Enterprise-Scale icon indicating copy to clipboard operation
Enterprise-Scale copied to clipboard
verified publisher icon Azure

Update Deploy-Diagnostics-LogAnalytics with more granular diagnostics settings

Open jfaurskov opened this issue 4 years ago • 0 comments

Overview/Summary

Update eslzArm/managementGroupTemplates/policyDefinitions/policies.json to include the following: All available parameters for builtin policies for the policy initiative Deploy-Diagnostics-LogAnalytics, Issue described in #860. This is a long-running branch to allow for minor updates to the overall diagnostics logging initiative and custom policies until such a time as all are updated and it is ready to merge into main.

This PR fixes/adds/changes/removes

  1. New parameters entered between line 13664 and 14028. Values constructed as follows:
  • Parameter name constructed from service prefix of policyDefinitionReferenceId - DeployDiagnosticLogDeployLogAnalytics (i.e. StorageAccountDeployDiagnosticLogDeployLogAnalytics becomes StorageAccount for the service name) and actual parameter (e.g. logsEnabled). Following services are involved:
    • StorageAccount
    • AKS
    • Batch
    • DataLakeStore
    • EventHub
    • KeyVault
    • LogicAppsWF
    • NetworkPublicIPNic
    • RecoveryVault
    • SearchServices
    • ServiceBus
    • SQLDatabase
    • StreamAnalytics
  • Parameter type, metadata and default value pulled from built-in policy definitions and added to parameter set. Meta data display name suffixed with service prefix (StorageDelete - Enabled becomes StorageDelete - Enabled for StorageAccount service).
  1. References to new parameters added in policy definition references between 14046 and 14978.

Breaking Changes

  1. Since new parameters are added to policy initiative the initiative will need to be deleted and recreated.

Testing Evidence

Have performed the following basic manual tests:

  1. Deploy policies.json to management group structure running " New-AzManagementGroupDeployment -Name policies -ManagementGroupId <mgId>-Location westeurope -TemplateFile .\eslzArm\managementGroupTemplates\policyDefinitions\policies.json -topLevelManagementGroupPrefix <mgId>" see screenshot of successful deployment below: successfuldeploy
  2. Assign Deploy-Diagnostics-LogAnalytics to management group structure with default parameters (log analytics environment specific).
  3. Verify compliance/non-compliance after assigning. See screenshot below: Compliance

Further testing to be carried out:

  1. Verify that deployifnotexists works with new deployments
  2. Verify various combinations of logging settings

As part of this Pull Request I have

  • [x] Checked for duplicate Pull Requests
  • [x] Associated it with relevant issues, for tracking and closure.
  • [x] Ensured my code/branch is up-to-date with the latest changes in the main branch
  • [x] Performed testing and provided evidence.
  • [ ] Updated relevant and associated documentation. Not relevant yet as this is not going into main
  • [ ] Updated the "What's New?" wiki page (located: /docs/wiki/whats-new.md) Not relevant yet as this is not going into main

jfaurskov avatar Dec 13 '21 14:12 jfaurskov