Skip to content

Commit

Permalink
Merge branch 'main' of https://github.com/Azure/bicep-registry-modules
Browse files Browse the repository at this point in the history 
…into avm-authorization-policyexemptions
  • Loading branch information
@oZakari
oZakari committed Dec 12, 2024
2 parents 15e0e9f + fb77b43 commit 58477dd
Show file tree
Hide file tree
Showing 169 changed files with 8,159 additions and 4,596 deletions.
1 change: 1 addition & 0 deletions .github/CODEOWNERS
View file
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,7 @@
/avm/res/network/network-manager/ @Azure/avm-res-network-networkmanager-module-owners-bicep @Azure/avm-module-reviewers-bicep
/avm/res/network/network-security-group/ @Azure/avm-res-network-networksecuritygroup-module-owners-bicep @Azure/avm-module-reviewers-bicep
/avm/res/network/network-watcher/ @Azure/avm-res-network-networkwatcher-module-owners-bicep @Azure/avm-module-reviewers-bicep
/avm/res/network/p2s-vpn-gateway/ @Azure/avm-res-network-p2svpngateway-module-owners-bicep @Azure/avm-module-reviewers-bicep
/avm/res/network/private-dns-zone/ @Azure/avm-res-network-privatednszone-module-owners-bicep @Azure/avm-module-reviewers-bicep
/avm/res/network/private-endpoint/ @Azure/avm-res-network-privateendpoint-module-owners-bicep @Azure/avm-module-reviewers-bicep
/avm/res/network/private-link-service/ @Azure/avm-res-network-privatelinkservice-module-owners-bicep @Azure/avm-module-reviewers-bicep
Expand Down
1 change: 1 addition & 0 deletions .github/ISSUE_TEMPLATE/avm_module_issue.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,6 +165,7 @@ body:
- "avm/res/network/network-manager"
- "avm/res/network/network-security-group"
- "avm/res/network/network-watcher"
- "avm/res/network/p2s-vpn-gateway"
- "avm/res/network/private-dns-zone"
- "avm/res/network/private-endpoint"
- "avm/res/network/private-link-service"
Expand Down
88 changes: 88 additions & 0 deletions .github/workflows/avm.res.network.p2s-vpn-gateway.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
name: "avm.res.network.p2s-vpn-gateway"

on:
workflow_dispatch:
inputs:
staticValidation:
type: boolean
description: "Execute static validation"
required: false
default: true
deploymentValidation:
type: boolean
description: "Execute deployment validation"
required: false
default: true
removeDeployment:
type: boolean
description: "Remove deployed module"
required: false
default: true
customLocation:
type: string
description: "Default location overwrite (e.g., eastus)"
required: false
push:
branches:
- main
paths:
- ".github/actions/templates/avm-**"
- ".github/workflows/avm.template.module.yml"
- ".github/workflows/avm.res.network.p2s-vpn-gateway.yml"
- "avm/res/network/p2s-vpn-gateway/**"
- "avm/utilities/pipelines/**"
- "!avm/utilities/pipelines/platform/**"
- "!*/**/README.md"

env:
modulePath: "avm/res/network/p2s-vpn-gateway"
workflowPath: ".github/workflows/avm.res.network.p2s-vpn-gateway.yml"

concurrency:
group: ${{ github.workflow }}

jobs:
###########################
# Initialize pipeline #
###########################
job_initialize_pipeline:
runs-on: ubuntu-latest
name: "Initialize pipeline"
steps:
- name: "Checkout"
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: "Set input parameters to output variables"
id: get-workflow-param
uses: ./.github/actions/templates/avm-getWorkflowInput
with:
workflowPath: "${{ env.workflowPath}}"
- name: "Get module test file paths"
id: get-module-test-file-paths
uses: ./.github/actions/templates/avm-getModuleTestFiles
with:
modulePath: "${{ env.modulePath }}"
outputs:
workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }}
moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }}
psRuleModuleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.psRuleModuleTestFilePaths }}
modulePath: "${{ env.modulePath }}"

##############################
# Call reusable workflow #
##############################
call-workflow-passing-data:
name: "Run"
permissions:
id-token: write # For OIDC
contents: write # For release tags
needs:
- job_initialize_pipeline
uses: ./.github/workflows/avm.template.module.yml
with:
workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}"
moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}"
psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}"
modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}"
secrets: inherit
46 changes: 43 additions & 3 deletions avm/ptn/authorization/policy-assignment/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,12 @@ module policyAssignment 'br/public:avm/ptn/authorization/policy-assignment:<vers
additionalManagementGroupsIDsToAssignRbacTo: [
'<name>'
]
additionalResourceGroupResourceIDsToAssignRbacTo: [
'<resourceId>'
]
additionalSubscriptionIDsToAssignRbacTo: [
'<subscriptionId>'
]
description: '[Description] Policy Assignment at the management group scope'
displayName: '[Display Name] Policy Assignment at the management group scope'
enforcementMode: 'DoNotEnforce'
Expand All @@ -149,7 +155,7 @@ module policyAssignment 'br/public:avm/ptn/authorization/policy-assignment:<vers
}
]
notScopes: [
'/subscriptions/<value>/resourceGroups/validation-rg'
'<resourceId>'
]
overrides: [
{
Expand Down Expand Up @@ -225,6 +231,16 @@ module policyAssignment 'br/public:avm/ptn/authorization/policy-assignment:<vers
"<name>"
]
},
"additionalResourceGroupResourceIDsToAssignRbacTo": {
"value": [
"<resourceId>"
]
},
"additionalSubscriptionIDsToAssignRbacTo": {
"value": [
"<subscriptionId>"
]
},
"description": {
"value": "[Description] Policy Assignment at the management group scope"
},
Expand Down Expand Up @@ -259,7 +275,7 @@ module policyAssignment 'br/public:avm/ptn/authorization/policy-assignment:<vers
},
"notScopes": {
"value": [
"/subscriptions/<value>/resourceGroups/validation-rg"
"<resourceId>"
]
},
"overrides": {
Expand Down Expand Up @@ -336,6 +352,12 @@ param policyDefinitionId = '/providers/Microsoft.Authorization/policySetDefiniti
param additionalManagementGroupsIDsToAssignRbacTo = [
'<name>'
]
param additionalResourceGroupResourceIDsToAssignRbacTo = [
'<resourceId>'
]
param additionalSubscriptionIDsToAssignRbacTo = [
'<subscriptionId>'
]
param description = '[Description] Policy Assignment at the management group scope'
param displayName = '[Display Name] Policy Assignment at the management group scope'
param enforcementMode = 'DoNotEnforce'
Expand All @@ -353,7 +375,7 @@ param nonComplianceMessages = [
}
]
param notScopes = [
'/subscriptions/<value>/resourceGroups/validation-rg'
'<resourceId>'
]
param overrides = [
{
Expand Down Expand Up @@ -1179,6 +1201,8 @@ param userAssignedIdentityId = '<userAssignedIdentityId>'
| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`additionalManagementGroupsIDsToAssignRbacTo`](#parameter-additionalmanagementgroupsidstoassignrbacto) | array | An array of additional management group IDs to assign RBAC to for the policy assignment if it has an identity. |
| [`additionalResourceGroupResourceIDsToAssignRbacTo`](#parameter-additionalresourcegroupresourceidstoassignrbacto) | array | An array of additional Resource Group Resource IDs to assign RBAC to for the policy assignment if it has an identity, only supported for Management Group Policy Assignments. |
| [`additionalSubscriptionIDsToAssignRbacTo`](#parameter-additionalsubscriptionidstoassignrbacto) | array | An array of additional Subscription IDs to assign RBAC to for the policy assignment if it has an identity, only supported for Management Group Policy Assignments. |
| [`description`](#parameter-description) | string | This message will be part of response in case of policy violation. |
| [`displayName`](#parameter-displayname) | string | The display name of the policy assignment. Maximum length is 128 characters. |
| [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. |
Expand Down Expand Up @@ -1219,6 +1243,22 @@ An array of additional management group IDs to assign RBAC to for the policy ass
- Type: array
- Default: `[]`

### Parameter: `additionalResourceGroupResourceIDsToAssignRbacTo`

An array of additional Resource Group Resource IDs to assign RBAC to for the policy assignment if it has an identity, only supported for Management Group Policy Assignments.

- Required: No
- Type: array
- Default: `[]`

### Parameter: `additionalSubscriptionIDsToAssignRbacTo`

An array of additional Subscription IDs to assign RBAC to for the policy assignment if it has an identity, only supported for Management Group Policy Assignments.

- Required: No
- Type: array
- Default: `[]`

### Parameter: `description`

This message will be part of response in case of policy violation.
Expand Down
8 changes: 8 additions & 0 deletions avm/ptn/authorization/policy-assignment/main.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,12 @@ param managementGroupId string = managementGroup().name
@sys.description('Optional. An array of additional management group IDs to assign RBAC to for the policy assignment if it has an identity.')
param additionalManagementGroupsIDsToAssignRbacTo array = []

@sys.description('Optional. An array of additional Subscription IDs to assign RBAC to for the policy assignment if it has an identity, only supported for Management Group Policy Assignments.')
param additionalSubscriptionIDsToAssignRbacTo array = []

@sys.description('Optional. An array of additional Resource Group Resource IDs to assign RBAC to for the policy assignment if it has an identity, only supported for Management Group Policy Assignments.')
param additionalResourceGroupResourceIDsToAssignRbacTo array = []

@sys.description('Optional. The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment.')
param subscriptionId string = ''

Expand Down Expand Up @@ -117,6 +123,8 @@ module policyAssignment_mg 'modules/management-group.bicep' = if (empty(subscrip
overrides: !empty(overrides) ? overrides : []
resourceSelectors: !empty(resourceSelectors) ? resourceSelectors : []
additionalManagementGroupsIDsToAssignRbacTo: additionalManagementGroupsIDsToAssignRbacTo
additionalSubscriptionIDsToAssignRbacTo: additionalSubscriptionIDsToAssignRbacTo
additionalResourceGroupResourceIDsToAssignRbacTo: additionalResourceGroupResourceIDsToAssignRbacTo
}
}

Expand Down
Loading

0 comments on commit 58477dd

Please sign in to comment.