From ff7020ebddcd7b59164647c9455edb2195976410 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 21 Dec 2021 12:47:59 +0100 Subject: [PATCH 1/8] change st ins config default name --- .../workspaces/storageInsightConfigs/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/deploy.bicep b/arm/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/deploy.bicep index 10824556b4..67cd634b12 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/deploy.bicep +++ b/arm/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/deploy.bicep @@ -2,7 +2,7 @@ param logAnalyticsWorkspaceName string @description('Optional. The name of the storage insights config') -param name string = last(split(storageAccountId, '/')) +param name string = '${last(split(storageAccountId, '/'))}-stinsconfig' @description('Required. The Azure Resource Manager ID of the storage account resource.') param storageAccountId string From fd0a44c98bf92a765e935e648ced0d2ea999964d Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 21 Dec 2021 12:53:39 +0100 Subject: [PATCH 2/8] law & order --- .../resourceRemoval/Initialize-DeploymentRemoval.ps1 | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/utilities/pipelines/resourceRemoval/Initialize-DeploymentRemoval.ps1 b/utilities/pipelines/resourceRemoval/Initialize-DeploymentRemoval.ps1 index bb4cc7166d..632e757a7f 100644 --- a/utilities/pipelines/resourceRemoval/Initialize-DeploymentRemoval.ps1 +++ b/utilities/pipelines/resourceRemoval/Initialize-DeploymentRemoval.ps1 @@ -72,6 +72,13 @@ function Initialize-DeploymentRemoval { ) break } + 'workspaces' { + $removalSequence += @( + 'Microsoft.OperationsManagement/solutions', + 'Microsoft.OperationalInsights/workspaces/linkedServices' + ) + break + } } # Invoke removal From 0f8dce9e3cdae98bceece73a8bb8fee0a00368e4 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 23 Dec 2021 15:43:07 +0100 Subject: [PATCH 3/8] output --- arm/Microsoft.OperationalInsights/workspaces/deploy.bicep | 2 +- arm/Microsoft.OperationalInsights/workspaces/readme.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep index a5343b7e96..fc1b69591a 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep +++ b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep @@ -251,7 +251,7 @@ module logAnalyticsWorkspace_rbac '.bicep/nested_rbac.bicep' = [for (roleAssignm @description('The resource ID of the deployed log analytics workspace') output logAnalyticsResourceId string = logAnalyticsWorkspace.id -@description('The resource group where the log analytics will be deployed') +@description('The resource group of the deployed log analytics workspace') output logAnalyticsResourceGroup string = resourceGroup().name @description('The name of the deployed log analytics workspace') diff --git a/arm/Microsoft.OperationalInsights/workspaces/readme.md b/arm/Microsoft.OperationalInsights/workspaces/readme.md index 8ea13e7fcd..32fdb1ab34 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/readme.md +++ b/arm/Microsoft.OperationalInsights/workspaces/readme.md @@ -123,18 +123,18 @@ Tag names and tag values can be provided as needed. A tag can be left without a | Output Name | Type | Description | | :-- | :-- | :-- | | `logAnalyticsName` | string | The name of the deployed log analytics workspace | -| `logAnalyticsResourceGroup` | string | The resource group where the log analytics will be deployed | +| `logAnalyticsResourceGroup` | string | The resource group of the deployed log analytics workspace | | `logAnalyticsResourceId` | string | The resource ID of the deployed log analytics workspace | | `logAnalyticsWorkspaceId` | string | The ID associated with the workspace | ## Template references +- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) -- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Solutions](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationsManagement/2015-11-01-preview/solutions) - [Workspaces](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces) - [Workspaces/Datasources](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces/dataSources) - [Workspaces/Linkedservices](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces/linkedServices) - [Workspaces/Savedsearches](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces/savedSearches) - [Workspaces/Storageinsightconfigs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces/storageInsightConfigs) -- [Solutions](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationsManagement/2015-11-01-preview/solutions) From 611b25b26c676f59c3c047f3a938d9f499cc3f0b Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 23 Dec 2021 15:58:29 +0100 Subject: [PATCH 4/8] purge law --- .../helper/Invoke-ResourcePostRemoval.ps1 | 25 +++++++++++++++++++ .../sharedScripts/Set-EnvironmentOnAgent.ps1 | 1 + 2 files changed, 26 insertions(+) diff --git a/utilities/pipelines/resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 b/utilities/pipelines/resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 index 907d99c855..7180c748c2 100644 --- a/utilities/pipelines/resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 +++ b/utilities/pipelines/resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 @@ -74,6 +74,31 @@ function Invoke-ResourcePostRemoval { } } } + 'Microsoft.OperationalInsights/workspaces' { + $subscriptionId = $resourceId.Split('/')[2] + $resourceGroupName = $resourceId.Split('/')[4] + $resourceName = Split-Path $ResourceId -Leaf + # Fetch service in soft-delete state + $getPath = '/subscriptions/{0}/providers/Microsoft.OperationalInsights/deletedWorkspaces?api-version=2020-03-01-preview' -f $subscriptionId + $getRequestInputObject = @{ + Method = 'GET' + Path = $getPath + } + $softDeletedService = ((Invoke-AzRestMethod @getRequestInputObject).Content | ConvertFrom-Json).value | Where-Object { $_.id -eq $resourceId } + if ($softDeletedService) { + # Recover service + $location = $softDeletedService.location + if ($PSCmdlet.ShouldProcess(('Log analytics workspace [{0}]' -f $resourceId), 'New')) { + $recoveredWorkspace = New-AzOperationalInsightsWorkspace -ResourceGroupName $resourceGroupName -Name $resourceName -Location $location + } + if ($recoveredWorkspace) { + # Purge service + if ($PSCmdlet.ShouldProcess(('Log analytics workspace with ID [{0}]' -f $resourceId), 'Purge')) { + $recoveredWorkspace | Remove-AzOperationalInsightsWorkspace -ForceDelete -Force + } + } + } + } 'Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems' { # Remove protected VM # Required if e.g. a VM was listed in an RSV and only that VM is removed diff --git a/utilities/pipelines/sharedScripts/Set-EnvironmentOnAgent.ps1 b/utilities/pipelines/sharedScripts/Set-EnvironmentOnAgent.ps1 index da2aa354f5..8e9cf515b2 100644 --- a/utilities/pipelines/sharedScripts/Set-EnvironmentOnAgent.ps1 +++ b/utilities/pipelines/sharedScripts/Set-EnvironmentOnAgent.ps1 @@ -106,6 +106,7 @@ function Set-EnvironmentOnAgent { @{ Name = 'Az.RecoveryServices' }, @{ Name = 'Az.Monitor' }, @{ Name = 'Az.CognitiveServices' }, + @{ Name = 'Az.OperationalInsights' }, @{ Name = 'Pester'; Version = '5.3.0' } ) ) From d29fead66a2c98c067cdb7aa128564f8d9e9dcde Mon Sep 17 00:00:00 2001 From: Erika Gressi <56914614+eriqua@users.noreply.github.com> Date: Thu, 23 Dec 2021 16:13:40 +0100 Subject: [PATCH 5/8] Update utilities/pipelines/resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 Co-authored-by: Alexander Sehr --- .../resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utilities/pipelines/resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 b/utilities/pipelines/resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 index 7180c748c2..6e68770a34 100644 --- a/utilities/pipelines/resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 +++ b/utilities/pipelines/resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 @@ -88,7 +88,7 @@ function Invoke-ResourcePostRemoval { if ($softDeletedService) { # Recover service $location = $softDeletedService.location - if ($PSCmdlet.ShouldProcess(('Log analytics workspace [{0}]' -f $resourceId), 'New')) { + if ($PSCmdlet.ShouldProcess(('Log analytics workspace [{0}]' -f $resourceId), 'Recover')) { $recoveredWorkspace = New-AzOperationalInsightsWorkspace -ResourceGroupName $resourceGroupName -Name $resourceName -Location $location } if ($recoveredWorkspace) { From e154c04ae2fbe3cea3dba35d5f47d74eda3b8638 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 23 Dec 2021 16:29:14 +0100 Subject: [PATCH 6/8] add check purge --- .../resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utilities/pipelines/resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 b/utilities/pipelines/resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 index 7180c748c2..f2233690e5 100644 --- a/utilities/pipelines/resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 +++ b/utilities/pipelines/resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 @@ -84,7 +84,7 @@ function Invoke-ResourcePostRemoval { Method = 'GET' Path = $getPath } - $softDeletedService = ((Invoke-AzRestMethod @getRequestInputObject).Content | ConvertFrom-Json).value | Where-Object { $_.id -eq $resourceId } + $softDeletedService = ((Invoke-AzRestMethod @getRequestInputObject).Content | ConvertFrom-Json).value | Where-Object { $_.id -eq $resourceId -and $_.name -eq $resourceName } if ($softDeletedService) { # Recover service $location = $softDeletedService.location From 02fa69beb6876f77ec230b5859fc544467a8ae49 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 23 Dec 2021 17:09:17 +0100 Subject: [PATCH 7/8] add break --- .../resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 | 5 +++++ .../resourceRemoval/helper/Invoke-ResourceRemoval.ps1 | 1 + 2 files changed, 6 insertions(+) diff --git a/utilities/pipelines/resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 b/utilities/pipelines/resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 index 19c722a441..0ee007a8a4 100644 --- a/utilities/pipelines/resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 +++ b/utilities/pipelines/resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 @@ -38,6 +38,7 @@ function Invoke-ResourcePostRemoval { $null = Remove-AzKeyVault -ResourceId $matchingKeyVault.Id -InRemovedState -Force -Location $matchingKeyVault.Location } } + break } 'Microsoft.CognitiveServices/accounts' { $resourceGroupName = $resourceId.Split('/')[4] @@ -49,6 +50,7 @@ function Invoke-ResourcePostRemoval { $null = Remove-AzCognitiveServicesAccount -InRemovedState -Force -Location $matchingAccount.Location -ResourceGroupName $resourceGroupName -Name $matchingAccount.AccountName } } + break } 'Microsoft.ApiManagement/service' { $subscriptionId = $resourceId.Split('/')[2] @@ -73,6 +75,7 @@ function Invoke-ResourcePostRemoval { $null = Invoke-AzRestMethod @purgeRequestInputObject } } + break } 'Microsoft.OperationalInsights/workspaces' { $subscriptionId = $resourceId.Split('/')[2] @@ -98,6 +101,7 @@ function Invoke-ResourcePostRemoval { } } } + break } 'Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems' { # Remove protected VM @@ -133,6 +137,7 @@ function Invoke-ResourcePostRemoval { # Undo a potential soft delete state change $null = Set-AzRecoveryServicesVaultProperty -VaultId $vaultId -SoftDeleteFeatureState $softDeleteStatus.TrimEnd('d') + break } ### CODE LOCATION: Add custom post-removal operation here } diff --git a/utilities/pipelines/resourceRemoval/helper/Invoke-ResourceRemoval.ps1 b/utilities/pipelines/resourceRemoval/helper/Invoke-ResourceRemoval.ps1 index 88510732e2..4cdc0c2cef 100644 --- a/utilities/pipelines/resourceRemoval/helper/Invoke-ResourceRemoval.ps1 +++ b/utilities/pipelines/resourceRemoval/helper/Invoke-ResourceRemoval.ps1 @@ -94,6 +94,7 @@ function Invoke-ResourceRemoval { # Actual removal # -------------- $null = Remove-AzResource -ResourceId $resourceId -Force -ErrorAction 'Stop' + break } ### CODE LOCATION: Add custom removal action here Default { From ff3a5190580ac66c855551675c6bf4d85418eee4 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 23 Dec 2021 17:13:07 +0100 Subject: [PATCH 8/8] remove if --- .../resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/utilities/pipelines/resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 b/utilities/pipelines/resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 index 0ee007a8a4..0a5d650269 100644 --- a/utilities/pipelines/resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 +++ b/utilities/pipelines/resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 @@ -94,11 +94,9 @@ function Invoke-ResourcePostRemoval { if ($PSCmdlet.ShouldProcess(('Log analytics workspace [{0}]' -f $resourceId), 'Recover')) { $recoveredWorkspace = New-AzOperationalInsightsWorkspace -ResourceGroupName $resourceGroupName -Name $resourceName -Location $location } - if ($recoveredWorkspace) { - # Purge service - if ($PSCmdlet.ShouldProcess(('Log analytics workspace with ID [{0}]' -f $resourceId), 'Purge')) { - $recoveredWorkspace | Remove-AzOperationalInsightsWorkspace -ForceDelete -Force - } + # Purge service + if ($PSCmdlet.ShouldProcess(('Log analytics workspace with ID [{0}]' -f $resourceId), 'Purge')) { + $recoveredWorkspace | Remove-AzOperationalInsightsWorkspace -ForceDelete -Force } } break