Feat/policy refactor (#3) (v4.0.0 compatible) #740
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ) | ||
| parameter_store.put_parameter(f"cross_region/{key}/{region}", value) | ||
| parameter_store.put_parameter(f"/cross_region/{key}/{region}", value) |
There was a problem hiding this comment.
Shouldn't we prefix ADF as we do for all of ADFv4 params?
There was a problem hiding this comment.
yes, you're right. Good catch!
There was a problem hiding this comment.
This is actually already done by the parameter_store class. (L100)
* Starting refactor of policy application * initial testing * Unit tests for OrganisationPolicy class * Linting * wip * Merging * sìos leis a' Bheurla * Resetting generate params * Fixing spelling mistakes * Updating documentation * Apply suggestions from code review Co-authored-by: Simon Kok <sbkok@users.noreply.github.com> * Update src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/organization_policy_campaign.py Co-authored-by: Simon Kok <sbkok@users.noreply.github.com> * Update src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/main.py Co-authored-by: Simon Kok <sbkok@users.noreply.github.com> * Update src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/organization_policy_campaign.py Co-authored-by: Simon Kok <sbkok@users.noreply.github.com> * fixing tests * fixing linting * linting again * temp remove assertion * updating logging * running black with ll 80 * linting * Tox no longer complaining --------- Co-authored-by: Simon Kok <mail@simonkok.com> Co-authored-by: Simon Kok <sbkok@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Why?
A refactor of how policies (SCP/Tagging) are managed.
Provides backwards compatibility with the current process whilst enabling an additional folder "adf-policies" that allows for SCPs, Tagging policies (and potentially more) to be defined in a central location. Allowing for policies to be-used across multiple targets. (Currently supports OU-names, but also supports extension going forward)
Issue #, if available:
What?
Description of changes:
Creates a new concept called Policy Campaigns. Which is an object used to orchestrate the updating of policies and their targets.
Policy Campaigns have a list of Policies that require creating. (A policy is classed as requiring creation when a policy with the same name does not exist). Policies that require updating (A policy is classed as requiring updating when an existing policy has a different content) and policies that require deleting (Any policy that is ADF managed but does not receive an interaction throughout the campaign is considered for deletion)
Policies themselves do similar logic for targets, and depending on the adf config, a target will either have the default SCP maintained or removed.
The overall logic is the same for the legacy policy management, the primary difference is that adf-policies is now an optional source for policies.
By submitting this pull request, I confirm that you can use, modify, copy, and
redistribute this contribution, under the terms of your choice.