Add practical code examples

[DevSecNinja]

Overview/Summary

Adding practical examples to the Docs

As part of this Pull Request I have

• [ ] Checked for duplicate Pull Requests
• [ ] Associated it with relevant issues, for tracking and closure.
• [ ] Ensured my code/branch is up-to-date with the latest changes in the main branch
• [ ] Performed testing and provided evidence.
• [ ] Updated relevant and associated documentation.
• [ ] Updated the "What's New?" wiki page (located in the Enterprise-Scale repo in the directory: /docs/wiki/whats-new.md)

Related: #186

[krowlandson]

Thank you for your contribution @DevSecNinja 👍🏻

As discussed offline, if we can expand this to cover off some of our related issues, that would be awesome.

I think the following would be good ones to consider closing off with this:

• #359
• #186

To deliver this I think it would be good to create a dedicated level 200 example page showing how to set custom parameters on policy assignments, covering the following available ways:

• Within an archetype definition
• Setting static parameter values within a policy assignment template (within the custom lib folder)
• Within the archetype_config_overrides input variable
• Within the custom_landing_zones input variable

If we can build examples showing how to disable the policies mentioned in #186, we can then link to these from the Getting Started page (which also needs updating to identify Deny-Subnet-Without-Udr as another policy which may conflict with Terraform.

Finally, we can also update the Archetype Definitions page to point to these examples when talking about the parameters object within the archetype_config object.

If you have any further questions on this, please let me know 🚀

[DevSecNinja]

Closes #359 #186

[DevSecNinja]

Thank you for your contribution @DevSecNinja 👍🏻

As discussed offline, if we can expand this to cover off some of our related issues, that would be awesome.

I think the following would be good ones to consider closing off with this:

• Specifying parameters in policy assignment loses Log Analytics ID #359
• Policies incompatible with Terraform #186

To deliver this I think it would be good to create a dedicated level 200 example page showing how to set custom parameters on policy assignments, covering the following available ways:

• Within an archetype definition
• Setting static parameter values within a policy assignment template (within the custom lib folder)
• Within the archetype_config_overrides input variable
• Within the custom_landing_zones input variable

If we can build examples showing how to disable the policies mentioned in #186, we can then link to these from the Getting Started page (which also needs updating to identify Deny-Subnet-Without-Udr as another policy which may conflict with Terraform.

Finally, we can also update the Archetype Definitions page to point to these examples when talking about the parameters object within the archetype_config object.

If you have any further questions on this, please let me know 🚀

All points done in latest commit, except for your point on Deny-Subnet-Without-Udr. What's the matter with that one? Similar issue as Deny-Subnet-Without-Nsg as the subnet creation + NSG linking can't be done in one API call, causing the deployment to fail with a policy validation error?

[krowlandson]

Thank you for the updates @DevSecNinja ...

All points done in latest commit, except for your point on Deny-Subnet-Without-Udr. What's the matter with that one? Similar issue as Deny-Subnet-Without-Nsg as the subnet creation + NSG linking can't be done in one API call, causing the deployment to fail with a policy validation error?

Yes, as Terraform links UDRs to subnets using the azurerm_subnet_route_table_association resource, it's not possible to create a subnet with the UDR attached.

I've fixed a couple of linting errors and will review the PR now 👍🏻

[krowlandson]

/azp run unit

[azure-pipelines[bot]]

Azure Pipelines successfully started running 1 pipeline(s).