forked from Azure/CanadaPubSecALZ
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update to 1.3.0 #33
Merged
Merged
Update to 1.3.0 #33
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Add diagnostic settings policies for data services * Add branch config for testing * Add missing types for auditing * Add diagnostic setting policies for compute services * Add diagnostic setting policies for integration services * Add diagnostic setting policies for network services * Remove policy for ACI since it doesn't have logs to collect * Remove extra resource type * Set region to 'global' for edge services * Remove branch config. used for testing * Updated App Service log categories * Add branch config * Remove branch config
* Add deployment scope for policy assignment * Add branch test config * Set new parameter for policy assignment scope: var-policyAssignmentManagementGroupId * Update pipeline for new var * Add separate scope for testing * Update pipeline parameter name * Ensure new temp file is created to populate the parameters. * Remove test job * Remove branch config * Update readme * Update authoring guide with new parameter
Implement Azure#150, scripts and documentation
…Azure#156) Ensure diagnostic settings policy only checks for logs
Update Azure CLI version to 2.32.0
* Remove obsolete directory * Rotate resource group names for E2E deployments * Fix typo * Add branch config for testing * Fix typo * Remove branch configs * Remove timestamp from sample JSON templates. Timestamps are kept for E2E testing. * Remove date stamp
* Update linter rules for location parameter * Add location parameter with default value based on resourceGroup() or deployment() * Update archetype schema and docs for location * Add branch config for testing * Update AKS version * Update branch config * Remove branch configs
…e#161) * Add policy and policy set to inherit tags from subscription to resource group * Add branch config for testing * Remove policy type as it's not built in * Updated resource type for resource group * Update policy assignment * Ensure assignment name is <= 24 chars * Revert resource group type * Setting mode to all * Update documentation * Add branch config * Add explicit dependsOn for subscription scaffolding to complete * Update test deployment parameters * Remove explicit dependsOn for subscription scaffolding to complete * Update doc to describe approaches for adding tags to RGs * Reduce the options for tagging resources given subscripton to RG tagging is available * Add example scenarios for tag inheritence * Fix typo * Remove branch configs * Resolve linter error: no-loc-expr-outside-params
* Instructions for creating ADO pipeline environments * Fix formatting
…ngs (Azure#177) * Fix markdown linter warnings * Add instruction for logging and networking MGs
Co-authored-by: Preston K. Parsard <autocloudarc@noreply.github.com>
Implement configurable management group hierarchy
* Add instructions for backfilling management group hierarchy * Update section titles, links and reference backfill instruction as part of MG setup * Instructions for installing AzCLI and jq * Clearfy that Tenant Root Group could have been renamed in the organization * Windows Shell example * Update instructions to delete pipeline variables that will be automatically created when MG heirarchy is used * Note on YAML indentation
* Redirect subscriptoin configuration guidance to archetype authoring guide doc * Revise instructions for creating ARM parameter files & management group id selection
Print multi-line environment variables (typically JSON objects) in Show Variables step
Add delete lock for LAW RG
Add CosmosDB Defender Plan and custom policy to deploy Defender Plan for Cosmos DB
Co-authored-by: Adil Ha <adil.hanifi@osfi-bsif.gc.ca>
…t group hierarchy (Azure#213)
Adding Barry Willis and Kevin Evans to the CODEOWNERS file for the entire repo
Having domain controllers under the "Connectivity" subscription is an anti-pattern that causes confusion to users. Co-authored-by: Barrington Willis <51492255+tredell@users.noreply.github.com>
Updated documents, from docs.microsoft.com - to Learn.
* Fixed BCP321 Linter warning in networking files * Fixed Role Definition Id References to use the ResourceId function * changed the pOlicyScopedId var to be set by using the MGResourceID Function * fixed BCP321 warning * fixed the remaining linter warnings * fixed the remaining linter errors in the policy definitions * updated the linter rules * Fixed Bug on policy defnition * Fixed the AKS policy deployment * Commit 95556ddd: changed the extensionResourceId function to tenantResourceId for all built-in polify definitions * fixed linter warnings in policy files * changed the invalid dummy service alert phone number to a valid phone number * changed the servcie health number prefix to 604 * updated AKS version in the Data Archetypes * Changed hte AKS version to only have the Major.Minor * Added the patch version to the AKS versions in the Data Archetypes
* Squashed commit of the following: commit 6d6b3e49855c365f49a4674534b985bacf9cd74c Author: Barry Willis <bawillis@microsoft.com> Date: Mon Feb 27 08:07:45 2023 -0800 changed the areacode on the logging service health alerts architype commit 86b4505c2ffd5127978883c0bc6a1f9b0e7d3268 Author: Barry Willis <bawillis@microsoft.com> Date: Fri Feb 24 16:39:08 2023 -0800 prepping for testing in ESLZ test environment commit 0f92b6bf70aee1377b4d49db436fa7024f1bfd25 Merge: 2a3584a 7749e7b Author: Barry Willis <bawillis@microsoft.com> Date: Fri Feb 24 16:10:37 2023 -0800 Merge remote-tracking branch 'origin/main' into IdentityLZ commit 7749e7b Merge: f6555a4 5337654 Author: Barry Willis <bawillis@microsoft.com> Date: Fri Feb 24 16:08:54 2023 -0800 Merge remote-tracking branch 'github-CanadaPubSecALZ/main' commit f6555a4 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Feb 13 12:30:20 2023 -0800 Added the patch version to the AKS versions in the Data Archetypes commit 8edcb63 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Feb 13 11:32:54 2023 -0800 Changed hte AKS version to only have the Major.Minor commit 37123d7 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Feb 13 11:17:38 2023 -0800 updated AKS version in the Data Archetypes commit 459b3c6 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Feb 13 08:55:13 2023 -0800 changed the servcie health number prefix to 604 commit cccf886 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Feb 13 07:42:52 2023 -0800 changed the invalid dummy service alert phone number to a valid phone number commit 8e9628d Author: Barry Willis <bawillis@microsoft.com> Date: Mon Feb 13 07:01:36 2023 -0800 fixed linter warnings in policy files commit 6c2b2f7 Author: Barry Willis <bawillis@microsoft.com> Date: Sat Feb 11 15:36:36 2023 -0800 Commit 95556ddd: changed the extensionResourceId function to tenantResourceId for all built-in polify definitions commit c58ba48 Author: Barry Willis <bawillis@microsoft.com> Date: Sat Feb 11 15:09:56 2023 -0800 Fixed the AKS policy deployment commit f9e8418 Author: Barry Willis <bawillis@microsoft.com> Date: Sat Feb 11 14:04:22 2023 -0800 Fixed Bug on policy defnition commit 1a3c82e Author: Barry Willis <bawillis@microsoft.com> Date: Fri Feb 10 19:09:02 2023 -0800 updated the linter rules commit 20e1880 Author: Barry Willis <bawillis@microsoft.com> Date: Fri Feb 10 18:52:18 2023 -0800 fixed the remaining linter errors in the policy definitions commit 1610a28 Author: Barry Willis <bawillis@microsoft.com> Date: Fri Feb 10 18:27:14 2023 -0800 fixed the remaining linter warnings commit 9f0e049 Author: Barry Willis <bawillis@microsoft.com> Date: Fri Feb 10 17:31:21 2023 -0800 fixed BCP321 warning commit 466d7b0 Author: Barry Willis <bawillis@microsoft.com> Date: Fri Feb 10 17:22:46 2023 -0800 changed the pOlicyScopedId var to be set by using the MGResourceID Function commit 9362967 Author: Barry Willis <bawillis@microsoft.com> Date: Fri Feb 10 16:48:26 2023 -0800 Fixed Role Definition Id References to use the ResourceId function commit 4bcbc28 Author: Barry Willis <bawillis@microsoft.com> Date: Fri Feb 10 16:07:33 2023 -0800 Fixed BCP321 Linter warning in networking files commit 2a3584a7cac9c5822c7a226bc8a5d44f52d69a65 Author: Barry Willis <bawillis@microsoft.com> Date: Fri Feb 10 15:07:43 2023 -0800 Removed Linter exception BCP321 - will fix in the linter PR commit a0b48ec7710a5ee8023a066e4cb5394074002c1e Author: Barry Willis <bawillis@microsoft.com> Date: Fri Feb 10 10:39:36 2023 -0800 Fixed the bugs with conditionally deploying DNS Resolver commit 4f24be78f48465b404c529b276db66496c9958db Author: Barry Willis <bawillis@microsoft.com> Date: Wed Feb 8 15:29:38 2023 -0800 Updated documentation and made the DNS Resolver subnets optional commit 03fcb5e50b0670c67d1850063dd828ffa6945cf8 Merge: dfe0d9a 0fa01e8 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Feb 6 16:58:41 2023 -0800 Merge remote-tracking branch 'origin/main' into IdentityLZ commit dfe0d9acab086df1d9dfbfbdae5770fbf5da999a Author: Barry Willis <bawillis@microsoft.com> Date: Wed Jan 11 15:52:06 2023 -0800 added Schema validation to the identity config file commit fb88630b5d707db6b7f4ab1aa2455ff79920d5b3 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Jan 9 10:28:13 2023 -0800 changed the DNS Resolver ruleset to be an object-array commit 78aaf4d6cdeff8d9832d8a309f26c10cefe97a22 Author: Barry Willis <bawillis@microsoft.com> Date: Sat Jan 7 13:57:37 2023 -0800 first pass at creating conditional forwarding rulesets in the Identity LZ commit e7b554d04daee83a55a985073ec0c59084c7f3c2 Author: Barry Willis <bawillis@microsoft.com> Date: Fri Jan 6 08:54:27 2023 -0800 Configured Subnet Delegation for Az DNS Resolver commit 978ab9925f876945ba02280493f7deba1c07e7ee Author: Barry Willis <bawillis@microsoft.com> Date: Thu Jan 5 19:52:24 2023 -0800 added Private DNS Resolver to the Identity LZ commit 9735d58fc04d7a587a76a5387deb112c466390fe Author: Barry Willis <bawillis@microsoft.com> Date: Thu Jan 5 13:19:05 2023 -0800 Removed the optional Subnet commit 4cd57ed41a09672b3cfbc1792c2edbdc3569a060 Author: Barry Willis <bawillis@microsoft.com> Date: Thu Jan 5 13:09:36 2023 -0800 first cut at the identity LZ framework commit a119eea02fca28a2028362f484aa2835c9313c1d Author: Barry Willis <bawillis@microsoft.com> Date: Wed Dec 21 11:54:58 2022 -0800 added identitypathfromroot in the branch config file commit 75b6ccc2ab6efd55037e0a5a938d49f2eef32de4 Author: Barry Willis <bawillis@microsoft.com> Date: Wed Dec 21 11:35:12 2022 -0800 Added: identity vars display Changed: location reference to identity param file commit e0cfc41b5a83c4c331689fcafa5edc9928e93d39 Author: Barry Willis <bawillis@microsoft.com> Date: Wed Dec 21 11:22:35 2022 -0800 fixed misconfigured working directory commit fb58b16999aeb9cc6b6b81647c76e95024e1267c Author: Barry Willis <bawillis@microsoft.com> Date: Wed Dec 21 11:18:46 2022 -0800 removed schema validation to test deployment commit 240189de7e30fa57654c3ec76ec37c762ff80133 Author: Barry Willis <bawillis@microsoft.com> Date: Wed Dec 21 11:15:43 2022 -0800 fixed bug - neworking region is now identity region commit 89e63b5976cb5cdc4e85d0b25c01234ffe4853d7 Author: Barry Willis <bawillis@microsoft.com> Date: Wed Dec 21 11:11:48 2022 -0800 initial identity lz deployment commit d4b40b26b893b78d7a9250dffe24c3e9ce06d690 Author: Barry Willis <bawillis@microsoft.com> Date: Wed Dec 21 11:03:29 2022 -0800 Added default region for Identity Subscription commit 41e611818d09181b1a455f612425cae20f0683f7 Author: Barry Willis <bawillis@microsoft.com> Date: Wed Dec 21 08:29:33 2022 -0800 Changed bastion subnet range in identity subnet commit f5a43f2d44803e80db8a043d31e5c9f72fc51675 Author: Barry Willis <bawillis@microsoft.com> Date: Wed Dec 21 07:33:03 2022 -0800 Param file for Identity LZ commit 13d084b0fe74f39ca1423b2eb9f333a2b760b1f2 Author: Barry Willis <bawillis@microsoft.com> Date: Tue Dec 20 15:19:23 2022 +0000 Deleted identity.parameteres.json commit 5ba9a12fa8e8e02f60f3f2afea43681cc84d7446 Merge: 002b2be e395307 Author: Barry Willis <bawillis@microsoft.com> Date: Tue Dec 20 07:18:40 2022 -0800 Merge branch 'IdentityLZ' of https://dev.azure.com/Tredell/CanadaALZ/_git/CanadaALZ into IdentityLZ commit 002b2be1bb5b555a334f35cbb505e7a68f321649 Author: Barry Willis <bawillis@microsoft.com> Date: Tue Dec 20 07:18:32 2022 -0800 id-lz - created param section for id lz commit e395307b1c12786cc28cf3d4b00586dde69739d5 Author: Barry Willis <bawillis@microsoft.com> Date: Tue Dec 20 07:13:54 2022 -0800 id-lz - created param section for id lz commit 7f4a43eb4fdc7f6f37ebab8e661981cccbee9f50 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Dec 19 14:54:57 2022 -0800 disabled privatelink infrastructure to be deployed in hub lz commit db85049ac94b5c394d586b6960343bc1286997f1 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Dec 19 14:46:36 2022 -0800 Configured hub networking parameter files commit 8d772e868803d1b712013f7db21044d48ab730d2 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Dec 19 14:07:43 2022 -0800 removed comment from json - not supported commit 89cde8d92704f1a41a123af46da6dd90568d99cb Author: Barry Willis <bawillis@microsoft.com> Date: Mon Dec 19 12:56:47 2022 -0800 Configuring Policies for deployment to Test enviornment commit ba781ee844a4abd403071e072645988b63ada494 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Dec 19 12:40:53 2022 -0800 added a default security Group commit 1269da21e08fdf4c29a53b38a4d18722c64461e0 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Dec 19 12:26:14 2022 -0800 setting up logging for my test environment commit 4d6a41f4133380223f5895dba270cbce4ae5a39b Author: Barry Willis <bawillis@microsoft.com> Date: Mon Dec 19 12:13:08 2022 -0800 testing the path to the logging configuraiton file commit 75d0b99caf6aed5f809c28566cad35569d78be58 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Dec 19 12:00:14 2022 -0800 added the full path to the logging parameters file commit 32e8382bcb8deaaaab0c7bc1c2791483ef439971 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Dec 19 11:55:00 2022 -0800 path to logging parameters file was incorrect commit 5757d36a486e7f3b707f00848d19cfe64de83358 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Dec 19 11:37:20 2022 -0800 Changed MG Root to match test enviornment commit 1fdd02db1638420decf5ab021fb617b95920aada Author: Barry Willis <bawillis@microsoft.com> Date: Mon Dec 19 11:09:46 2022 -0800 Adding config file for IdentityLZ branch * PowerShell Deployment Files created * GitHub Action Pipelines modified to add the Identity Archetype * made the Identity GitHub Action optional * put the boolean option in single quotes * fixed a few bugs (BCP321 & references to the wrong tenant) * changed the sub id for the logging subscription * Removed the hardcoded reference to the LAW in the identity param file * updated the param file with the LAW ID * disabled private dns zone deployment in the identity sub * removed the config files from my custom branch * uncommented the validation in the Identity ADO Pipeline * removed commented trigger code from ADO Identity Pipeline * renenabled the dployment of the DNSPrivateEndPoints policyset * removed the provider registration for containerservices in the deploy-identity-pipeline yaml * added an explanation comment to the dnsforwardingruleset file * Added telemetry tracking for the identity subscription * fixed cut and paste errors * Updated test cases & documentation * added the consistency check & pull request checks for github actions * fixed spelling error
* Fixed Bug: missing identityPathFromRoot variable missing * Fixed Bug: Allow Network transit thru the hub * renamed the Subscriptions Yaml
Change policySetDefinitions to policyDefinitions for the policyScopedId variable.
Updated page title to reflect content
…sense in editors, fix bugs in deployment scripts (Azure#379) Fixes path normalization bug in deployment scripts Azure#374 Fixes subscription filtering bug in deployment scripts Azure#375 Adds CanadaPubSecALZ configuration JSON schema support for editors Azure#376 Adds Scripts to generate CanadaPubSecALZ configuration files using existing environments as template Azure#377 Adds Deploy landing zones to new Azure subscriptions in new primary tenant Azure#378
Squashed commit of the following: commit db45632 Author: Steve Keeler <skeeler@users.noreply.github.com> Date: Sun Jul 9 23:14:55 2023 -0400 Scripts to generate config from template, support JSON config intellisense in editors, fix bugs in deployment scripts (Azure#379) Fixes path normalization bug in deployment scripts Azure#374 Fixes subscription filtering bug in deployment scripts Azure#375 Adds CanadaPubSecALZ configuration JSON schema support for editors Azure#376 Adds Scripts to generate CanadaPubSecALZ configuration files using existing environments as template Azure#377 Adds Deploy landing zones to new Azure subscriptions in new primary tenant Azure#378 commit 5830bcb Author: David Christiansen <DavidChristiansen@users.noreply.github.com> Date: Tue Apr 25 21:12:23 2023 +0100 Update identity.md (Azure#365) Updated page title to reflect content commit 674f6cb Author: Yanick Lepine <65724245+ylepine@users.noreply.github.com> Date: Thu Mar 16 13:13:38 2023 -0400 Update DDoS.bicep (Azure#363) Change policySetDefinitions to policyDefinitions for the policyScopedId variable. commit 5680e65 Author: Barrington Willis <51492255+tredell@users.noreply.github.com> Date: Mon Mar 13 06:31:54 2023 -0700 Bug fixes - network routing & ADO Identity Pipelines (Azure#362) * Fixed Bug: missing identityPathFromRoot variable missing * Fixed Bug: Allow Network transit thru the hub * renamed the Subscriptions Yaml commit f13f6ec Author: Barrington Willis <51492255+tredell@users.noreply.github.com> Date: Fri Mar 3 07:00:06 2023 -0800 Identity Archetype (Azure#359) * Squashed commit of the following: commit 6d6b3e49855c365f49a4674534b985bacf9cd74c Author: Barry Willis <bawillis@microsoft.com> Date: Mon Feb 27 08:07:45 2023 -0800 changed the areacode on the logging service health alerts architype commit 86b4505c2ffd5127978883c0bc6a1f9b0e7d3268 Author: Barry Willis <bawillis@microsoft.com> Date: Fri Feb 24 16:39:08 2023 -0800 prepping for testing in ESLZ test environment commit 0f92b6bf70aee1377b4d49db436fa7024f1bfd25 Merge: 2a3584a 7749e7b Author: Barry Willis <bawillis@microsoft.com> Date: Fri Feb 24 16:10:37 2023 -0800 Merge remote-tracking branch 'origin/main' into IdentityLZ commit 7749e7b Merge: f6555a4 5337654 Author: Barry Willis <bawillis@microsoft.com> Date: Fri Feb 24 16:08:54 2023 -0800 Merge remote-tracking branch 'github-CanadaPubSecALZ/main' commit f6555a4 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Feb 13 12:30:20 2023 -0800 Added the patch version to the AKS versions in the Data Archetypes commit 8edcb63 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Feb 13 11:32:54 2023 -0800 Changed hte AKS version to only have the Major.Minor commit 37123d7 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Feb 13 11:17:38 2023 -0800 updated AKS version in the Data Archetypes commit 459b3c6 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Feb 13 08:55:13 2023 -0800 changed the servcie health number prefix to 604 commit cccf886 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Feb 13 07:42:52 2023 -0800 changed the invalid dummy service alert phone number to a valid phone number commit 8e9628d Author: Barry Willis <bawillis@microsoft.com> Date: Mon Feb 13 07:01:36 2023 -0800 fixed linter warnings in policy files commit 6c2b2f7 Author: Barry Willis <bawillis@microsoft.com> Date: Sat Feb 11 15:36:36 2023 -0800 Commit 95556ddd: changed the extensionResourceId function to tenantResourceId for all built-in polify definitions commit c58ba48 Author: Barry Willis <bawillis@microsoft.com> Date: Sat Feb 11 15:09:56 2023 -0800 Fixed the AKS policy deployment commit f9e8418 Author: Barry Willis <bawillis@microsoft.com> Date: Sat Feb 11 14:04:22 2023 -0800 Fixed Bug on policy defnition commit 1a3c82e Author: Barry Willis <bawillis@microsoft.com> Date: Fri Feb 10 19:09:02 2023 -0800 updated the linter rules commit 20e1880 Author: Barry Willis <bawillis@microsoft.com> Date: Fri Feb 10 18:52:18 2023 -0800 fixed the remaining linter errors in the policy definitions commit 1610a28 Author: Barry Willis <bawillis@microsoft.com> Date: Fri Feb 10 18:27:14 2023 -0800 fixed the remaining linter warnings commit 9f0e049 Author: Barry Willis <bawillis@microsoft.com> Date: Fri Feb 10 17:31:21 2023 -0800 fixed BCP321 warning commit 466d7b0 Author: Barry Willis <bawillis@microsoft.com> Date: Fri Feb 10 17:22:46 2023 -0800 changed the pOlicyScopedId var to be set by using the MGResourceID Function commit 9362967 Author: Barry Willis <bawillis@microsoft.com> Date: Fri Feb 10 16:48:26 2023 -0800 Fixed Role Definition Id References to use the ResourceId function commit 4bcbc28 Author: Barry Willis <bawillis@microsoft.com> Date: Fri Feb 10 16:07:33 2023 -0800 Fixed BCP321 Linter warning in networking files commit 2a3584a7cac9c5822c7a226bc8a5d44f52d69a65 Author: Barry Willis <bawillis@microsoft.com> Date: Fri Feb 10 15:07:43 2023 -0800 Removed Linter exception BCP321 - will fix in the linter PR commit a0b48ec7710a5ee8023a066e4cb5394074002c1e Author: Barry Willis <bawillis@microsoft.com> Date: Fri Feb 10 10:39:36 2023 -0800 Fixed the bugs with conditionally deploying DNS Resolver commit 4f24be78f48465b404c529b276db66496c9958db Author: Barry Willis <bawillis@microsoft.com> Date: Wed Feb 8 15:29:38 2023 -0800 Updated documentation and made the DNS Resolver subnets optional commit 03fcb5e50b0670c67d1850063dd828ffa6945cf8 Merge: dfe0d9a 0fa01e8 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Feb 6 16:58:41 2023 -0800 Merge remote-tracking branch 'origin/main' into IdentityLZ commit dfe0d9acab086df1d9dfbfbdae5770fbf5da999a Author: Barry Willis <bawillis@microsoft.com> Date: Wed Jan 11 15:52:06 2023 -0800 added Schema validation to the identity config file commit fb88630b5d707db6b7f4ab1aa2455ff79920d5b3 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Jan 9 10:28:13 2023 -0800 changed the DNS Resolver ruleset to be an object-array commit 78aaf4d6cdeff8d9832d8a309f26c10cefe97a22 Author: Barry Willis <bawillis@microsoft.com> Date: Sat Jan 7 13:57:37 2023 -0800 first pass at creating conditional forwarding rulesets in the Identity LZ commit e7b554d04daee83a55a985073ec0c59084c7f3c2 Author: Barry Willis <bawillis@microsoft.com> Date: Fri Jan 6 08:54:27 2023 -0800 Configured Subnet Delegation for Az DNS Resolver commit 978ab9925f876945ba02280493f7deba1c07e7ee Author: Barry Willis <bawillis@microsoft.com> Date: Thu Jan 5 19:52:24 2023 -0800 added Private DNS Resolver to the Identity LZ commit 9735d58fc04d7a587a76a5387deb112c466390fe Author: Barry Willis <bawillis@microsoft.com> Date: Thu Jan 5 13:19:05 2023 -0800 Removed the optional Subnet commit 4cd57ed41a09672b3cfbc1792c2edbdc3569a060 Author: Barry Willis <bawillis@microsoft.com> Date: Thu Jan 5 13:09:36 2023 -0800 first cut at the identity LZ framework commit a119eea02fca28a2028362f484aa2835c9313c1d Author: Barry Willis <bawillis@microsoft.com> Date: Wed Dec 21 11:54:58 2022 -0800 added identitypathfromroot in the branch config file commit 75b6ccc2ab6efd55037e0a5a938d49f2eef32de4 Author: Barry Willis <bawillis@microsoft.com> Date: Wed Dec 21 11:35:12 2022 -0800 Added: identity vars display Changed: location reference to identity param file commit e0cfc41b5a83c4c331689fcafa5edc9928e93d39 Author: Barry Willis <bawillis@microsoft.com> Date: Wed Dec 21 11:22:35 2022 -0800 fixed misconfigured working directory commit fb58b16999aeb9cc6b6b81647c76e95024e1267c Author: Barry Willis <bawillis@microsoft.com> Date: Wed Dec 21 11:18:46 2022 -0800 removed schema validation to test deployment commit 240189de7e30fa57654c3ec76ec37c762ff80133 Author: Barry Willis <bawillis@microsoft.com> Date: Wed Dec 21 11:15:43 2022 -0800 fixed bug - neworking region is now identity region commit 89e63b5976cb5cdc4e85d0b25c01234ffe4853d7 Author: Barry Willis <bawillis@microsoft.com> Date: Wed Dec 21 11:11:48 2022 -0800 initial identity lz deployment commit d4b40b26b893b78d7a9250dffe24c3e9ce06d690 Author: Barry Willis <bawillis@microsoft.com> Date: Wed Dec 21 11:03:29 2022 -0800 Added default region for Identity Subscription commit 41e611818d09181b1a455f612425cae20f0683f7 Author: Barry Willis <bawillis@microsoft.com> Date: Wed Dec 21 08:29:33 2022 -0800 Changed bastion subnet range in identity subnet commit f5a43f2d44803e80db8a043d31e5c9f72fc51675 Author: Barry Willis <bawillis@microsoft.com> Date: Wed Dec 21 07:33:03 2022 -0800 Param file for Identity LZ commit 13d084b0fe74f39ca1423b2eb9f333a2b760b1f2 Author: Barry Willis <bawillis@microsoft.com> Date: Tue Dec 20 15:19:23 2022 +0000 Deleted identity.parameteres.json commit 5ba9a12fa8e8e02f60f3f2afea43681cc84d7446 Merge: 002b2be e395307 Author: Barry Willis <bawillis@microsoft.com> Date: Tue Dec 20 07:18:40 2022 -0800 Merge branch 'IdentityLZ' of https://dev.azure.com/Tredell/CanadaALZ/_git/CanadaALZ into IdentityLZ commit 002b2be1bb5b555a334f35cbb505e7a68f321649 Author: Barry Willis <bawillis@microsoft.com> Date: Tue Dec 20 07:18:32 2022 -0800 id-lz - created param section for id lz commit e395307b1c12786cc28cf3d4b00586dde69739d5 Author: Barry Willis <bawillis@microsoft.com> Date: Tue Dec 20 07:13:54 2022 -0800 id-lz - created param section for id lz commit 7f4a43eb4fdc7f6f37ebab8e661981cccbee9f50 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Dec 19 14:54:57 2022 -0800 disabled privatelink infrastructure to be deployed in hub lz commit db85049ac94b5c394d586b6960343bc1286997f1 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Dec 19 14:46:36 2022 -0800 Configured hub networking parameter files commit 8d772e868803d1b712013f7db21044d48ab730d2 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Dec 19 14:07:43 2022 -0800 removed comment from json - not supported commit 89cde8d92704f1a41a123af46da6dd90568d99cb Author: Barry Willis <bawillis@microsoft.com> Date: Mon Dec 19 12:56:47 2022 -0800 Configuring Policies for deployment to Test enviornment commit ba781ee844a4abd403071e072645988b63ada494 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Dec 19 12:40:53 2022 -0800 added a default security Group commit 1269da21e08fdf4c29a53b38a4d18722c64461e0 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Dec 19 12:26:14 2022 -0800 setting up logging for my test environment commit 4d6a41f4133380223f5895dba270cbce4ae5a39b Author: Barry Willis <bawillis@microsoft.com> Date: Mon Dec 19 12:13:08 2022 -0800 testing the path to the logging configuraiton file commit 75d0b99caf6aed5f809c28566cad35569d78be58 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Dec 19 12:00:14 2022 -0800 added the full path to the logging parameters file commit 32e8382bcb8deaaaab0c7bc1c2791483ef439971 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Dec 19 11:55:00 2022 -0800 path to logging parameters file was incorrect commit 5757d36a486e7f3b707f00848d19cfe64de83358 Author: Barry Willis <bawillis@microsoft.com> Date: Mon Dec 19 11:37:20 2022 -0800 Changed MG Root to match test enviornment commit 1fdd02db1638420decf5ab021fb617b95920aada Author: Barry Willis <bawillis@microsoft.com> Date: Mon Dec 19 11:09:46 2022 -0800 Adding config file for IdentityLZ branch * PowerShell Deployment Files created * GitHub Action Pipelines modified to add the Identity Archetype * made the Identity GitHub Action optional * put the boolean option in single quotes * fixed a few bugs (BCP321 & references to the wrong tenant) * changed the sub id for the logging subscription * Removed the hardcoded reference to the LAW in the identity param file * updated the param file with the LAW ID * disabled private dns zone deployment in the identity sub * removed the config files from my custom branch * uncommented the validation in the Identity ADO Pipeline * removed commented trigger code from ADO Identity Pipeline * renenabled the dployment of the DNSPrivateEndPoints policyset * removed the provider registration for containerservices in the deploy-identity-pipeline yaml * added an explanation comment to the dnsforwardingruleset file * Added telemetry tracking for the identity subscription * fixed cut and paste errors * Updated test cases & documentation * added the consistency check & pull request checks for github actions * fixed spelling error commit 5337654 Author: Barrington Willis <51492255+tredell@users.noreply.github.com> Date: Fri Feb 24 12:57:36 2023 -0800 Fixed Linter warnings & build errors (Azure#354) * Fixed BCP321 Linter warning in networking files * Fixed Role Definition Id References to use the ResourceId function * changed the pOlicyScopedId var to be set by using the MGResourceID Function * fixed BCP321 warning * fixed the remaining linter warnings * fixed the remaining linter errors in the policy definitions * updated the linter rules * Fixed Bug on policy defnition * Fixed the AKS policy deployment * Commit 95556ddd: changed the extensionResourceId function to tenantResourceId for all built-in polify definitions * fixed linter warnings in policy files * changed the invalid dummy service alert phone number to a valid phone number * changed the servcie health number prefix to 604 * updated AKS version in the Data Archetypes * Changed hte AKS version to only have the Major.Minor * Added the patch version to the AKS versions in the Data Archetypes commit 0fa01e8 Author: Luke Murray <24467442+lukemurraynz@users.noreply.github.com> Date: Tue Feb 7 12:26:03 2023 +1300 Updated documents, from docs.microsoft.com - to Learn. (Azure#350) Updated documents, from docs.microsoft.com - to Learn. commit e44c7ea Author: Obay <ahmad.obay@gmail.com> Date: Wed Nov 30 19:14:57 2022 -0800 Update hubnetwork-azfw.md (Azure#345) Having domain controllers under the "Connectivity" subscription is an anti-pattern that causes confusion to users. Co-authored-by: Barrington Willis <51492255+tredell@users.noreply.github.com> commit 12cd557 Author: Steve Keeler <skeeler@users.noreply.github.com> Date: Wed Nov 30 21:27:08 2022 -0500 Add Barry to code owners list (Azure#346) commit c714e65 Author: Steve Keeler <skeeler@users.noreply.github.com> Date: Fri Oct 14 15:48:33 2022 -0400 Update CODEOWNERS (Azure#344) Adding Barry Willis and Kevin Evans to the CODEOWNERS file for the entire repo commit b8a9bc9 Author: Steve Keeler <skeeler@users.noreply.github.com> Date: Thu Sep 1 15:31:28 2022 -0400 Version August 2022 schema changes (Azure#342) commit 5851a09 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Wed Aug 17 18:50:15 2022 -0400 Revised Event Hub Diagnostic Settings policy (Azure#339) commit e5fe399 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Wed Aug 17 18:37:43 2022 -0400 Update diagnostic settings profile name (Azure#337) commit db52627 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Wed Aug 17 18:17:12 2022 -0400 Suppress false positive linter warning: secure-secrets-in-params (Azure#335) commit 2a6042d Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Wed Aug 17 17:59:13 2022 -0400 Network security group support for private endpoints subnet (Azure#333) commit e069a4b Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Wed Aug 17 17:28:39 2022 -0400 Support data collection rule (Azure#331) commit c2afa0d Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Mon Aug 8 15:42:22 2022 -0400 Support azkms.core.windows.net and IPs in firewall allow list (Azure#329) commit a7f521d Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Tue Jul 19 23:31:56 2022 -0400 Add missing log categories in diagnostic settings for Azure Firewall (Azure#324) commit 60198bc Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Tue Jul 19 23:11:10 2022 -0400 Resolve linter warning: prefer-unquoted-property-names (Azure#322) commit a4e53ff Author: Sabyasachi Dasgupta <sabyadg.softbio@gmail.com> Date: Mon Jul 18 16:44:01 2022 -0400 Update machinelearning.md (Azure#327) commit 8fc587a Author: Ifyagolu <55541295+Ifyagolu@users.noreply.github.com> Date: Fri Jun 24 17:05:28 2022 -0400 Fix typo in onboarding guidance (Azure#320) commit e9a0962 Author: Islam Gomaa <igomaa@users.noreply.github.com> Date: Fri May 27 16:13:52 2022 -0400 Reference the Guardrails Solution Accelerator for 30-day guardrail assessment (Azure#313) commit 2b11801 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Thu May 19 10:38:55 2022 -0400 Add service health notification info (Azure#310) commit bce747c Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Wed May 18 09:29:03 2022 -0400 Update resource group names for Logging & Networking (Azure#309) Remove `-rg` suffix commit 6765c48 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Tue May 17 15:14:33 2022 -0400 Serial defender plan deployments & revised resource/resource group names (Azure#307) commit 62adb00 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Mon May 16 13:53:37 2022 -0400 Log Analytics solutions for SQL servers on machines (Azure#303) commit c1a3b99 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Mon May 16 09:26:47 2022 -0400 Flexible policy deployment using PowerShell & GitHub Actions (Azure#300) commit 0ce5c1a Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Sun May 15 12:19:01 2022 -0400 Disable fail fast for matrix deployments (Azure#297) commit c078a79 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Sun May 15 11:19:43 2022 -0400 Concurrent role deployment with PowerShell & GitHub Actions (Azure#299) commit 31a214a Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Sun May 15 10:39:08 2022 -0400 Disable metrics in diagnostic settings for AKS through Policy (Azure#295) commit 6a90a2f Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Wed May 11 10:56:26 2022 -0400 Separate Azure Firewall Policy deployment switch & unique telemetry tracking for policy assignments (Azure#289) commit c413307 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Tue May 10 16:46:06 2022 -0400 Ensure multiple subscriptions can be moved to a management in parallel (Azure#288) Ensure deployment name for moving subscription is unique commit 93d2f13 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Tue May 10 14:53:18 2022 -0400 Support jobs in GitHub Actions (Azure#286) commit 31e8d0a Author: Steve Keeler <skeeler@users.noreply.github.com> Date: Tue May 10 12:30:36 2022 -0400 Correct wiring of the subscriptions-ci pipeline and prompt for NVA firewall username & password (Azure#285) commit 229b144 Author: Steve Keeler <skeeler@users.noreply.github.com> Date: Mon May 9 20:41:06 2022 -0400 Fix DeploySubscriptionIds parameter type casting (Azure#282) commit 799ad52 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Mon May 9 20:10:33 2022 -0400 Pass-thru secure strings as-is until ready for use (Azure#281) commit a9c9419 Author: Steve Keeler <skeeler@users.noreply.github.com> Date: Mon May 9 17:11:12 2022 -0400 Add environment configuration override and protect sensitive parameters (Azure#280) commit ce6c27f Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Mon May 9 11:23:57 2022 -0400 Support schema validation (Azure#277) commit 1d8dbd7 Author: Steve Keeler <skeeler@users.noreply.github.com> Date: Mon May 9 08:07:26 2022 -0400 GitHub workflow implementation (Azure#276) Implement GitHub workflows to deploy the Azure Landing Zones for Canadian Public Sector commit 08d8f92 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Mon May 2 16:03:02 2022 -0400 Deployment flow diagram (Azure#274) commit db098e1 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Fri Apr 29 22:37:58 2022 -0400 Powershell deployment script for archetypes (Azure#273) Support for deploying subscriptions commit 15c2847 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Fri Apr 29 16:29:22 2022 -0400 PowerShell deployment scripts (Azure#271) commit 3522571 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Wed Apr 27 18:10:23 2022 -0400 Snapshot ARM parameters JSON schemas (Azure#268) commit 60f3b59 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Wed Apr 27 17:29:58 2022 -0400 Organize deployment parameters for Hub Networking with NVA (Azure#266) commit 926521a Author: ghostme <phebsix@gmail.com> Date: Wed Apr 27 15:20:08 2022 -0400 Updated documentation (Azure#267) commit d68824a Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Mon Apr 25 14:32:25 2022 -0400 Organize deployment parameters for Hub Networking with Azure Firewall (Azure#265) commit 2bc196a Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Mon Apr 25 14:03:31 2022 -0400 Support for optional subnets in Machine Learning & Healthcare archetypes (Azure#264) commit b33cd36 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Thu Apr 21 09:32:43 2022 -0400 Update common.yml example (Azure#262) commit 3008353 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Wed Apr 20 12:44:45 2022 -0400 Removed extra configuration files (Azure#260) commit 1ee5b9e Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Wed Apr 20 11:56:14 2022 -0400 Revise subnet configuration for Healthcare archetype (Azure#256) commit 72fe50d Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Wed Apr 20 11:43:09 2022 -0400 Revise subnet configuration for Machine Learning archetype (Azure#254) commit 7083377 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Wed Apr 20 11:38:07 2022 -0400 Revise subnet configuration for Generic Subscription archetype (Azure#252) commit 3d9c60d Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Wed Apr 20 11:30:10 2022 -0400 Migrate Networking configuration to JSON parameters file (Azure#250) commit 38fc344 Author: Mohamed Sharaf <Mohamed.Sharaf@live.ca> Date: Wed Apr 20 10:29:52 2022 -0400 Azure Active Directory support for Synapse (Azure#259) commit 89613db Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Tue Apr 12 21:31:06 2022 -0400 Include new Databricks' log categories for diagnostic settings (Azure#248) Add new databricks' log categories for diagnostic settings commit 700eb96 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Tue Apr 12 17:33:12 2022 -0400 Support multiple private dns zone configuration when updating private DNS Zones through Azure Policy (Azure#246) Update Private DNS Zone policy to support multiple dnsZoneConfigs commit 1c37279 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Mon Apr 11 11:24:00 2022 -0400 Support logging infrastructure for multiple regions in same subscription (Azure#244) Ensure subscription scoped deployments are unique per region commit 0e258f9 Author: Steve Keeler <skeeler@users.noreply.github.com> Date: Sat Apr 9 13:50:50 2022 -0400 Update azure-devops-pipelines.md (Azure#242) commit bfe1f58 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Fri Apr 8 11:31:52 2022 -0400 Migrate Logging configuration to JSON parameters file (Azure#236) commit cc5f017 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Fri Apr 8 10:26:12 2022 -0400 PBMM & HITRUST/HIPAA policy update (Azure#238) commit 3259994 Author: Steve Keeler <skeeler@users.noreply.github.com> Date: Tue Apr 5 14:41:17 2022 -0400 Fix order of `platform-connectivity-hub-azfw-policy` pipeline listed in run-pipelines.bat script Azure#233 (Azure#234) commit cb96311 Author: ccmsft <98336965+ccmsft@users.noreply.github.com> Date: Mon Apr 4 09:39:17 2022 -0400 Updating recommendations to reflect licensing reqs (Azure#229) commit 3ce2cf8 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Fri Apr 1 22:49:44 2022 -0400 Use built-in policy for Cosmos DB for Defender Plan (Azure#232) * Use built-in policy for Cosmos DB for Defender Plan * Add branch config * Remove branch config commit d2f959a Author: ghostme <phebsix@gmail.com> Date: Fri Apr 1 10:05:21 2022 -0400 Update networking documentation for generic subscription archetype (Azure#230) commit 575440e Author: ccmsft <98336965+ccmsft@users.noreply.github.com> Date: Wed Mar 30 23:36:35 2022 -0400 Initial GC 30-day cloud guardrails compliance/guidance (Azure#226) Initial GC 30-day cloud guardrails doc commit 6b36096 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Wed Mar 30 22:40:17 2022 -0400 Externalize Log Analytics Workspace parameters when loading pipeline variables (Azure#220) Externalize the log analytics parameters to load arbitary LAW variables commit 0210df4 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Wed Mar 30 21:51:30 2022 -0400 Flexible policy assignment parameters JSON files (Azure#222) commit f25f957 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Wed Mar 30 20:57:07 2022 -0400 Private DNS Policy - Change Cosmos DB namespace to Microsoft.DocumentDB (Azure#228) * Change Cosmos DB namespace to Microsoft.DocumentDB * Add branch config * Remove branch config commit 453a0f8 Author: Steve Keeler <skeeler@users.noreply.github.com> Date: Wed Mar 30 19:00:07 2022 -0400 Improve `delete-management-groups.bat` script (Azure#224) commit 2e5a56b Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Thu Mar 24 09:02:36 2022 -0400 Fix formatting (Azure#218) commit bf5e94b Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Wed Mar 23 23:01:02 2022 -0400 Add instructions for customizing policy set assignments (Azure#215) commit 0538d4d Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Wed Mar 23 22:57:00 2022 -0400 Document delete lock usage (Azure#216) Document when and where delete locks are used commit 789b18a Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Wed Mar 23 22:49:24 2022 -0400 Update OZ subnet name to App Management Zone (Azure#217) commit 97c2904 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Fri Mar 11 21:59:40 2022 -0500 Backward compatibility when setting pipeline variables from management group hierarchy (Azure#213) commit 30b9cc2 Author: Adil Ha <sunshero@msn.com> Date: Fri Mar 11 11:26:31 2022 -0500 fixing doc typo in hubnetwork-azfw (Azure#211) Co-authored-by: Adil Ha <adil.hanifi@osfi-bsif.gc.ca> commit 27363b7 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Sat Mar 5 13:04:13 2022 -0500 Support Defender Plan for Cosmos DB (Azure#200) Add CosmosDB Defender Plan and custom policy to deploy Defender Plan for Cosmos DB commit 81eccd1 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Sat Mar 5 12:48:45 2022 -0500 Delete Lock for Log Analytics Workspace resource group (Azure#205) Add delete lock for LAW RG commit 678355f Author: Steve Keeler <skeeler@users.noreply.github.com> Date: Sat Mar 5 11:03:46 2022 -0500 Fix pipeline scripts reference to `subscription-ci` (Azure#207) commit 5753cf0 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Thu Mar 3 14:44:31 2022 -0500 Ensure values from multiline variables are properly logged (Azure#202) Print multi-line environment variables (typically JSON objects) in Show Variables step commit d6b1c08 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Thu Mar 3 14:09:47 2022 -0500 Revise subscription deployment instructions (Azure#201) * Redirect subscriptoin configuration guidance to archetype authoring guide doc * Revise instructions for creating ARM parameter files & management group id selection commit 5e7322e Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Wed Mar 2 08:22:35 2022 -0500 Instructions for backfilling management group hierarchy (Azure#197) * Add instructions for backfilling management group hierarchy * Update section titles, links and reference backfill instruction as part of MG setup * Instructions for installing AzCLI and jq * Clearfy that Tenant Root Group could have been renamed in the organization * Windows Shell example * Update instructions to delete pipeline variables that will be automatically created when MG heirarchy is used * Note on YAML indentation commit 5d33909 Author: Preston K. Parsard <autocloudarc@users.noreply.github.com> Date: Tue Mar 1 10:46:04 2022 -0500 subscription(generic): add instructions for configuring parameters (Azure#193) commit 17846c4 Author: Steve Keeler <skeeler@users.noreply.github.com> Date: Sun Feb 27 20:30:20 2022 -0500 Show Variables fix (Azure#191) commit c62dcfc Author: Steve Keeler <skeeler@users.noreply.github.com> Date: Sun Feb 27 16:50:20 2022 -0500 Configurable management group hierarchy (Azure#186) Implement configurable management group hierarchy commit 9a141f7 Author: Preston K. Parsard <autocloudarc@users.noreply.github.com> Date: Sat Feb 26 19:45:35 2022 -0500 Update onboarding document Co-authored-by: Preston K. Parsard <autocloudarc@noreply.github.com> commit 6b6ef29 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Sat Feb 26 18:22:48 2022 -0500 Snapshot JSON schemas to v0.4.0 (Azure#182) commit 4dd1f4a Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Wed Feb 23 15:39:43 2022 -0500 Update onboarding doc for logging & networking management group settings (Azure#177) * Fix markdown linter warnings * Add instruction for logging and networking MGs commit 5d7eec3 Author: Steve Keeler <skeeler@users.noreply.github.com> Date: Wed Feb 23 12:51:20 2022 -0500 Update `create-pipelines.bat` onboarding script to auto-provision environment (Azure#178) commit 488fc6e Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Tue Feb 22 09:05:20 2022 -0500 Instructions for Azure DevOps Environments (Azure#175) * Instructions for creating ADO pipeline environments * Fix formatting commit edabd87 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Thu Feb 17 23:29:42 2022 -0500 Support for Tag inheritance from Subscription to Resource Group (Azure#161) * Add policy and policy set to inherit tags from subscription to resource group * Add branch config for testing * Remove policy type as it's not built in * Updated resource type for resource group * Update policy assignment * Ensure assignment name is <= 24 chars * Revert resource group type * Setting mode to all * Update documentation * Add branch config * Add explicit dependsOn for subscription scaffolding to complete * Update test deployment parameters * Remove explicit dependsOn for subscription scaffolding to complete * Update doc to describe approaches for adding tags to RGs * Reduce the options for tagging resources given subscripton to RG tagging is available * Add example scenarios for tag inheritence * Fix typo * Remove branch configs * Resolve linter error: no-loc-expr-outside-params commit e71ed26 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Wed Feb 16 20:09:19 2022 -0500 Linter: no-loc-expr-outside-params - ensure compliance (Azure#169) * Update linter rules for location parameter * Add location parameter with default value based on resourceGroup() or deployment() * Update archetype schema and docs for location * Add branch config for testing * Update AKS version * Update branch config * Remove branch configs commit 6061fa0 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Thu Feb 10 16:49:42 2022 -0500 Repository clean up (Azure#165) * Remove obsolete directory * Rotate resource group names for E2E deployments * Fix typo * Add branch config for testing * Fix typo * Remove branch configs * Remove timestamp from sample JSON templates. Timestamps are kept for E2E testing. * Remove date stamp commit 5104f39 Author: Steve Keeler <skeeler@users.noreply.github.com> Date: Thu Feb 10 09:08:17 2022 -0500 Update DevOps Onboarding section of main readme (Azure#162) commit 209f61c Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Thu Feb 10 09:06:31 2022 -0500 Update Deployment Script's Azure CLI version to 2.32.0 (Azure#164) Update Azure CLI version to 2.32.0 commit d7d5257 Author: Steve Keeler <skeeler@users.noreply.github.com> Date: Mon Feb 7 13:51:17 2022 -0500 Issue Azure#157 - Update scripts documentation (Azure#158) Update scripts documentation (Issue Azure#157) Update docs/onboarding/azure-devops-scripts.md Co-authored-by: Senthuran Sivananthan <senthuran.sivananthan@microsoft.com> commit b628c68 Author: Senthuran Sivananthan <sesivan@microsoft.com> Date: Fri Feb 4 12:42:31 2022 -0500 Enhance PBMM policy assignment to disable diagnostic settings metrics (Azure#156) Ensure diagnostic settings policy only checks for logs commit 61afd59 Author: Senthuran Sivananthan <senthuran.sivananthan@microsoft.com> Date: Mon Jan 31 12:52:09 2022 -0500 Snapshot landing zone schema to v0.3.0 (Azure#152) commit 09f09ed Author: Steve Keeler <skeeler@users.noreply.github.com> Date: Mon Jan 31 09:20:20 2022 -0500 Automation scripts for Azure DevOps onboarding (Azure#151) Implement Azure#150, scripts and documentation commit 82dd826 Author: SlavaRoikhman <52217047+SlavaRoikhman@users.noreply.github.com> Date: Thu Jan 27 13:32:41 2022 -0500 Removed 'privatelink.monitor.azure.com' from Private DNS Zones (Azure#149) commit 73ce2eb Author: Senthuran Sivananthan <senthuran.sivananthan@microsoft.com> Date: Fri Jan 21 23:23:45 2022 -0500 Flexible policy assignment scope (Azure#147) * Add deployment scope for policy assignment * Add branch test config * Set new parameter for policy assignment scope: var-policyAssignmentManagementGroupId * Update pipeline for new var * Add separate scope for testing * Update pipeline parameter name * Ensure new temp file is created to populate the parameters. * Remove test job * Remove branch config * Update readme * Update authoring guide with new parameter commit c71051b Author: hudua <40040433+hudua@users.noreply.github.com> Date: Fri Jan 21 14:21:08 2022 -0500 Private Endpoint for App Service (Azure#144) commit fff245d Author: Senthuran Sivananthan <senthuran.sivananthan@microsoft.com> Date: Fri Jan 21 10:51:43 2022 -0500 Diagnostic Settings Policies for PaaS services (Azure#143) * Add diagnostic settings policies for data services * Add branch config for testing * Add missing types for auditing * Add diagnostic setting policies for compute services * Add diagnostic setting policies for integration services * Add diagnostic setting policies for network services * Remove policy for ACI since it doesn't have logs to collect * Remove extra resource type * Set region to 'global' for edge services * Remove branch config. used for testing * Updated App Service log categories * Add branch config * Remove branch config
patheard
reviewed
Mar 27, 2024
patheard
reviewed
Mar 27, 2024
patheard
approved these changes
Apr 17, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🤞🏻
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
update to 1.3.0
Scripts to generate config from template, support JSON config intellisense in editors, fix bugs in deployment scripts (Azure#379)
Fixes path normalization bug in deployment scripts Azure#374
Fixes subscription filtering bug in deployment scripts Azure#375
Adds CanadaPubSecALZ configuration JSON schema support for editors Azure#376
Adds Scripts to generate CanadaPubSecALZ configuration files using existing environments as template Azure#377
Adds Deploy landing zones to new Azure subscriptions in new primary tenant Azure#378