Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Policy (App Configuration Stores): App Configuration Stores should should have soft delete enabled of 7 days #450

Merged
merged 5 commits into from
Sep 18, 2024
Merged

New Policy (App Configuration Stores): App Configuration Stores should should have soft delete enabled of 7 days #450

merged 5 commits into from
Sep 18, 2024

Conversation

tdefise
Copy link
Contributor

@tdefise tdefise commented May 13, 2024
edited
Loading

Policy

  • Name: App Configuration Stores should should have soft delete enabled of 7 days
  • Description: This policy helps audit any App Configuration Stores that doesn't have a soft delete set to 7 days.
  • Supported effect(s): Audit, Deny, Disabled
  • Parameters: None

Description

This policy helps audit any App Configuration Stores that doesn't have a soft delete set to 7 days.

Details

Setting a soft delete period of 7 days for an App Configuration Store is often recommended for several reasons:

  • Recovery Period: Soft delete allows for a grace period during which deleted configurations can be recovered. Seven days is a commonly chosen duration because it provides a reasonable window for recovery without unnecessarily cluttering the configuration store with indefinitely retained data.
  • Accidental Deletion: Users might accidentally delete configurations. By having a soft delete period, you can mitigate the impact of such accidents by giving users time to realize their mistake and restore the deleted configurations.
  • Change Rollback: Sometimes, changes made to configurations can have unintended consequences. With a soft delete period, you can roll back to a previous configuration within the grace period if the new configuration causes issues.
  • Compliance and Auditing: In some cases, organizations are required to maintain data for a certain period for compliance or auditing purposes. Having a defined soft delete period helps in meeting these requirements without permanently storing unnecessary data.
  • Resource Management: Soft delete helps in managing resources efficiently by automatically purging deleted configurations after a specified period, thus preventing the configuration store from accumulating unnecessary data.
  • User Experience: It enhances the user experience by providing a safety net for configuration changes. Users feel more confident making changes knowing that they have a window to reverse them if necessary.
  • Consistency and Predictability: By standardizing the soft delete period across different environments and applications, you establish consistency and predictability in the data management practices within your organization.

Contribution Rules

  • Contain a single Policy in a folder by itself with 3 files: azurepolicy.json, azurepolicy.rules.json, and azurepolicy.parameters.json
  • Used Confirm-PolicyDefinitionIsValid.ps1
  • Used Out-FormattedPolicyDefinition.ps1
  • Effect default value aligns with convention

Thomas Defise and others added 5 commits May 13, 2024 12:58
Adding a new policy
2c81646
Adding new policy
06f8bcd
@tdefise
Delete policyDefinitions/App Service/app-service-apps-should-use-the-…
d23e7b5 
…latest-tls-version-for-scm-connections/azurepolicy.json
@tdefise
Delete policyDefinitions/App Service/app-service-apps-should-use-the-…
94397da 
…latest-tls-version-for-scm-connections/azurepolicy.parameters.json
@tdefise
Delete policyDefinitions/App Service/app-service-apps-should-use-the-…
5b53ccc 
…latest-tls-version-for-scm-connections/azurepolicy.rules.json
Joshua-Donovan
Joshua-Donovan requested changes May 15, 2024
View reviewed changes
...n/app-configuration-stores-should-should-have-soft-delete-enabled-of-7-days/azurepolicy.json
},
{
"field": "Microsoft.AppConfiguration/configurationStores/softDeleteRetentionInDays",
"notequals": 7
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we change this value of 7 to be a parameter so that it can be modular for any community members?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @Joshua-Donovan,

I will take care of that once I'm back from holiday

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @tdefise checking in on if you'd be able to make this change?

...configuration-stores-should-should-have-soft-delete-enabled-of-7-days/azurepolicy.rules.json
},
{
"field": "Microsoft.AppConfiguration/configurationStores/softDeleteRetentionInDays",
"notequals": 7
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as other comment, but just a reminder that it would need to be changed here as well.

@aschabus aschabus requested a review from DFRZ7 August 21, 2024 15:19
@aschabus aschabus merged commit eba5955 into Azure:main Sep 18, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Joshua-Donovan Joshua-Donovan Joshua-Donovan requested changes

@DFRZ7 DFRZ7 Awaiting requested review from DFRZ7

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tdefise @Joshua-Donovan @aschabus