-
Notifications
You must be signed in to change notification settings - Fork 437
Microsoft.Authorization Namespace Bicep Modules #122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
51 commits
Select commit
Hold shift + click to select a range
8e9b44a
added Az Policy and RBAC Modules
ahmadabdalla 2cc5129
updated user identity module
ahmadabdalla dc2f0e0
Merge remote-tracking branch 'upstream/main' into users/ahmadabdalla/…
ahmadabdalla d18259e
catered for scenario where retryLimit is set to 1
ahmadabdalla 885675a
added (ge) instead of (gt) for catch
ahmadabdalla 513e45a
updated based on comments
ahmadabdalla 64f5d4f
Merge remote-tracking branch 'upstream/main' into users/ahmadabdalla/…
ahmadabdalla f7af60b
updated lock scope
ahmadabdalla 80b8ef4
updated test error for readme
ahmadabdalla eefcc6d
Merge remote-tracking branch 'upstream/main' into users/ahmadabdalla/…
ahmadabdalla 155cd44
updated readme
ahmadabdalla 45c5d93
fixed readme
ahmadabdalla a5fb7da
updated readme with check mark
ahmadabdalla 3cc62ba
updated lock resource
ahmadabdalla f338e0d
Merge remote-tracking branch 'upstream/main' into users/ahmadabdalla/…
ahmadabdalla da792b7
Merge branch 'main' into users/ahmadabdalla/policyAndRbac
ahmadabdalla ef2e595
Merge remote-tracking branch 'upstream/main'
ahmadabdalla 6b3d55c
Merge branch 'main' into users/ahmadabdalla/policyAndRbac
ahmadabdalla c8e9092
Clean up commit
ahmadabdalla 9b99228
Modified pipelines to point to bicep file instead
ahmadabdalla b4c8a08
updated read me
ahmadabdalla 9b4f45d
supressed parameter location validation
ahmadabdalla 81b129e
added workaround
ahmadabdalla 24fb130
added readme details
ahmadabdalla da0faf2
completed RBAC Assignment
ahmadabdalla ccb3648
remove check for variable name (_)
ahmadabdalla d19f3e3
updated policy read me
ahmadabdalla 52d6393
updated policy
ahmadabdalla a371fd9
updated parameters
ahmadabdalla 2dbafbe
updated readme
ahmadabdalla 4d175a8
updated policy length
ahmadabdalla dda7d66
updated policy definitions pipeline
ahmadabdalla 80f64b1
added exemption and set definition pipelines
ahmadabdalla b6b4496
Merge pull request #1 from ahmadabdalla/users/ahmadabdalla/policyAndRbac
ahmadabdalla 59c807e
Users/ahmadabdalla/ms authorization (#2)
ahmadabdalla b307412
Merge remote-tracking branch 'upstream/main'
ahmadabdalla 86d6c2d
Merge remote-tracking branch 'upstream/main'
ahmadabdalla 9ba64cb
Users/ahmadabdalla/ms auth comments (#3)
ahmadabdalla 51ad772
Merge branch 'Azure:main' into main
ahmadabdalla c69e208
Merge remote-tracking branch 'upstream/main'
ahmadabdalla 8f44d6d
Merge remote-tracking branch 'upstream/main'
ahmadabdalla 442f25b
Merge remote-tracking branch 'upstream/main'
ahmadabdalla cfd6226
Merge remote-tracking branch 'upstream/main'
ahmadabdalla e669249
Merge remote-tracking branch 'upstream/main'
ahmadabdalla 10659c3
Merge remote-tracking branch 'upstream/main'
ahmadabdalla 53242e6
added current version of roles to constructs
ahmadabdalla f84ad1e
Merge remote-tracking branch 'upstream/main'
ahmadabdalla 60153e5
updated parameter files to point to test subscription
ahmadabdalla 353842e
updated based on feedback
ahmadabdalla 3442cf5
Merge remote-tracking branch 'upstream/main'
ahmadabdalla e3c62c7
updated to test principal ID
ahmadabdalla File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
182 changes: 182 additions & 0 deletions
182
.github/workflows/ms.authorization.policydefinitions.yml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,182 @@ | ||
| name: "Authorization: policyDefinitions" | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| removeDeployment: | ||
| description: 'Remove deployed module' | ||
| required: false | ||
| default: 'false' | ||
| versioningOption: | ||
| description: 'The mode to handle the version increments [major|minor|patch|custom]' | ||
| required: false | ||
| default: 'patch' | ||
| customVersion: | ||
| description: 'The version to enforce if [versionOption] is set to [custom]' | ||
| required: false | ||
| default: '0.0.1' | ||
|
|
||
| env: | ||
| moduleName: 'policyDefinitions' | ||
| modulePath: 'arm/Microsoft.Authorization/policyDefinitions' | ||
| AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} | ||
| ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} | ||
| ARM_MGMTGROUP_ID: ${{ secrets.ARM_MGMTGROUP_ID }} | ||
|
|
||
| jobs: | ||
| ################## | ||
| # UNIT TESTS # | ||
| ################## | ||
| # Global tests | ||
| # ------------ | ||
| job_tests_module_global: | ||
| runs-on: ubuntu-20.04 | ||
| name: "Run global module tests" | ||
| steps: | ||
| - name: "Checkout" | ||
| uses: actions/checkout@v2 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: "Test module" | ||
| uses: ./.github/actions/templates/validateModuleGeneral | ||
| with: | ||
| modulePath: '${{ env.modulePath }}' | ||
| moduleName: '${{ env.moduleName}}' | ||
|
|
||
| # Global API tests | ||
| # ---------------- | ||
| job_tests_module_global_api: | ||
| runs-on: ubuntu-20.04 | ||
| name: "Run global API module tests" | ||
| steps: | ||
| - name: "Checkout" | ||
| uses: actions/checkout@v2 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: "Test module" | ||
| uses: ./.github/actions/templates/validateModuleApis | ||
| with: | ||
| modulePath: '${{ env.modulePath }}' | ||
| moduleName: '${{ env.moduleName}}' | ||
|
|
||
| # Validate deployment module tests | ||
| # -------------------------------- | ||
| job_tests_module_deploy_validate: | ||
| runs-on: ubuntu-20.04 | ||
| name: "Run deployment validation module tests" | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| parameterFilePaths: ['parameters.json'] | ||
| steps: | ||
| - name: "Checkout" | ||
| uses: actions/checkout@v2 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Set environment variables | ||
| uses: deep-mm/set-variables@v1.0 | ||
| with: | ||
| # Name of variable file | ||
| variableFileName: 'variables.module' # Don't write .json here | ||
| - name: "Test module" | ||
| uses: ./.github/actions/templates/validateModuleDeploy | ||
| with: | ||
| templateFilePath: '${{ env.modulePath }}/.bicep/nested_policyDefinitions_sub.bicep' | ||
rahalan marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| parameterFilePath: '${{ env.modulePath }}/parameters/${{ matrix.parameterFilePaths }}' | ||
| location: '${{ env.defaultLocation }}' | ||
| resourceGroupName: '${{ env.resourceGroupName }}' | ||
| subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' | ||
| managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' | ||
|
|
||
| #################### | ||
| # DEPLOY TESTS # | ||
| #################### | ||
| job_deploy_module: | ||
| runs-on: ubuntu-20.04 | ||
| name: "Deploy module" | ||
| needs: | ||
| - job_tests_module_global | ||
| - job_tests_module_global_api | ||
| - job_tests_module_deploy_validate | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| parameterFilePaths: ['parameters.json'] | ||
| steps: | ||
| - name: "Checkout" | ||
| uses: actions/checkout@v2 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Set environment variables | ||
| uses: deep-mm/set-variables@v1.0 | ||
| with: | ||
| # Name of variable file | ||
| variableFileName: 'variables.module' # Don't write .json here | ||
| - name: "Deploy module" | ||
| uses: ./.github/actions/templates/deployModule | ||
| with: | ||
| moduleName: '${{ env.moduleName }}' | ||
| templateFilePath: '${{ env.modulePath }}/.bicep/nested_policyDefinitions_sub.bicep' | ||
rahalan marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| parameterFilePath: '${{ env.modulePath }}/parameters/${{ matrix.parameterFilePaths }}' | ||
| location: '${{ env.defaultLocation }}' | ||
| resourceGroupName: '${{ env.resourceGroupName }}' | ||
| subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' | ||
| managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' | ||
| removeDeployment: '${{ github.event.inputs.removeDeployment }}' | ||
|
|
||
| ############### | ||
| # PUBLISH # | ||
| ############### | ||
| job_publish_module: | ||
| name: "Publish module" | ||
| if: contains(fromJson('["refs/heads/main", "refs/heads/master"]'), github.ref) | ||
| runs-on: ubuntu-20.04 | ||
| needs: | ||
| - job_deploy_module | ||
| steps: | ||
| - name: "Checkout" | ||
| uses: actions/checkout@v2 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Set environment variables | ||
| uses: deep-mm/set-variables@v1.0 | ||
| with: | ||
| # Name of variable file | ||
| variableFileName: 'variables.module' # Don't write .json here | ||
| - name: "Publish module" | ||
| uses: ./.github/actions/templates/publishModule | ||
| with: | ||
| templateFilePath: '${{ env.modulePath }}/deploy.bicep' | ||
| componentTemplateSpecRGName: '${{ env.componentTemplateSpecRGName }}' | ||
| componentTemplateSpecRGLocation: '${{ env.componentTemplateSpecRGLocation }}' | ||
| componentTemplateSpecName: '${{ env.moduleName }}' | ||
| componentTemplateSpecDescription: '${{ env.componentTemplateSpecDescription }}' | ||
| publishToTemplateSpec: '${{ env.publishToTemplateSpec }}' | ||
| versioningOption: '${{ github.event.inputs.versioningOption }}' | ||
| customVersion: '${{ github.event.inputs.customVersion }}' | ||
|
|
||
| ############## | ||
| # REMOVE # | ||
| ############## | ||
| job_remove_module: | ||
| runs-on: ubuntu-20.04 | ||
| name: "Remove module" | ||
| if: ${{ always() && !cancelled() && github.event.inputs.removeDeployment == 'true' && (contains(needs.*.result, 'success') || contains(needs.*.result, 'failure')) }} | ||
| needs: | ||
| - job_deploy_module | ||
| steps: | ||
| - name: "Checkout" | ||
| uses: actions/checkout@v2 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Set environment variables | ||
| uses: deep-mm/set-variables@v1.0 | ||
| with: | ||
| # Name of variable file | ||
| variableFileName: 'variables.module' # Don't write .json here | ||
| - name: "Remove module" | ||
| uses: ./.github/actions/templates/removeModule | ||
| with: | ||
| moduleName: '${{ env.moduleName }}' | ||
| templateFilePath: '${{ env.modulePath }}/deploy.bicep' | ||
| resourceGroupName: '${{ env.resourceGroupName }}' | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.