Skip to content

Commit

Permalink
Prepare for release 0.1.0 (#49)
Browse files Browse the repository at this point in the history 
This PR includes updates to prepare the `main` branch for release `0.1.0`, including:

- Update README as part of migrating documentation to the [Wiki](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki)
- Update names for allowed location policies from `Allow` to `Deny` for better consistency with other policies
- Fix #47 assignableScope bug for Role Definitions
- Fix #34 by adding dedicated CONTRIBUTING.md page
  • Loading branch information
Kevin Rowlandson committed Mar 10, 2021
1 parent d8bd5bf commit 945bfc8
Show file tree
Hide file tree
Showing 11 changed files with 150 additions and 388 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/update-policy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,4 +106,4 @@ jobs:
fi
working-directory: ${{ github.repository }}
env:
GITHUB_TOKEN: ${{ secrets.github_token }}
GITHUB_TOKEN: ${{ secrets.github_token }}
17 changes: 17 additions & 0 deletions CONTRIBUTING.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a
Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
the rights to use your contribution. For details, visit [https://cla.opensource.microsoft.com](https://cla.opensource.microsoft.com).

When you submit a pull request, a CLA bot will automatically determine whether you need to provide
a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
contact [[email protected]](mailto:[email protected]) with any additional questions or comments.

## Next steps

Please check out our official guide to contributing on our [documentation wiki](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/Contributing).
477 changes: 111 additions & 366 deletions README.md
View file

Large diffs are not rendered by default.

Binary file removed media/terraform-caf-enterprise-scale-overview.png
View file
Binary file not shown.
2 changes: 1 addition & 1 deletion ...ent_es_allow_resource_locations.tmpl.json → ...ment_es_deny_resource_locations.tmpl.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"name": "Allow-Resource-Locations",
"name": "Deny-Resource-Locations",
"type": "Microsoft.Authorization/policyAssignments",
"apiVersion": "2019-09-01",
"properties": {
Expand Down
2 changes: 1 addition & 1 deletion ...signment_es_allow_rsg_locations.tmpl.json → ...ssignment_es_deny_rsg_locations.tmpl.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"name": "Allow-RSG-Locations",
"name": "Deny-RSG-Locations",
"type": "Microsoft.Authorization/policyAssignments",
"apiVersion": "2019-09-01",
"properties": {
Expand Down
4 changes: 2 additions & 2 deletions ...nition_es_network_subnet_contributor.json → ...n_es_network_subnet_contributor.tmpl.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"name": "54d02acb-25b6-5569-b8ee-5ef01a73a6d4",
"name": "3485cc09-cc28-5b69-9679-1732b147a79a",
"type": "Microsoft.Authorization/roleDefinitions",
"apiVersion": "2018-01-01-preview",
"properties": {
Expand All @@ -24,7 +24,7 @@
}
],
"assignableScopes": [
"/"
"${current_scope_resource_id}"
]
}
}
2 changes: 1 addition & 1 deletion resources.role_definitions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ resource "azurerm_role_definition" "enterprise_scale" {

# Optional resource attributes
description = try(length(each.value.template.properties.description) > 0, false) ? each.value.template.properties.description : "${each.value.template.properties.roleName} Role Definition at scope ${each.value.scope_id}"
assignable_scopes = try(length(each.value.assignableScopes) > 0, false) ? each.value.assignableScopes : [each.value.scope_id, ]
assignable_scopes = try(length(each.value.template.properties.assignableScopes) > 0, false) ? each.value.template.properties.assignableScopes : [each.value.scope_id, ]
# Set explicit dependency on Management Group deployments
depends_on = [
Expand Down
8 changes: 4 additions & 4 deletions tests/deployment/lib/archetype_definitions/archetype_definition_customer_online.json
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
{
"customer_online": {
"policy_assignments": [
"Allow-Resource-Locations",
"Allow-RSG-Locations"
"Deny-Resource-Locations",
"Deny-RSG-Locations"
],
"policy_definitions": [],
"policy_set_definitions": [],
"role_definitions": [],
"archetype_config": {
"parameters": {
"Allow-Resource-Locations": {
"Deny-Resource-Locations": {
"listOfAllowedLocations": [
"eastus",
"eastus2",
Expand All @@ -18,7 +18,7 @@
"southcentralus"
]
},
"Allow-RSG-Locations": {
"Deny-RSG-Locations": {
"listOfAllowedLocations": [
"eastus",
"eastus2",
Expand Down
8 changes: 4 additions & 4 deletions tests/deployment/lib/archetype_definitions/archetype_definition_customer_root.json
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
{
"customer_root": {
"policy_assignments": [
"Allow-Resource-Locations",
"Allow-RSG-Locations",
"Deny-Resource-Locations",
"Deny-RSG-Locations",
"Deploy-ASC-Monitoring",
"Deploy-ASC-Defender",
"Deploy-AzActivity-Log",
Expand Down Expand Up @@ -126,7 +126,7 @@
],
"archetype_config": {
"parameters": {
"Allow-Resource-Locations": {
"Deny-Resource-Locations": {
"listOfAllowedLocations": [
"eastus",
"eastus2",
Expand All @@ -137,7 +137,7 @@
"ukwest"
]
},
"Allow-RSG-Locations": {
"Deny-RSG-Locations": {
"listOfAllowedLocations": [
"eastus",
"eastus2",
Expand Down
16 changes: 8 additions & 8 deletions tests/deployment/resources.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,15 +56,15 @@ module "test_root_id_3" {
archetype_config = {
archetype_id = "customer_online"
parameters = {
Allow-Resource-Locations = {
Deny-Resource-Locations = {
listOfAllowedLocations = jsonencode([
"eastus",
"westus",
"uksouth",
"ukwest",
])
}
Allow-RSG-Locations = {
Deny-RSG-Locations = {
listOfAllowedLocations = jsonencode([
"eastus",
"westus",
Expand Down Expand Up @@ -93,13 +93,13 @@ module "test_root_id_3" {
archetype_config = {
archetype_id = "customer_online"
parameters = {
Allow-Resource-Locations = {
Deny-Resource-Locations = {
listOfAllowedLocations = jsonencode([
"eastus",
"westus",
])
}
Allow-RSG-Locations = {
Deny-RSG-Locations = {
listOfAllowedLocations = jsonencode([
"eastus",
"westus",
Expand All @@ -116,12 +116,12 @@ module "test_root_id_3" {
archetype_config = {
archetype_id = "customer_online"
parameters = {
Allow-Resource-Locations = {
Deny-Resource-Locations = {
listOfAllowedLocations = jsonencode([
"eastus",
])
}
Allow-RSG-Locations = {
Deny-RSG-Locations = {
listOfAllowedLocations = jsonencode([
"eastus",
])
Expand Down Expand Up @@ -184,13 +184,13 @@ module "test_root_id_3_lz1" {
archetype_config = {
archetype_id = "customer_online"
parameters = {
Allow-Resource-Locations = {
Deny-Resource-Locations = {
listOfAllowedLocations = jsonencode([
"northcentralus",
"southcentralus",
])
}
Allow-RSG-Locations = {
Deny-RSG-Locations = {
listOfAllowedLocations = jsonencode([
"northcentralus",
"southcentralus",
Expand Down

0 comments on commit 945bfc8

Please sign in to comment.