From 6b007559e913654abcd186d3e2bdd6d730b8d5a3 Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Thu, 3 Oct 2024 10:14:20 +0200 Subject: [PATCH] fix(platform/alz): defaults (#60) * fix(platform/alz): consolidate to a single change tracking DCR Fixes #59 * fix(platform/alz): add missing ama MDFC SQL data collection rule id Fixes Default for Defender SQL DCR rule is missing #58 * fix(platform/alz): add missing defaults for vm insights and pass uami id to vm and vmss monitoring fixes Defaults for VM Monitoring policy assignments are missing #57 * docs(platform/alz): generate docs * docs: doc * docs: doc * docs(platform/alz): use ordered deefaults * doc: use fixed alzlibtool --- .github/workflows/pr-check.yml | 2 +- platform/alz/README.md | 76 ++++++++++++++++----- platform/alz/alz_policy_default_values.json | 50 ++++++++++++-- 3 files changed, 103 insertions(+), 25 deletions(-) diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index 5d58857..8858548 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -57,7 +57,7 @@ jobs: go-version: 'stable' - name: Install alzlibtool - run: go install github.com/Azure/alzlib/cmd/alzlibtool@v0.20.0 + run: go install github.com/Azure/alzlib/cmd/alzlibtool@v0.21.3 - name: Azure login uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 diff --git a/platform/alz/README.md b/platform/alz/README.md index 650913d..8e0eba0 100644 --- a/platform/alz/README.md +++ b/platform/alz/README.md @@ -416,6 +416,38 @@ flowchart TD The following policy default values are available in this library: +### default name `ama_change_tracking_data_collection_rule_id` + +#### assignment `Deploy-VM-ChangeTrack` + +
1 parameter names + +- dcrResourceId +
+ +#### assignment `Deploy-VMSS-ChangeTrack` + +
1 parameter names + +- dcrResourceId +
+ +#### assignment `Deploy-vmArc-ChangeTrack` + +
1 parameter names + +- dcrResourceId +
+ +### default name `ama_mdfc_sql_data_collection_rule_id` + +#### assignment `Deploy-MDFC-DefSQL-AMA` + +
1 parameter names + +- dcrResourceId +
+ ### default name `ama_user_assigned_managed_identity_id` #### assignment `Deploy-VM-ChangeTrack` @@ -425,6 +457,13 @@ The following policy default values are available in this library: - userAssignedIdentityResourceId +#### assignment `Deploy-VM-Monitoring` + +
1 parameter names + +- userAssignedIdentityResourceId +
+ #### assignment `Deploy-VMSS-ChangeTrack`
1 parameter names @@ -432,6 +471,13 @@ The following policy default values are available in this library: - userAssignedIdentityResourceId
+#### assignment `Deploy-VMSS-Monitoring` + +
1 parameter names + +- userAssignedIdentityResourceId +
+ ### default name `ama_user_assigned_managed_identity_name` #### assignment `DenyAction-DeleteUAMIAMA` @@ -441,27 +487,23 @@ The following policy default values are available in this library: - resourceName -### default name `ama_vm_change_tracking_data_collection_rule_id` +### default name `ama_vm_insights_data_collection_rule_id` -#### assignment `Deploy-VM-ChangeTrack` +#### assignment `Deploy-VM-Monitoring`
1 parameter names - dcrResourceId
-### default name `ama_vmarc_change_tracking_data_collection_rule_id` - -#### assignment `Deploy-vmArc-ChangeTrack` +#### assignment `Deploy-VMSS-Monitoring`
1 parameter names - dcrResourceId
-### default name `ama_vmss_change_tracking_data_collection_rule_id` - -#### assignment `Deploy-VMSS-ChangeTrack` +#### assignment `Deploy-vmHybr-Monitoring`
1 parameter names @@ -497,46 +539,46 @@ The following policy default values are available in this library: ### default name `log_analytics_workspace_id` -#### assignment `Deploy-MDFC-Config` +#### assignment `Deploy-AzActivity-Log`
1 parameter names - logAnalytics
-#### assignment `Deploy-MDFC-DefSQL-AMA` +#### assignment `Deploy-AzSqlDb-Auditing`
1 parameter names -- userWorkspaceResourceId +- logAnalyticsWorkspaceId
-#### assignment `Deploy-AzActivity-Log` +#### assignment `Deploy-Diag-Logs`
1 parameter names - logAnalytics
-#### assignment `Deploy-AzSqlDb-Auditing` +#### assignment `Deploy-MDFC-Config`
1 parameter names -- logAnalyticsWorkspaceId +- logAnalytics
-#### assignment `Deploy-Diag-Logs` +#### assignment `Deploy-MDFC-Config-H224`
1 parameter names - logAnalytics
-#### assignment `Deploy-MDFC-Config-H224` +#### assignment `Deploy-MDFC-DefSQL-AMA`
1 parameter names -- logAnalytics +- userWorkspaceResourceId
### default name `log_analytics_workspace_location` diff --git a/platform/alz/alz_policy_default_values.json b/platform/alz/alz_policy_default_values.json index 432902a..58e8957 100644 --- a/platform/alz/alz_policy_default_values.json +++ b/platform/alz/alz_policy_default_values.json @@ -15,6 +15,18 @@ "userAssignedIdentityResourceId" ], "policy_assignment_name": "Deploy-VMSS-ChangeTrack" + }, + { + "policy_assignment_name": "Deploy-VM-Monitoring", + "parameter_names": [ + "userAssignedIdentityResourceId" + ] + }, + { + "policy_assignment_name": "Deploy-VMSS-Monitoring", + "parameter_names": [ + "userAssignedIdentityResourceId" + ] } ] }, @@ -30,30 +42,54 @@ ] }, { - "default_name": "ama_vm_change_tracking_data_collection_rule_id", + "default_name": "ama_vm_insights_data_collection_rule_id", "policy_assignments": [ { + "policy_assignment_name": "Deploy-VM-Monitoring", "parameter_names": [ "dcrResourceId" - ], - "policy_assignment_name": "Deploy-VM-ChangeTrack" + ] + }, + { + "policy_assignment_name": "Deploy-VMSS-Monitoring", + "parameter_names": [ + "dcrResourceId" + ] + }, + { + "policy_assignment_name": "Deploy-vmHybr-Monitoring", + "parameter_names": [ + "dcrResourceId" + ] } ] }, { - "default_name": "ama_vmarc_change_tracking_data_collection_rule_id", + "default_name": "ama_mdfc_sql_data_collection_rule_id", "policy_assignments": [ { + "policy_assignment_name": "Deploy-MDFC-DefSQL-AMA", "parameter_names": [ "dcrResourceId" - ], - "policy_assignment_name": "Deploy-vmArc-ChangeTrack" + ] } ] }, { - "default_name": "ama_vmss_change_tracking_data_collection_rule_id", + "default_name": "ama_change_tracking_data_collection_rule_id", "policy_assignments": [ + { + "parameter_names": [ + "dcrResourceId" + ], + "policy_assignment_name": "Deploy-VM-ChangeTrack" + }, + { + "parameter_names": [ + "dcrResourceId" + ], + "policy_assignment_name": "Deploy-vmArc-ChangeTrack" + }, { "parameter_names": [ "dcrResourceId"