From 07acdffc42317725b4dbe1f212876b481ebef7c8 Mon Sep 17 00:00:00 2001 From: "cae-pr-creator[bot]" <126156663+cae-pr-creator[bot]@users.noreply.github.com> Date: Wed, 13 Nov 2024 09:58:00 +0000 Subject: [PATCH 01/11] Update Library Templates (automated) (#1200) This is an automated 'pull_request' containing updates to the library templates stored in 'modules/archetypes/lib'. Please review the 'files changed' tab to review changes. Co-authored-by: github-actions --- ...type_definition_es_landing_zones.tmpl.json | 2 +- ...archetype_definition_es_platform.tmpl.json | 3 +- .../archetype_definition_es_root.tmpl.json | 3 +- ...ssignment_es_deploy_diag_logscat.tmpl.json | 28 ++ ...ment_es_deploy_private_dns_zones.tmpl.json | 6 +- ...gnment_es_enforce_subnet_private.tmpl.json | 28 ++ ...nition_es_append_appservice_latesttls.json | 5 +- ...nition_es_append_redis_sslenforcement.json | 4 +- .../policy_definition_es_deny_eh_mintls.json | 4 +- .../policy_definition_es_deny_mysql_http.json | 4 +- .../policy_definition_es_deny_redis_http.json | 6 +- .../policy_definition_es_deny_sql_mintls.json | 4 +- ...olicy_definition_es_deny_sqlmi_mintls.json | 6 +- ...efinition_es_deny_vnet_peer_cross_sub.json | 22 +- ...nition_es_deploy_mysql_sslenforcement.json | 4 +- ...n_es_deploy_postgresql_sslenforcement.json | 4 +- ...inition_es_deploy_private_dns_generic.json | 19 +- ...olicy_definition_es_deploy_sql_mintls.json | 4 +- ...icy_definition_es_deploy_sqlmi_mintls.json | 4 +- ...tion_es_deploy_storage_sslenforcement.json | 4 +- ...n_es_deploy_mdfc_config_20240319.tmpl.json | 19 +- ...tion_es_deploy_private_dns_zones.tmpl.json | 328 ++++++++++++++---- ...nition_es_enforce_encryption_cmk.tmpl.json | 24 +- ...es_enforce_guardrails_botservice.tmpl.json | 107 ++++++ ...rce_guardrails_cognitiveservices.tmpl.json | 76 +++- ...force_guardrails_machinelearning.tmpl.json | 166 ++++++++- ...ion_es_enforce_guardrails_openai.tmpl.json | 93 ++++- 27 files changed, 858 insertions(+), 119 deletions(-) create mode 100644 modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_diag_logscat.tmpl.json create mode 100644 modules/archetypes/lib/policy_assignments/policy_assignment_es_enforce_subnet_private.tmpl.json create mode 100644 modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_botservice.tmpl.json diff --git a/modules/archetypes/lib/archetype_definitions/archetype_definition_es_landing_zones.tmpl.json b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_landing_zones.tmpl.json index 4891d51b1..b6261825c 100644 --- a/modules/archetypes/lib/archetype_definitions/archetype_definition_es_landing_zones.tmpl.json +++ b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_landing_zones.tmpl.json @@ -8,7 +8,6 @@ "Deny-Privileged-AKS", "Deny-Storage-http", "Deny-Subnet-Without-Nsg", - "Deploy-AKS-Policy", "Deploy-AzSqlDb-Auditing", "Deploy-MDFC-DefSQL-AMA", "Deploy-SQL-TDE", @@ -25,6 +24,7 @@ "Enforce-AKS-HTTPS", "Enforce-ASR", "Enforce-GR-KeyVault", + "Enforce-Subnet-Private", "Enforce-TLS-SSL-H224" ], "policy_definitions": [], diff --git a/modules/archetypes/lib/archetype_definitions/archetype_definition_es_platform.tmpl.json b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_platform.tmpl.json index 8d6f4e472..44df8988a 100644 --- a/modules/archetypes/lib/archetype_definitions/archetype_definition_es_platform.tmpl.json +++ b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_platform.tmpl.json @@ -11,7 +11,8 @@ "Deploy-VMSS-Monitoring", "Enable-AUM-CheckUpdates", "Enforce-ASR", - "Enforce-GR-KeyVault" + "Enforce-GR-KeyVault", + "Enforce-Subnet-Private" ], "policy_definitions": [], "policy_set_definitions": [], diff --git a/modules/archetypes/lib/archetype_definitions/archetype_definition_es_root.tmpl.json b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_root.tmpl.json index 888927d5a..e676b1a2c 100644 --- a/modules/archetypes/lib/archetype_definitions/archetype_definition_es_root.tmpl.json +++ b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_root.tmpl.json @@ -9,7 +9,7 @@ "Deny-UnmanagedDisk", "Deploy-ASC-Monitoring", "Deploy-AzActivity-Log", - "Deploy-Diag-Logs", + "Deploy-Diag-LogsCat", "Deploy-MDEndpoints", "Deploy-MDEndpointsAMA", "Deploy-MDFC-Config-H224", @@ -200,6 +200,7 @@ "Enforce-Guardrails-APIM", "Enforce-Guardrails-AppServices", "Enforce-Guardrails-Automation", + "Enforce-Guardrails-BotService", "Enforce-Guardrails-CognitiveServices", "Enforce-Guardrails-Compute", "Enforce-Guardrails-ContainerApps", diff --git a/modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_diag_logscat.tmpl.json b/modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_diag_logscat.tmpl.json new file mode 100644 index 000000000..b09d4d3fc --- /dev/null +++ b/modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_diag_logscat.tmpl.json @@ -0,0 +1,28 @@ +{ + "type": "Microsoft.Authorization/policyAssignments", + "apiVersion": "2022-06-01", + "name": "Deploy-Diag-LogsCat", + "location": "${default_location}", + "dependsOn": [], + "identity": { + "type": "SystemAssigned" + }, + "properties": { + "description": "Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This initiative deploys diagnostic setting using the allLogs category group to route logs to an Event Hub for all supported resources.", + "displayName": "Enable category group resource logging for supported resources to Log Analytics", + "policyDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/f5b29bc4-feca-4cc6-a58a-772dd5e290a5", + "enforcementMode": "Default", + "nonComplianceMessages": [ + { + "message": "Diagnostic settings {enforcementMode} be deployed to Azure services to forward logs to Log Analytics." + } + ], + "parameters": { + "logAnalytics": { + "value": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/${root_scope_id}-mgmt/providers/Microsoft.OperationalInsights/workspaces/${root_scope_id}-la" + } + }, + "scope": "${current_scope_resource_id}", + "notScopes": [] + } +} diff --git a/modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_private_dns_zones.tmpl.json b/modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_private_dns_zones.tmpl.json index d36017ea9..f4956f8ae 100644 --- a/modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_private_dns_zones.tmpl.json +++ b/modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_private_dns_zones.tmpl.json @@ -210,13 +210,13 @@ "azureStorageTableSecondaryPrivateDnsZoneId": { "value": "${private_dns_zone_prefix}privatelink.table.core.windows.net" }, - "azureSiteRecoveryBackupPrivateDnsZoneID": { + "azureSiteRecoveryBackupPrivateDnsZoneId": { "value": "${private_dns_zone_prefix}privatelink.${connectivity_location_short}.backup.windowsazure.com" }, - "azureSiteRecoveryBlobPrivateDnsZoneID": { + "azureSiteRecoveryBlobPrivateDnsZoneId": { "value": "${private_dns_zone_prefix}privatelink.blob.core.windows.net" }, - "azureSiteRecoveryQueuePrivateDnsZoneID": { + "azureSiteRecoveryQueuePrivateDnsZoneId": { "value": "${private_dns_zone_prefix}privatelink.queue.core.windows.net" } }, diff --git a/modules/archetypes/lib/policy_assignments/policy_assignment_es_enforce_subnet_private.tmpl.json b/modules/archetypes/lib/policy_assignments/policy_assignment_es_enforce_subnet_private.tmpl.json new file mode 100644 index 000000000..f2a0da607 --- /dev/null +++ b/modules/archetypes/lib/policy_assignments/policy_assignment_es_enforce_subnet_private.tmpl.json @@ -0,0 +1,28 @@ +{ + "type": "Microsoft.Authorization/policyAssignments", + "apiVersion": "2022-06-01", + "name": "Enforce-Subnet-Private", + "dependsOn": [], + "properties": { + "description": "Ensure your subnets are secure by default by preventing default outbound access. For more information go to https://aka.ms/defaultoutboundaccessretirement", + "displayName": "Subnets should be private", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7bca8353-aa3b-429b-904a-9229c4385837", + "enforcementMode": "Default", + "nonComplianceMessages": [ + { + "message": "Subnets {enforcementMode} be private." + } + ], + "parameters": { + "effect": { + "value": "Audit" + } + }, + "scope": "${current_scope_resource_id}", + "notScopes": [] + }, + "location": "${default_location}", + "identity": { + "type": "None" + } +} diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_append_appservice_latesttls.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_append_appservice_latesttls.json index 628ae5b66..547cca8cd 100644 --- a/modules/archetypes/lib/policy_definitions/policy_definition_es_append_appservice_latesttls.json +++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_append_appservice_latesttls.json @@ -9,7 +9,7 @@ "displayName": "AppService append sites with minimum TLS version to enforce.", "description": "Append the AppService sites object to ensure that min Tls version is set to required minimum TLS version. Please note Append does not enforce compliance use then deny.", "metadata": { - "version": "1.1.0", + "version": "1.2.0", "category": "App Service", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -35,6 +35,7 @@ "type": "String", "defaultValue": "1.2", "allowedValues": [ + "1.3", "1.2", "1.0", "1.1" @@ -54,7 +55,7 @@ }, { "field": "Microsoft.Web/sites/config/minTlsVersion", - "notEquals": "[parameters('minTlsVersion')]" + "less": "[parameters('minTlsVersion')]" } ] }, diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_append_redis_sslenforcement.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_append_redis_sslenforcement.json index 817426388..aac286f37 100644 --- a/modules/archetypes/lib/policy_definitions/policy_definition_es_append_redis_sslenforcement.json +++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_append_redis_sslenforcement.json @@ -9,7 +9,7 @@ "displayName": "Azure Cache for Redis Append a specific min TLS version requirement and enforce TLS.", "description": "Append a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.", "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "Cache", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -56,7 +56,7 @@ "anyOf": [ { "field": "Microsoft.Cache/Redis/minimumTlsVersion", - "notequals": "[parameters('minimumTlsVersion')]" + "less": "[parameters('minimumTlsVersion')]" } ] } diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_eh_mintls.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_eh_mintls.json index a1e8b33e7..6f7e7a29e 100644 --- a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_eh_mintls.json +++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_eh_mintls.json @@ -9,7 +9,7 @@ "displayName": "Event Hub namespaces should use a valid TLS version", "description": "Event Hub namespaces should use a valid TLS version.", "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "Event Hub", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -52,7 +52,7 @@ "anyOf": [ { "field": "Microsoft.EventHub/namespaces/minimumTlsVersion", - "notEquals": "[parameters('minTlsVersion')]" + "less": "[parameters('minTlsVersion')]" }, { "field": "Microsoft.EventHub/namespaces/minimumTlsVersion", diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_mysql_http.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_mysql_http.json index a8da04389..1c98aa2b4 100644 --- a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_mysql_http.json +++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_mysql_http.json @@ -9,7 +9,7 @@ "displayName": "MySQL database servers enforce SSL connections.", "description": "Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.", "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "SQL", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -66,7 +66,7 @@ }, { "field": "Microsoft.DBforMySQL/servers/minimalTlsVersion", - "notequals": "[parameters('minimalTlsVersion')]" + "less": "[parameters('minimalTlsVersion')]" } ] } diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_redis_http.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_redis_http.json index 73d491ad7..70055987b 100644 --- a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_redis_http.json +++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_redis_http.json @@ -9,7 +9,7 @@ "displayName": "Azure Cache for Redis only secure connections should be enabled", "description": "Audit enabling of only connections via SSL to Azure Cache for Redis. Validate both minimum TLS version and enableNonSslPort is disabled. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking", "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "Cache", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -41,7 +41,7 @@ "1.0" ], "metadata": { - "displayName": "Select minumum TLS version for Azure Cache for Redis.", + "displayName": "Select minimum TLS version for Azure Cache for Redis.", "description": "Select minimum TLS version for Azure Cache for Redis." } } @@ -61,7 +61,7 @@ }, { "field": "Microsoft.Cache/Redis/minimumTlsVersion", - "notequals": "[parameters('minimumTlsVersion')]" + "less": "[parameters('minimumTlsVersion')]" } ] } diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_sql_mintls.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_sql_mintls.json index f859443e7..f9890d9f4 100644 --- a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_sql_mintls.json +++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_sql_mintls.json @@ -9,7 +9,7 @@ "displayName": "Azure SQL Database should have the minimal TLS version set to the highest version", "description": "Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not reccomended since they have well documented security vunerabilities.", "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "SQL", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -61,7 +61,7 @@ }, { "field": "Microsoft.Sql/servers/minimalTlsVersion", - "notequals": "[parameters('minimalTlsVersion')]" + "less": "[parameters('minimalTlsVersion')]" } ] } diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_sqlmi_mintls.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_sqlmi_mintls.json index 951d1ac18..d1d555201 100644 --- a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_sqlmi_mintls.json +++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_sqlmi_mintls.json @@ -7,9 +7,9 @@ "policyType": "Custom", "mode": "Indexed", "displayName": "SQL Managed Instance should have the minimal TLS version set to the highest version", - "description": "Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not reccomended since they have well documented security vunerabilities.", + "description": "Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.", "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "SQL", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -61,7 +61,7 @@ }, { "field": "Microsoft.Sql/managedInstances/minimalTlsVersion", - "notequals": "[parameters('minimalTlsVersion')]" + "less": "[parameters('minimalTlsVersion')]" } ] } diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_vnet_peer_cross_sub.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_vnet_peer_cross_sub.json index d9d6dd82c..47cf20289 100644 --- a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_vnet_peer_cross_sub.json +++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_vnet_peer_cross_sub.json @@ -9,7 +9,7 @@ "displayName": "Deny vNet peering cross subscription.", "description": "This policy denies the creation of vNet Peerings outside of the same subscriptions under the assigned scope.", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -31,6 +31,14 @@ "Disabled" ], "defaultValue": "Deny" + }, + "allowedVnets": { + "type": "Array", + "metadata": { + "displayName": "Allowed vNets to peer with", + "description": "Array of allowed vNets that can be peered with. Must be entered using their resource ID. Example: /subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}" + }, + "defaultValue": [] } }, "policyRule": { @@ -41,8 +49,16 @@ "equals": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings" }, { - "field": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/remoteVirtualNetwork.id", - "notcontains": "[subscription().id]" + "allOf": [ + { + "field": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/remoteVirtualNetwork.id", + "notIn": "[parameters('allowedVnets')]" + }, + { + "field": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/remoteVirtualNetwork.id", + "notLike": "[concat(subscription().id, '/*')]" + } + ] } ] }, diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_mysql_sslenforcement.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_mysql_sslenforcement.json index 3dca74215..180fb74d1 100644 --- a/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_mysql_sslenforcement.json +++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_mysql_sslenforcement.json @@ -9,7 +9,7 @@ "displayName": "Azure Database for MySQL server deploy a specific min TLS version and enforce SSL.", "description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.", "metadata": { - "version": "1.1.0", + "version": "1.2.0", "category": "SQL", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -61,7 +61,7 @@ }, { "field": "Microsoft.DBforMySQL/servers/minimalTlsVersion", - "notequals": "[parameters('minimalTlsVersion')]" + "less": "[parameters('minimalTlsVersion')]" } ] } diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_postgresql_sslenforcement.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_postgresql_sslenforcement.json index 3cf45b5ec..e5a74136f 100644 --- a/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_postgresql_sslenforcement.json +++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_postgresql_sslenforcement.json @@ -9,7 +9,7 @@ "displayName": "Azure Database for PostgreSQL server deploy a specific min TLS version requirement and enforce SSL ", "description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.", "metadata": { - "version": "1.1.0", + "version": "1.2.0", "category": "SQL", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -61,7 +61,7 @@ }, { "field": "Microsoft.DBforPostgreSQL/servers/minimalTlsVersion", - "notEquals": "[parameters('minimalTlsVersion')]" + "less": "[parameters('minimalTlsVersion')]" } ] } diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_private_dns_generic.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_private_dns_generic.json index caf64db9f..580c205cc 100644 --- a/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_private_dns_generic.json +++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_private_dns_generic.json @@ -9,7 +9,7 @@ "displayName": "Deploy-Private-DNS-Generic", "description": "Configure private DNS zone group to override the DNS resolution for PaaS services private endpoint. See https://aka.ms/pepdnszones for information on values to provide to parameters in this policy.", "metadata": { - "version": "1.0.0", + "version": "2.0.0", "category": "Networking", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -34,8 +34,8 @@ "privateDnsZoneId": { "type": "String", "metadata": { - "displayName": "Private DNS Zone ID for Paas services", - "description": "The private DNS zone name required for specific Paas Services to resolve a private DNS Zone.", + "displayName": "Private DNS Zone ID for PaaS services", + "description": "The private DNS zone name required for specific PaaS Services to resolve a private DNS Zone.", "strongType": "Microsoft.Network/privateDnsZones", "assignPermissions": true } @@ -61,11 +61,24 @@ "description": "The delay in evaluation of the policy. Review delay options at https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effect-deploy-if-not-exists" }, "defaultValue": "PT10M" + }, + "location": { + "type": "String", + "metadata": { + "displayName": "Location (Specify the Private Endpoint location)", + "description": "Specify the Private Endpoint location", + "strongType": "location" + }, + "defaultValue": "northeurope" } }, "policyRule": { "if": { "allOf": [ + { + "field": "location", + "equals": "[parameters('location')]" + }, { "field": "type", "equals": "Microsoft.Network/privateEndpoints" diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_sql_mintls.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_sql_mintls.json index 48909e0ee..51323d520 100644 --- a/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_sql_mintls.json +++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_sql_mintls.json @@ -9,7 +9,7 @@ "displayName": "SQL servers deploys a specific min TLS version requirement.", "description": "Deploys a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.", "metadata": { - "version": "1.1.0", + "version": "1.2.0", "category": "SQL", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -54,7 +54,7 @@ }, { "field": "Microsoft.Sql/servers/minimalTlsVersion", - "notequals": "[parameters('minimalTlsVersion')]" + "less": "[parameters('minimalTlsVersion')]" } ] }, diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_sqlmi_mintls.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_sqlmi_mintls.json index a2e4c61ce..fa69bf9b3 100644 --- a/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_sqlmi_mintls.json +++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_sqlmi_mintls.json @@ -9,7 +9,7 @@ "displayName": "SQL managed instances deploy a specific min TLS version requirement.", "description": "Deploy a specific min TLS version requirement and enforce SSL on SQL managed instances. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.", "metadata": { - "version": "1.2.0", + "version": "1.3.0", "category": "SQL", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -54,7 +54,7 @@ }, { "field": "Microsoft.Sql/managedInstances/minimalTlsVersion", - "notequals": "[parameters('minimalTlsVersion')]" + "less": "[parameters('minimalTlsVersion')]" } ] }, diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_storage_sslenforcement.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_storage_sslenforcement.json index 6e0531aa6..5b624d427 100644 --- a/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_storage_sslenforcement.json +++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_storage_sslenforcement.json @@ -9,7 +9,7 @@ "displayName": "Azure Storage deploy a specific min TLS version requirement and enforce SSL/HTTPS ", "description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Storage. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your Azure Storage.", "metadata": { - "version": "1.2.0", + "version": "1.3.0", "category": "Storage", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -60,7 +60,7 @@ }, { "field": "Microsoft.Storage/storageAccounts/minimumTlsVersion", - "notEquals": "[parameters('minimumTlsVersion')]" + "less": "[parameters('minimumTlsVersion')]" } ] } diff --git a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config_20240319.tmpl.json b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config_20240319.tmpl.json index d256cf21d..78698ddef 100644 --- a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config_20240319.tmpl.json +++ b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config_20240319.tmpl.json @@ -8,7 +8,7 @@ "displayName": "Deploy Microsoft Defender for Cloud configuration", "description": "Deploy Microsoft Defender for Cloud configuration", "metadata": { - "version": "1.0.0", + "version": "2.1.0", "category": "Security Center", "source": "https://github.com/Azure/Enterprise-Scale/", "replacesPolicy": "Deploy-MDFC-Config", @@ -59,6 +59,18 @@ "description": "The location where the resource group and the export to Log Analytics workspace configuration are created." } }, + "createResourceGroup": { + "type": "Boolean", + "metadata": { + "displayName": "Create resource group", + "description": "If a resource group does not exists in the scope, a new resource group will be created. If the resource group exists and this flag is set to 'true' the policy will re-deploy the resource group. Please note this will reset any Azure Tag on the resource group." + }, + "defaultValue": true, + "allowedValues": [ + true, + false + ] + }, "enableAscForCosmosDbs": { "type": "String", "allowedValues": [ @@ -355,7 +367,7 @@ }, { "policyDefinitionReferenceId": "defenderForCspm", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/72f8cee7-2937-403d-84a1-a4e3e57f3c21", "parameters": { "effect": { "value": "[parameters('enableAscForCspm')]" @@ -386,6 +398,9 @@ "resourceGroupLocation": { "value": "[parameters('ascExportResourceGroupLocation')]" }, + "createResourceGroup": { + "value": "[parameters('createResourceGroup')]" + }, "workspaceResourceId": { "value": "[parameters('logAnalytics')]" } diff --git a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.tmpl.json b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.tmpl.json index 27be37895..f016bc3f5 100644 --- a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.tmpl.json +++ b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.tmpl.json @@ -8,7 +8,7 @@ "displayName": "Configure Azure PaaS services to use private DNS zones", "description": "This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones", "metadata": { - "version": "2.2.0", + "version": "2.3.0", "category": "Network", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -16,6 +16,184 @@ ] }, "parameters": { + "dnsZoneSubscriptionId": { + "type": "string", + "defaultValue": "", + "metadata": { + "displayName": "Subscription Id", + "description": "The subscription id where the private DNS zones are deployed. If this is specified, it will override any individual private DNS zone resource ids specified." + } + }, + "dnsZoneResourceGroupName": { + "type": "string", + "defaultValue": "", + "metadata": { + "displayName": "Resource Group Name", + "description": "The resource group where the private DNS zones are deployed. If this is specified, it will override any individual private DNS zone resource ids specified." + } + }, + "dnsZoneResourceType": { + "type": "string", + "defaultValue": "Microsoft.Network/privateDnsZones", + "metadata": { + "displayName": "Resource Type", + "description": "The resource type where the private DNS zones are deployed. If this is specified, it will override any individual private DNS zone resource ids specified." + } + }, + "dnsZoneRegion": { + "type": "string", + "defaultValue": "changeme", + "metadata": { + "displayName": "Region", + "description": "The region where the private DNS zones are deployed. If this is specified, it will override any individual private DNS zone resource ids specified." + } + }, + "dnzZoneRegionShortNames": { + "type": "object", + "defaultValue": { + "changeme": "changeme", + "australiacentral": "acl", + "australiacentral2": "acl2", + "australiaeast": "ae", + "australiasoutheast": "ase", + "brazilsoutheast": "bse", + "brazilsouth": "brs", + "canadacentral": "cnc", + "canadaeast": "cne", + "centralindia": "inc", + "centralus": "cus", + "centraluseuap": "ccy", + "chilecentral": "clc", + "eastasia": "ea", + "eastus": "eus", + "eastus2": "eus2", + "eastus2euap": "ecy", + "francecentral": "frc", + "francesouth": "frs", + "germanynorth": "gn", + "germanywestcentral": "gwc", + "israelcentral": "ilc", + "italynorth": "itn", + "japaneast": "jpe", + "japanwest": "jpw", + "koreacentral": "krc", + "koreasouth": "krs", + "malaysiasouth": "mys", + "malaysiawest": "myw", + "mexicocentral": "mxc", + "newzealandnorth": "nzn", + "northcentralus": "ncus", + "northeurope": "ne", + "norwayeast": "nwe", + "norwaywest": "nww", + "polandcentral": "plc", + "qatarcentral": "qac", + "southafricanorth": "san", + "southafricawest": "saw", + "southcentralus": "scus", + "southeastasia": "sea", + "southindia": "ins", + "spaincentral": "spc", + "swedencentral": "sdc", + "swedensouth": "sds", + "switzerlandnorth": "szn", + "switzerlandwest": "szw", + "taiwannorth": "twn", + "uaecentral": "uac", + "uaenorth": "uan", + "uksouth": "uks", + "ukwest": "ukw", + "westcentralus": "wcus", + "westeurope": "we", + "westindia": "inw", + "westus": "wus", + "westus2": "wus2", + "westus3": "wus3" + }, + "metadata": { + "displayName": "Region Short Name Mapping", + "description": "Mapping of region to private DNS zone resource id. If the region is not specified, the default private DNS zone resource id will be used." + } + }, + "dnsZoneNames": { + "type": "object", + "defaultValue": { + "azureAcrPrivateDnsZoneId": "privatelink.azurecr.io", + "azureAcrDataPrivateDnsZoneId": "{regionName}.data.privatelink.azurecr.io", + "azureAppPrivateDnsZoneId": "privatelink.azconfig.io", + "azureAppServicesPrivateDnsZoneId": "privatelink.azurewebsites.net", + "azureArcGuestconfigurationPrivateDnsZoneId": "privatelink.guestconfiguration.azure.com", + "azureArcHybridResourceProviderPrivateDnsZoneId": "privatelink.his.arc.azure.com", + "azureArcKubernetesConfigurationPrivateDnsZoneId": "privatelink.dp.kubernetesconfiguration.azure.com", + "azureAsrPrivateDnsZoneId": "privatelink.siterecovery.windowsazure.com", + "azureAutomationDSCHybridPrivateDnsZoneId": "privatelink.azure-automation.net", + "azureAutomationWebhookPrivateDnsZoneId": "privatelink.azure-automation.net", + "azureBatchPrivateDnsZoneId": "privatelink.batch.azure.com", + "azureBotServicePrivateDnsZoneId": "privatelink.directline.botframework.com", + "azureCognitiveSearchPrivateDnsZoneId": "privatelink.search.windows.net", + "azureCognitiveServicesPrivateDnsZoneId": "privatelink.cognitiveservices.azure.com", + "azureCosmosCassandraPrivateDnsZoneId": "privatelink.cassandra.cosmos.azure.com", + "azureCosmosGremlinPrivateDnsZoneId": "privatelink.gremlin.cosmos.azure.com", + "azureCosmosMongoPrivateDnsZoneId": "privatelink.mongo.cosmos.azure.com", + "azureCosmosSQLPrivateDnsZoneId": "privatelink.documents.azure.com", + "azureCosmosTablePrivateDnsZoneId": "privatelink.table.cosmos.azure.com", + "azureDataExplorerPrivateDnsZoneId": "privatelink.{regionName}.kusto.windows.net", + "azureDataFactoryPortalPrivateDnsZoneId": "privatelink.adf.azure.com", + "azureDataFactoryPrivateDnsZoneId": "privatelink.datafactory.azure.net", + "azureDatabricksPrivateDnsZoneId": "privatelink.azuredatabricks.net", + "azureDiskAccessPrivateDnsZoneId": "privatelink.blob.core.windows.net", + "azureEventGridDomainsPrivateDnsZoneId": "privatelink.eventgrid.azure.net", + "azureEventGridTopicsPrivateDnsZoneId": "privatelink.eventgrid.azure.net", + "azureEventHubNamespacePrivateDnsZoneId": "privatelink.servicebus.windows.net", + "azureFilePrivateDnsZoneId": "privatelink.afs.azure.net", + "azureHDInsightPrivateDnsZoneId": "privatelink.azurehdinsight.net", + "azureIotCentralPrivateDnsZoneId": "privatelink.azureiotcentral.com", + "azureIotDeviceupdatePrivateDnsZoneId": "privatelink.azure-devices.net", + "azureIotHubsPrivateDnsZoneId": "privatelink.azure-devices.net", + "azureIotPrivateDnsZoneId": "privatelink.azure-devices-provisioning.net", + "azureKeyVaultPrivateDnsZoneId": "privatelink.vaultcore.azure.net", + "azureKubernetesManagementPrivateDnsZoneId": "privatelink.{regionName}.azmk8s.io", + "azureMachineLearningWorkspacePrivateDnsZoneId": "privatelink.api.azureml.ms", + "azureMachineLearningWorkspaceSecondPrivateDnsZoneId": "privatelink.notebooks.azure.net", + "azureManagedGrafanaWorkspacePrivateDnsZoneId": "privatelink.grafana.azure.com", + "azureMediaServicesKeyPrivateDnsZoneId": "privatelink.media.azure.net", + "azureMediaServicesLivePrivateDnsZoneId": "privatelink.media.azure.net", + "azureMediaServicesStreamPrivateDnsZoneId": "privatelink.media.azure.net", + "azureMigratePrivateDnsZoneId": "privatelink.prod.migration.windowsazure.com", + "azureMonitorPrivateDnsZoneId1": "privatelink.monitor.azure.com", + "azureMonitorPrivateDnsZoneId2": "privatelink.oms.opinsights.azure.com", + "azureMonitorPrivateDnsZoneId3": "privatelink.ods.opinsights.azure.com", + "azureMonitorPrivateDnsZoneId4": "privatelink.agentsvc.azure-automation.net", + "azureMonitorPrivateDnsZoneId5": "privatelink.blob.core.windows.net", + "azureRedisCachePrivateDnsZoneId": "privatelink.redis.cache.windows.net", + "azureServiceBusNamespacePrivateDnsZoneId": "privatelink.servicebus.windows.net", + "azureSignalRPrivateDnsZoneId": "privatelink.service.signalr.net", + "azureSiteRecoveryBackupPrivateDnsZoneId": "privatelink.{regionCode}.backup.windowsazure.com", + "azureSiteRecoveryBlobPrivateDnsZoneId": "privatelink.blob.core.windows.net", + "azureSiteRecoveryQueuePrivateDnsZoneId": "privatelink.queue.core.windows.net", + "azureStorageBlobPrivateDnsZoneId": "privatelink.blob.core.windows.net", + "azureStorageBlobSecPrivateDnsZoneId": "privatelink.blob.core.windows.net", + "azureStorageDFSPrivateDnsZoneId": "privatelink.dfs.core.windows.net", + "azureStorageDFSSecPrivateDnsZoneId": "privatelink.dfs.core.windows.net", + "azureStorageFilePrivateDnsZoneId": "privatelink.file.core.windows.net", + "azureStorageQueuePrivateDnsZoneId": "privatelink.queue.core.windows.net", + "azureStorageQueueSecPrivateDnsZoneId": "privatelink.queue.core.windows.net", + "azureStorageStaticWebPrivateDnsZoneId": "privatelink.web.core.windows.net", + "azureStorageStaticWebSecPrivateDnsZoneId": "privatelink.web.core.windows.net", + "azureStorageTablePrivateDnsZoneId": "privatelink.table.core.windows.net", + "azureStorageTableSecondaryPrivateDnsZoneId": "privatelink.table.core.windows.net", + "azureSynapseDevPrivateDnsZoneId": "privatelink.dev.azuresynapse.net", + "azureSynapseSQLPrivateDnsZoneId": "privatelink.sql.azuresynapse.net", + "azureSynapseSQLODPrivateDnsZoneId": "privatelink.sql.azuresynapse.net", + "azureVirtualDesktopHostpoolPrivateDnsZoneId": "privatelink.wvd.microsoft.com", + "azureVirtualDesktopWorkspacePrivateDnsZoneId": "privatelink.wvd.microsoft.com", + "azureWebPrivateDnsZoneId": "privatelink.webpubsub.azure.com" + }, + "metadata": { + "displayName": "DNS Zone Names", + "description": "The list of private DNS zone names to be used for the Azure PaaS services." + } + }, "azureFilePrivateDnsZoneId": { "type": "string", "defaultValue": "", @@ -592,29 +770,29 @@ "description": "Private DNS Zone Identifier" } }, - "azureSiteRecoveryBackupPrivateDnsZoneID": { + "azureSiteRecoveryBackupPrivateDnsZoneId": { "type": "string", "defaultValue": "", "metadata": { - "displayName": "azureSiteRecoveryBackupPrivateDnsZoneID", + "displayName": "azureSiteRecoveryBackupPrivateDnsZoneId", "strongType": "Microsoft.Network/privateDnsZones", "description": "Private DNS Zone Identifier" } }, - "azureSiteRecoveryBlobPrivateDnsZoneID": { + "azureSiteRecoveryBlobPrivateDnsZoneId": { "type": "string", "defaultValue": "", "metadata": { - "displayName": "azureSiteRecoveryBlobPrivateDnsZoneID", + "displayName": "azureSiteRecoveryBlobPrivateDnsZoneId", "strongType": "Microsoft.Network/privateDnsZones", "description": "Private DNS Zone Identifier" } }, - "azureSiteRecoveryQueuePrivateDnsZoneID": { + "azureSiteRecoveryQueuePrivateDnsZoneId": { "type": "string", "defaultValue": "", "metadata": { - "displayName": "azureSiteRecoveryQueuePrivateDnsZoneID", + "displayName": "azureSiteRecoveryQueuePrivateDnsZoneId", "strongType": "Microsoft.Network/privateDnsZones", "description": "Private DNS Zone Identifier" } @@ -650,7 +828,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureFilePrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureFilePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureFilePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -663,7 +841,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureAutomationWebhookPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureAutomationWebhookPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureAutomationWebhookPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "Webhook" @@ -679,7 +857,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureAutomationDSCHybridPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureAutomationDSCHybridPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "DSCAndHybridWorker" @@ -695,7 +873,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureCosmosSQLPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCosmosSQLPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCosmosSQLPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "SQL" @@ -711,7 +889,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureCosmosMongoPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCosmosMongoPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCosmosMongoPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "MongoDB" @@ -727,7 +905,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureCosmosCassandraPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCosmosCassandraPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCosmosCassandraPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "Cassandra" @@ -743,7 +921,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureCosmosGremlinPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCosmosGremlinPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCosmosGremlinPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "Gremlin" @@ -759,7 +937,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureCosmosTablePrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCosmosTablePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCosmosTablePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "Table" @@ -775,7 +953,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureDataFactoryPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureDataFactoryPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureDataFactoryPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "listOfGroupIds": { "value": [ @@ -793,7 +971,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureDataFactoryPortalPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureDataFactoryPortalPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureDataFactoryPortalPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "listOfGroupIds": { "value": [ @@ -811,7 +989,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureDatabricksPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureDatabricksPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureDatabricksPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "groupId": { "value": "databricks_ui_api" @@ -827,7 +1005,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureDatabricksPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureDatabricksPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureDatabricksPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "groupId": { "value": "browser_authentication" @@ -843,7 +1021,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureHDInsightPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureHDInsightPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureHDInsightPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "groupId": { "value": "cluster" @@ -859,7 +1037,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7590a335-57cf-4c95-babd-ecbc8fafeb1f", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureMigratePrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMigratePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMigratePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -872,7 +1050,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureStorageBlobPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageBlobPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageBlobPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -885,7 +1063,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureStorageBlobSecPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageBlobSecPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageBlobSecPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -898,7 +1076,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureStorageQueuePrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageQueuePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageQueuePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -911,7 +1089,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureStorageQueueSecPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageQueueSecPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageQueueSecPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -924,7 +1102,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureStorageFilePrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageFilePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageFilePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -937,7 +1115,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureStorageStaticWebPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageStaticWebPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageStaticWebPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -950,7 +1128,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageStaticWebSecPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageStaticWebSecPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -963,7 +1141,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureStorageDFSPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageDFSPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageDFSPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -976,7 +1154,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureStorageDFSSecPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageDFSSecPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageDFSSecPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -989,7 +1167,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureSynapseSQLPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSynapseSQLPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSynapseSQLPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "targetSubResource": { "value": "Sql" @@ -1005,7 +1183,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureSynapseSQLODPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSynapseSQLODPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSynapseSQLODPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "targetSubResource": { "value": "SqlOnDemand" @@ -1021,7 +1199,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureSynapseDevPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSynapseDevPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSynapseDevPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "targetSubResource": { "value": "Dev" @@ -1037,7 +1215,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureMediaServicesKeyPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMediaServicesKeyPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMediaServicesKeyPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "groupId": { "value": "keydelivery" @@ -1053,7 +1231,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureMediaServicesLivePrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMediaServicesLivePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMediaServicesLivePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "groupId": { "value": "liveevent" @@ -1069,7 +1247,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureMediaServicesStreamPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMediaServicesStreamPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMediaServicesStreamPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "groupId": { "value": "streamingendpoint" @@ -1085,19 +1263,19 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365", "parameters": { "privateDnsZoneId1": { - "value": "[parameters('azureMonitorPrivateDnsZoneId1')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMonitorPrivateDnsZoneId1'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMonitorPrivateDnsZoneId1, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateDnsZoneId2": { - "value": "[parameters('azureMonitorPrivateDnsZoneId2')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMonitorPrivateDnsZoneId2'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMonitorPrivateDnsZoneId2, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateDnsZoneId3": { - "value": "[parameters('azureMonitorPrivateDnsZoneId3')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMonitorPrivateDnsZoneId3'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMonitorPrivateDnsZoneId3, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateDnsZoneId4": { - "value": "[parameters('azureMonitorPrivateDnsZoneId4')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMonitorPrivateDnsZoneId4'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMonitorPrivateDnsZoneId4, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateDnsZoneId5": { - "value": "[parameters('azureMonitorPrivateDnsZoneId5')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMonitorPrivateDnsZoneId5'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMonitorPrivateDnsZoneId5, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -1110,7 +1288,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureWebPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureWebPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureWebPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -1123,7 +1301,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureBatchPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureBatchPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureBatchPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -1136,7 +1314,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureAppPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureAppPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureAppPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -1149,7 +1327,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureAsrPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureAsrPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureAsrPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -1162,7 +1340,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureIotPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureIotPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureIotPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -1175,7 +1353,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureKeyVaultPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureKeyVaultPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureKeyVaultPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -1188,7 +1366,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureSignalRPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSignalRPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSignalRPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -1201,7 +1379,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureAppServicesPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureAppServicesPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureAppServicesPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -1214,7 +1392,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureEventGridTopicsPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureEventGridTopicsPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureEventGridTopicsPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect1')]" @@ -1227,7 +1405,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureDiskAccessPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureDiskAccessPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureDiskAccessPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -1240,7 +1418,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureCognitiveServicesPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCognitiveServicesPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCognitiveServicesPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -1253,7 +1431,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureIotHubsPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureIotHubsPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureIotHubsPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect1')]" @@ -1266,7 +1444,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureEventGridDomainsPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureEventGridDomainsPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureEventGridDomainsPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect1')]" @@ -1279,7 +1457,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureRedisCachePrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureRedisCachePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureRedisCachePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -1292,7 +1470,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureAcrPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureAcrPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureAcrPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -1305,7 +1483,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureEventHubNamespacePrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureEventHubNamespacePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureEventHubNamespacePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -1318,10 +1496,10 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMachineLearningWorkspacePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMachineLearningWorkspacePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "secondPrivateDnsZoneId": { - "value": "[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMachineLearningWorkspaceSecondPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -1334,7 +1512,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureServiceBusNamespacePrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureServiceBusNamespacePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureServiceBusNamespacePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -1347,7 +1525,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureCognitiveSearchPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCognitiveSearchPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCognitiveSearchPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -1360,7 +1538,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6a4e6f44-f2af-4082-9702-033c9e88b9f8", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureBotServicePrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureBotServicePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureBotServicePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -1373,7 +1551,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4c8537f8-cd1b-49ec-b704-18e82a42fd58", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureManagedGrafanaWorkspacePrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureManagedGrafanaWorkspacePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureManagedGrafanaWorkspacePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -1386,7 +1564,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureVirtualDesktopHostpoolPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "connection" @@ -1402,7 +1580,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureVirtualDesktopWorkspacePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "feed" @@ -1418,7 +1596,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a222b93a-e6c2-4c01-817f-21e092455b2a", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureIotDeviceupdatePrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureIotDeviceupdatePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureIotDeviceupdatePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -1431,13 +1609,13 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/55c4db33-97b0-437b-8469-c4f4498f5df9", "parameters": { "privateDnsZoneIDForGuestConfiguration": { - "value": "[parameters('azureArcGuestconfigurationPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureArcGuestconfigurationPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureArcGuestconfigurationPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateDnsZoneIDForHybridResourceProvider": { - "value": "[parameters('azureArcHybridResourceProviderPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureArcHybridResourceProviderPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureArcHybridResourceProviderPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateDnsZoneIDForKubernetesConfiguration": { - "value": "[parameters('azureArcKubernetesConfigurationPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureArcKubernetesConfigurationPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureArcKubernetesConfigurationPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -1450,7 +1628,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d627d7c6-ded5-481a-8f2e-7e16b1e6faf6", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureIotCentralPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureIotCentralPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureIotCentralPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -1463,7 +1641,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureStorageTablePrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageTablePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageTablePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -1476,7 +1654,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f", "parameters": { "privateDnsZoneId": { - "value": "[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageTableSecondaryPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageTableSecondaryPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" @@ -1489,13 +1667,13 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820", "parameters": { "privateDnsZone-Backup": { - "value": "[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSiteRecoveryBackupPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSiteRecoveryBackupPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateDnsZone-Blob": { - "value": "[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSiteRecoveryBlobPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSiteRecoveryBlobPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateDnsZone-Queue": { - "value": "[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]" + "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSiteRecoveryQueuePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSiteRecoveryQueuePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[parameters('effect')]" diff --git a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.tmpl.json b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.tmpl.json index a51b7de08..7b07b46bd 100644 --- a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.tmpl.json +++ b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.tmpl.json @@ -8,7 +8,7 @@ "displayName": "Deny or Audit resources without Encryption with a customer-managed key (CMK)", "description": "Deny or Audit resources without Encryption with a customer-managed key (CMK)", "metadata": { - "version": "3.0.0", + "version": "3.1.0", "category": "Encryption", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -329,6 +329,18 @@ "Deny", "Disabled" ] + }, + "botServiceCmk": { + "type": "string", + "defaultValue": "Deny", + "allowedValues": [ + "Audit", + "audit", + "Deny", + "deny", + "Disabled", + "disabled" + ] } }, "policyDefinitions": [ @@ -621,6 +633,16 @@ } }, "groupNames": [] + }, + { + "policyDefinitionReferenceId": "Deny-BotService-Cmk", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/51522a96-0869-4791-82f3-981000c2c67f", + "parameters": { + "effect": { + "value": "[parameters('botServiceCmk')]" + } + }, + "groupNames": [] } ], "policyDefinitionGroups": null diff --git a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_botservice.tmpl.json b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_botservice.tmpl.json new file mode 100644 index 000000000..e27021b39 --- /dev/null +++ b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_botservice.tmpl.json @@ -0,0 +1,107 @@ +{ + "name": "Enforce-Guardrails-BotService", + "type": "Microsoft.Authorization/policySetDefinitions", + "apiVersion": "2021-06-01", + "scope": null, + "properties": { + "policyType": "Custom", + "displayName": "Enforce recommended guardrails for Bot Service", + "description": "This policy initiative is a group of policies that ensures Bot Service is compliant per regulated Landing Zones.", + "metadata": { + "version": "1.0.0", + "category": "Bot Service", + "source": "https://github.com/Azure/Enterprise-Scale/", + "alzCloudEnvironments": [ + "AzureCloud", + "AzureChinaCloud", + "AzureUSGovernment" + ] + }, + "parameters": { + "botServiceValidUri": { + "type": "string", + "defaultValue": "Deny", + "allowedValues": [ + "Audit", + "audit", + "Deny", + "deny", + "Disabled", + "disabled" + ] + }, + "botServiceIsolatedMode": { + "type": "string", + "defaultValue": "Deny", + "allowedValues": [ + "Audit", + "audit", + "Deny", + "deny", + "Disabled", + "disabled" + ] + }, + "botServiceLocalAuth": { + "type": "string", + "defaultValue": "Deny", + "allowedValues": [ + "Audit", + "Deny", + "Disabled" + ] + }, + "botServicePrivateLink": { + "type": "string", + "defaultValue": "Audit", + "allowedValues": [ + "Audit", + "Disabled" + ] + } + }, + "policyDefinitions": [ + { + "policyDefinitionReferenceId": "Deny-BotService-Valid-Uri", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6164527b-e1ee-4882-8673-572f425f5e0a", + "parameters": { + "effect": { + "value": "[parameters('botServiceValidUri')]" + } + }, + "groupNames": [] + }, + { + "policyDefinitionReferenceId": "Deny-BotService-Isolated-Mode", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/52152f42-0dda-40d9-976e-abb1acdd611e", + "parameters": { + "effect": { + "value": "[parameters('botServiceIsolatedMode')]" + } + }, + "groupNames": [] + }, + { + "policyDefinitionReferenceId": "Deny-BotService-Local-Auth", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ffea632e-4e3a-4424-bf78-10e179bb2e1a", + "parameters": { + "effect": { + "value": "[parameters('botServiceLocalAuth')]" + } + }, + "groupNames": [] + }, + { + "policyDefinitionReferenceId": "Audit-BotService-Private-Link", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ad5621d6-a877-4407-aa93-a950b428315e", + "parameters": { + "effect": { + "value": "[parameters('botServicePrivateLink')]" + } + }, + "groupNames": [] + } + ], + "policyDefinitionGroups": null + } +} \ No newline at end of file diff --git a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_cognitiveservices.tmpl.json b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_cognitiveservices.tmpl.json index a10aab0ab..a846b06a0 100644 --- a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_cognitiveservices.tmpl.json +++ b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_cognitiveservices.tmpl.json @@ -8,7 +8,7 @@ "displayName": "Enforce recommended guardrails for Cognitive Services", "description": "This policy initiative is a group of policies that ensures Cognitive Services is compliant per regulated Landing Zones.", "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "Cognitive Services", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -44,6 +44,14 @@ "Disabled" ] }, + "cognitiveServicesLocalAuth": { + "type": "string", + "defaultValue": "Modify", + "allowedValues": [ + "Modify", + "Disabled" + ] + }, "modifyCognitiveSearchPublicEndpoint": { "type": "string", "defaultValue": "Modify", @@ -59,6 +67,32 @@ "Modify", "Disabled" ] + }, + "cognitiveServicesManagedIdentity": { + "type": "string", + "defaultValue": "Deny", + "allowedValues": [ + "Audit", + "Deny", + "Disabled" + ] + }, + "cognitiveServicesCustomerStorage": { + "type": "string", + "defaultValue": "Deny", + "allowedValues": [ + "Audit", + "Deny", + "Disabled" + ] + }, + "cognitiveServicesResourceLogs": { + "type": "string", + "defaultValue": "AuditIfNotExists", + "allowedValues": [ + "AuditIfNotExists", + "Disabled" + ] } }, "policyDefinitions": [ @@ -111,6 +145,46 @@ } }, "groupNames": [] + }, + { + "policyDefinitionReferenceId": "Deny-Cognitive-Services-Managed-Identity", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fe3fd216-4f83-4fc1-8984-2bbec80a3418", + "parameters": { + "effect": { + "value": "[parameters('cognitiveServicesManagedIdentity')]" + } + }, + "groupNames": [] + }, + { + "policyDefinitionReferenceId": "Deny-Cognitive-Services-Customer-Storage", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/46aa9b05-0e60-4eae-a88b-1e9d374fa515", + "parameters": { + "effect": { + "value": "[parameters('cognitiveServicesCustomerStorage')]" + } + }, + "groupNames": [] + }, + { + "policyDefinitionReferenceId": "Modify-Cognitive-Services-Local-Auth", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/14de9e63-1b31-492e-a5a3-c3f7fd57f555", + "parameters": { + "effect": { + "value": "[parameters('cognitiveServicesLocalAuth')]" + } + }, + "groupNames": [] + }, + { + "policyDefinitionReferenceId": "Aine-Cognitive-Services-Resource-Logs", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4", + "parameters": { + "effect": { + "value": "[parameters('cognitiveServicesResourceLogs')]" + } + }, + "groupNames": [] } ], "policyDefinitionGroups": null diff --git a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_machinelearning.tmpl.json b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_machinelearning.tmpl.json index a4a15c22a..1c683c4a2 100644 --- a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_machinelearning.tmpl.json +++ b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_machinelearning.tmpl.json @@ -8,7 +8,7 @@ "displayName": "Enforce recommended guardrails for Machine Learning", "description": "This policy initiative is a group of policies that ensures Machine Learning is compliant per regulated Landing Zones.", "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "Machine Learning", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -59,6 +59,80 @@ "Modify", "Disabled" ] + }, + "mlIdleShutdown": { + "type": "string", + "defaultValue": "Deny", + "allowedValues": [ + "Audit", + "Deny", + "Disabled" + ] + }, + "mlVirtualNetwork": { + "type": "string", + "defaultValue": "Audit", + "allowedValues": [ + "Audit", + "Disabled" + ] + }, + "mlLegacyMode": { + "type": "string", + "defaultValue": "Deny", + "allowedValues": [ + "Audit", + "Deny", + "Disabled" + ] + }, + "mlPrivateLink": { + "type": "string", + "defaultValue": "Audit", + "allowedValues": [ + "Audit", + "Disabled" + ] + }, + "mlResourceLogs": { + "type": "string", + "defaultValue": "AuditIfNotExists", + "allowedValues": [ + "AuditIfNotExists", + "Disabled" + ] + }, + "mlAllowedRegistryDeploy": { + "type": "string", + "defaultValue": "Deny", + "allowedValues": [ + "Deny", + "Disabled" + ] + }, + "mlAllowedModule": { + "type": "string", + "defaultValue": "enforceSetting", + "allowedValues": [ + "enforceSetting", + "disabled" + ] + }, + "mlAllowedPython": { + "type": "string", + "defaultValue": "enforceSetting", + "allowedValues": [ + "enforceSetting", + "disabled" + ] + }, + "mlAllowedRegistries": { + "type": "string", + "defaultValue": "enforceSetting", + "allowedValues": [ + "enforceSetting", + "disabled" + ] } }, "policyDefinitions": [ @@ -111,6 +185,96 @@ } }, "groupNames": [] + }, + { + "policyDefinitionReferenceId": "Deny-ML-Idle-Shutdown", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/679ddf89-ab8f-48a5-9029-e76054077449", + "parameters": { + "effect": { + "value": "[parameters('mlIdleShutdown')]" + } + }, + "groupNames": [] + }, + { + "policyDefinitionReferenceId": "Audit-ML-Virtual-Network", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7804b5c7-01dc-4723-969b-ae300cc07ff1", + "parameters": { + "effect": { + "value": "[parameters('mlVirtualNetwork')]" + } + }, + "groupNames": [] + }, + { + "policyDefinitionReferenceId": "Deny-ML-Legacy-Mode", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e413671a-dd10-4cc1-a943-45b598596cb7", + "parameters": { + "effect": { + "value": "[parameters('mlLegacyMode')]" + } + }, + "groupNames": [] + }, + { + "policyDefinitionReferenceId": "Audit-ML-Private-Link", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/45e05259-1eb5-4f70-9574-baf73e9d219b", + "parameters": { + "effect": { + "value": "[parameters('mlPrivateLink')]" + } + }, + "groupNames": [] + }, + { + "policyDefinitionReferenceId": "Aine-ML-Resource-Logs", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/afe0c3be-ba3b-4544-ba52-0c99672a8ad6", + "parameters": { + "effect": { + "value": "[parameters('mlResourceLogs')]" + } + }, + "groupNames": [] + }, + { + "policyDefinitionReferenceId": "Deny-ML-Allowed-Registry-Deploy", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/19539b54-c61e-4196-9a38-67598701be90", + "parameters": { + "effect": { + "value": "[parameters('mlAllowedRegistryDeploy')]" + } + }, + "groupNames": [] + }, + { + "policyDefinitionReferenceId": "Deny-ML-Allowed-Module", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/53c70b02-63dd-11ea-bc55-0242ac130003", + "parameters": { + "effect": { + "value": "[parameters('mlAllowedModule')]" + } + }, + "groupNames": [] + }, + { + "policyDefinitionReferenceId": "Deny-ML-Allowed-Python", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/77eeea86-7e81-4a7d-9067-de844d096752", + "parameters": { + "effect": { + "value": "[parameters('mlAllowedPython')]" + } + }, + "groupNames": [] + }, + { + "policyDefinitionReferenceId": "Deny-ML-Allowed-Registries", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5853517a-63de-11ea-bc55-0242ac130003", + "parameters": { + "effect": { + "value": "[parameters('mlAllowedRegistries')]" + } + }, + "groupNames": [] } ], "policyDefinitionGroups": null diff --git a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_openai.tmpl.json b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_openai.tmpl.json index f58a16c10..2b6dbbbc5 100644 --- a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_openai.tmpl.json +++ b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_openai.tmpl.json @@ -8,7 +8,7 @@ "displayName": "Enforce recommended guardrails for Open AI (Cognitive Service)", "description": "This policy initiative is a group of policies that ensures Open AI (Cognitive Service) is compliant per regulated Landing Zones.", "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "Cognitive Services", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -70,6 +70,47 @@ "Deny", "Disabled" ] + }, + "azureAiNetworkAccess": { + "type": "string", + "defaultValue": "Deny", + "allowedValues": [ + "Audit", + "Deny", + "Disabled" + ] + }, + "azureAiPrivateLink": { + "type": "string", + "defaultValue": "Audit", + "allowedValues": [ + "Audit", + "Disabled" + ] + }, + "azureAiDisableLocalKey": { + "type": "string", + "defaultValue": "DeployIfNotExists", + "allowedValues": [ + "DeployIfNotExists", + "Disabled" + ] + }, + "azureAiDisableLocalKey2": { + "type": "string", + "defaultValue": "DeployIfNotExists", + "allowedValues": [ + "DeployIfNotExists", + "Disabled" + ] + }, + "azureAiDiagSettings": { + "type": "string", + "defaultValue": "AuditIfNotExists", + "allowedValues": [ + "AuditIfNotExists", + "Disabled" + ] } }, "policyDefinitions": [ @@ -132,6 +173,56 @@ } }, "groupNames": [] + }, + { + "policyDefinitionReferenceId": "Deny-AzureAI-Network-Access", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3", + "parameters": { + "effect": { + "value": "[parameters('azureAiNetworkAccess')]" + } + }, + "groupNames": [] + }, + { + "policyDefinitionReferenceId": "Audit-AzureAI-Private-Link", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d6759c02-b87f-42b7-892e-71b3f471d782", + "parameters": { + "effect": { + "value": "[parameters('azureAiPrivateLink')]" + } + }, + "groupNames": [] + }, + { + "policyDefinitionReferenceId": "Dine-AzureAI-Local-Key", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d45520cb-31ca-44ba-8da2-fcf914608544", + "parameters": { + "effect": { + "value": "[parameters('azureAiDisableLocalKey')]" + } + }, + "groupNames": [] + }, + { + "policyDefinitionReferenceId": "Dine-AzureAI-Local-Key2", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/55eff01b-f2bd-4c32-9203-db285f709d30", + "parameters": { + "effect": { + "value": "[parameters('azureAiDisableLocalKey2')]" + } + }, + "groupNames": [] + }, + { + "policyDefinitionReferenceId": "Aine-AzureAI-Diag-Settings", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1b4d1c4e-934c-4703-944c-27c82c06bebb", + "parameters": { + "effect": { + "value": "[parameters('azureAiDiagSettings')]" + } + }, + "groupNames": [] } ], "policyDefinitionGroups": null From cac2474c6880e4ac8c2630d600e6412db0c351c3 Mon Sep 17 00:00:00 2001 From: Jed Laundry Date: Wed, 13 Nov 2024 22:58:59 +1300 Subject: [PATCH 02/11] Add new regions to geo_codes (#1183) ## Overview/Summary This is a short PR to update `locals.geo_codes.tf.json`, to support the new Azure regions launched in the last year or so (Brazil US, Spain Central, Israel Central, Mexico Central, New Zealand North, and Poland Central). I've used the ISO 3166 codes, and thankfully there aren't any clashes with existing, or 'informal' shortcodes. ## As part of this Pull Request I have - [X] Checked for duplicate [Pull Requests](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/pulls) - [N/A] Associated it with relevant [issues](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/issues), for tracking and closure. - [X] Ensured my code/branch is up-to-date with the latest changes in the `main` [branch](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/tree/main) - [N/A] Performed testing and provided evidence. - [N/A] Updated relevant and associated documentation. --- modules/connectivity/locals.geo_codes.tf.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/modules/connectivity/locals.geo_codes.tf.json b/modules/connectivity/locals.geo_codes.tf.json index d3a720183..e86d829d6 100644 --- a/modules/connectivity/locals.geo_codes.tf.json +++ b/modules/connectivity/locals.geo_codes.tf.json @@ -11,6 +11,8 @@ "Australia Southeast": "ase", "brazilsouth": "brs", "Brazil South": "brs", + "brazilus": "bru", + "Brazil US": "bru", "brazilsoutheast": "bse", "Brazil Southeast": "bse", "centraluseuap": "ccy", @@ -25,6 +27,8 @@ "East Asia": "ea", "eastus2euap": "ecy", "East US 2 EUAP": "ecy", + "spaincentral": "esc", + "Spain Central": "esc", "eastus": "eus", "East US": "eus", "eastus2": "eus2", @@ -43,6 +47,8 @@ "South India": "ins", "westindia": "inw", "West India": "inw", + "israelcentral": "ilc", + "Israel Central": "ilc", "italynorth": "itn", "Italy North": "itn", "japaneast": "jpe", @@ -57,6 +63,8 @@ "Korea Central": "krc", "koreasouth": "krs", "Korea South": "krs", + "mexicocentral": "mxc", + "Mexico Central": "mxc", "northcentralus": "ncus", "North Central US": "ncus", "northeurope": "ne", @@ -65,6 +73,10 @@ "Norway East": "nwe", "norwaywest": "nww", "Norway West": "nww", + "newzealandnorth": "nzn", + "New Zealand North": "nzn", + "polandcentral": "plc", + "Poland Central": "plc", "qatarcentral": "qac", "Qatar Central": "qac", "southafricanorth": "san", From beb19331e84735c04bfb2814470f23131df26d0b Mon Sep 17 00:00:00 2001 From: lolorol Date: Wed, 13 Nov 2024 10:00:06 +0000 Subject: [PATCH 03/11] Fixes #1135 and #1136 (#1137) ## Overview/Summary Replace this with a brief description of what this Pull Request fixes, changes, etc. ## This PR fixes/adds/changes/removes 1. Fixes #1135 - Race condition results in InternalServerError when deploying in vhub a firewall, an express route gateway, vhub peering and routing intent 2. Fixes #1136 - Updating existing vnet dns_server with Azure firewall leads to azurerm_virtual_network error. 3. *Replace me* ### Breaking Changes none ## Testing Evidence ``` module.alz_connectivity.azurerm_virtual_hub_routing_intent.virtual_wan["/subscriptions/000000/resourceGroups/rg-prod-network-vwan/providers/Microsoft.Network/virtualHubs/lz-cl-hub-southeastasia/lz-cl-routingintent-southeastasia"]: Still creating... [6m40s elapsed] module.alz_connectivity.azurerm_virtual_hub_routing_intent.virtual_wan["/subscriptions/000000/resourceGroups/rg-prod-network-vwan/providers/Microsoft.Network/virtualHubs/lz-cl-hub-southeastasia/lz-cl-routingintent-southeastasia"]: Creation complete after 6m41s [id=/subscriptions/000000/resourceGroups/rg-prod-network-vwan/providers/Microsoft.Network/virtualHubs/lz-cl-hub-southeastasia/routingIntent/lz-cl-routingintent-southeastasia] Apply complete! Resources: 178 added, 0 changed, 0 destroyed. ``` Please provide any testing evidence to show that your Pull Request works/fixes as described and planned (include screenshots, if appropriate). ## As part of this Pull Request I have - [x] Checked for duplicate [Pull Requests](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/pulls) - [x] Associated it with relevant [issues](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/issues), for tracking and closure. - [x] Ensured my code/branch is up-to-date with the latest changes in the `main` [branch](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/tree/main) - [x] Performed testing and provided evidence. - [x] Updated relevant and associated documentation. --- README.md | 2 +- _README_header.md | 2 +- docs/wiki/[User-Guide]-Getting-Started.md | 2 +- docs/wiki/[User-Guide]-Upgrade-from-v5.2.1-to-v6.0.0.md | 2 +- examples/400-multi-with-orchestration/modules/core/main.tf | 2 +- resources.virtual_wan.tf | 2 ++ terraform.tf | 2 +- tests/README.md | 2 +- tests/modules/test_001_baseline/terraform.tf | 2 +- tests/modules/test_002_add_custom_core/terraform.tf | 2 +- tests/modules/test_003_add_mgmt_conn/terraform.tf | 2 +- tests/scripts/azp-strategy.ps1 | 4 ++-- 12 files changed, 14 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index a94f2c708..92d421711 100644 --- a/README.md +++ b/README.md @@ -52,7 +52,7 @@ This allows customers to address concerns around managing large state files, or ## Terraform versions -This module has been tested using Terraform `1.7.0` and AzureRM Provider `3.107.0` as a baseline, and various versions to up the latest at time of release. +This module has been tested using Terraform `1.7.0` and AzureRM Provider `3.108.0` as a baseline, and various versions to up the latest at time of release. In some cases, individual versions of the AzureRM provider may cause errors. If this happens, we advise upgrading to the latest version and checking our [troubleshooting](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/Troubleshooting) guide before [raising an issue](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/issues). diff --git a/_README_header.md b/_README_header.md index c75d6a732..4f6abee04 100644 --- a/_README_header.md +++ b/_README_header.md @@ -51,7 +51,7 @@ This allows customers to address concerns around managing large state files, or ## Terraform versions -This module has been tested using Terraform `1.7.0` and AzureRM Provider `3.107.0` as a baseline, and various versions to up the latest at time of release. +This module has been tested using Terraform `1.7.0` and AzureRM Provider `3.108.0` as a baseline, and various versions to up the latest at time of release. In some cases, individual versions of the AzureRM provider may cause errors. If this happens, we advise upgrading to the latest version and checking our [troubleshooting](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/Troubleshooting) guide before [raising an issue](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/issues). diff --git a/docs/wiki/[User-Guide]-Getting-Started.md b/docs/wiki/[User-Guide]-Getting-Started.md index 37f8d6bce..8f93bffed 100644 --- a/docs/wiki/[User-Guide]-Getting-Started.md +++ b/docs/wiki/[User-Guide]-Getting-Started.md @@ -3,7 +3,7 @@ Before getting started with this module, please take note of the following considerations: -1. This module requires a minimum `azurerm` provider version of `3.107.0`. +1. This module requires a minimum `azurerm` provider version of `3.108.0`. 1. This module requires a minimum Terraform version `1.7.0`. diff --git a/docs/wiki/[User-Guide]-Upgrade-from-v5.2.1-to-v6.0.0.md b/docs/wiki/[User-Guide]-Upgrade-from-v5.2.1-to-v6.0.0.md index d92cc6ef6..fecc69477 100644 --- a/docs/wiki/[User-Guide]-Upgrade-from-v5.2.1-to-v6.0.0.md +++ b/docs/wiki/[User-Guide]-Upgrade-from-v5.2.1-to-v6.0.0.md @@ -5,7 +5,7 @@ This is a major release, following the update of Azure Landing Zones with it's m ## ‼️ Breaking Changes -1. Minimum AzureRM provider version now `3.107.0` +1. Minimum AzureRM provider version now `3.108.0` 2. Minimum Terraform version now `1.7.0` 3. `var.configure_management_resources` schema change, removing legacy components and adding support for AMA resources diff --git a/examples/400-multi-with-orchestration/modules/core/main.tf b/examples/400-multi-with-orchestration/modules/core/main.tf index 48d99f4e6..bfc214842 100644 --- a/examples/400-multi-with-orchestration/modules/core/main.tf +++ b/examples/400-multi-with-orchestration/modules/core/main.tf @@ -5,7 +5,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.107.0" + version = "3.108.0" } } } diff --git a/resources.virtual_wan.tf b/resources.virtual_wan.tf index 135c00364..2e1bed6c5 100644 --- a/resources.virtual_wan.tf +++ b/resources.virtual_wan.tf @@ -357,6 +357,7 @@ resource "azurerm_virtual_hub_connection" "virtual_wan" { # Set explicit dependencies depends_on = [ + azurerm_express_route_gateway.virtual_wan, azurerm_resource_group.connectivity, azurerm_resource_group.virtual_wan, azurerm_virtual_wan.virtual_wan, @@ -382,6 +383,7 @@ resource "azurerm_virtual_hub_routing_intent" "virtual_wan" { # Set explicit dependencies depends_on = [ + azurerm_express_route_gateway.virtual_wan, azurerm_firewall.virtual_wan, azurerm_resource_group.connectivity, azurerm_resource_group.virtual_wan, diff --git a/terraform.tf b/terraform.tf index fb0dcd92d..87ac13d60 100644 --- a/terraform.tf +++ b/terraform.tf @@ -3,7 +3,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 3.107" + version = "~> 3.108" configuration_aliases = [ azurerm.connectivity, azurerm.management, diff --git a/tests/README.md b/tests/README.md index db98f634a..061206e4e 100644 --- a/tests/README.md +++ b/tests/README.md @@ -151,7 +151,7 @@ The current strategy consists of running tests against the following version com - Terraform versions: - Minimum version supported by the module (`1.7.0`) - Azure provider for Terraform versions: - - Minimum version supported by the module (`v3.107.0`) + - Minimum version supported by the module (`v3.108.0`) - Latest version The latest versions are determined programmatically by querying the publisher APIs. diff --git a/tests/modules/test_001_baseline/terraform.tf b/tests/modules/test_001_baseline/terraform.tf index dd5cd3f33..2bf501b25 100644 --- a/tests/modules/test_001_baseline/terraform.tf +++ b/tests/modules/test_001_baseline/terraform.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.107.0" + version = "3.108.0" configuration_aliases = [ azurerm.connectivity, azurerm.management, diff --git a/tests/modules/test_002_add_custom_core/terraform.tf b/tests/modules/test_002_add_custom_core/terraform.tf index dd5cd3f33..2bf501b25 100644 --- a/tests/modules/test_002_add_custom_core/terraform.tf +++ b/tests/modules/test_002_add_custom_core/terraform.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.107.0" + version = "3.108.0" configuration_aliases = [ azurerm.connectivity, azurerm.management, diff --git a/tests/modules/test_003_add_mgmt_conn/terraform.tf b/tests/modules/test_003_add_mgmt_conn/terraform.tf index dd5cd3f33..2bf501b25 100644 --- a/tests/modules/test_003_add_mgmt_conn/terraform.tf +++ b/tests/modules/test_003_add_mgmt_conn/terraform.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.107.0" + version = "3.108.0" configuration_aliases = [ azurerm.connectivity, azurerm.management, diff --git a/tests/scripts/azp-strategy.ps1 b/tests/scripts/azp-strategy.ps1 index f78a93c82..59798ed04 100755 --- a/tests/scripts/azp-strategy.ps1 +++ b/tests/scripts/azp-strategy.ps1 @@ -50,11 +50,11 @@ $terraformVersionsCount = $terraformVersions.Count ####################################### # Terraform AzureRM Provider Versions -# - Base Version: (3.107.0) +# - Base Version: (3.108.0) # - Latest Versions: (latest 1) ####################################### -$azurermProviderVersionBase = "3.107.0" +$azurermProviderVersionBase = "3.108.0" $azurermProviderVersionLatest = "3.116.0" ####################################### From 4c29ae479d1cff1b52010b03e469bb7dcfe832b6 Mon Sep 17 00:00:00 2001 From: Camilo Aguilar Date: Wed, 13 Nov 2024 05:01:07 -0500 Subject: [PATCH 04/11] management/log-analytics: Allow users to set a daily GB cap (#1143) setting `retention_in_days` worked OK, but setting `daily_quota_gb` did not. We configured the daily cap from the Azure Portal but this automation rolls it back to be disabled. This PR makes it so we can set a value for our environment, and it is not rolled back. ```terraform # module.alz.azurerm_log_analytics_workspace.management["/subscriptions/96f9ca86-6842-4c2f-aada-2daafa1b0b9c/resourceGroups/redpanda-mgmt/providers/Microsoft.OperationalInsights/workspaces/redpanda-la"] will be updated in-place ~ resource "azurerm_log_analytics_workspace" "management" { ~ daily_quota_gb = 64 -> -1 id = "/subscriptions/96f9ca86-6842-4c2f-aada-2daafa1b0b9c/resourceGroups/redpanda-mgmt/providers/Microsoft.OperationalInsights/workspaces/redpanda-la" name = "redpanda-la" tags = { "deployedBy" = "terraform/azure/caf-enterprise-scale" "redpanda-org" = "azure-governance" } # (14 unchanged attributes hidden) } ``` --- modules/management/locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/management/locals.tf b/modules/management/locals.tf index d4028e5d7..22d252500 100644 --- a/modules/management/locals.tf +++ b/modules/management/locals.tf @@ -107,7 +107,7 @@ locals { allow_resource_only_permissions = lookup(local.custom_settings_la_workspace, "allow_resource_only_permissions", true) # Available only in v3.36.0 onwards sku = lookup(local.custom_settings_la_workspace, "sku", "PerGB2018") retention_in_days = lookup(local.custom_settings_la_workspace, "retention_in_days", local.settings.log_analytics.config.retention_in_days) - daily_quota_gb = lookup(local.custom_settings_la_workspace, "daily_quota_gb", null) + daily_quota_gb = lookup(local.custom_settings_la_workspace, "daily_quota_gb", local.settings.log_analytics.config.daily_quota_gb) cmk_for_query_forced = lookup(local.custom_settings_la_workspace, "cmk_for_query_forced", null) internet_ingestion_enabled = lookup(local.custom_settings_la_workspace, "internet_ingestion_enabled", true) internet_query_enabled = lookup(local.custom_settings_la_workspace, "internet_query_enabled", true) From 08e6e40d4b92909e69a52fa5f91bfdbe84960ff3 Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Wed, 13 Nov 2024 10:09:38 +0000 Subject: [PATCH 05/11] fix: ignore location for mg diagnnostics, fixes #1170 --- resources.management_groups.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/resources.management_groups.tf b/resources.management_groups.tf index 1cda6e248..156f26dc8 100644 --- a/resources.management_groups.tf +++ b/resources.management_groups.tf @@ -83,6 +83,7 @@ resource "azapi_resource" "diag_settings" { type = "Microsoft.Insights/diagnosticSettings@2021-05-01-preview" name = "toLA" parent_id = each.key + location = "global" schema_validation_enabled = false body = { properties = { @@ -109,6 +110,11 @@ resource "azapi_resource" "diag_settings" { azurerm_management_group.level_5, azurerm_management_group.level_6, ] + lifecycle { + ignore_changes = [ + location, + ] + } } # This is used when strict_subscription_association is set to true From f9f02fd5f0bf994946a8754e9973102ae0cc75a5 Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Wed, 13 Nov 2024 10:30:15 +0000 Subject: [PATCH 06/11] feat: add outputs, fixes #1171 --- outputs.tf | 10 ++++++++++ resources.management_groups.tf | 1 + 2 files changed, 11 insertions(+) diff --git a/outputs.tf b/outputs.tf index 3583a5deb..f00dab2ca 100644 --- a/outputs.tf +++ b/outputs.tf @@ -271,3 +271,13 @@ output "azurerm_virtual_hub_connection" { } description = "Returns the configuration data for all Virtual Hub Connections created by this module." } + +output "data_collection_rules" { + value = azapi_resource.data_collection_rule + description = "A map of the data collection rules created by this module." +} + +output "ama_user_assigned_identity" { + value = azurerm_user_assigned_identity.management + description = "The user assigned identity for Azure Monitor Agent that is created by this module." +} diff --git a/resources.management_groups.tf b/resources.management_groups.tf index 156f26dc8..c8cd8a791 100644 --- a/resources.management_groups.tf +++ b/resources.management_groups.tf @@ -98,6 +98,7 @@ resource "azapi_resource" "diag_settings" { enabled = true } ] + workspaceId = local.template_file_variables.log_analytics_workspace_resource_id } } From 5d970a7182391e3f728285693a9ac00f1c2bbd21 Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Wed, 13 Nov 2024 10:48:03 +0000 Subject: [PATCH 07/11] add role assignmetn for azsql --- resources.role_assignments.tf | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/resources.role_assignments.tf b/resources.role_assignments.tf index 6fa63e82b..395deeb65 100644 --- a/resources.role_assignments.tf +++ b/resources.role_assignments.tf @@ -116,6 +116,21 @@ resource "azurerm_role_assignment" "private_dns_zone_contributor_connectivity" { ] } +resource "azurerm_role_assignment" "deploy_azsqldb_auditing_connectivity" { + for_each = local.connectivity_mg_exists ? { for k, v in azurerm_management_group_policy_assignment.enterprise_scale : k => v if endswith(k, "Deploy-AzSqlDb-Auditing") } : {} + role_definition_name = "Log Analytics Contributor" + scope = "/providers/Microsoft.Management/managementGroups/${var.root_id}-connectivity" + principal_id = each.value.identity[0].principal_id + + depends_on = [ + time_sleep.after_azurerm_management_group, + time_sleep.after_azurerm_policy_definition, + time_sleep.after_azurerm_policy_set_definition, + time_sleep.after_azurerm_policy_assignment, + azurerm_role_assignment.policy_assignment, + ] +} + resource "azurerm_role_assignment" "ama_reader" { for_each = local.platform_mg_exists ? { for k, v in azurerm_management_group_policy_assignment.enterprise_scale : k => v if endswith(k, "Deploy-VM-Monitoring") } : {} role_definition_name = "Reader" From 20ec7bff55d6c520a0b930e3a90f221ae7772f4d Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Wed, 13 Nov 2024 12:48:56 +0000 Subject: [PATCH 08/11] fix: idempotency fixes and improvements --- .terraform-docs.yml | 9 +-------- README.md | 12 +++++++++++- modules/connectivity/locals.tf | 4 ++-- modules/management/README.md | 1 + modules/management/variables.tf | 1 + tests/modules/test_002_add_custom_core/main.tf | 1 + variables.tf | 1 + 7 files changed, 18 insertions(+), 11 deletions(-) diff --git a/.terraform-docs.yml b/.terraform-docs.yml index c0b4d6019..212b8d53a 100644 --- a/.terraform-docs.yml +++ b/.terraform-docs.yml @@ -4,7 +4,7 @@ formatter: "markdown document" # this is required -version: "0.17.0" +version: "~> 0.18" header-from: "_README_header.md" footer-from: "_README_footer.md" @@ -13,13 +13,6 @@ recursive: enabled: true path: modules -sections: - hide: [] - show: [] - - hide-all: false # deprecated in v0.13.0, removed in v0.15.0 - show-all: true # deprecated in v0.13.0, removed in v0.15.0 - content: |- {{ .Header }} diff --git a/README.md b/README.md index 92d421711..512c84cb7 100644 --- a/README.md +++ b/README.md @@ -186,7 +186,7 @@ The following requirements are needed by this module: - [azapi](#requirement\_azapi) (~> 1.13, != 1.13.0) -- [azurerm](#requirement\_azurerm) (~> 3.107) +- [azurerm](#requirement\_azurerm) (~> 3.108) - [random](#requirement\_random) (~> 3.6) @@ -654,6 +654,7 @@ object({ log_analytics = optional(object({ enabled = optional(bool, true) config = optional(object({ + daily_quota_gb = optional(number, -1) retention_in_days = optional(number, 30) enable_monitoring_for_vm = optional(bool, true) enable_monitoring_for_vmss = optional(bool, true) @@ -1108,6 +1109,7 @@ The following resources are used by this module: - [azurerm_resource_group.virtual_wan](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) (resource) - [azurerm_role_assignment.ama_managed_identity_operator](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource) - [azurerm_role_assignment.ama_reader](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource) +- [azurerm_role_assignment.deploy_azsqldb_auditing_connectivity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource) - [azurerm_role_assignment.enterprise_scale](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource) - [azurerm_role_assignment.policy_assignment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource) - [azurerm_role_assignment.private_dns_zone_contributor_connectivity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource) @@ -1141,6 +1143,10 @@ The following resources are used by this module: The following outputs are exported: +### [ama\_user\_assigned\_identity](#output\_ama\_user\_assigned\_identity) + +Description: The user assigned identity for Azure Monitor Agent that is created by this module. + ### [azurerm\_automation\_account](#output\_azurerm\_automation\_account) Description: Returns the configuration data for all Automation Accounts created by this module. @@ -1257,6 +1263,10 @@ Description: Returns the configuration data for all Virtual WANs created by this Description: Returns the configuration data for all (Virtual WAN) VPN Gateways created by this module. +### [data\_collection\_rules](#output\_data\_collection\_rules) + +Description: A map of the data collection rules created by this module. + ## Telemetry diff --git a/modules/connectivity/locals.tf b/modules/connectivity/locals.tf index f12cbee4b..4b0ec888a 100644 --- a/modules/connectivity/locals.tf +++ b/modules/connectivity/locals.tf @@ -1934,8 +1934,8 @@ locals { azureWebPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.webpubsub.azure.com" azureVirtualDesktopHostpoolPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.wvd.microsoft.com" azureVirtualDesktopWorkspacePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.wvd.microsoft.com" - azureSiteRecoveryBlobPrivateDnsZoneID = "${local.private_dns_zone_prefix}privatelink.blob.core.windows.net" - azureSiteRecoveryQueuePrivateDnsZoneID = "${local.private_dns_zone_prefix}privatelink.queue.core.windows.net" + azureSiteRecoveryBlobPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.blob.core.windows.net" + azureSiteRecoveryQueuePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.queue.core.windows.net" } } enforcement_mode = { diff --git a/modules/management/README.md b/modules/management/README.md index 33f1c2f0f..1b3f0a0e3 100644 --- a/modules/management/README.md +++ b/modules/management/README.md @@ -130,6 +130,7 @@ object({ log_analytics = optional(object({ enabled = optional(bool, true) config = optional(object({ + daily_quota_gb = optional(number, -1) retention_in_days = optional(number, 30) enable_monitoring_for_vm = optional(bool, true) enable_monitoring_for_vmss = optional(bool, true) diff --git a/modules/management/variables.tf b/modules/management/variables.tf index 2f982b168..c216a8efa 100644 --- a/modules/management/variables.tf +++ b/modules/management/variables.tf @@ -53,6 +53,7 @@ variable "settings" { log_analytics = optional(object({ enabled = optional(bool, true) config = optional(object({ + daily_quota_gb = optional(number, -1) retention_in_days = optional(number, 30) enable_monitoring_for_vm = optional(bool, true) enable_monitoring_for_vmss = optional(bool, true) diff --git a/tests/modules/test_002_add_custom_core/main.tf b/tests/modules/test_002_add_custom_core/main.tf index caa724faf..0dcfcab47 100644 --- a/tests/modules/test_002_add_custom_core/main.tf +++ b/tests/modules/test_002_add_custom_core/main.tf @@ -34,6 +34,7 @@ module "test_core" { custom_landing_zones = module.settings.core.custom_landing_zones archetype_config_overrides = module.settings.core.archetype_config_overrides subscription_id_overrides = module.settings.core.subscription_id_overrides + deploy_diagnostics_for_mg = true # Configuration settings for management resources deploy_management_resources = true diff --git a/variables.tf b/variables.tf index e8a9a402c..a62e9b194 100644 --- a/variables.tf +++ b/variables.tf @@ -85,6 +85,7 @@ variable "configure_management_resources" { log_analytics = optional(object({ enabled = optional(bool, true) config = optional(object({ + daily_quota_gb = optional(number, -1) retention_in_days = optional(number, 30) enable_monitoring_for_vm = optional(bool, true) enable_monitoring_for_vmss = optional(bool, true) From 9bef96d25cce52874ad5e379b5a93af2ad6a9218 Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Wed, 13 Nov 2024 12:54:36 +0000 Subject: [PATCH 09/11] chore: terraform fmt --- outputs.tf | 4 ++-- tests/modules/test_002_add_custom_core/main.tf | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/outputs.tf b/outputs.tf index f00dab2ca..7d8052941 100644 --- a/outputs.tf +++ b/outputs.tf @@ -273,11 +273,11 @@ output "azurerm_virtual_hub_connection" { } output "data_collection_rules" { - value = azapi_resource.data_collection_rule + value = azapi_resource.data_collection_rule description = "A map of the data collection rules created by this module." } output "ama_user_assigned_identity" { - value = azurerm_user_assigned_identity.management + value = azurerm_user_assigned_identity.management description = "The user assigned identity for Azure Monitor Agent that is created by this module." } diff --git a/tests/modules/test_002_add_custom_core/main.tf b/tests/modules/test_002_add_custom_core/main.tf index 0dcfcab47..50014cd10 100644 --- a/tests/modules/test_002_add_custom_core/main.tf +++ b/tests/modules/test_002_add_custom_core/main.tf @@ -34,7 +34,7 @@ module "test_core" { custom_landing_zones = module.settings.core.custom_landing_zones archetype_config_overrides = module.settings.core.archetype_config_overrides subscription_id_overrides = module.settings.core.subscription_id_overrides - deploy_diagnostics_for_mg = true + deploy_diagnostics_for_mg = true # Configuration settings for management resources deploy_management_resources = true From be38703435c679c2753cbd689c0bd4312f392c14 Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Wed, 13 Nov 2024 12:57:38 +0000 Subject: [PATCH 10/11] chore: update test dependencies --- tests/terratest/go.mod | 12 +--- tests/terratest/go.sum | 153 +++++------------------------------------ 2 files changed, 22 insertions(+), 143 deletions(-) diff --git a/tests/terratest/go.mod b/tests/terratest/go.mod index b7e915a4d..c399e97ae 100644 --- a/tests/terratest/go.mod +++ b/tests/terratest/go.mod @@ -1,8 +1,6 @@ module terratest -go 1.22.0 - -toolchain go1.22.3 +go 1.22.3 require ( github.com/Azure/terratest-terraform-fluent v0.8.1 @@ -13,7 +11,6 @@ require ( cloud.google.com/go v0.114.0 // indirect cloud.google.com/go/auth v0.5.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect - cloud.google.com/go/compute v1.27.0 // indirect cloud.google.com/go/compute/metadata v0.3.0 // indirect cloud.google.com/go/iam v1.1.8 // indirect cloud.google.com/go/storage v1.41.0 // indirect @@ -38,7 +35,6 @@ require ( github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect - github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/s2a-go v0.1.7 // indirect github.com/google/uuid v1.6.0 // indirect @@ -49,7 +45,7 @@ require ( github.com/gruntwork-io/terratest v0.46.15 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-getter v1.7.4 // indirect + github.com/hashicorp/go-getter v1.7.5 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-safetemp v1.0.0 // indirect github.com/hashicorp/go-version v1.7.0 // indirect @@ -100,13 +96,11 @@ require ( golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.22.0 // indirect - golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect google.golang.org/api v0.183.0 // indirect - google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto v0.0.0-20240604185151-ef581f913117 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 // indirect - google.golang.org/grpc v1.64.0 // indirect + google.golang.org/grpc v1.64.1 // indirect google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/tests/terratest/go.sum b/tests/terratest/go.sum index cd1d3da27..3c2893235 100644 --- a/tests/terratest/go.sum +++ b/tests/terratest/go.sum @@ -30,8 +30,6 @@ cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w9 cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc= cloud.google.com/go v0.102.1/go.mod h1:XZ77E9qnTEnrgEOvr4xzfdX5TRo7fB4T2F4O6+34hIU= cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRYtA= -cloud.google.com/go v0.110.8 h1:tyNdfIxjzaWctIiLYOTalaLKZ17SI44SKFW26QbOhME= -cloud.google.com/go v0.110.8/go.mod h1:Iz8AkXJf1qmxC3Oxoep8R1T36w8B92yU29PcBhHO5fk= cloud.google.com/go v0.114.0 h1:OIPFAdfrFDFO2ve2U7r/H5SwSbBzEdrBdE7xkgwc+kY= cloud.google.com/go v0.114.0/go.mod h1:ZV9La5YYxctro1HTPug5lXH/GefROyW8PPD4T8n9J8E= cloud.google.com/go/aiplatform v1.22.0/go.mod h1:ig5Nct50bZlzV6NvKaTwmplLLddFx0YReh9WfTO5jKw= @@ -74,12 +72,6 @@ cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU= cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U= cloud.google.com/go/compute v1.10.0/go.mod h1:ER5CLbMxl90o2jtNbGSbtfOpQKR0t15FOtRsugnLrlU= -cloud.google.com/go/compute v1.23.1 h1:V97tBoDaZHb6leicZ1G6DLK2BAaZLJ/7+9BB/En3hR0= -cloud.google.com/go/compute v1.23.1/go.mod h1:CqB3xpmPKKt3OJpW2ndFIXnA9A4xAy/F3Xp1ixncW78= -cloud.google.com/go/compute v1.27.0 h1:EGawh2RUnfHT5g8f/FX3Ds6KZuIBC77hZoDrBvEZw94= -cloud.google.com/go/compute v1.27.0/go.mod h1:LG5HwRmWFKM2C5XxHRiNzkLLXW48WwvyVC0mfWsYPOM= -cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= -cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/containeranalysis v0.5.1/go.mod h1:1D92jd8gRR/c0fGMlymRgxWD3Qw9C1ff6/T7mLgVL8I= @@ -119,8 +111,6 @@ cloud.google.com/go/gkehub v0.10.0/go.mod h1:UIPwxI0DsrpsVoWpLB0stwKCP+WFVG9+y97 cloud.google.com/go/grafeas v0.2.0/go.mod h1:KhxgtF2hb0P191HlY5besjYm6MqTSTj3LSI+M+ByZHc= cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY= cloud.google.com/go/iam v0.5.0/go.mod h1:wPU9Vt0P4UmCux7mqtRu6jcpPAb74cP1fh50J3QpkUc= -cloud.google.com/go/iam v1.1.3 h1:18tKG7DzydKWUnLjonWcJO6wjSCAtzh4GcRKlH/Hrzc= -cloud.google.com/go/iam v1.1.3/go.mod h1:3khUlaBXfPKKe7huYgEpDn6FtgRyMEqbkvBxrQyY5SE= cloud.google.com/go/iam v1.1.8 h1:r7umDwhj+BQyz0ScZMp4QrGXjSTI3ZINnpgU2nlB/K0= cloud.google.com/go/iam v1.1.8/go.mod h1:GvE6lyMmfxXauzNq8NbgJbeVQNspG+tcdL/W8QO1+zE= cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= @@ -183,8 +173,6 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9 cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y= cloud.google.com/go/storage v1.23.0/go.mod h1:vOEEDNFnciUMhBeT6hsJIn3ieU5cFRmzeLgDvXzfIXc= cloud.google.com/go/storage v1.27.0/go.mod h1:x9DOL8TK/ygDUMieqwfhdpQryTeEkhGKMi80i/iqR2s= -cloud.google.com/go/storage v1.33.0 h1:PVrDOkIC8qQVa1P3SXGpQvfuJhN2LHOoyZvWs8D2X5M= -cloud.google.com/go/storage v1.33.0/go.mod h1:Hhh/dogNRGca7IWv1RC2YqEn0c0G77ctA/OxflYkiD8= cloud.google.com/go/storage v1.41.0 h1:RusiwatSu6lHeEXe3kglxakAmAbfV+rhtPqA6i8RBx0= cloud.google.com/go/storage v1.41.0/go.mod h1:J1WCa/Z2FcgdEDuPUY8DxT5I+d9mFKsCepp5vR6Sq80= cloud.google.com/go/talent v1.1.0/go.mod h1:Vl4pt9jiHKvOgF9KoZo6Kob9oV4lwd/ZD5Cto54zDRw= @@ -201,8 +189,6 @@ cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoIS dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= -github.com/Azure/terratest-terraform-fluent v0.6.2 h1:5/nCvS/JF3v95DXxhERqMXKKlRF7kiLIWKAq4rzchR4= -github.com/Azure/terratest-terraform-fluent v0.6.2/go.mod h1:8YZJNfEu2fSDeRLz5W/2vUgZYHYFNXSMXh+3u/CA3o0= github.com/Azure/terratest-terraform-fluent v0.8.1 h1:nBi1qvQK5yQhginX/Hg45DtoVqCaI49fCm9odKd3WJo= github.com/Azure/terratest-terraform-fluent v0.8.1/go.mod h1:Qcuo6erKth1TBOYvYpBChvuhphBSq93l/SItxXg9nmo= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= @@ -216,8 +202,6 @@ github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmms github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= -github.com/aws/aws-sdk-go v1.45.28 h1:p2ATcaK6ffSw4yZ2UAGzgRyRXwKyOJY6ZCiKqj5miJE= -github.com/aws/aws-sdk-go v1.45.28/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go v1.53.17 h1:TwtYMzVBTaqPVj/pcemHRIgk01OycWEcEUyUUX0tpCI= github.com/aws/aws-sdk-go v1.53.17/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= @@ -242,16 +226,11 @@ github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM= -github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= -github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU= github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -273,34 +252,22 @@ github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3Bop github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= -github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= -github.com/go-openapi/jsonpointer v0.20.0 h1:ESKJdU9ASRfaPNOPRx12IUyA1vn3R9GiE3KYD14BXdQ= -github.com/go-openapi/jsonpointer v0.20.0/go.mod h1:6PGzBjjIIumbLYysB73Klnms1mwnU4G3YHOECG3CedA= github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= -github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= -github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= -github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= -github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= -github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= -github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI= -github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/go-test/deep v1.0.7 h1:/VSMRlnY/JSyqxQUzQLKVMAskpY/NZKFA5j2P+0pP2M= github.com/go-test/deep v1.0.7/go.mod h1:QV8Hv/iy04NyLBxAdO9njL0iVPN1S4d/A3NVv1V36o8= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= @@ -337,8 +304,6 @@ github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= @@ -371,9 +336,8 @@ github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXi github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= -github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw= -github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/martian/v3 v3.3.3 h1:DIhPTQrbPkgs2yJYdXU/eNACCG5DVQjySNRNlflZ9Fc= +github.com/google/martian/v3 v3.3.3/go.mod h1:iEPrYcgCF7jA9OtScMFQyAlZZ4YXTKEtJ1E6RWzmBA0= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -387,22 +351,19 @@ github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= -github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg= -github.com/googleapis/enterprise-certificate-proxy v0.3.1 h1:SBWmZhjUDRorQxrN0nwzf+AHBxnbFjViHQS4P0yVpmQ= -github.com/googleapis/enterprise-certificate-proxy v0.3.1/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs= github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= @@ -414,8 +375,6 @@ github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99 github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c= github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqEF02fYlzkUCyo= github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY= -github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas= -github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= github.com/googleapis/gax-go/v2 v2.12.4 h1:9gWcmF85Wvq4ryPFvGFaOgPIs1AQX0d0bcbGw4Z96qg= github.com/googleapis/gax-go/v2 v2.12.4/go.mod h1:KYEYLorsnIGDi/rPC8b5TdlB9kbKoFubselGIoBMCwI= github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= @@ -425,8 +384,6 @@ github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZH github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/gruntwork-io/go-commons v0.17.1 h1:2KS9wAqrgeOTWj33DSHzDNJ1FCprptWdLFqej+wB8x0= github.com/gruntwork-io/go-commons v0.17.1/go.mod h1:S98JcR7irPD1bcruSvnqupg+WSJEJ6xaM89fpUZVISk= -github.com/gruntwork-io/terratest v0.46.1 h1:dJ/y2/Li6yCDIc8KXY8PfydtrMRiXFb3UZm4LoPShPI= -github.com/gruntwork-io/terratest v0.46.1/go.mod h1:gl//tb5cLnbpQs1FTSNwhsrbhsoG00goCJPfOnyliiU= github.com/gruntwork-io/terratest v0.46.15 h1:qfqjTFveymaqe7aAWn3LjlK0SwVGpRfoOut5ggNyfQ8= github.com/gruntwork-io/terratest v0.46.15/go.mod h1:9bd22zAojjBBiYdsp+AR1iyl2iB6bRUVm2Yf1AFhfrA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -434,29 +391,21 @@ github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= -<<<<<<< feat/ama -github.com/hashicorp/go-getter v1.7.3 h1:bN2+Fw9XPFvOCjB0UOevFIMICZ7G2XSQHzfvLUyOM5E= -github.com/hashicorp/go-getter v1.7.3/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744= -======= ->>>>>>> main github.com/hashicorp/go-getter v1.7.4 h1:3yQjWuxICvSpYwqSayAdKRFcvBl1y/vogCxczWSmix0= github.com/hashicorp/go-getter v1.7.4/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744= +github.com/hashicorp/go-getter v1.7.5 h1:dT58k9hQ/vbxNMwoI5+xFYAJuv6152UNvdHokfI5wE4= +github.com/hashicorp/go-getter v1.7.5/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-safetemp v1.0.0 h1:2HR189eFNrjHQyENnQMMpCiBAsRxzbTMIgBhEyExpmo= github.com/hashicorp/go-safetemp v1.0.0/go.mod h1:oaerMy3BhqiTbVye6QuFhFtIceqFoDHxNAB65b+Rj1I= -github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY= github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/hcl/v2 v2.19.1 h1://i05Jqznmb2EXqa39Nsvyan2o5XyMowW5fnCKW5RPI= -github.com/hashicorp/hcl/v2 v2.19.1/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE= github.com/hashicorp/hcl/v2 v2.20.1 h1:M6hgdyz7HYt1UN9e61j+qKJBqR3orTWbI1HKBJEdxtc= github.com/hashicorp/hcl/v2 v2.20.1/go.mod h1:TZDqQ4kNKCbh1iJp99FdPiUaVDDUPivbqxZulxDYqL4= -github.com/hashicorp/terraform-json v0.17.1 h1:eMfvh/uWggKmY7Pmb3T85u86E2EQg6EQHgyRwf3RkyA= -github.com/hashicorp/terraform-json v0.17.1/go.mod h1:Huy6zt6euxaY9knPAFKjUITn8QxUFIe9VuSzb4zn/0o= github.com/hashicorp/terraform-json v0.22.1 h1:xft84GZR0QzjPVWs4lRUwvTcPnegqlyS7orfb5Ltvec= github.com/hashicorp/terraform-json v0.22.1/go.mod h1:JbWSQCLFSXFFhg42T7l9iJwdGXBYV8fmmD6o/ML4p3A= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= @@ -478,20 +427,15 @@ github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/X github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= -github.com/klauspost/compress v1.17.1 h1:NE3C767s2ak2bweCZo3+rdP4U/HoyVXLv/X9f2gPS5g= -github.com/klauspost/compress v1.17.1/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU= github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= -github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= @@ -516,10 +460,10 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/onsi/ginkgo/v2 v2.9.4 h1:xR7vG4IXt5RWx6FfIjyAtsoMAtnc3C/rFXBBd2AjZwE= -github.com/onsi/ginkgo/v2 v2.9.4/go.mod h1:gCQYp2Q+kSoIj7ykSVb9nskRSsR6PUj4AiLywzIhbKM= -github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE= -github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg= +github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g= +github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= +github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= +github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -530,8 +474,8 @@ github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= -github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= +github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= +github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= @@ -548,12 +492,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/tidwall/gjson v1.17.0 h1:/Jocvlh98kcTfpN2+JzGQWQcqrPQwDrVEMApx/M5ZwM= -github.com/tidwall/gjson v1.17.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/gjson v1.17.1 h1:wlYEnwqAHgzmhNUFfw7Xalt2JzQvsMx2Se4PcoFCT/U= github.com/tidwall/gjson v1.17.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= @@ -561,21 +501,13 @@ github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JT github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4= github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= -github.com/tmccombs/hcl2json v0.6.0 h1:Qc5NL4NQbpNnw8w8HQcA3GsVHvQDJXJwVTUxf2AEhOs= -github.com/tmccombs/hcl2json v0.6.0/go.mod h1:QNirG4H64ZvlFsy9werRxXlWNTDR1GhWzXkjqPILHwo= github.com/tmccombs/hcl2json v0.6.3 h1:yfZO7FYuWxSBAkxN1Dw+O9bjnK12vdwCDtSJDzw7haw= github.com/tmccombs/hcl2json v0.6.3/go.mod h1:VaIUbPyWiGThEKOsVZis0QHfMCnHLqD3IEbggSvQ8eY= github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8= -github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/urfave/cli/v2 v2.25.7 h1:VAzn5oq403l5pHjc4OhD54+XGO9cdKVL/7lDjF+iKUs= -github.com/urfave/cli/v2 v2.25.7/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ= github.com/urfave/cli/v2 v2.27.2 h1:6e0H+AkS+zDckwPCUrZkKX38mRaau4nL2uipkJpbkcI= github.com/urfave/cli/v2 v2.27.2/go.mod h1:g0+79LmHHATl7DAcHO99smiR/T7uGLw84w8Y42x+4eM= -github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU= -github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8= github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 h1:gEOO8jv9F4OT7lGCjxCBTO/36wtF6j2nSip77qHd4x4= github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -584,10 +516,10 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/zclconf/go-cty v1.14.1 h1:t9fyA35fwjjUMcmL5hLER+e/rEPqrbCK1/OSE4SI9KA= -github.com/zclconf/go-cty v1.14.1/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= github.com/zclconf/go-cty v1.14.4 h1:uXXczd9QDGsgu0i/QFR/hzI5NYCHLf6NQw/atrbnhq8= github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= +github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b h1:FosyBZYxY34Wul7O/MSKey3txpPYyCqVO5ZyceuQJEI= +github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -605,6 +537,8 @@ go.opentelemetry.io/otel v1.27.0 h1:9BZoF3yMK/O1AafMiQTVu0YDj5Ea4hPhxCs7sGva+cg= go.opentelemetry.io/otel v1.27.0/go.mod h1:DMpAK8fzYRzs+bi3rS5REupisuqTheUlSZJ1WnZaPAQ= go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik= go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak= +go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw= +go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg= go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5/Rscw= go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= @@ -614,8 +548,6 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= -golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -628,8 +560,6 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI= -golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo= golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 h1:LoYXNGAShUG3m/ehNk4iFctuhGX/+R1ZpfJ4/ia80JM= golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= @@ -707,8 +637,6 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -736,8 +664,6 @@ golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/oauth2 v0.1.0/go.mod h1:G9FE4dLTsbXUu90h/Pf85g4w1D+SSAgR+q46nJZ8M4A= -golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY= -golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0= golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -754,8 +680,6 @@ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ= -golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -821,15 +745,11 @@ golang.org/x/sys v0.0.0-20220624220833-87e55d714810/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= -golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= -golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -841,17 +761,12 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -908,8 +823,6 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= -golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA= golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -970,8 +883,6 @@ google.golang.org/api v0.96.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ google.golang.org/api v0.97.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= google.golang.org/api v0.98.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= google.golang.org/api v0.100.0/go.mod h1:ZE3Z2+ZOr87Rx7dqFsdRQkRBk36kDtp/h+QpHbB7a70= -google.golang.org/api v0.147.0 h1:Can3FaQo9LlVqxJCodNmeZW/ib3/qKAY3rFeXiHo5gc= -google.golang.org/api v0.147.0/go.mod h1:pQ/9j83DcmPd/5C9e2nFOdjjNkDZ1G+zkbK2uvdkJMs= google.golang.org/api v0.183.0 h1:PNMeRDwo1pJdgNcFQ9GstuLe/noWKIc89pRWRLMvLwE= google.golang.org/api v0.183.0/go.mod h1:q43adC5/pHoSZTx5h2mSmdF7NcyfW9JuDyIOJAgS9ZQ= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= @@ -981,8 +892,6 @@ google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= -google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= @@ -1084,16 +993,10 @@ google.golang.org/genproto v0.0.0-20221010155953-15ba04fc1c0e/go.mod h1:3526vdqw google.golang.org/genproto v0.0.0-20221014173430-6e2ab493f96b/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM= google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM= google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s= -google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b h1:+YaDE2r2OG8t/z5qmsh7Y+XXwCbvadxxZ0YY6mTdrVA= -google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:CgAqfJo+Xmu0GwA0411Ht3OU3OntXwsGmrmjI8ioGXI= google.golang.org/genproto v0.0.0-20240604185151-ef581f913117 h1:HCZ6DlkKtCDAtD8ForECsY3tKuaR+p4R3grlK80uCCc= google.golang.org/genproto v0.0.0-20240604185151-ef581f913117/go.mod h1:lesfX/+9iA+3OdqeCpoDddJaNxVB1AB6tD7EfqMmprc= -google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b h1:CIC2YMXmIhYw6evmhPxBKJ4fmLbOFtXQN/GV3XOZR8k= -google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:IBQ646DjkDkvUIsVq/cc03FUFQ9wbZu7yE396YcL870= google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 h1:+rdxYoE3E5htTEWIe15GlN6IfvbURM//Jt0mmkmm6ZU= google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117/go.mod h1:OimBR/bc1wPO9iV4NC2bpyjy3VnAwZh5EBPQdtaE5oo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b h1:ZlWIi1wSK56/8hn4QcBp/j9M7Gt3U/3hZw3mC7vDICo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc= google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 h1:1GBuWVLM/KMVUv1t1En5Gs+gFZCNd360GGb4sSxtrhU= google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= @@ -1131,10 +1034,10 @@ google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACu google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= -google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk= -google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= +google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA= +google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -1151,8 +1054,6 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= -google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -1178,28 +1079,16 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.28.3 h1:Gj1HtbSdB4P08C8rs9AR94MfSGpRhJgsS+GF9V26xMM= -k8s.io/api v0.28.3/go.mod h1:MRCV/jr1dW87/qJnZ57U5Pak65LGmQVkKTzf3AtKFHc= k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= -k8s.io/apimachinery v0.28.3 h1:B1wYx8txOaCQG0HmYF6nbpU8dg6HvA06x5tEffvOe7A= -k8s.io/apimachinery v0.28.3/go.mod h1:uQTKmIqs+rAYaq+DFaoD2X7pcjLOqbQX2AOiO0nIpb8= k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/client-go v0.28.3 h1:2OqNb72ZuTZPKCl+4gTKvqao0AMOl9f3o2ijbAj3LI4= -k8s.io/client-go v0.28.3/go.mod h1:LTykbBp9gsA7SwqirlCXBWtK0guzfhpoW4qSm7i9dxo= k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q= k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc= -k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= -k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a h1:zD1uj3Jf+mD4zmA7W+goE5TxDkI7OGJjBNBzq5fJtLA= k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= -k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= -k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= @@ -1207,11 +1096,7 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk= -sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= -sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= From b4c5428abc60ebb68471e159b6c6de40ebfb7897 Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Wed, 13 Nov 2024 13:38:59 +0000 Subject: [PATCH 11/11] fix: rename log to logscat policy assignment --- modules/management/locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/management/locals.tf b/modules/management/locals.tf index 22d252500..8416c9788 100644 --- a/modules/management/locals.tf +++ b/modules/management/locals.tf @@ -616,7 +616,7 @@ locals { Deploy-AzActivity-Log = { logAnalytics = local.log_analytics_workspace_resource_id } - Deploy-Diag-Logs = { + Deploy-Diag-LogsCat = { logAnalytics = local.log_analytics_workspace_resource_id } }