Skip to content

Fix/naming #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
anmolnagpal merged 25 commits into from
Jul 8, 2024
Merged

Fix/naming #1

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
fc666d1
feat(connectivity): Add option to set allow_non_virtual_wan_traffic i…
Slapper Apr 5, 2024
1ac8cb8
updates to resolve issue #794 (#919)
ATuckwell Apr 11, 2024
9bad16c
docs: update docs for threat_intelligence_allowlist (#928)
jaredfholgate Apr 17, 2024
884b0c7
Update wiki-sync.yml
jaredfholgate Apr 17, 2024
1a4fd0c
chore(deps): bump github/super-linter from 5 to 6 (#931)
dependabot[bot] Apr 30, 2024
8fbb43c
add link to Upgrade guide from v4.2.0 to v5.0.0 (#934)
T0biii May 9, 2024
f7e8114
Added hub_routing_preference to connectivity advanced configuration (…
May 10, 2024
d678f4c
Policy sync updates (#959)
jaredfholgate Jun 4, 2024
32cb5b5
Update Library Templates (automated) (#966)
cae-pr-creator[bot] Jun 4, 2024
ad133d4
Add remote branch option (#970)
jaredfholgate Jun 5, 2024
3d21cd3
Update Library Templates (automated) (#973)
cae-pr-creator[bot] Jun 5, 2024
568de05
Update Library Templates (automated) (#976)
cae-pr-creator[bot] Jun 6, 2024
9a985bb
Remove redundant assignment file (#977)
jaredfholgate Jun 6, 2024
36df277
updating threat intelligence allowlist dynamic block (#953)
Daan222 Jun 6, 2024
0783a8a
chore(deps): bump azure/powershell from 1 to 2 (#917)
dependabot[bot] Jun 6, 2024
b069eb1
Add OpenSFF Scorecard (#987)
jaredfholgate Jun 11, 2024
acd9291
chore(deps): bump github/codeql-action from 3.24.9 to 3.25.8 (#990)
dependabot[bot] Jun 11, 2024
35447cd
chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 …
dependabot[bot] Jun 11, 2024
4d983f7
feat!: ama (#968)
matt-FFFFFF Jun 17, 2024
4b8219b
Fix example uami issue (#1000)
jaredfholgate Jun 17, 2024
73206bb
Update Library Templates (automated) (#1001)
cae-pr-creator[bot] Jun 18, 2024
9d6f72b
docs: additional v6 upgrade detail (#1002)
matt-FFFFFF Jun 18, 2024
7356e5c
Update Library Templates (automated) (#1006)
cae-pr-creator[bot] Jun 20, 2024
35927bb
docs: update docs with FAQ on roadmap and banner for upcoming breakin…
matt-FFFFFF Jun 25, 2024
508a9ab
naming fixed in module
dverma-cd Jun 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
updates to resolve issue #794 (Azure#919) 
Co-authored-by: github-actions <action@github.com>
  • Loading branch information
@ATuckwell @actions-user
ATuckwell and actions-user authored Apr 11, 2024
commit 1ac8cb891565c233eb4cc7edb8cf75c8b0d82cf2
8 changes: 8 additions & 0 deletions locals.role_assignments.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,3 +37,11 @@ locals {
(role.role_assignment_id) => role.role_assignment_config
}
}

# The following locals is required to resolve bug as per https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/issues/794
# This locals is used by resource "azurerm_role_assignment" "private_dns_zone_contributor_connectivity"
# in resources.role_assignments.tf to determine if the connectivity management group exists

locals {
connectivity_mg_exists = length([for k, v in local.es_landing_zones_map : v if(v.id == "${var.root_id}-connectivity")]) > 0
}
18 changes: 18 additions & 0 deletions resources.role_assignments.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,3 +97,21 @@ resource "time_sleep" "after_azurerm_role_assignment" {
create_duration = local.create_duration_delay["after_azurerm_role_assignment"]
destroy_duration = local.destroy_duration_delay["after_azurerm_role_assignment"]
}

# Role Assignment required to resolve bug as per https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/issues/794
# Role assignment will add "Private DNS Zone Contributor" role def for the policy assignment's Managed Identity
# on the connectivity management group
resource "azurerm_role_assignment" "private_dns_zone_contributor_connectivity" {
for_each = local.connectivity_mg_exists ? { for k, v in azurerm_management_group_policy_assignment.enterprise_scale : k => v if endswith(k, "Deploy-Private-DNS-Zones") } : {}
role_definition_name = "Private DNS Zone Contributor"
scope = "/providers/Microsoft.Management/managementGroups/${var.root_id}-connectivity"
principal_id = each.value.identity[0].principal_id

depends_on = [
time_sleep.after_azurerm_management_group,
time_sleep.after_azurerm_policy_definition,
time_sleep.after_azurerm_policy_set_definition,
time_sleep.after_azurerm_policy_assignment,
azurerm_role_assignment.policy_assignment,
]
}
38 changes: 38 additions & 0 deletions tests/modules/test_002_add_custom_core/baseline_values.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7645,6 +7645,44 @@
]
}
},
{
"address": "module.test_core.azurerm_role_assignment.private_dns_zone_contributor_connectivity[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\"]",
"mode": "managed",
"type": "azurerm_role_assignment",
"name": "private_dns_zone_contributor_connectivity",
"index": "/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones",
"provider_name": "registry.terraform.io/hashicorp/azurerm",
"schema_version": 0,
"values": {
"condition": null,
"condition_version": null,
"delegated_managed_identity_resource_id": null,
"description": null,
"role_definition_name": "Private DNS Zone Contributor",
"scope": "/providers/Microsoft.Management/managementGroups/root-id-1-connectivity",
"timeouts": null
},
"sensitive_values": {}
},
{
"address": "module.test_core.azurerm_role_assignment.private_dns_zone_contributor_connectivity[\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\"]",
"mode": "managed",
"type": "azurerm_role_assignment",
"name": "private_dns_zone_contributor_connectivity",
"index": "/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones",
"provider_name": "registry.terraform.io/hashicorp/azurerm",
"schema_version": 0,
"values": {
"condition": null,
"condition_version": null,
"delegated_managed_identity_resource_id": null,
"description": null,
"role_definition_name": "Private DNS Zone Contributor",
"scope": "/providers/Microsoft.Management/managementGroups/root-id-1-connectivity",
"timeouts": null
},
"sensitive_values": {}
},
{
"address": "module.test_core.azurerm_role_definition.enterprise_scale[\"/providers/Microsoft.Authorization/roleDefinitions/07824e45-af54-586f-a5f0-4bb8676cb3a2\"]",
"mode": "managed",
Expand Down
19 changes: 19 additions & 0 deletions tests/modules/test_003_add_mgmt_conn/baseline_values.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13330,6 +13330,25 @@
]
}
},
{
"address": "module.test_core.azurerm_role_assignment.private_dns_zone_contributor_connectivity[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\"]",
"mode": "managed",
"type": "azurerm_role_assignment",
"name": "private_dns_zone_contributor_connectivity",
"index": "/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones",
"provider_name": "registry.terraform.io/hashicorp/azurerm",
"schema_version": 0,
"values": {
"condition": null,
"condition_version": null,
"delegated_managed_identity_resource_id": null,
"description": null,
"role_definition_name": "Private DNS Zone Contributor",
"scope": "/providers/Microsoft.Management/managementGroups/root-id-1-connectivity",
"timeouts": null
},
"sensitive_values": {}
},
{
"address": "module.test_core.azurerm_role_definition.enterprise_scale[\"/providers/Microsoft.Authorization/roleDefinitions/07824e45-af54-586f-a5f0-4bb8676cb3a2\"]",
"mode": "managed",
Expand Down