Skip to content
This repository has been archived by the owner on Jul 26, 2024. It is now read-only.

blinQ: Template updates, support for Enterprise Scale module v3.0.0 #439

Closed
wants to merge 150 commits into from
Closed

blinQ: Template updates, support for Enterprise Scale module v3.0.0 #439

wants to merge 150 commits into from

Conversation

heintonny
Copy link

Issue-id

PR Checklist

  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • [X ] My code follows the code style of this project.
  • [X ] I ran lint checks locally prior to submission.
  • [] Have you checked to ensure there aren't other open Pull Requests for the same update/change?

Description

This pull request might overlap with some of the commits in PR 436. We probably need to discuss this PR in our next meeting.
Main topic for this PR is:

  • Fix some bugs in Ansible template for multi subscription deployment
  • Add support for enterprise scale module v3.0.0 to deploy core landing zones and policy
  • Template workaround for: Validation for Group ownership is broken microsoftgraph/msgraph-metadata#92
  • Add support for sub_sandbox in template
  • Add Ansible logic to create private endpoints and user defined routes. This is required so that lz resources don't brake policy requirements and downgrade the security score. Target should be 100% score for lz resources, this needs some more work and discussions about the bootstrap process and when and how public endpoints should be closed by Ansible configuration updates
  • +++

MS might not want to include all these commits based on target architecture decisions, but we belive most of the contribution will benefit the community.

Does this introduce a breaking change

  • YES
  • NO

Testing

We have tested the template version locally

heintonny added 30 commits September 18, 2022 11:08
Fix issues with gitops_agent, vnet service delegation and configured …
feed6df 
…storage account and keyvault firewall to Allow all: for some reason bootstrap from Github Codespace don't work with storage account and keyvault firewall rules
Update ignite.yaml and caf_platform_prod_nonprod.yaml, to support upd…
1cedd38 
…ated rover agent ++
Added templates/platform/level1/alz/lib/v2.4.0
ead2b30
Updated reference to landingzone repository, set blinqas/caf-terrafor…
5bf8bfc 
…m-landingzones.git
Change privat_endpoints from false to true, change timezone to W. Eur…
96ba778 
…ope Standard Time for template/asvm
Change privat_endpoints from false to true, change timezone to W. Eur…
65c7ddf 
…ope Standard Time for template/asvm
Bootstrap bsdev
1e22682
Update landingzone module branch to blinq-5.6.0
76a3c6f
Change default_action back to Deny
dc2e7b0
Set clean_up_destination_folder: False,
db671b7 
Added private_endpoints and private_dns to launchpad
Removed submodeul aztfmod
9a3207e
Removed submodeul aztfmod
be954a2
Removed submodeul aztfmod
57cb3c3
Added submodule for azure-caf pointing at blinqas/terraform-azurerm-caf
0299845
Fix obious issues when upgrading to azurerm v3.29.1
fd92975
Fix obious issues when upgrading to azurerm v3.29.1
ac3b38f
Created branch blinq-azurerm-v3.29.1
5b89ec8
Update azapi source azure/azapi
6df0ca8
Add anible logic to populate private_dns zone in launchpad
e835d4c
Update template, new rover agent and change container_group to use se…
b434b3e 
…cure_variable_from_command
Fix issue with private_dns zone and upgrade rover image
a8f51e7
Update azure-caf-module submodule branch to blinq-5.6.2
f2a5152
Update platform/template with public_network_access_enabled = true fo…
31e562f 
…r storageaccounts and keyvaults
Template updates agent_token,
ef6e019 
public_network_access_enabled,
subnet_ids +++
cpython-cache
5e7cfb1
Update allow-no-subscriptions: true for all
62eef18 
Github pipelines and fix minor issues.
Fix private dns in private endpoints for
f5f990c 
keyvaults and storage accounts
Update deploy_platform.sh to get
040cc84 
and set env.var. for GITHUB org and repo.
Fix walk-through.yaml to support both
853e630 
normal user and serviceprincipal login
Debug walk-trhough-yaml
06c238d
Hein Tonny Køien added 22 commits December 19, 2022 23:05
Fix minor issue with resourceGroupName missing -
fb6d543
Update minor changes to template service
f9476f2 
launchpad.yaml - remove "if rout_table is defined"
Template: Fix file name issue for
6944dcd 
azurerm_routes and route_table
Template: Fix issues with routes and route tables
8067266
Template: fix issues with rout_tables and routes
cbd1651
Template: fix issue with virtual_networks.tfvars.j2,
600db9a 
missing information about the new route_table_key.
Template: fix issue with internet route, 0.0.0.0/0
eb9dccc
Template: Fix issue with archtype_config access_control. Template ref…
4c7c0f2 
…er to caf_environment for role prefix, should be alz_mg_prefix.
Template: Fix issue with archtype_config_overrides.tfvars.j2, refer t…
0759772 
…o level.archtype_resources, should be level.archtype_config according to yaml file.
Template: Fix naming issue for Azure AD Group Identity, show up as <p…
738b34d 
…refix>-caf-identity, should be <prefix>-identity accourding to the other Azure AD groups.
Template: Update rover from 1.3.4-2211.2307 to 1.3.6-2212.011747-preview
2c60494
Archtype update temporarly removed security contact update on subscri…
5529570 
…ption. Created custom policy set definition and assignment for MDFC config.
Template update - add policy set definition, definition and assignmen…
1f2eb7d 
…t for MDFC config. Add walkthrough variable for minimalSeverity and update archtype_config_overrides.
Fix issue template, rename Deploy-MDFC-Config to Deploy-MDFC-Config-CAF
4194ba6
Fix issue template: Deploy-ASC-SecurityContacts-CAF
1b04486
Revert change for lib/v2.4.0
10670ee
Update Deploy-MDFC-Config to Deploy-MDFC-Config-CAF
596c538
Update deploy_platform.sh
72db74f
Add support for sub_sandbox
49168f0
Prepare branch for pull request with Microsoft
224e107
Prepare branch for pull request with Microsoft
762e8e0
Prepare branch for pull request with Microsoft
4037f24
@heintonny heintonny changed the base branch from main to int-5.6.0 December 29, 2022 23:33
@heintonny
Copy link
Author

Changed base to int-5.6.0 branch that we used as a starting point.

heintonny
heintonny commented Dec 29, 2022
View reviewed changes
templates/ansible/walk-through-bootstrap.yaml
@@ -16,7 +16,7 @@
- name: customer_name
prompt: Set the short version of your customer name with no spaces
private: no
default: contoso
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No point to change the default, let's keep the contoso

templates/ansible/walk-through-bootstrap.yaml
@@ -26,7 +26,7 @@
- name: prefix
prompt: Set the prefix to add to all resource.
private: no
default: caf
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No point to change the default, let's keep caf

@heintonny heintonny changed the title Blinq 5.8.0 blinQ: Template updates, support for Enterprise Scale module v3.0.0 Dec 30, 2022
@arnaudlh arnaudlh changed the base branch from int-5.6.0 to fix.bootstrap_order March 22, 2023 06:59
@LaurentLesle
Copy link
Contributor

Will not merge it as 5.6.9 will include it

@heintonny heintonny deleted the blinq-5.8.0 branch July 28, 2023 07:01
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@heintonny @LaurentLesle