feat(new): Added Azure.ServiceBus.GeoReplica (Azure#2989)

* feat(new): Added Azure.ServiceBus.GeoReplica * feat: Updated Azure.ServiceBus.GeoReplica * Update docs/en/rules/Azure.ServiceBus.GeoReplica.md Co-authored-by: Bernie White <[email protected]> * Update docs/en/rules/Azure.ServiceBus.GeoReplica.md Co-authored-by: Bernie White <[email protected]> * Update docs/en/rules/Azure.ServiceBus.GeoReplica.md Co-authored-by: Bernie White <[email protected]> --------- Co-authored-by: Bernie White <[email protected]>
BernieWhite · Jul 16, 2024 · 9dfb8c5 · 9dfb8c5
1 parent 1c8de18
commit 9dfb8c5
Show file tree

Hide file tree

Showing 5 changed files with 220 additions and 8 deletions.
diff --git a/docs/CHANGELOG-v1.md b/docs/CHANGELOG-v1.md
@@ -29,6 +29,11 @@ See [upgrade notes][1] for helpful information when upgrading from previous vers
 
 ## Unreleased
 
+- New rules:
+  - Service Bus:
+    - Verify that service bus namespaces have geo-replication configured by @BenjaminEngeset.
+      [#2988](https://github.com/Azure/PSRule.Rules.Azure/issues/2988)
+
 What's changed since v1.38.0:
 
 - New rules:

diff --git a/docs/en/rules/Azure.ServiceBus.GeoReplica.md b/docs/en/rules/Azure.ServiceBus.GeoReplica.md
@@ -0,0 +1,131 @@
+---
+severity: Important
+pillar: Reliability
+category: RE:05 Redundancy
+resource: Service Bus
+online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.ServiceBus.GeoReplica/
+---
+
+# Geo-replication
+
+## SYNOPSIS
+
+Enhance resilience to regional outages by replicating namespaces.
+
+## DESCRIPTION
+
+By default, an service bus namespace and its data and metadata is in a single region.
+
+The geo-replication feature ensures that the metadata and data of a namespace are continuously replicated from a primary region to one or more secondary regions.
+
+The following will be replicated:
+
+- Queues, topics, subscriptions, filters.
+- Data, which resides in the entities.
+- All state changes and property changes executed against the messages within a namespace.
+- Namespace configuration.
+
+Replicating your namespace adds the following benefits:
+
+- Added resiliency for localized outages contained to a region.
+- Regional compartmentalization.
+
+This feature allows promoting any secondary region to primary, reassigning the namespace name and switching roles between regions. Promotion is nearly instantaneous.
+
+There are currently several limitations to the feature. For more details, refer to the documentation.
+
+## RECOMMENDATION
+
+Consider replicating service bus namespaces to improve resiliency to region outages.
+
+## EXAMPLES
+
+### Configure with Azure template
+
+To deploy namespaces that pass this rule:
+
+- Set the `sku.name` property to `Premium`. This only applies to new namespaces.
+  - For existing namespaces first, migrate to a namespace deployed with a premium SKU.
+- Configure the `properties.geoDataReplication.locations` array with two or more supported region elements.
+
+For example:
+
+```json
+{
+  "type": "Microsoft.ServiceBus/namespaces",
+  "apiVersion": "2023-01-01-preview",
+  "name": "[parameters('serviceBusName')]",
+  "location": "[parameters('primaryLocation')]",
+  "sku": {
+    "name": "Premium",
+    "tier": "Premium",
+    "capacity": 1
+  },
+  "properties": {
+    "geoDataReplication": {
+      "maxReplicationLagDurationInSeconds": "[parameters('maxReplicationLagInSeconds')]",
+      "locations": [
+        {
+          "locationName": "[parameters('primaryLocation')]",
+          "roleType": "Primary"
+        },
+        {
+          "locationName": "[parameters('secondaryLocation')]",
+          "roleType": "Secondary"
+        }
+      ]
+    }
+  }
+}
+```
+
+### Configure with Bicep
+
+To deploy namespaces that pass this rule:
+
+- Set the `sku.name` property to `Premium`. This only applies to new namespaces.
+  - For existing namespaces first, migrate to a namespace deployed with a premium SKU.
+- Configure the `properties.geoDataReplication.locations` array with two or more supported region elements.
+
+For example:
+
+```bicep
+resource sb 'Microsoft.ServiceBus/namespaces@2023-01-01-preview' = {
+  name: serviceBusName
+  location: primaryLocation
+  sku: {
+    name: 'Premium'
+    tier: 'Premium'
+    capacity: 1
+  }
+  properties: {
+    geoDataReplication: {
+      maxReplicationLagDurationInSeconds: maxReplicationLagInSeconds
+      locations: [
+        {
+          locationName: primaryLocation
+          roleType: 'Primary'
+        }
+        {
+          locationName: secondaryLocation
+          roleType: 'Secondary'
+        }
+      ]
+    }
+  }
+}
+```
+
+## NOTES
+
+This feature is only supported for the `Premium` SKU.
+
+This feature is currently in preview.
+
+## LINKS
+
+- [RE:05 Redundancy](https://learn.microsoft.com/azure/well-architected/reliability/redundancy)
+- [Geo-replication](https://learn.microsoft.com/azure/service-bus-messaging/service-bus-geo-replication)
+- [Configure geo-replication](https://learn.microsoft.com/azure/service-bus-messaging/service-bus-geo-replication#setup)
+- [Migrate existing Azure Service Bus standard namespaces to the premium tier](https://learn.microsoft.com/azure/service-bus-messaging/service-bus-migrate-standard-premium)
+- [Azure deployment reference](https://learn.microsoft.com/azure/templates/microsoft.servicebus/namespaces)
diff --git a/src/PSRule.Rules.Azure/rules/Azure.ServiceBus.Rule.yaml b/src/PSRule.Rules.Azure/rules/Azure.ServiceBus.Rule.yaml
@@ -42,11 +42,33 @@ metadata:
     Azure.MCSB.v1/control: DP-3
 spec:
   type:
-  - Microsoft.ServiceBus/namespaces
+    - Microsoft.ServiceBus/namespaces
   condition:
     field: properties.minimumTlsVersion
     equals: '1.2'
 
+---
+# Synopsis: Enhance resilience to regional outages by replicating namespaces.
+apiVersion: github.com/microsoft/PSRule/v1
+kind: Rule
+metadata:
+  name: Azure.ServiceBus.GeoReplica
+  ref: AZR-000444
+  tags:
+    release: preview
+    ruleSet: 2024_09
+    Azure.WAF/pillar: Reliability
+spec:
+  type:
+    - Microsoft.ServiceBus/namespaces
+  condition:
+    allOf:
+      # Geo-replication is only available for the Premium SKU.
+      - field: sku.name
+        equals: Premium
+      - field: properties.geoDataReplication.locations
+        greaterOrEquals: 2
+
 #endregion Rules
 
 #region Selectors
@@ -67,5 +89,4 @@ spec:
           - Microsoft.ServiceBus/namespaces
       - field: sku.name
         equals: Premium
-
 #endregion Selectors
diff --git a/tests/PSRule.Rules.Azure.Tests/Azure.ServiceBus.Tests.ps1 b/tests/PSRule.Rules.Azure.Tests/Azure.ServiceBus.Tests.ps1
@@ -109,6 +109,26 @@ Describe 'Azure.ServiceBus' -Tag 'ServiceBus' {
             $ruleResult.Length | Should -Be 2;
             $ruleResult.TargetName | Should -BeIn 'servicens-C', 'servicens-E';
         }
+
+        It 'Azure.ServiceBus.GeoReplica' {
+            $dataPath = Join-Path -Path $here -ChildPath 'Resources.ServiceBus.json';
+            $result = Invoke-PSRule @invokeParams -InputPath $dataPath;
+            $filteredResult = $result | Where-Object { $_.RuleName -eq 'Azure.ServiceBus.GeoReplica' };
+
+            # Fail
+            $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
+            $ruleResult.Length | Should -Be 3;
+            $ruleResult.TargetName | Should -Be 'servicens-A', 'servicens-B', 'servicens-C';
+
+            $ruleResult[0].Reason | Should -BeExactly "Path sku.name: Is set to 'Standard'.";
+            $ruleResult[1].Reason | Should -BeExactly "Path properties.geoDataReplication.locations: The field 'properties.geoDataReplication.locations' does not exist.";
+            $ruleResult[2].Reason | Should -BeExactly "Path properties.geoDataReplication.locations: The value 'System.Object[]' is not >= 2.";
+
+            # Pass
+            $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
+            $ruleResult.Length | Should -Be 2;
+            $ruleResult.TargetName | Should -BeIn 'servicens-D', 'servicens-E';
+        }
     }
 
     Context 'With Template' {

diff --git a/tests/PSRule.Rules.Azure.Tests/Resources.ServiceBus.json b/tests/PSRule.Rules.Azure.Tests/Resources.ServiceBus.json
@@ -208,7 +208,7 @@
     "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.ServiceBus/namespaces/servicens-C",
     "Identity": null,
     "Kind": null,
-    "Location": "West Europe",
+    "Location": "centraluseuap",
     "ManagedBy": null,
     "ResourceName": "servicens-C",
     "Name": "servicens-C",
@@ -223,7 +223,16 @@
       "createdAt": "2022-06-30T13:23:58.58Z",
       "updatedAt": "2022-08-04T10:21:56.053Z",
       "serviceBusEndpoint": "https://servicens-C.servicebus.windows.net:443/",
-      "status": "Active"
+      "status": "Active",
+      "geoDataReplication": {
+        "maxReplicationLagDurationInSeconds": "300",
+        "locations": [
+          {
+            "locationName": "centraluseuap",
+            "roleType": "Primary"
+          }
+        ]
+      }
     },
     "ResourceGroupName": "test-rg",
     "Type": "Microsoft.ServiceBus/namespaces",
@@ -377,7 +386,7 @@
     "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.ServiceBus/namespaces/servicens-D",
     "Identity": null,
     "Kind": null,
-    "Location": "East US",
+    "Location": "centraluseuap",
     "ManagedBy": null,
     "ResourceName": "servicens-D",
     "Name": "servicens-D",
@@ -392,7 +401,20 @@
       "createdAt": "2020-06-30T13:23:58.58Z",
       "updatedAt": "2020-08-04T10:21:56.053Z",
       "serviceBusEndpoint": "https://servicens-B.servicebus.windows.net:443/",
-      "status": "Active"
+      "status": "Active",
+      "geoDataReplication": {
+        "maxReplicationLagDurationInSeconds": "300",
+        "locations": [
+          {
+            "locationName": "centraluseuap",
+            "roleType": "Primary"
+          },
+          {
+            "locationName": "norwayeast",
+            "roleType": "Secondary"
+          }
+        ]
+      }
     },
     "ResourceGroupName": "test-rg",
     "Type": "Microsoft.ServiceBus/namespaces",
@@ -460,7 +482,7 @@
     "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.ServiceBus/namespaces/servicens-E",
     "Identity": null,
     "Kind": null,
-    "Location": "East US",
+    "Location": "italynorth",
     "ManagedBy": null,
     "ResourceName": "servicens-E",
     "Name": "servicens-E",
@@ -475,7 +497,20 @@
       "createdAt": "2020-06-30T13:23:58.58Z",
       "updatedAt": "2020-08-04T10:21:56.053Z",
       "serviceBusEndpoint": "https://servicens-B.servicebus.windows.net:443/",
-      "status": "Active"
+      "status": "Active",
+      "geoDataReplication": {
+        "maxReplicationLagDurationInSeconds": "300",
+        "locations": [
+          {
+            "locationName": "italynorth",
+            "roleType": "Primary"
+          },
+          {
+            "locationName": "spaincentral",
+            "roleType": "Secondary"
+          }
+        ]
+      }
     },
     "ResourceGroupName": "test-rg",
     "Type": "Microsoft.ServiceBus/namespaces",