Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Include all fix to a workable version for mooncake (Azure China) #1759

Merged
merged 46 commits into from
Oct 29, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
46 commits
Select commit Hold shift + click to select a range
aa5ab2d
Fix UI issue for China region
yuanzhang9 Jul 20, 2024
3422598
Fix UI issue for China region
yuanzhang9 Jul 20, 2024
5b0510d
Disable DDoS protection option for Azure China
yuanzhang9 Jul 20, 2024
fc9ae38
Disable DDoS protection for Azure China, #2
yuanzhang9 Jul 20, 2024
50de714
Disable DDoS protection for Azure China, Azure#3
yuanzhang9 Jul 20, 2024
2d4eada
Update for private DNS zone policies and assignenmt
yuanzhang9 Jul 24, 2024
f636772
Update for policy VM Auto Shutdown and initiative assignment Regulato…
yuanzhang9 Jul 25, 2024
5d77c32
Update for policy VM Autoshudown and role assignment
yuanzhang9 Jul 25, 2024
c177bd9
Update for Decom Policy Set
yuanzhang9 Jul 25, 2024
1dcfe7a
Update for role definition in mooncake
yuanzhang9 Jul 25, 2024
52519b5
Update the policy, initiatives, roles generated via bicep
yuanzhang9 Jul 25, 2024
8f21e5f
Update to adopt Mooncake
yuanzhang9 Aug 2, 2024
791f11a
Correction on policy assignment name
yuanzhang9 Aug 5, 2024
fe9f166
Update on policyset definition name by adding "AzureChinaCloud"
yuanzhang9 Aug 5, 2024
819f220
Remove duplicated load for PolicySet Enforce-Storage
yuanzhang9 Aug 5, 2024
776be0a
Update policyset definition metadata
yuanzhang9 Aug 5, 2024
ac3f105
Update to cope with missing build-in policy in policyset
yuanzhang9 Aug 5, 2024
49ab8e7
Update for missing buid-in policy
yuanzhang9 Aug 5, 2024
6686ae2
Update for policyset definition due to missing build-in policy
yuanzhang9 Aug 6, 2024
7686bea
Fix policyset definition for mooncake
yuanzhang9 Aug 6, 2024
d4266cc
update bicep file
yuanzhang9 Aug 6, 2024
3c66029
Correction on policyset definition and assignment
yuanzhang9 Aug 6, 2024
83247d2
Update policyset for mooncake due to missing build-in policy
yuanzhang9 Aug 6, 2024
c0718c8
Update for Policy and Initiatives
yuanzhang9 Aug 16, 2024
d9af1bd
Fix policy for VM auto shutdown
yuanzhang9 Aug 16, 2024
2a0645a
Fix VM Auto shutdown policy for China
yuanzhang9 Aug 16, 2024
f01dca5
Fix initiative ALZ Decommission
yuanzhang9 Aug 16, 2024
b5c8e63
update bicep and building json file
yuanzhang9 Aug 16, 2024
56f8ce2
Exclude mooncake for diag logs policy and MG
yuanzhang9 Aug 16, 2024
798e305
Typo fixed by adding items
yuanzhang9 Aug 16, 2024
f0e9a25
Update private DNS zone policy assignment
yuanzhang9 Aug 16, 2024
f7fbfe5
Update mdfc configuration with API version to 2023-01-01 as 2024-01-0…
yuanzhang9 Aug 17, 2024
8b5146e
update based on Sacha'f review comments
yuanzhang9 Sep 30, 2024
382f0b8
Update to hide vWAN routing intent for mooncake
yuanzhang9 Sep 30, 2024
cf43677
Update to hide vWAN routing intent for mooncake in Sencondary region
yuanzhang9 Sep 30, 2024
9eef107
Delete eslzArm/managementGroupTemplates/roleDefinitions/customRoleDef…
yuanzhang9 Oct 18, 2024
ec6177a
Update to hide vWAN routing intent for mooncake in Sencondary region
yuanzhang9 Oct 18, 2024
fbea8cc
Add files via upload
yuanzhang9 Oct 18, 2024
c64f1e6
Merge branch 'chinafix' of https://github.com/yuanzhang9/Enterprise-S…
yuanzhang9 Oct 18, 2024
007cfdf
Recomit to exclude auto-generated file
yuanzhang9 Oct 18, 2024
e553d52
Merge branch 'chinafix' of https://github.com/yuanzhang9/Enterprise-S…
yuanzhang9 Oct 18, 2024
36471aa
Update initiative
yuanzhang9 Oct 22, 2024
6d1a172
Fix single subscripition issue for diag on MG
yuanzhang9 Oct 22, 2024
4c7c09e
Solve file conflicts for PR #1759
yuanzhang9 Oct 22, 2024
72045bd
Solve file conflicts for PR Azure#1759
yuanzhang9 Oct 22, 2024
9fec05f
Merge branch 'SovereignChina' into chinafix
Springstone Oct 22, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file modified docs/wiki/media/ALZ Policy Assignments v2.xlsx
Binary file not shown.
Binary file not shown.
Binary file modified docs/wiki/media/North Star process visuals.pptx
Binary file not shown.
Binary file modified docs/wiki/media/NorthStar Networking images.pptx
Binary file not shown.
40 changes: 20 additions & 20 deletions eslzArm/eslz-portal.json
Original file line number Diff line number Diff line change
Expand Up @@ -278,7 +278,7 @@
{
"name": "cuaSettingsInfo",
"type": "Microsoft.Common.InfoBox",
"visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]",
"visible": true,
"options": {
"text": "Microsoft can identify the deployments of the Azure Resource Manager templates with the deployed Azure resources. Microsoft collects this information to provide the best experiences with their products and to operate their business. The telemetry is collected through customer usage attribution. The data is collected and governed by Microsoft's privacy policies, located at the trust center. Visit this link to find out more.",
"uri": "https://github.com/Azure/Enterprise-Scale/wiki/Deploying-Enterprise-Scale-CustomerUsage",
Expand All @@ -288,9 +288,9 @@
{
"name": "telemetryOptOut",
"type": "Microsoft.Common.OptionsGroup",
"visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]",
"visible": true,
"label": "Customer Usage Selection Options",
"defaultValue": "[if(equals(steps('basics').cloudEnvironment.selection, 'AzureCloud'), 'Enabled', 'Disabled')]",
"defaultValue": "['Enabled']",
"constraints": {
"allowedValues": [
{
Expand All @@ -306,7 +306,7 @@
}
}
],
"visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]"
"visible": true
}
]
},
Expand Down Expand Up @@ -524,7 +524,7 @@
}
]
},
"visible": "[equals(steps('management').enableLogAnalytics,'Yes')]"
"visible": "[and(equals(steps('management').enableLogAnalytics,'Yes'), equals(steps('basics').cloudEnvironment.selection, 'AzureCloud'))]"
},
{
"name": "enableUpdateMgmt",
Expand Down Expand Up @@ -1495,7 +1495,7 @@
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable DDoS Network Protection",
"defaultValue": "Yes (recommended)",
"visible": "[not(equals(steps('connectivity').enableHub, 'No'))]",
"visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('basics').cloudEnvironment.selection, 'AzureChinaCloud')))]",
"toolTip": "If 'Yes' is selected when also adding a connectivity subscription, DDoS Network Protection will be enabled on the connectivity virtual network. Please note that DDoS Network Protection does incur additional costs that need to be considered, for more information: <a href=\"https://azure.microsoft.com/en-us/pricing/details/ddos-protection/#pricing\">DDoS Network Protection pricing</a>.",
"constraints": {
"allowedValues": [
Expand Down Expand Up @@ -2757,7 +2757,7 @@
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable vWAN Routing Intent",
"defaultValue": "No",
"visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').enableAzFw, 'Yes'))]",
"visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').enableAzFw, 'Yes'), not(equals(steps('basics').cloudEnvironment.selection, 'AzureChinaCloud')))]",
"toolTip": "Enable vWan Routing Intent and set Azure Firewall as the next hop either for Internet Traffic, Private Traffic or both",
"constraints": {
"allowedValues": [
Expand Down Expand Up @@ -3872,7 +3872,7 @@
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable vWAN Routing Intent in your second",
"defaultValue": "No",
"visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').esNetworkSecondarySubSection.enableAzFwSecondary, 'Yes'))]",
"visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').esNetworkSecondarySubSection.enableAzFwSecondary, 'Yes'), not(equals(steps('basics').cloudEnvironment.selection, 'AzureChinaCloud')))]",
"toolTip": "Enable vWan Routing Intent and set Azure Firewall as the next hop either for Internet Traffic, Private Traffic or both",
"constraints": {
"allowedValues": [
Expand Down Expand Up @@ -4526,7 +4526,7 @@
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable DDoS Network Protection",
"defaultValue": "Yes (recommended)",
"visible": "[and(not(equals(steps('connectivity').enableHub,'No')),equals(steps('connectivity').enableDdoS,'Yes'))]",
"visible": "[and(not(equals(steps('connectivity').enableHub,'No')),equals(steps('connectivity').enableDdoS,'Yes'), not(equals(steps('basics').cloudEnvironment.selection, 'AzureChinaCloud')))]",
"toolTip": "If 'Yes' is selected when also adding a connectivity subscription earlier, DDoS Network Protection will be enabled.<br>Uses the policy <a href=\"https://www.azadvertizer.net/azpolicyadvertizer/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d.html\">Virtual networks should be protected by Azure DDoS Protection Standard</a>.",
"constraints": {
"allowedValues": [
Expand Down Expand Up @@ -4615,7 +4615,7 @@
}
]
},
"visible": "[equals(steps('management').enableLogAnalytics,'Yes')]"
"visible": "[and(equals(steps('management').enableLogAnalytics,'Yes'), equals(steps('basics').cloudEnvironment.selection, 'AzureCloud'))]"
},
{
"name": "enableVmssMonitoring",
Expand All @@ -4639,7 +4639,7 @@
}
]
},
"visible": "[equals(steps('management').enableLogAnalytics,'Yes')]"
"visible": "[and(equals(steps('management').enableLogAnalytics,'Yes'), equals(steps('basics').cloudEnvironment.selection, 'AzureCloud'))]"
},
{
"name": "enableVmHybridMonitoring",
Expand All @@ -4663,7 +4663,7 @@
}
]
},
"visible": "[equals(steps('management').enableLogAnalytics,'Yes')]"
"visible": "[and(equals(steps('management').enableLogAnalytics,'Yes'), equals(steps('basics').cloudEnvironment.selection, 'AzureCloud'))]"
},
{
"name": "enableAksPolicy",
Expand Down Expand Up @@ -5047,10 +5047,10 @@
}
]
},
"visible": true
"visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]"
}
],
"visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]"
"visible": true
},
{
"name": "corpOnlineSettingsInfo",
Expand Down Expand Up @@ -5266,7 +5266,7 @@
"visible": true
}
],
"visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]"
"visible": true
},
{
"name": "onlineSection",
Expand Down Expand Up @@ -5312,7 +5312,7 @@
}
}
],
"visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]"
"visible": true
}
]
},
Expand Down Expand Up @@ -7671,7 +7671,7 @@
{
"name": "decommSettingsInfo",
"type": "Microsoft.Common.InfoBox",
"visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]",
"visible": true,
"options": {
"text": "The following policies will be enabled: <ul><li>Deny the deployment of new resources<li>Deploy an auto VM shutdown policy at UTC 00:00</ul>",
"uri": "https://aka.ms/alz/policies",
Expand Down Expand Up @@ -7703,7 +7703,7 @@
"visible": true
}
],
"visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]"
"visible": true
},
{
"name": "sandboxSection",
Expand All @@ -7713,7 +7713,7 @@
{
"name": "sandboxSettingsInfo",
"type": "Microsoft.Common.InfoBox",
"visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]",
"visible": true,
"options": {
"text": "The following policies will be enabled: <ul><li>Deny vNET peering across subscriptions<li>Deny the deployment of vWAN/ER/VPN gateways</ul>",
"uri": "https://aka.ms/alz/policies",
Expand Down Expand Up @@ -7745,7 +7745,7 @@
"visible": true
}
],
"visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]"
"visible": true
}
]
},
Expand Down
Loading
Loading