From 6b007559e913654abcd186d3e2bdd6d730b8d5a3 Mon Sep 17 00:00:00 2001
From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com>
Date: Thu, 3 Oct 2024 10:14:20 +0200
Subject: [PATCH] fix(platform/alz): defaults (#60)
* fix(platform/alz): consolidate to a single change tracking DCR
Fixes #59
* fix(platform/alz): add missing ama MDFC SQL data collection rule id
Fixes Default for Defender SQL DCR rule is missing #58
* fix(platform/alz): add missing defaults for vm insights and pass uami id to vm and vmss monitoring
fixes Defaults for VM Monitoring policy assignments are missing #57
* docs(platform/alz): generate docs
* docs: doc
* docs: doc
* docs(platform/alz): use ordered deefaults
* doc: use fixed alzlibtool
---
.github/workflows/pr-check.yml | 2 +-
platform/alz/README.md | 76 ++++++++++++++++-----
platform/alz/alz_policy_default_values.json | 50 ++++++++++++--
3 files changed, 103 insertions(+), 25 deletions(-)
diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml
index 5d58857..8858548 100644
--- a/.github/workflows/pr-check.yml
+++ b/.github/workflows/pr-check.yml
@@ -57,7 +57,7 @@ jobs:
go-version: 'stable'
- name: Install alzlibtool
- run: go install github.com/Azure/alzlib/cmd/alzlibtool@v0.20.0
+ run: go install github.com/Azure/alzlib/cmd/alzlibtool@v0.21.3
- name: Azure login
uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1
diff --git a/platform/alz/README.md b/platform/alz/README.md
index 650913d..8e0eba0 100644
--- a/platform/alz/README.md
+++ b/platform/alz/README.md
@@ -416,6 +416,38 @@ flowchart TD
The following policy default values are available in this library:
+### default name `ama_change_tracking_data_collection_rule_id`
+
+#### assignment `Deploy-VM-ChangeTrack`
+
+1 parameter names
+
+- dcrResourceId
+
+
+#### assignment `Deploy-VMSS-ChangeTrack`
+
+1 parameter names
+
+- dcrResourceId
+
+
+#### assignment `Deploy-vmArc-ChangeTrack`
+
+1 parameter names
+
+- dcrResourceId
+
+
+### default name `ama_mdfc_sql_data_collection_rule_id`
+
+#### assignment `Deploy-MDFC-DefSQL-AMA`
+
+1 parameter names
+
+- dcrResourceId
+
+
### default name `ama_user_assigned_managed_identity_id`
#### assignment `Deploy-VM-ChangeTrack`
@@ -425,6 +457,13 @@ The following policy default values are available in this library:
- userAssignedIdentityResourceId
+#### assignment `Deploy-VM-Monitoring`
+
+1 parameter names
+
+- userAssignedIdentityResourceId
+
+
#### assignment `Deploy-VMSS-ChangeTrack`
1 parameter names
@@ -432,6 +471,13 @@ The following policy default values are available in this library:
- userAssignedIdentityResourceId
+#### assignment `Deploy-VMSS-Monitoring`
+
+1 parameter names
+
+- userAssignedIdentityResourceId
+
+
### default name `ama_user_assigned_managed_identity_name`
#### assignment `DenyAction-DeleteUAMIAMA`
@@ -441,27 +487,23 @@ The following policy default values are available in this library:
- resourceName
-### default name `ama_vm_change_tracking_data_collection_rule_id`
+### default name `ama_vm_insights_data_collection_rule_id`
-#### assignment `Deploy-VM-ChangeTrack`
+#### assignment `Deploy-VM-Monitoring`
1 parameter names
- dcrResourceId
-### default name `ama_vmarc_change_tracking_data_collection_rule_id`
-
-#### assignment `Deploy-vmArc-ChangeTrack`
+#### assignment `Deploy-VMSS-Monitoring`
1 parameter names
- dcrResourceId
-### default name `ama_vmss_change_tracking_data_collection_rule_id`
-
-#### assignment `Deploy-VMSS-ChangeTrack`
+#### assignment `Deploy-vmHybr-Monitoring`
1 parameter names
@@ -497,46 +539,46 @@ The following policy default values are available in this library:
### default name `log_analytics_workspace_id`
-#### assignment `Deploy-MDFC-Config`
+#### assignment `Deploy-AzActivity-Log`
1 parameter names
- logAnalytics
-#### assignment `Deploy-MDFC-DefSQL-AMA`
+#### assignment `Deploy-AzSqlDb-Auditing`
1 parameter names
-- userWorkspaceResourceId
+- logAnalyticsWorkspaceId
-#### assignment `Deploy-AzActivity-Log`
+#### assignment `Deploy-Diag-Logs`
1 parameter names
- logAnalytics
-#### assignment `Deploy-AzSqlDb-Auditing`
+#### assignment `Deploy-MDFC-Config`
1 parameter names
-- logAnalyticsWorkspaceId
+- logAnalytics
-#### assignment `Deploy-Diag-Logs`
+#### assignment `Deploy-MDFC-Config-H224`
1 parameter names
- logAnalytics
-#### assignment `Deploy-MDFC-Config-H224`
+#### assignment `Deploy-MDFC-DefSQL-AMA`
1 parameter names
-- logAnalytics
+- userWorkspaceResourceId
### default name `log_analytics_workspace_location`
diff --git a/platform/alz/alz_policy_default_values.json b/platform/alz/alz_policy_default_values.json
index 432902a..58e8957 100644
--- a/platform/alz/alz_policy_default_values.json
+++ b/platform/alz/alz_policy_default_values.json
@@ -15,6 +15,18 @@
"userAssignedIdentityResourceId"
],
"policy_assignment_name": "Deploy-VMSS-ChangeTrack"
+ },
+ {
+ "policy_assignment_name": "Deploy-VM-Monitoring",
+ "parameter_names": [
+ "userAssignedIdentityResourceId"
+ ]
+ },
+ {
+ "policy_assignment_name": "Deploy-VMSS-Monitoring",
+ "parameter_names": [
+ "userAssignedIdentityResourceId"
+ ]
}
]
},
@@ -30,30 +42,54 @@
]
},
{
- "default_name": "ama_vm_change_tracking_data_collection_rule_id",
+ "default_name": "ama_vm_insights_data_collection_rule_id",
"policy_assignments": [
{
+ "policy_assignment_name": "Deploy-VM-Monitoring",
"parameter_names": [
"dcrResourceId"
- ],
- "policy_assignment_name": "Deploy-VM-ChangeTrack"
+ ]
+ },
+ {
+ "policy_assignment_name": "Deploy-VMSS-Monitoring",
+ "parameter_names": [
+ "dcrResourceId"
+ ]
+ },
+ {
+ "policy_assignment_name": "Deploy-vmHybr-Monitoring",
+ "parameter_names": [
+ "dcrResourceId"
+ ]
}
]
},
{
- "default_name": "ama_vmarc_change_tracking_data_collection_rule_id",
+ "default_name": "ama_mdfc_sql_data_collection_rule_id",
"policy_assignments": [
{
+ "policy_assignment_name": "Deploy-MDFC-DefSQL-AMA",
"parameter_names": [
"dcrResourceId"
- ],
- "policy_assignment_name": "Deploy-vmArc-ChangeTrack"
+ ]
}
]
},
{
- "default_name": "ama_vmss_change_tracking_data_collection_rule_id",
+ "default_name": "ama_change_tracking_data_collection_rule_id",
"policy_assignments": [
+ {
+ "parameter_names": [
+ "dcrResourceId"
+ ],
+ "policy_assignment_name": "Deploy-VM-ChangeTrack"
+ },
+ {
+ "parameter_names": [
+ "dcrResourceId"
+ ],
+ "policy_assignment_name": "Deploy-vmArc-ChangeTrack"
+ },
{
"parameter_names": [
"dcrResourceId"