terraform-azurerm-caf-enterprise-scale
terraform-azurerm-caf-enterprise-scale copied to clipboard
Add practical code examples
Overview/Summary
Adding practical examples to the Docs
As part of this Pull Request I have
- [ ] Checked for duplicate Pull Requests
- [ ] Associated it with relevant issues, for tracking and closure.
- [ ] Ensured my code/branch is up-to-date with the latest changes in the
main
branch - [ ] Performed testing and provided evidence.
- [ ] Updated relevant and associated documentation.
- [ ] Updated the "What's New?" wiki page (located in the Enterprise-Scale repo in the directory:
/docs/wiki/whats-new.md
)
Related: #186
Thank you for your contribution @DevSecNinja ๐๐ป
As discussed offline, if we can expand this to cover off some of our related issues, that would be awesome.
I think the following would be good ones to consider closing off with this:
- #359
- #186
To deliver this I think it would be good to create a dedicated level 200 example page showing how to set custom parameters on policy assignments, covering the following available ways:
- Within an archetype definition
- Setting static parameter values within a policy assignment template (within the custom
lib
folder) - Within the
archetype_config_overrides
input variable - Within the
custom_landing_zones
input variable
If we can build examples showing how to disable the policies mentioned in #186, we can then link to these from the Getting Started page (which also needs updating to identify Deny-Subnet-Without-Udr
as another policy which may conflict with Terraform.
Finally, we can also update the Archetype Definitions page to point to these examples when talking about the parameters
object within the archetype_config
object.
If you have any further questions on this, please let me know ๐
Closes #359 #186
Thank you for your contribution @DevSecNinja ๐๐ป
As discussed offline, if we can expand this to cover off some of our related issues, that would be awesome.
I think the following would be good ones to consider closing off with this:
- Specifying parameters in policy assignment loses Log Analytics IDย #359
- Policies incompatible with Terraformย #186
To deliver this I think it would be good to create a dedicated level 200 example page showing how to set custom parameters on policy assignments, covering the following available ways:
- Within an archetype definition
- Setting static parameter values within a policy assignment template (within the custom
lib
folder)- Within the
archetype_config_overrides
input variable- Within the
custom_landing_zones
input variableIf we can build examples showing how to disable the policies mentioned in #186, we can then link to these from the Getting Started page (which also needs updating to identify
Deny-Subnet-Without-Udr
as another policy which may conflict with Terraform.Finally, we can also update the Archetype Definitions page to point to these examples when talking about the
parameters
object within thearchetype_config
object.If you have any further questions on this, please let me know ๐
All points done in latest commit, except for your point on Deny-Subnet-Without-Udr
. What's the matter with that one? Similar issue as Deny-Subnet-Without-Nsg
as the subnet creation + NSG linking can't be done in one API call, causing the deployment to fail with a policy validation error?
Thank you for the updates @DevSecNinja ...
All points done in latest commit, except for your point on
Deny-Subnet-Without-Udr
. What's the matter with that one? Similar issue asDeny-Subnet-Without-Nsg
as the subnet creation + NSG linking can't be done in one API call, causing the deployment to fail with a policy validation error?
Yes, as Terraform links UDRs to subnets using the azurerm_subnet_route_table_association resource, it's not possible to create a subnet with the UDR attached.
I've fixed a couple of linting errors and will review the PR now ๐๐ป
/azp run unit
Azure Pipelines successfully started running 1 pipeline(s).