version references and root IDs * Refine wiki examples * Update default resource count * Update default values and formatting * Rename management and connectivity resources * Add connectivity resources to outputs * Linting fix for outputs * Add multi-provider support to module * Add multi-provider support to test framework * Update OPA test baseline * Fix linting error * Update provider aliases * Remove configuration_aliases * Update provider config * Update terraform.tf * Remove provider declarations * Update test matrix strategy * Initial wiki update for release v0.4.0 * Fix link for upgrade guide * Initial readme update for release v0.4.0 * Update resource changes * Update provider configuration details in wiki * Update provider configuration details in readme * Add DNS resources to connectivity * adding variables page * Add outbound virtual network peering from hubs * Rename enable_ddos_protection_standard flag * Update variables doc in Wiki * Resolve linting errors * Seperate role assignments by type for #90 This update will create separation between Role Assignments created for Policy vs. user-defined. * Simplify regex pattern * Update policy assignment resource to latest type * Use default location when no private_link_locations * Add dependency for virtual network links * Add new resources to outputs * Update test framework for new connectivity resources * Improve logic to generate outputs * Further improve logic to generate outputs * Remove old comments * Improve custom settings consistency * Add single platform subscription support * Update description in comments * Add new policy source to library tools * Add utility to update ProviderApiVersions.zip * Add WhatIf support * Fix incorrect scope on DNS links * Add logic to handle standard resources for policy imports * Major policy refresh from ES * Update Deploy-Log-Analytics Policy Assignment * Add Corp, Online and SAP landing zones * Fix sku error on Deploy-Log-Analytics policy * Update Policy Assignment Deploy-ASC-Defender Rename to Deploy-ASC-Configuration * removed duplicate "management" key in custom name for management resource group (#140) Co-authored-by: wuest01 <jonas.wueste@bertelsmann.de> * Update Policy Assignments and Archetypes * Fix incorrect casing on pricingTierVMs parameter * Add archetype_config_overrides for connectivity * Add connectivity and identity to parameters and enforcement_mode * Add base tags and update corresponding wiki pages * Add language to fenced code blocks * Add disable_base_module_tags * Fix incorrect whitespace character * Update planned_values.json to reflect latest tests * Update variables documentation * Updating mgmt pages, sidebar, and upgrade to 0.4.0 links (#137) Add management documentation to wiki * Update examples * Fix linting errors * Update to fix #104 * Add latest release information Co-authored-by: sblair01 <cerruleancity@gmail.com> Co-authored-by: jwueste <37145409+jwueste@users.noreply.github.com> Co-authored-by: wuest01 <jonas.wueste@bertelsmann.de>
2021-08-06 18:36:38 +03:00
azurerm_management_group_policy_assignment.enterprise_scale,
Library template update automation, and bug fixes (#44) - Update Unit and E2E test pipelines to use YML templates and dynamic matrix generation. - Add custom PS module for `Enterprise Scale Library Tools` to handle automated library template updates. - Add script and GitHub Action to enable automated library template updates from [Azure/Enterprise-Scale](https://github.com/Azure/Enterprise-Scale) repository using a CI pipeline. - Add offline ProviderApiVersions cache in `Enterprise Scale Library Tools` to negate the need for Azure credentials. - Update Library Templates (automated) using new CI process. - Manual remediations to updated library templates to ensure full compatibility with Terraform (needs to be fixed at source to prevent regression). - Update Policy Assignments and archetypes to provide parity with [WingTip reference Enterprise-Scale foundations](https://github.com/Azure/Enterprise-Scale/blob/main/docs/reference/wingtip/README.md). - Update Resource definitions in base module to use `name` field instead of `properties.displayName` to allow setting a more "human-friendly" displayName on policies and roles. - Fix bug where duplicate roles are created at the same scope for policy assignments with managed identity. - Add customizable delay between deployment of different resource types to reduce deployment errors due to caching and replication in the Azure API (Improvement to help Fix #37). - Update `root_parent_id` validation regex to include support for additional supported characters (Fix #43).
2021-03-06 22:29:26 +03:00
]
triggers = {
Add connectivity and identity capabilities, plus fixes (#142) * Add Policy Assignment for Deny-Public-IP * Update archetype definition for identity * Update description on management module variable * Add identity child module * Update order of values * Integrate identity module * Add root_id to identity module Fix missing integration for parameters Fix missing integration for enforcement_mode * Add dependency to fix #109 * Update comments for solutions depends_on block * Add super-linter outputs to gitignore * Update to latest version of github/super-linter * Add initial connectivity-hub-spoke logic * Improve coverage for custom settings * Fix resource type for virtualNetworkGateways * Update for future Virtual WAN support * Add initial connectivity support to module * Add Azure Firewall to connectivity resources * Update Azure logo * Add diagrams for connectivity and identity * Add workflow dispatch to Wiki Sync * Add connectivity and identity info * Initial connectivity and identity content for wiki * Fix linting errors * Enable running Wiki Sync in forks * Update env values * Update module descriptions * Remove logo from readme * Update module version references and root IDs * Refine wiki examples * Update default resource count * Update default values and formatting * Rename management and connectivity resources * Add connectivity resources to outputs * Linting fix for outputs * Add multi-provider support to module * Add multi-provider support to test framework * Update OPA test baseline * Fix linting error * Update provider aliases * Remove configuration_aliases * Update provider config * Update terraform.tf * Remove provider declarations * Update test matrix strategy * Initial wiki update for release v0.4.0 * Fix link for upgrade guide * Initial readme update for release v0.4.0 * Update resource changes * Update provider configuration details in wiki * Update provider configuration details in readme * Add DNS resources to connectivity * adding variables page * Add outbound virtual network peering from hubs * Rename enable_ddos_protection_standard flag * Update variables doc in Wiki * Resolve linting errors * Seperate role assignments by type for #90 This update will create separation between Role Assignments created for Policy vs. user-defined. * Simplify regex pattern * Update policy assignment resource to latest type * Use default location when no private_link_locations * Add dependency for virtual network links * Add new resources to outputs * Update test framework for new connectivity resources * Improve logic to generate outputs * Further improve logic to generate outputs * Remove old comments * Improve custom settings consistency * Add single platform subscription support * Update description in comments * Add new policy source to library tools * Add utility to update ProviderApiVersions.zip * Add WhatIf support * Fix incorrect scope on DNS links * Add logic to handle standard resources for policy imports * Major policy refresh from ES * Update Deploy-Log-Analytics Policy Assignment * Add Corp, Online and SAP landing zones * Fix sku error on Deploy-Log-Analytics policy * Update Policy Assignment Deploy-ASC-Defender Rename to Deploy-ASC-Configuration * removed duplicate "management" key in custom name for management resource group (#140) Co-authored-by: wuest01 <jonas.wueste@bertelsmann.de> * Update Policy Assignments and Archetypes * Fix incorrect casing on pricingTierVMs parameter * Add archetype_config_overrides for connectivity * Add connectivity and identity to parameters and enforcement_mode * Add base tags and update corresponding wiki pages * Add language to fenced code blocks * Add disable_base_module_tags * Fix incorrect whitespace character * Update planned_values.json to reflect latest tests * Update variables documentation * Updating mgmt pages, sidebar, and upgrade to 0.4.0 links (#137) Add management documentation to wiki * Update examples * Fix linting errors * Update to fix #104 * Add latest release information Co-authored-by: sblair01 <cerruleancity@gmail.com> Co-authored-by: jwueste <37145409+jwueste@users.noreply.github.com> Co-authored-by: wuest01 <jonas.wueste@bertelsmann.de>
2021-08-06 18:36:38 +03:00
"azurerm_management_group_policy_assignment_enterprise_scale" = jsonencode(keys(azurerm_management_group_policy_assignment.enterprise_scale))
Library template update automation, and bug fixes (#44) - Update Unit and E2E test pipelines to use YML templates and dynamic matrix generation. - Add custom PS module for `Enterprise Scale Library Tools` to handle automated library template updates. - Add script and GitHub Action to enable automated library template updates from [Azure/Enterprise-Scale](https://github.com/Azure/Enterprise-Scale) repository using a CI pipeline. - Add offline ProviderApiVersions cache in `Enterprise Scale Library Tools` to negate the need for Azure credentials. - Update Library Templates (automated) using new CI process. - Manual remediations to updated library templates to ensure full compatibility with Terraform (needs to be fixed at source to prevent regression). - Update Policy Assignments and archetypes to provide parity with [WingTip reference Enterprise-Scale foundations](https://github.com/Azure/Enterprise-Scale/blob/main/docs/reference/wingtip/README.md). - Update Resource definitions in base module to use `name` field instead of `properties.displayName` to allow setting a more "human-friendly" displayName on policies and roles. - Fix bug where duplicate roles are created at the same scope for policy assignments with managed identity. - Add customizable delay between deployment of different resource types to reduce deployment errors due to caching and replication in the Azure API (Improvement to help Fix #37). - Update `root_parent_id` validation regex to include support for additional supported characters (Fix #43).
2021-03-06 22:29:26 +03:00
}
create_duration = local.create_duration_delay["after_azurerm_policy_assignment"]
destroy_duration = local.destroy_duration_delay["after_azurerm_policy_assignment"]
}