Update to 1.3.0 (#33) · cds-snc/CanadaPubSecALZ@7d35a3e

Commit

Update to 1.3.0 (#33)

* Diagnostic Settings Policies for PaaS services (#143)

* Add diagnostic settings policies for data services

* Add branch config for testing

* Add missing types for auditing

* Add diagnostic setting policies for compute services

* Add diagnostic setting policies for integration services

* Add diagnostic setting policies for network services

* Remove policy for ACI since it doesn't have logs to collect

* Remove extra resource type

* Set region to 'global' for edge services

* Remove branch config. used for testing

* Updated App Service log categories

* Add branch config

* Remove branch config

* Private Endpoint for App Service (#144)

* Flexible policy assignment scope (#147)

* Add deployment scope for policy assignment

* Add branch test config

* Set new parameter for policy assignment scope:  var-policyAssignmentManagementGroupId

* Update pipeline for new var

* Add separate scope for testing

* Update pipeline parameter name

* Ensure new temp file is created to populate the parameters.

* Remove test job

* Remove branch config

* Update readme

* Update authoring guide with new parameter

* Removed 'privatelink.monitor.azure.com' from Private DNS Zones (#149)

* Automation scripts for Azure DevOps onboarding (#151)

Implement #150, scripts and documentation

* Snapshot landing zone schema to v0.3.0 (#152)

* Enhance PBMM policy assignment to disable diagnostic settings metrics (#156)

Ensure diagnostic settings policy only checks for logs

* Issue #157 - Update scripts documentation (#158)

Update scripts documentation (Issue #157)
Update docs/onboarding/azure-devops-scripts.md
Co-authored-by: Senthuran Sivananthan <[email protected]>

* Update Deployment Script's Azure CLI version to 2.32.0 (#164)

Update Azure CLI version to 2.32.0

* Update DevOps Onboarding section of main readme (#162)

* Repository clean up (#165)

* Remove obsolete directory

* Rotate resource group names for E2E deployments

* Fix typo

* Add branch config for testing

* Fix typo

* Remove branch configs

* Remove timestamp from sample JSON templates.  Timestamps are kept for E2E testing.

* Remove date stamp

* Linter: no-loc-expr-outside-params - ensure compliance (#169)

* Update linter rules for location parameter

* Add location parameter with default value based on resourceGroup() or deployment()

* Update archetype schema and docs for location

* Add branch config for testing

* Update AKS version

* Update branch config

* Remove branch configs

* Support for Tag inheritance from Subscription to Resource Group (#161)

* Add policy and policy set to inherit tags from subscription to resource group

* Add branch config for testing

* Remove policy type as it's not built in

* Updated resource type for resource group

* Update policy assignment

* Ensure assignment name is <= 24 chars

* Revert resource group type

* Setting mode to all

* Update documentation

* Add branch config

* Add explicit dependsOn for subscription scaffolding to complete

* Update test deployment parameters

* Remove explicit dependsOn for subscription scaffolding to complete

* Update doc to describe approaches for adding tags to RGs

* Reduce the options for tagging resources given subscripton to RG tagging is available

* Add example scenarios for tag inheritence

* Fix typo

* Remove branch configs

* Resolve linter error: no-loc-expr-outside-params

* Instructions for Azure DevOps Environments (#175)

* Instructions for creating ADO pipeline environments

* Fix formatting

* Update `create-pipelines.bat` onboarding script to auto-provision environment (#178)

* Update onboarding doc for logging & networking management group settings (#177)

* Fix markdown linter warnings
* Add instruction for logging and networking MGs

* Snapshot JSON schemas to v0.4.0 (#182)

* Update onboarding document

Co-authored-by: Preston K. Parsard <[email protected]>

* Configurable management group hierarchy (#186)

Implement configurable management group hierarchy

* Show Variables fix (#191)

* subscription(generic): add instructions for configuring parameters (#193)

* Instructions for backfilling management group hierarchy (#197)

* Add instructions for backfilling management group hierarchy

* Update section titles, links and reference backfill instruction as part of MG setup

* Instructions for installing AzCLI and jq

* Clearfy that Tenant Root Group could have been renamed in the organization

* Windows Shell example

* Update instructions to delete pipeline variables that will be automatically created when MG heirarchy is used

* Note on YAML indentation

* Revise subscription deployment instructions (#201)

* Redirect subscriptoin configuration guidance to archetype authoring guide doc
* Revise instructions for creating ARM parameter files & management group id selection

* Ensure values from multiline variables are properly logged (#202)

Print multi-line environment variables (typically JSON objects) in Show Variables step

* Fix pipeline scripts reference to `subscription-ci` (#207)

* Delete Lock for Log Analytics Workspace resource group (#205)

Add delete lock for LAW RG

* Support Defender Plan for Cosmos DB (#200)

Add CosmosDB Defender Plan and custom policy to deploy Defender Plan for Cosmos DB

* fixing doc typo in hubnetwork-azfw (#211)

Co-authored-by: Adil Ha <[email protected]>

* Backward compatibility when setting pipeline variables from management group hierarchy  (#213)

* Update OZ subnet name to App Management Zone (#217)

* Document delete lock usage (#216)

Document when and where delete locks are used

* Add instructions for customizing policy set assignments (#215)

* Fix formatting (#218)

* Improve `delete-management-groups.bat` script (#224)

* Private DNS Policy - Change Cosmos DB namespace to Microsoft.DocumentDB (#228)

* Change Cosmos DB namespace to Microsoft.DocumentDB

* Add branch config

* Remove branch config

* Flexible policy assignment parameters JSON files (#222)

* Externalize Log Analytics Workspace parameters when loading pipeline variables (#220)

Externalize the log analytics parameters to load arbitary LAW variables

* Initial GC 30-day cloud guardrails compliance/guidance (#226)

Initial GC 30-day cloud guardrails doc

* Update networking documentation for generic subscription archetype (#230)

* Use built-in policy for Cosmos DB for Defender Plan (#232)

* Use built-in policy for Cosmos DB for Defender Plan

* Add branch config

* Remove branch config

* Updating recommendations to reflect licensing reqs (#229)

* Fix order of `platform-connectivity-hub-azfw-policy` pipeline listed in run-pipelines.bat script #233 (#234)

* PBMM & HITRUST/HIPAA policy update (#238)

* Migrate Logging configuration to JSON parameters file  (#236)

* Update azure-devops-pipelines.md (#242)

* Support logging infrastructure for multiple regions in same subscription (#244)

Ensure subscription scoped deployments are unique per region

* Support multiple private dns zone configuration when updating private DNS Zones through Azure Policy (#246)

Update Private DNS Zone policy to support multiple dnsZoneConfigs

* Include new Databricks' log categories for diagnostic settings (#248)

Add new databricks' log categories for diagnostic settings

* Azure Active Directory support for Synapse (#259)

* Migrate Networking configuration to JSON parameters file (#250)

* Revise subnet configuration for Generic Subscription archetype (#252)

* Revise subnet configuration for Machine Learning archetype (#254)

* Revise subnet configuration for Healthcare archetype (#256)

* Removed extra configuration files (#260)

* Update common.yml example (#262)

* Support for optional subnets in Machine Learning & Healthcare archetypes (#264)

* Organize deployment parameters for Hub Networking with Azure Firewall (#265)

* Updated documentation  (#267)

* Organize deployment parameters for Hub Networking with NVA (#266)

* Snapshot ARM parameters JSON schemas (#268)

* PowerShell deployment scripts (#271)

* Powershell deployment script for archetypes (#273)

Support for deploying subscriptions

* Deployment flow diagram (#274)

* GitHub workflow implementation (#276)

Implement GitHub workflows to deploy the Azure Landing Zones for Canadian Public Sector

* Support schema validation (#277)

* Add environment configuration override and protect sensitive parameters (#280)

* Pass-thru secure strings as-is until ready for use (#281)

* Fix DeploySubscriptionIds parameter type casting (#282)

* Correct wiring of the subscriptions-ci pipeline and prompt for NVA firewall username & password (#285)

* Support jobs in GitHub Actions  (#286)

* Ensure multiple subscriptions can be moved to a management in parallel (#288)

Ensure deployment name for moving subscription is unique

* Separate Azure Firewall Policy deployment switch & unique telemetry tracking for policy assignments (#289)

* Disable metrics in diagnostic settings for AKS through Policy (#295)

* Concurrent role deployment with PowerShell & GitHub Actions (#299)

* Disable fail fast for matrix deployments (#297)

* Flexible policy deployment using PowerShell & GitHub Actions (#300)

* Log Analytics solutions for SQL servers on machines (#303)

* Serial defender plan deployments & revised resource/resource group names (#307)

* Update resource group names for Logging & Networking (#309)

Remove `-rg` suffix

* Add service health notification info (#310)

* Reference the Guardrails Solution Accelerator for 30-day guardrail assessment (#313)

* Fix typo in onboarding guidance (#320)

* Update machinelearning.md (#327)

* Resolve linter warning: prefer-unquoted-property-names (#322)

* Add missing log categories in diagnostic settings for Azure Firewall (#324)

* Support azkms.core.windows.net and IPs in firewall allow list (#329)

* Support data collection rule (#331)

* Network security group support for private endpoints subnet (#333)

* Suppress false positive linter warning: secure-secrets-in-params (#335)

* Update diagnostic settings profile name (#337)

* Revised Event Hub Diagnostic Settings policy (#339)

* Version August 2022 schema changes (#342)

* Update CODEOWNERS (#344)

Adding Barry Willis and Kevin Evans to the CODEOWNERS file for the entire repo

* Add Barry to code owners list (#346)

* Update hubnetwork-azfw.md (#345)

Having domain controllers under the "Connectivity" subscription is an anti-pattern that causes confusion to users.

Co-authored-by: Barrington Willis <[email protected]>

* Updated documents, from docs.microsoft.com - to Learn. (#350)

Updated documents, from docs.microsoft.com - to Learn.

* Fixed Linter warnings & build errors (#354)

* Fixed BCP321 Linter warning in networking files

* Fixed Role Definition Id References to use the ResourceId function

* changed the pOlicyScopedId var to be set by using the MGResourceID Function

* fixed BCP321 warning

* fixed the remaining linter warnings

* fixed the remaining linter errors in the policy definitions

* updated the linter rules

* Fixed Bug on policy defnition

* Fixed the AKS policy deployment

* Commit 95556ddd: changed the extensionResourceId function to tenantResourceId for all built-in polify definitions

* fixed linter warnings in policy files

* changed the invalid dummy service alert phone number to a valid phone number

* changed the servcie health number prefix to 604

* updated AKS version in the Data Archetypes

* Changed hte AKS version to only have the Major.Minor

* Added the patch version to the AKS versions in the Data Archetypes

* Identity Archetype (#359)

* Squashed commit of the following:

commit 6d6b3e49855c365f49a4674534b985bacf9cd74c
Author: Barry Willis <[email protected]>
Date:   Mon Feb 27 08:07:45 2023 -0800

    changed the areacode on the logging service health alerts architype

commit 86b4505c2ffd5127978883c0bc6a1f9b0e7d3268
Author: Barry Willis <[email protected]>
Date:   Fri Feb 24 16:39:08 2023 -0800

    prepping for testing in ESLZ test environment

commit 0f92b6bf70aee1377b4d49db436fa7024f1bfd25
Merge: 2a3584a 7749e7b
Author: Barry Willis <[email protected]>
Date:   Fri Feb 24 16:10:37 2023 -0800

    Merge remote-tracking branch 'origin/main' into IdentityLZ

commit 7749e7bf7a8756e3b2ffd09016e3e9d9954407db
Merge: f6555a4 5337654
Author: Barry Willis <[email protected]>
Date:   Fri Feb 24 16:08:54 2023 -0800

    Merge remote-tracking branch 'github-CanadaPubSecALZ/main'

commit f6555a41227fdbe47a6981798e2cb2bb97bd7cd6
Author: Barry Willis <[email protected]>
Date:   Mon Feb 13 12:30:20 2023 -0800

    Added the patch version to the AKS versions in the Data Archetypes

commit 8edcb63d833fd177ede60c9a51b6228f448c0c33
Author: Barry Willis <[email protected]>
Date:   Mon Feb 13 11:32:54 2023 -0800

    Changed hte AKS version to only have the Major.Minor

commit 37123d71623b7c6ed288a5ba32c7cab5f8e75e6f
Author: Barry Willis <[email protected]>
Date:   Mon Feb 13 11:17:38 2023 -0800

    updated AKS version in the Data Archetypes

commit 459b3c62751cb6bfedf2ddc5800ad39137417d38
Author: Barry Willis <[email protected]>
Date:   Mon Feb 13 08:55:13 2023 -0800

    changed the servcie health number prefix to 604

commit cccf88662c3a0e0d7b2f625a13ec191053017985
Author: Barry Willis <[email protected]>
Date:   Mon Feb 13 07:42:52 2023 -0800

    changed the invalid dummy service alert phone number to a valid phone number

commit 8e9628d26e1285c437a6ec8a3ebd479299f3cb5f
Author: Barry Willis <[email protected]>
Date:   Mon Feb 13 07:01:36 2023 -0800

    fixed linter warnings in policy files

commit 6c2b2f7d2d53b97d0014306656406cf564189779
Author: Barry Willis <[email protected]>
Date:   Sat Feb 11 15:36:36 2023 -0800

    Commit 95556ddd: changed the extensionResourceId function to tenantResourceId for all built-in polify definitions

commit c58ba48f5073c0b86b41c54fddca9cab0368b59a
Author: Barry Willis <[email protected]>
Date:   Sat Feb 11 15:09:56 2023 -0800

    Fixed the AKS policy deployment

commit f9e8418b7e1faf8cc8122acc9414e12c5bfbd22e
Author: Barry Willis <[email protected]>
Date:   Sat Feb 11 14:04:22 2023 -0800

    Fixed Bug on policy defnition

commit 1a3c82e446072db49d927343a4792e30bdb31f05
Author: Barry Willis <[email protected]>
Date:   Fri Feb 10 19:09:02 2023 -0800

    updated the linter rules

commit 20e188051a8999d7a5e6ee925ec193f6e1d2dea6
Author: Barry Willis <[email protected]>
Date:   Fri Feb 10 18:52:18 2023 -0800

    fixed the remaining linter errors in the policy definitions

commit 1610a28e355af15a86d8a555a97ca9912cc11aeb
Author: Barry Willis <[email protected]>
Date:   Fri Feb 10 18:27:14 2023 -0800

    fixed the remaining linter warnings

commit 9f0e049fa09e19f0cf312f4826520e1005e58434
Author: Barry Willis <[email protected]>
Date:   Fri Feb 10 17:31:21 2023 -0800

    fixed BCP321 warning

commit 466d7b0c070f4bb4fef94b1fb9bac2f3da754c4a
Author: Barry Willis <[email protected]>
Date:   Fri Feb 10 17:22:46 2023 -0800

    changed the pOlicyScopedId var to be set by using the MGResourceID Function

commit 9362967e5006d9ec3882cdc5bec5aae5b872bf29
Author: Barry Willis <[email protected]>
Date:   Fri Feb 10 16:48:26 2023 -0800

    Fixed Role Definition Id References to use the ResourceId function

commit 4bcbc28212ecac9bff2a8e3c720a9a364479733c
Author: Barry Willis <[email protected]>
Date:   Fri Feb 10 16:07:33 2023 -0800

    Fixed BCP321 Linter warning in networking files

commit 2a3584a7cac9c5822c7a226bc8a5d44f52d69a65
Author: Barry Willis <[email protected]>
Date:   Fri Feb 10 15:07:43 2023 -0800

    Removed Linter exception BCP321 - will fix in the linter PR

commit a0b48ec7710a5ee8023a066e4cb5394074002c1e
Author: Barry Willis <[email protected]>
Date:   Fri Feb 10 10:39:36 2023 -0800

    Fixed the bugs with conditionally deploying DNS Resolver

commit 4f24be78f48465b404c529b276db66496c9958db
Author: Barry Willis <[email protected]>
Date:   Wed Feb 8 15:29:38 2023 -0800

    Updated documentation and made the DNS Resolver subnets optional

commit 03fcb5e50b0670c67d1850063dd828ffa6945cf8
Merge: dfe0d9a 0fa01e8
Author: Barry Willis <[email protected]>
Date:   Mon Feb 6 16:58:41 2023 -0800

    Merge remote-tracking branch 'origin/main' into IdentityLZ

commit dfe0d9acab086df1d9dfbfbdae5770fbf5da999a
Author: Barry Willis <[email protected]>
Date:   Wed Jan 11 15:52:06 2023 -0800

    added Schema validation to the identity config file

commit fb88630b5d707db6b7f4ab1aa2455ff79920d5b3
Author: Barry Willis <[email protected]>
Date:   Mon Jan 9 10:28:13 2023 -0800

    changed the DNS Resolver ruleset to be an object-array

commit 78aaf4d6cdeff8d9832d8a309f26c10cefe97a22
Author: Barry Willis <[email protected]>
Date:   Sat Jan 7 13:57:37 2023 -0800

    first pass at creating conditional forwarding rulesets in the Identity LZ

commit e7b554d04daee83a55a985073ec0c59084c7f3c2
Author: Barry Willis <[email protected]>
Date:   Fri Jan 6 08:54:27 2023 -0800

    Configured Subnet Delegation for Az DNS Resolver

commit 978ab9925f876945ba02280493f7deba1c07e7ee
Author: Barry Willis <[email protected]>
Date:   Thu Jan 5 19:52:24 2023 -0800

    added Private DNS Resolver to the Identity LZ

commit 9735d58fc04d7a587a76a5387deb112c466390fe
Author: Barry Willis <[email protected]>
Date:   Thu Jan 5 13:19:05 2023 -0800

    Removed the optional Subnet

commit 4cd57ed41a09672b3cfbc1792c2edbdc3569a060
Author: Barry Willis <[email protected]>
Date:   Thu Jan 5 13:09:36 2023 -0800

    first cut at the identity LZ framework

commit a119eea02fca28a2028362f484aa2835c9313c1d
Author: Barry Willis <[email protected]>
Date:   Wed Dec 21 11:54:58 2022 -0800

    added identitypathfromroot in the branch config file

commit 75b6ccc2ab6efd55037e0a5a938d49f2eef32de4
Author: Barry Willis <[email protected]>
Date:   Wed Dec 21 11:35:12 2022 -0800

    Added: identity vars display
    Changed: location reference to identity param file

commit e0cfc41b5a83c4c331689fcafa5edc9928e93d39
Author: Barry Willis <[email protected]>
Date:   Wed Dec 21 11:22:35 2022 -0800

    fixed misconfigured working directory

commit fb58b16999aeb9cc6b6b81647c76e95024e1267c
Author: Barry Willis <[email protected]>
Date:   Wed Dec 21 11:18:46 2022 -0800

    removed schema validation to test deployment

commit 240189de7e30fa57654c3ec76ec37c762ff80133
Author: Barry Willis <[email protected]>
Date:   Wed Dec 21 11:15:43 2022 -0800

    fixed bug - neworking region is now identity region

commit 89e63b5976cb5cdc4e85d0b25c01234ffe4853d7
Author: Barry Willis <[email protected]>
Date:   Wed Dec 21 11:11:48 2022 -0800

    initial identity lz deployment

commit d4b40b26b893b78d7a9250dffe24c3e9ce06d690
Author: Barry Willis <[email protected]>
Date:   Wed Dec 21 11:03:29 2022 -0800

    Added default region for Identity Subscription

commit 41e611818d09181b1a455f612425cae20f0683f7
Author: Barry Willis <[email protected]>
Date:   Wed Dec 21 08:29:33 2022 -0800

    Changed bastion subnet range in identity subnet

commit f5a43f2d44803e80db8a043d31e5c9f72fc51675
Author: Barry Willis <[email protected]>
Date:   Wed Dec 21 07:33:03 2022 -0800

    Param file for Identity LZ

commit 13d084b0fe74f39ca1423b2eb9f333a2b760b1f2
Author: Barry Willis <[email protected]>
Date:   Tue Dec 20 15:19:23 2022 +0000

    Deleted identity.parameteres.json

commit 5ba9a12fa8e8e02f60f3f2afea43681cc84d7446
Merge: 002b2be e395307
Author: Barry Willis <[email protected]>
Date:   Tue Dec 20 07:18:40 2022 -0800

    Merge branch 'IdentityLZ' of https://dev.azure.com/Tredell/CanadaALZ/_git/CanadaALZ into IdentityLZ

commit 002b2be1bb5b555a334f35cbb505e7a68f321649
Author: Barry Willis <[email protected]>
Date:   Tue Dec 20 07:18:32 2022 -0800

    id-lz - created param section for id lz

commit e395307b1c12786cc28cf3d4b00586dde69739d5
Author: Barry Willis <[email protected]>
Date:   Tue Dec 20 07:13:54 2022 -0800

    id-lz - created param section for id lz

commit 7f4a43eb4fdc7f6f37ebab8e661981cccbee9f50
Author: Barry Willis <[email protected]>
Date:   Mon Dec 19 14:54:57 2022 -0800

    disabled privatelink infrastructure to be deployed in hub lz

commit db85049ac94b5c394d586b6960343bc1286997f1
Author: Barry Willis <[email protected]>
Date:   Mon Dec 19 14:46:36 2022 -0800

    Configured hub networking parameter files

commit 8d772e868803d1b712013f7db21044d48ab730d2
Author: Barry Willis <[email protected]>
Date:   Mon Dec 19 14:07:43 2022 -0800

    removed comment from json - not supported

commit 89cde8d92704f1a41a123af46da6dd90568d99cb
Author: Barry Willis <[email protected]>
Date:   Mon Dec 19 12:56:47 2022 -0800

    Configuring Policies for deployment to Test enviornment

commit ba781ee844a4abd403071e072645988b63ada494
Author: Barry Willis <[email protected]>
Date:   Mon Dec 19 12:40:53 2022 -0800

    added a default security Group

commit 1269da21e08fdf4c29a53b38a4d18722c64461e0
Author: Barry Willis <[email protected]>
Date:   Mon Dec 19 12:26:14 2022 -0800

    setting up logging for my test environment

commit 4d6a41f4133380223f5895dba270cbce4ae5a39b
Author: Barry Willis <[email protected]>
Date:   Mon Dec 19 12:13:08 2022 -0800

    testing the path to the logging configuraiton file

commit 75d0b99caf6aed5f809c28566cad35569d78be58
Author: Barry Willis <[email protected]>
Date:   Mon Dec 19 12:00:14 2022 -0800

    added the full path to the logging parameters file

commit 32e8382bcb8deaaaab0c7bc1c2791483ef439971
Author: Barry Willis <[email protected]>
Date:   Mon Dec 19 11:55:00 2022 -0800

    path to logging parameters file was incorrect

commit 5757d36a486e7f3b707f00848d19cfe64de83358
Author: Barry Willis <[email protected]>
Date:   Mon Dec 19 11:37:20 2022 -0800

    Changed MG Root to match test enviornment

commit 1fdd02db1638420decf5ab021fb617b95920aada
Author: Barry Willis <[email protected]>
Date:   Mon Dec 19 11:09:46 2022 -0800

    Adding config file for IdentityLZ branch

* PowerShell Deployment Files created

* GitHub Action Pipelines modified to add the Identity Archetype

* made the Identity GitHub Action optional

* put the boolean option in single quotes

* fixed a few bugs (BCP321 & references to the wrong tenant)

* changed the sub id for the logging subscription

* Removed the hardcoded reference to the LAW in the identity param file

* updated the param file with the LAW ID

* disabled private dns zone deployment in the identity sub

* removed the config files from my custom branch

* uncommented the validation in the Identity ADO Pipeline

* removed commented trigger code from ADO Identity Pipeline

* renenabled the dployment of the DNSPrivateEndPoints policyset

* removed the provider registration for containerservices in the deploy-identity-pipeline yaml

* added an explanation comment to the dnsforwardingruleset file

* Added telemetry tracking  for the identity subscription

* fixed cut and paste errors

* Updated test cases & documentation

* added the consistency check & pull request checks for github actions

* fixed spelling error

* Bug fixes - network routing & ADO Identity Pipelines (#362)

* Fixed Bug: missing identityPathFromRoot variable missing

* Fixed Bug: Allow Network transit thru the hub

* renamed the Subscriptions Yaml

* Update DDoS.bicep (#363)

Change policySetDefinitions to policyDefinitions for the policyScopedId variable.

* Update identity.md (#365)

Updated page title to reflect content

* Scripts to generate config from template, support JSON config intellisense in editors, fix bugs in deployment scripts (#379)

Fixes path normalization bug in deployment scripts #374
Fixes subscription filtering bug in deployment scripts #375
Adds CanadaPubSecALZ configuration JSON schema support for editors #376
Adds Scripts to generate CanadaPubSecALZ configuration files using existing environments as template #377
Adds Deploy landing zones to new Azure subscriptions in new primary tenant #378

* update to 1.3.0

Squashed commit of the following:

commit db45632283e6982fb095f6be33540c28ad54960a
Author: Steve Keeler <[email protected]>
Date:   Sun Jul 9 23:14:55 2023 -0400

    Scripts to generate config from template, support JSON config intellisense in editors, fix bugs in deployment scripts (#379)

    Fixes path normalization bug in deployment scripts #374
    Fixes subscription filtering bug in deployment scripts #375
    Adds CanadaPubSecALZ configuration JSON schema support for editors #376
    Adds Scripts to generate CanadaPubSecALZ configuration files using existing environments as template #377
    Adds Deploy landing zones to new Azure subscriptions in new primary tenant #378

commit 5830bcb63193565ab291076b54765f2d8986f64b
Author: David Christiansen <[email protected]>
Date:   Tue Apr 25 21:12:23 2023 +0100

    Update identity.md (#365)

    Updated page title to reflect content

commit 674f6cb1e7ee407765eeb9d99a8163ef0a461b32
Author: Yanick Lepine <[email protected]>
Date:   Thu Mar 16 13:13:38 2023 -0400

    Update DDoS.bicep (#363)

    Change policySetDefinitions to policyDefinitions for the policyScopedId variable.

commit 5680e6582a6c28907898da2026ef3c1f0e56a332
Author: Barrington Willis <[email protected]>
Date:   Mon Mar 13 06:31:54 2023 -0700

    Bug fixes - network routing & ADO Identity Pipelines (#362)

    * Fixed Bug: missing identityPathFromRoot variable missing

    * Fixed Bug: Allow Network transit thru the hub

    * renamed the Subscriptions Yaml

commit f13f6ec24f5b8c0f318cf66f6cd1a2f3c7a01534
Author: Barrington Willis <[email protected]>
Date:   Fri Mar 3 07:00:06 2023 -0800

    Identity Archetype (#359)

    * Squashed commit of the following:

    commit 6d6b3e49855c365f49a4674534b985bacf9cd74c
    Author: Barry Willis <[email protected]>
    Date:   Mon Feb 27 08:07:45 2023 -0800

        changed the areacode on the logging service health alerts architype

    commit 86b4505c2ffd5127978883c0bc6a1f9b0e7d3268
    Author: Barry Willis <[email protected]>
    Date:   Fri Feb 24 16:39:08 2023 -0800

        prepping for testing in ESLZ test environment

    commit 0f92b6bf70aee1377b4d49db436fa7024f1bfd25
    Merge: 2a3584a 7749e7b
    Author: Barry Willis <[email protected]>
    Date:   Fri Feb 24 16:10:37 2023 -0800

        Merge remote-tracking branch 'origin/main' into IdentityLZ

    commit 7749e7bf7a8756e3b2ffd09016e3e9d9954407db
    Merge: f6555a4 5337654
    Author: Barry Willis <[email protected]>
    Date:   Fri Feb 24 16:08:54 2023 -0800

        Merge remote-tracking branch 'github-CanadaPubSecALZ/main'

    commit f6555a41227fdbe47a6981798e2cb2bb97bd7cd6
    Author: Barry Willis <[email protected]>
    Date:   Mon Feb 13 12:30:20 2023 -0800

        Added the patch version to the AKS versions in the Data Archetypes

    commit 8edcb63d833fd177ede60c9a51b6228f448c0c33
    Author: Barry Willis <[email protected]>
    Date:   Mon Feb 13 11:32:54 2023 -0800

        Changed hte AKS version to only have the Major.Minor

    commit 37123d71623b7c6ed288a5ba32c7cab5f8e75e6f
    Author: Barry Willis <[email protected]>
    Date:   Mon Feb 13 11:17:38 2023 -0800

        updated AKS version in the Data Archetypes

    commit 459b3c62751cb6bfedf2ddc5800ad39137417d38
    Author: Barry Willis <[email protected]>
    Date:   Mon Feb 13 08:55:13 2023 -0800

        changed the servcie health number prefix to 604

    commit cccf88662c3a0e0d7b2f625a13ec191053017985
    Author: Barry Willis <[email protected]>
    Date:   Mon Feb 13 07:42:52 2023 -0800

        changed the invalid dummy service alert phone number to a valid phone number

    commit 8e9628d26e1285c437a6ec8a3ebd479299f3cb5f
    Author: Barry Willis <[email protected]>
    Date:   Mon Feb 13 07:01:36 2023 -0800

        fixed linter warnings in policy files

    commit 6c2b2f7d2d53b97d0014306656406cf564189779
    Author: Barry Willis <[email protected]>
    Date:   Sat Feb 11 15:36:36 2023 -0800

        Commit 95556ddd: changed the extensionResourceId function to tenantResourceId for all built-in polify definitions

    commit c58ba48f5073c0b86b41c54fddca9cab0368b59a
    Author: Barry Willis <[email protected]>
    Date:   Sat Feb 11 15:09:56 2023 -0800

        Fixed the AKS policy deployment

    commit f9e8418b7e1faf8cc8122acc9414e12c5bfbd22e
    Author: Barry Willis <[email protected]>
    Date:   Sat Feb 11 14:04:22 2023 -0800

        Fixed Bug on policy defnition

    commit 1a3c82e446072db49d927343a4792e30bdb31f05
    Author: Barry Willis <[email protected]>
    Date:   Fri Feb 10 19:09:02 2023 -0800

        updated the linter rules

    commit 20e188051a8999d7a5e6ee925ec193f6e1d2dea6
    Author: Barry Willis <[email protected]>
    Date:   Fri Feb 10 18:52:18 2023 -0800

        fixed the remaining linter errors in the policy definitions

    commit 1610a28e355af15a86d8a555a97ca9912cc11aeb
    Author: Barry Willis <[email protected]>
    Date:   Fri Feb 10 18:27:14 2023 -0800

        fixed the remaining linter warnings

    commit 9f0e049fa09e19f0cf312f4826520e1005e58434
    Author: Barry Willis <[email protected]>
    Date:   Fri Feb 10 17:31:21 2023 -0800

        fixed BCP321 warning

    commit 466d7b0c070f4bb4fef94b1fb9bac2f3da754c4a
    Author: Barry Willis <[email protected]>
    Date:   Fri Feb 10 17:22:46 2023 -0800

        changed the pOlicyScopedId var to be set by using the MGResourceID Function

    commit 9362967e5006d9ec3882cdc5bec5aae5b872bf29
    Author: Barry Willis <[email protected]>
    Date:   Fri Feb 10 16:48:26 2023 -0800

        Fixed Role Definition Id References to use the ResourceId function

    commit 4bcbc28212ecac9bff2a8e3c720a9a364479733c
    Author: Barry Willis <[email protected]>
    Date:   Fri Feb 10 16:07:33 2023 -0800

        Fixed BCP321 Linter warning in networking files

    commit 2a3584a7cac9c5822c7a226bc8a5d44f52d69a65
    Author: Barry Willis <[email protected]>
    Date:   Fri Feb 10 15:07:43 2023 -0800

        Removed Linter exception BCP321 - will fix in the linter PR

    commit a0b48ec7710a5ee8023a066e4cb5394074002c1e
    Author: Barry Willis <[email protected]>
    Date:   Fri Feb 10 10:39:36 2023 -0800

        Fixed the bugs with conditionally deploying DNS Resolver

    commit 4f24be78f48465b404c529b276db66496c9958db
    Author: Barry Willis <[email protected]>
    Date:   Wed Feb 8 15:29:38 2023 -0800

        Updated documentation and made the DNS Resolver subnets optional

    commit 03fcb5e50b0670c67d1850063dd828ffa6945cf8
    Merge: dfe0d9a 0fa01e8
    Author: Barry Willis <[email protected]>
    Date:   Mon Feb 6 16:58:41 2023 -0800

        Merge remote-tracking branch 'origin/main' into IdentityLZ

    commit dfe0d9acab086df1d9dfbfbdae5770fbf5da999a
    Author: Barry Willis <[email protected]>
    Date:   Wed Jan 11 15:52:06 2023 -0800

        added Schema validation to the identity config file

    commit fb88630b5d707db6b7f4ab1aa2455ff79920d5b3
    Author: Barry Willis <[email protected]>
    Date:   Mon Jan 9 10:28:13 2023 -0800

        changed the DNS Resolver ruleset to be an object-array

    commit 78aaf4d6cdeff8d9832d8a309f26c10cefe97a22
    Author: Barry Willis <[email protected]>
    Date:   Sat Jan 7 13:57:37 2023 -0800

        first pass at creating conditional forwarding rulesets in the Identity LZ

    commit e7b554d04daee83a55a985073ec0c59084c7f3c2
    Author: Barry Willis <[email protected]>
    Date:   Fri Jan 6 08:54:27 2023 -0800

        Configured Subnet Delegation for Az DNS Resolver

    commit 978ab9925f876945ba02280493f7deba1c07e7ee
    Author: Barry Willis <[email protected]>
    Date:   Thu Jan 5 19:52:24 2023 -0800

        added Private DNS Resolver to the Identity LZ

    commit 9735d58fc04d7a587a76a5387deb112c466390fe
    Author: Barry Willis <[email protected]>
    Date:   Thu Jan 5 13:19:05 2023 -0800

        Removed the optional Subnet

    commit 4cd57ed41a09672b3cfbc1792c2edbdc3569a060
    Author: Barry Willis <[email protected]>
    Date:   Thu Jan 5 13:09:36 2023 -0800

        first cut at the identity LZ framework

    commit a119eea02fca28a2028362f484aa2835c9313c1d
    Author: Barry Willis <[email protected]>
    Date:   Wed Dec 21 11:54:58 2022 -0800

        added identitypathfromroot in the branch config file

    commit 75b6ccc2ab6efd55037e0a5a938d49f2eef32de4
    Author: Barry Willis <[email protected]>
    Date:   Wed Dec 21 11:35:12 2022 -0800

        Added: identity vars display
        Changed: location reference to identity param file

    commit e0cfc41b5a83c4c331689fcafa5edc9928e93d39
    Author: Barry Willis <[email protected]>
    Date:   Wed Dec 21 11:22:35 2022 -0800

        fixed misconfigured working directory

    commit fb58b16999aeb9cc6b6b81647c76e95024e1267c
    Author: Barry Willis <[email protected]>
    Date:   Wed Dec 21 11:18:46 2022 -0800

        removed schema validation to test deployment

    commit 240189de7e30fa57654c3ec76ec37c762ff80133
    Author: Barry Willis <[email protected]>
    Date:   Wed Dec 21 11:15:43 2022 -0800

        fixed bug - neworking region is now identity region

    commit 89e63b5976cb5cdc4e85d0b25c01234ffe4853d7
    Author: Barry Willis <[email protected]>
    Date:   Wed Dec 21 11:11:48 2022 -0800

        initial identity lz deployment

    commit d4b40b26b893b78d7a9250dffe24c3e9ce06d690
    Author: Barry Willis <[email protected]>
    Date:   Wed Dec 21 11:03:29 2022 -0800

        Added default region for Identity Subscription

    commit 41e611818d09181b1a455f612425cae20f0683f7
    Author: Barry Willis <[email protected]>
    Date:   Wed Dec 21 08:29:33 2022 -0800

        Changed bastion subnet range in identity subnet

    commit f5a43f2d44803e80db8a043d31e5c9f72fc51675
    Author: Barry Willis <[email protected]>
    Date:   Wed Dec 21 07:33:03 2022 -0800

        Param file for Identity LZ

    commit 13d084b0fe74f39ca1423b2eb9f333a2b760b1f2
    Author: Barry Willis <[email protected]>
    Date:   Tue Dec 20 15:19:23 2022 +0000

        Deleted identity.parameteres.json

    commit 5ba9a12fa8e8e02f60f3f2afea43681cc84d7446
    Merge: 002b2be e395307
    Author: Barry Willis <[email protected]>
    Date:   Tue Dec 20 07:18:40 2022 -0800

        Merge branch 'IdentityLZ' of https://dev.azure.com/Tredell/CanadaALZ/_git/CanadaALZ into IdentityLZ

    commit 002b2be1bb5b555a334f35cbb505e7a68f321649
    Author: Barry Willis <[email protected]>
    Date:   Tue Dec 20 07:18:32 2022 -0800

        id-lz - created param section for id lz

    commit e395307b1c12786cc28cf3d4b00586dde69739d5
    Author: Barry Willis <[email protected]>
    Date:   Tue Dec 20 07:13:54 2022 -0800

        id-lz - created param section for id lz

    commit 7f4a43eb4fdc7f6f37ebab8e661981cccbee9f50
    Author: Barry Willis <[email protected]>
    Date:   Mon Dec 19 14:54:57 2022 -0800

        disabled privatelink infrastructure to be deployed in hub lz

    commit db85049ac94b5c394d586b6960343bc1286997f1
    Author: Barry Willis <[email protected]>
    Date:   Mon Dec 19 14:46:36 2022 -0800

        Configured hub networking parameter files

    commit 8d772e868803d1b712013f7db21044d48ab730d2
    Author: Barry Willis <[email protected]>
    Date:   Mon Dec 19 14:07:43 2022 -0800

        removed comment from json - not supported

    commit 89cde8d92704f1a41a123af46da6dd90568d99cb
    Author: Barry Willis <[email protected]>
    Date:   Mon Dec 19 12:56:47 2022 -0800

        Configuring Policies for deployment to Test enviornment

    commit ba781ee844a4abd403071e072645988b63ada494
    Author: Barry Willis <[email protected]>
    Date:   Mon Dec 19 12:40:53 2022 -0800

        added a default security Group

    commit 1269da21e08fdf4c29a53b38a4d18722c64461e0
    Author: Barry Willis <[email protected]>
    Date:   Mon Dec 19 12:26:14 2022 -0800

        setting up logging for my test environment

    commit 4d6a41f4133380223f5895dba270cbce4ae5a39b
    Author: Barry Willis <[email protected]>
    Date:   Mon Dec 19 12:13:08 2022 -0800

        testing the path to the logging configuraiton file

    commit 75d0b99caf6aed5f809c28566cad35569d78be58
    Author: Barry Willis <[email protected]>
    Date:   Mon Dec 19 12:00:14 2022 -0800

        added the full path to the logging parameters file

    commit 32e8382bcb8deaaaab0c7bc1c2791483ef439971
    Author: Barry Willis <[email protected]>
    Date:   Mon Dec 19 11:55:00 2022 -0800

        path to logging parameters file was incorrect

    commit 5757d36a486e7f3b707f00848d19cfe64de83358
    Author: Barry Willis <[email protected]>
    Date:   Mon Dec 19 11:37:20 2022 -0800

        Changed MG Root to match test enviornment

    commit 1fdd02db1638420decf5ab021fb617b95920aada
    Author: Barry Willis <[email protected]>
    Date:   Mon Dec 19 11:09:46 2022 -0800

        Adding config file for IdentityLZ branch

    * PowerShell Deployment Files created

    * GitHub Action Pipelines modified to add the Identity Archetype

    * made the Identity GitHub Action optional

    * put the boolean option in single quotes

    * fixed a few bugs (BCP321 & references to the wrong tenant)

    * changed the sub id for the logging subscription

    * Removed the hardcoded reference to the LAW in the identity param file

    * updated the param file with the LAW ID

    * disabled private dns zone deployment in the identity sub

    * removed the config files from my custom branch

    * uncommented the validation in the Identity ADO Pipeline

    * removed commented trigger code from ADO Identity Pipeline

    * renenabled the dployment of the DNSPrivateEndPoints policyset

    * removed the provider registration for containerservices in the deploy-identity-pipeline yaml

    * added an explanation comment to the dnsforwardingruleset file

    * Added telemetry tracking  for the identity subscription

    * fixed cut and paste errors

    * Updated test cases & documentation

    * added the consistency check & pull request checks for github actions

    * fixed spelling error

commit 533765439f98250eccbbccc194f82309ff4be9ec
Author: Barrington Willis <[email protected]>
Date:   Fri Feb 24 12:57:36 2023 -0800

    Fixed Linter warnings & build errors (#354)

    * Fixed BCP321 Linter warning in networking files

    * Fixed Role Definition Id References to use the ResourceId function

    * changed the pOlicyScopedId var to be set by using the MGResourceID Function

    * fixed BCP321 warning

    * fixed the remaining linter warnings

    * fixed the remaining linter errors in the policy definitions

    * updated the linter rules

    * Fixed Bug on policy defnition

    * Fixed the AKS policy deployment

    * Commit 95556ddd: changed the extensionResourceId function to tenantResourceId for all built-in polify definitions

    * fixed linter warnings in policy files

    * changed the invalid dummy service alert phone number to a valid phone number

    * changed the servcie health number prefix to 604

    * updated AKS version in the Data Archetypes

    * Changed hte AKS version to only have the Major.Minor

    * Added the patch version to the AKS versions in the Data Archetypes

commit 0fa01e8b7b4320d3d9d50a38d044cdff5da1a3c6
Author: Luke Murray <[email protected]>
Date:   Tue Feb 7 12:26:03 2023 +1300

    Updated documents, from docs.microsoft.com - to Learn. (#350)

    Updated documents, from docs.microsoft.com - to Learn.

commit e44c7eabf85bb4d5ec526c8f4229dbc31b282ed3
Author: Obay <[email protected]>
Date:   Wed Nov 30 19:14:57 2022 -0800

    Update hubnetwork-azfw.md (#345)

    Having domain controllers under the "Connectivity" subscription is an anti-pattern that causes confusion to users.

    Co-authored-by: Barrington Willis <[email protected]>

commit 12cd557bc479041ee6fca7f76c7fe1e4c17c7e74
Author: Steve Keeler <[email protected]>
Date:   Wed Nov 30 21:27:08 2022 -0500

    Add Barry to code owners list (#346)

commit c714e65b81d4bf5048bcf56351534a8be26c5c0c
Author: Steve Keeler <[email protected]>
Date:   Fri Oct 14 15:48:33 2022 -0400

    Update CODEOWNERS (#344)

    Adding Barry Willis and Kevin Evans to the CODEOWNERS file for the entire repo

commit b8a9bc91168f5afe9cb4c6ea35148714c11b4761
Author: Steve Keeler <[email protected]>
Date:   Thu Sep 1 15:31:28 2022 -0400

    Version August 2022 schema changes (#342)

commit 5851a09acff454df0bb8bbb2d6406fcd9a8efb6d
Author: Senthuran Sivananthan <[email protected]>
Date:   Wed Aug 17 18:50:15 2022 -0400

    Revised Event Hub Diagnostic Settings policy (#339)

commit e5fe39930e55ae9cb62745499d1a520a098693df
Author: Senthuran Sivananthan <[email protected]>
Date:   Wed Aug 17 18:37:43 2022 -0400

    Update diagnostic settings profile name (#337)

commit db52627fe3769b7430c99be757f9761238b27adc
Author: Senthuran Sivananthan <[email protected]>
Date:   Wed Aug 17 18:17:12 2022 -0400

    Suppress false positive linter warning: secure-secrets-in-params (#335)

commit 2a6042d38ccd04844d9cc445e0a95ead182e5a6b
Author: Senthuran Sivananthan <[email protected]>
Date:   Wed Aug 17 17:59:13 2022 -0400

    Network security group support for private endpoints subnet (#333)

commit e069a4b6ac4f5be8d7614eeb5a67d0cfb3534e52
Author: Senthuran Sivananthan <[email protected]>
Date:   Wed Aug 17 17:28:39 2022 -0400

    Support data collection rule (#331)

commit c2afa0d99717c56bacc211cfb5ed13234880d9a1
Author: Senthuran Sivananthan <[email protected]>
Date:   Mon Aug 8 15:42:22 2022 -0400

    Support azkms.core.windows.net and IPs in firewall allow list (#329)

commit a7f521dcf919114a9441296407fc4dd06be46927
Author: Senthuran Sivananthan <[email protected]>
Date:   Tue Jul 19 23:31:56 2022 -0400

    Add missing log categories in diagnostic settings for Azure Firewall (#324)

commit 60198bc19eb4d87d0bbebc24d4c2fe240d2297ab
Author: Senthuran Sivananthan <[email protected]>
Date:   Tue Jul 19 23:11:10 2022 -0400

    Resolve linter warning: prefer-unquoted-property-names (#322)

commit a4e53fffe4b1f2a2fdbf25ec92a181ef625dd240
Author: Sabyasachi Dasgupta <[email protected]>
Date:   Mon Jul 18 16:44:01 2022 -0400

    Update machinelearning.md (#327)

commit 8fc587a6bf2e53e516ded633d96c652874ab5875
Author: Ifyagolu <[email protected]>
Date:   Fri Jun 24 17:05:28 2022 -0400

    Fix typo in onboarding guidance (#320)

commit e9a0962b7db12c5438782d2597afd494de5354b2
Author: Islam Gomaa <[email protected]>
Date:   Fri May 27 16:13:52 2022 -0400

    Reference the Guardrails Solution Accelerator for 30-day guardrail assessment (#313)

commit 2b11801386654f6b3f68bd63c887d74ec7a4fdb8
Author: Senthuran Sivananthan <[email protected]>
Date:   Thu May 19 10:38:55 2022 -0400

    Add service health notification info (#310)

commit bce747c9fdc96c2be78881a4dc9276351ff40b64
Author: Senthuran Sivananthan <[email protected]>
Date:   Wed May 18 09:29:03 2022 -0400

    Update resource group names for Logging & Networking (#309)

    Remove `-rg` suffix

commit 6765c48680e47ccc380ab0df929e3cd1af4f8a5b
Author: Senthuran Sivananthan <[email protected]>
Date:   Tue May 17 15:14:33 2022 -0400

    Serial defender plan deployments & revised resource/resource group names (#307)

commit 62adb00d6a8561030b39272f1d710c2a4e0cfcba
Author: Senthuran Sivananthan <[email protected]>
Date:   Mon May 16 13:53:37 2022 -0400

    Log Analytics solutions for SQL servers on machines (#303)

commit c1a3b99c969f802d8325245387b617f21bc0c921
Author: Senthuran Sivananthan <[email protected]>
Date:   Mon May 16 09:26:47 2022 -0400

    Flexible policy deployment using PowerShell & GitHub Actions (#300)

commit 0ce5c1ac9ef8ff728a19e608bf8bd3654b453cbb
Author: Senthuran Sivananthan <[email protected]>
Date:   Sun May 15 12:19:01 2022 -0400

    Disable fail fast for matrix deployments (#297)

commit c078a797d9be10bf1b2dc7bed01957637ddb73ea
Author: Senthuran Sivananthan <[email protected]>
Date:   Sun May 15 11:19:43 2022 -0400

    Concurrent role deployment with PowerShell & GitHub Actions (#299)

commit 31a214abbf65c10b106962b1493a1830e37f9702
Author: Senthuran Sivananthan <[email protected]>
Date:   Sun May 15 10:39:08 2022 -0400

    Disable metrics in diagnostic settings for AKS through Policy (#295)

commit 6a90a2fe9d881730a32303fe6a10d1bbcc22f943
Author: Senthuran Sivananthan <[email protected]>
Date:   Wed May 11 10:56:26 2022 -0400

    Separate Azure Firewall Policy deployment switch & unique telemetry tracking for policy assignments (#289)

commit c4133077e1d97a6beaa6e4811588236912d5c768
Author: Senthuran Sivananthan <[email protected]>
Date:   Tue May 10 16:46:06 2022 -0400

    Ensure multiple subscriptions can be moved to a management in parallel (#288)

    Ensure deployment name for moving subscription is unique

commit 93d2f13847d56c195e2c170d314a3bbc5cfe5c63
Author: Senthuran Sivananthan <[email protected]>
Date:   Tue May 10 14:53:18 2022 -0400

    Support jobs in GitHub Actions  (#286)

commit 31e8d0ab602bfcf856c9134666eb4814817d6964
Author: Steve Keeler <[email protected]>
Date:   Tue May 10 12:30:36 2022 -0400

    Correct wiring of the subscriptions-ci pipeline and prompt for NVA firewall username & password (#285)

commit 229b14466384252ba034546095f5c21a932cb6fc
Author: Steve Keeler <[email protected]>
Date:   Mon May 9 20:41:06 2022 -0400

    Fix DeploySubscriptionIds parameter type casting (#282)

commit 799ad52d778ebbc4fc4ed53d56c872d56ab2fc29
Author: Senthuran Sivananthan <[email protected]>
Date:   Mon May 9 20:10:33 2022 -0400

    Pass-thru secure strings as-is until ready for use (#281)

commit a9c941948d51c59c758d07bce702bcb36aee70ec
Author: Steve Keeler <[email protected]>
Date:   Mon May 9 17:11:12 2022 -0400

    Add environment configuration override and protect sensitive parameters (#280)

commit ce6c27f4e02cf194b3b13574c2caf4b60f8e8205
Author: Senthuran Sivananthan <[email protected]>
Date:   Mon May 9 11:23:57 2022 -0400

    Support schema validation (#277)

commit 1d8dbd7bafc62b402719fb187698cfd950e8e3df
Author: Steve Keeler <[email protected]>
Date:   Mon May 9 08:07:26 2022 -0400

    GitHub workflow implementation (#276)

    Implement GitHub workflows to deploy the Azure Landing Zones for Canadian Public Sector

commit 08d8f9256aaf3236a6920abe67e7d58b95887a0c
Author: Senthuran Sivananthan <[email protected]>
Date:   Mon May 2 16:03:02 2022 -0400

    Deployment flow diagram (#274)

commit db098e17a13f111c18aa3af33c81f1cb54979cd1
Author: Senthuran Sivananthan <[email protected]>
Date:   Fri Apr 29 22:37:58 2022 -0400

    Powershell deployment script for archetypes (#273)

    Support for deploying subscriptions

commit 15c2847a4255108680937da0192d54ccc2d7f16c
Author: Senthuran Sivananthan <[email protected]>
Date:   Fri Apr 29 16:29:22 2022 -0400

    PowerShell deployment scripts (#271)

commit 352257187e7d03bf5abade4a18302bdd310ab82c
Author: Senthuran Sivananthan <[email protected]>
Date:   Wed Apr 27 18:10:23 2022 -0400

    Snapshot ARM parameters JSON schemas (#268)

commit 60f3b59013e27c549e2d57bd16fba2ea26bf12b5
Author: Senthuran Sivananthan <[email protected]>
Date:   Wed Apr 27 17:29:58 2022 -0400

    Organize deployment parameters for Hub Networking with NVA (#266)

commit 926521a1c01ab420ccaa319d47516a2870cf3a15
Author: ghostme <[email protected]>
Date:   Wed Apr 27 15:20:08 2022 -0400

    Updated documentation  (#267)

commit d68824a2eed32c62cc199f374ba15ea732025241
Author: Senthuran Sivananthan <[email protected]>
Date:   Mon Apr 25 14:32:25 2022 -0400

    Organize deployment parameters for Hub Networking with Azure Firewall (#265)

commit 2bc196a0960bfecb9c545226000c5c34dbbabec8
Author: Senthuran Sivananthan <[email protected]>
Date:   Mon Apr 25 14:03:31 2022 -0400

    Support for optional subnets in Machine Learning & Healthcare archetypes (#264)

commit b33cd36261fd797834cdcbeebe53ce1262ef21ac
Author: Senthuran Sivananthan <[email protected]>
Date:   Thu Apr 21 09:32:43 2022 -0400

    Update common.yml example (#262)

commit 300835322afd2d85f34aa8b8ff5921d3839c2e6c
Author: Senthuran Sivananthan <[email protected]>
Date:   Wed Apr 20 12:44:45 2022 -0400

    Removed extra configuration files (#260)

commit 1ee5b9e736feca7270c4ad62d27c4366751f1cab
Author: Senthuran Sivananthan <[email protected]>
Date:   Wed Apr 20 11:56:14 2022 -0400

    Revise subnet configuration for Healthcare archetype (#256)

commit 72fe50db665710eabc8e6edffae5d658d0497822
Author: Senthuran Sivananthan <[email protected]>
Date:   Wed Apr 20 11:43:09 2022 -0400

    Revise subnet configuration for Machine Learning archetype (#254)

commit 70833771ac433d5de7950423dd8085777bfb03be
Author: Senthuran Sivananthan <[email protected]>
Date:   Wed Apr 20 11:38:07 2022 -0400

    Revise subnet configuration for Generic Subscription archetype (#252)

commit 3d9c60d251a98b2ebc400aadb2c452f3f6262712
Author: Senthuran Sivananthan <[email protected]>
Date:   Wed Apr 20 11:30:10 2022 -0400

    Migrate Networking configuration to JSON parameters file (#250)

commit 38fc344508cd6b4707aac0fca2e0cf3e8609a882
Author: Mohamed Sharaf <[email protected]>
Date:   Wed Apr 20 10:29:52 2022 -0400

    Azure Active Directory support for Synapse (#259)

commit 89613dbc876831f543f2749cbe6f804278a65612
Author: Senthuran Sivananthan <[email protected]>
Date:   Tue Apr 12 21:31:06 2022 -0400

    Include new Databricks' log categories for diagnostic settings (#248)

    Add new databricks' log categories for diagnostic settings

commit 700eb9645cbde1435bdda80b28faa03a52dee671
Author: Senthuran Sivananthan <[email protected]>
Date:   Tue Apr 12 17:33:12 2022 -0400

    Support multiple private dns zone configuration when updating private DNS Zones through Azure Policy (#246)

    Update Private DNS Zone policy to support multiple dnsZoneConfigs

commit 1c3727990cc12a401c0ecebdbf31234d71c472ab
Author: Senthuran Sivananthan <[email protected]>
Date:   Mon Apr 11 11:24:00 2022 -0400

    Support logging infrastructure for multiple regions in same subscription (#244)

    Ensure subscription scoped deployments are unique per region

commit 0e258f96cd99c622665d382d73aeba1e78f52319
Author: Steve Keeler <[email protected]>
Date:   Sat Apr 9 13:50:50 2022 -0400

    Update azure-devops-pipelines.md (#242)

commit bfe1f588adc59922145fcf9a47c19173130cf321
Author: Senthuran Sivananthan <[email protected]>
Date:   Fri Apr 8 11:31:52 2022 -0400

    Migrate Logging configuration to JSON parameters file  (#236)

commit cc5f017b01e06331d4246d5fc0286cf50d525470
Author: Senthuran Sivananthan <[email protected]>
Date:   Fri Apr 8 10:26:12 2022 -0400

    PBMM & HITRUST/HIPAA policy update (#238)

commit 3259994f47c482153368a9fb115ce60b9e3488fb
Author: Steve Keeler <[email protected]>
Date:   Tue Apr 5 14:41:17 2022 -0400

    Fix order of `platform-connectivity-hub-azfw-policy` pipeline listed in run-pipelines.bat script #233 (#234)

commit cb96311bf94224c1cf94470320c9c8fec029e165
Author: ccmsft <[email protected]>
Date:   Mon Apr 4 09:39:17 2022 -0400

    Updating recommendations to reflect licensing reqs (#229)

commit 3ce2cf875b5d6c9464a0262f183a37f40399f8dd
Author: Senthuran Sivananthan <[email protected]>
Date:   Fri Apr 1 22:49:44 2022 -0400

    Use built-in policy for Cosmos DB for Defender Plan (#232)

    * Use built-in policy for Cosmos DB for Defender Plan

    * Add branch config

    * Remove branch config

commit d2f959a2550b694d79fb0aa6d1a9d2b8166090c8
Author: ghostme <[email protected]>
Date:   Fri Apr 1 10:05:21 2022 -0400

    Update networking documentation for generic subscription archetype (#230)

commit 575440e4c629b1c00686ba62e5911749375832ff
Author: ccmsft <[email protected]>
Date:   Wed Mar 30 23:36:35 2022 -0400

    Initial GC 30-day cloud guardrails compliance/guidance (#226)

    Initial GC 30-day cloud guardrails doc

commit 6b36096f2356255a967a7d9cd14dd04a5dc3b6ce
Author: Senthuran Sivananthan <[email protected]>
Date:   Wed Mar 30 22:40:17 2022 -0400

    Externalize Log Analytics Workspace parameters when loading pipeline variables (#220)

    Externalize the log analytics parameters to load arbitary LAW variables

commit 0210df4fd3a11dfcaee3a82f2da1e2315bf70400
Author: Senthuran Sivananthan <[email protected]>
Date:   Wed Mar 30 21:51:30 2022 -0400

    Flexible policy assignment parameters JSON files (#222)

commit f25f95781d6f9f3c2169bbe4b148c3b748a6ac93
Author: Senthuran Sivananthan <[email protected]>
Date:   Wed Mar 30 20:57:07 2022 -0400

    Private DNS Policy - Change Cosmos DB namespace to Microsoft.DocumentDB (#228)

    * Change Cosmos DB namespace to Microsoft.DocumentDB

    * Add branch config

    * Remove branch config

commit 453a0f8bc78dbf7a78c46d01f0cde28b3ab2bbaa
Author: Steve Keeler <[email protected]>
Date:   Wed Mar 30 19:00:07 2022 -0400

    Improve `delete-management-groups.bat` script (#224)

commit 2e5a56b04fd25149da78e77f396073945ba785f5
Author: Senthuran Sivananthan <[email protected]>
Date:   Thu Mar 24 09:02:36 2022 -0400

    Fix formatting (#218)

commit bf5e94bcdee854db8fde7a8eb60d7886bc2c2191
Author: Senthuran Sivananthan <[email protected]>
Date:   Wed Mar 23 23:01:02 2022 -0400

    Add instructions for customizing policy set assignments (#215)

commit 0538d4d7d8765fcd558c99fdbf7aa7d6655c8b95
Author: Senthuran Sivananthan <[email protected]>
Date:   Wed Mar 23 22:57:00 2022 -0400

    Document delete lock usage (#216)

    Document when and where delete locks are used

commit 789b18a888290ada72d8fe2328097429ee9823d6
Author: Senthuran Sivananthan <[email protected]>
Date:   Wed Mar 23 22:49:24 2022 -0400

    Update OZ subnet name to App Management Zone (#217)

commit 97c2904a773f94adf26cd52924f0dfccab985cdf
Author: Senthuran Sivananthan <[email protected]>
Date:   Fri Mar 11 21:59:40 2022 -0500

    Backward compatibility when setting pipeline variables from management group hierarchy  (#213)

commit 30b9cc2060e96dd99b12743bb4c959181a403e91
Author: Adil Ha <[email protected]>
Date:   Fri Mar 11 11:26:31 2022 -0500

    fixing doc typo in hubnetwork-azfw (#211)

    Co-authored-by: Adil Ha <[email protected]>

commit 27363b730f34536fbf7f9994e08da7aa5af3c58e
Author: Senthuran Sivananthan <[email protected]>
Date:   Sat Mar 5 13:04:13 2022 -0500

    Support Defender Plan for Cosmos DB (#200)

    Add CosmosDB Defender Plan and custom policy to deploy Defender Plan for Cosmos DB

commit 81eccd1d54956f7c7addb2a969ebb3e62e99b588
Author: Senthuran Sivananthan <[email protected]>
Date:   Sat Mar 5 12:48:45 2022 -0500

    Delete Lock for Log Analytics Workspace resource group (#205)

    Add delete lock for LAW RG

commit 678355f149698ecfdab6d10669e631702f1d9d49
Author: Steve Keeler <[email protected]>
Date:   Sat Mar 5 11:03:46 2022 -0500

    Fix pipeline scripts reference to `subscription-ci` (#207)

commit 5753cf0e35a9f921c4cb59ec90db787e26d6d400
Author: Senthuran Sivananthan <[email protected]>
Date:   Thu Mar 3 14:44:31 2022 -0500

    Ensure values from multiline variables are properly logged (#202)

    Print multi-line environment variables (typically JSON objects) in Show Variables step

commit d6b1c08fec1a96c332cf5abb758b16cd8bfede87
Author: Senthuran Sivananthan <[email protected]>
Date:   Thu Mar 3 14:09:47 2022 -0500

    Revise subscription deployment instructions (#201)

    * Redirect subscriptoin configuration guidance to archetype authoring guide doc
    * Revise instructions for creating ARM parameter files & management group id selection

commit 5e7322ee0b64ffa379e1ac546972796a76407db7
Author: Senthuran Sivananthan <[email protected]>
Date:   Wed Mar 2 08:22:35 2022 -0500

    Instructions for backfilling management group hierarchy (#197)

    * Add instructions for backfilling management group hierarchy

    * Update section titles, links and reference backfill instruction as part of MG setup

    * Instructions for installing AzCLI and jq

    * Clearfy that Tenant Root Group could have been renamed in the organization

    * Windows Shell example

    * Update instructions to delete pipeline variables that will be automatically created when MG heirarchy is used

    * Note on YAML indentation

commit 5d33909d70f821039df0deab2d26a5d180d7a16c
Author: Preston K. Parsard <[email protected]>
Date:   Tue Mar 1 10:46:04 2022 -0500

    subscription(generic): add instructions for configuring parameters (#193)

commit 17846c4959c5156dee905736e3631fa56193d9e7
Author: Steve Keeler <[email protected]>
Date:   Sun Feb 27 20:30:20 2022 -0500

    Show Variables fix (#191)

commit c62dcfcd5862ae15196000e0fd481d214081c817
Author: Steve Keeler <[email protected]>
Date:   Sun Feb 27 16:50:20 2022 -0500

    Configurable management group hierarchy (#186)

    Implement configurable management group hierarchy

commit 9a141f7e5bf238f21838898ff908b6fc7f6d8fcc
Author: Preston K. Parsard <[email protected]>
Date:   Sat Feb 26 19:45:35 2022 -0500

    Update onboarding document

    Co-authored-by: Preston K. Parsard <[email protected]>

commit 6b6ef29fd266fe0b2c23fed5f1bf6cc3fdb5e4a8
Author: Senthuran Sivananthan <[email protected]>
Date:   Sat Feb 26 18:22:48 2022 -0500

    Snapshot JSON schemas to v0.4.0 (#182)

commit 4dd1f4a901fbd44c54a32fdf9ac23f5ca5bed736
Author: Senthuran Sivananthan <[email protected]>
Date:   Wed Feb 23 15:39:43 2022 -0500

    Update onboarding doc for logging & networking management group settings (#177)

    * Fix markdown linter warnings
    * Add instruction for logging and networking MGs

commit 5d7eec3a319524b5ded5f32e6db951566c365ffc
Author: Steve Keeler <[email protected]>
Date:   Wed Feb 23 12:51:20 2022 -0500

    Update `create-pipelines.bat` onboarding script to auto-provision environment (#178)

commit 488fc6e767639f3acd00a2dea11a8f2a6476379e
Author: Senthuran Sivananthan <[email protected]>
Date:   Tue Feb 22 09:05:20 2022 -0500

    Instructions for Azure DevOps Environments (#175)

    * Instructions for creating ADO pipeline environments

    * Fix formatting

commit edabd873d42a622fc5d1503c099c514bb4f2bd7f
Author: Senthuran Sivananthan <[email protected]>
Date:   Thu Feb 17 23:29:42 2022 -0500

    Support for Tag inheritance from Subscription to Resource Group (#161)

    * Add policy and policy set to inherit tags from subscription to resource group

    * Add branch config for testing

    * Remove policy type as it's not built in

    * Updated resource type for resource group

    * Update policy assignment

    * Ensure assignment name is <= 24 chars

    * Revert resource group type

    * Setting mode to all

    * Update documentation

    * Add branch config

    * Add explicit dependsOn for subscription scaffolding to complete

    * Update test deployment parameters

    * Remove explicit dependsOn for subscription scaffolding to complete

    * Update doc to describe approaches for adding tags to RGs

    * Reduce the options for tagging resources given subscripton to RG tagging is available

    * Add example scenarios for tag inheritence

    * Fix typo

    * Remove branch configs

    * Resolve linter error: no-loc-expr-outside-params

commit e71ed265f2267d35cd36d30bab217f9ecbb6891c
Author: Senthuran Sivananthan <[email protected]>
Date:   Wed Feb 16 20:09:19 2022 -0500

    Linter: no-loc-expr-outside-params - ensure compliance (#169)

    * Update linter rules for location parameter

    * Add location parameter with default value based on resourceGroup() or deployment()

    * Update archetype schema and docs for location

    * Add branch config for testing

    * Update AKS version

    * Update branch config

    * Remove branch configs

commit 6061fa0b930200d73e906e0bedefafeb35e43296
Author: Senthuran Sivananthan <[email protected]>
Date:   Thu Feb 10 16:49:42 2022 -0500

    Repository clean up (#165)

    * Remove obsolete directory

    * Rotate resource group names for E2E deployments

    * Fix typo

    * Add branch config for testing

    * Fix typo

    * Remove branch configs

    * Remove timestamp from sample JSON templates.  Timestamps are kept for E2E testing.

    * Remove date stamp

commit 5104f393a618a0f0f7072100fd810df4534a3210
Author: Steve Keeler <[email protected]>
Date:   Thu Feb 10 09:08:17 2022 -0500

    Update DevOps Onboarding section of main readme (#162)

commit 209f61cf72ac91555f8b2171dcf84c6daae6a7cc
Author: Senthuran Sivananthan <[email protected]>
Date:   Thu Feb 10 09:06:31 2022 -0500

    Update Deployment Script's Azure CLI version to 2.32.0 (#164)

    Update Azure CLI version to 2.32.0

commit d7d52570c8dce3ed8bcc3b809191d1cd2ddf5e3f
Author: Steve Keeler <[email protected]>
Date:   Mon Feb 7 13:51:17 2022 -0500

    Issue #157 - Update scripts documentation (#158)

    Update scripts documentation (Issue #157)
    Update docs/onboarding/azure-devops-scripts.md
    Co-authored-by: Senthuran Sivananthan <[email protected]>

commit b628c68ff84bb5b8796d6821161450010d19ce3b
Author: Senthuran Sivananthan <[email protected]>
Date:   Fri Feb 4 12:42:31 2022 -0500

    Enhance PBMM policy assignment to disable diagnostic settings metrics (#156)

    Ensure diagnostic settings policy only checks for logs

commit 61afd59bb6d7f6c2a37518d41c64ced985cafd92
Author: Senthuran Sivananthan <[email protected]>
Date:   Mon Jan 31 12:52:09 2022 -0500

    Snapshot landing zone schema to v0.3.0 (#152)

commit 09f09ede5613cf600441616831f762595aecdbed
Author: Steve Keeler <[email protected]>
Date:   Mon Jan 31 09:20:20 2022 -0500

    Automation scripts for Azure DevOps onboarding (#151)

    Implement #150, scripts and documentation

commit 82dd82606059a6643d7de294cb1f15afab41cd94
Author: SlavaRoikhman <[email protected]>
Date:   Thu Jan 27 13:32:41 2022 -0500

    Removed 'privatelink.monitor.azure.com' from Private DNS Zones (#149)

commit 73ce2eb316175f1bf86135010d5f35ce9bbc6da7
Author: Senthuran Sivananthan <[email protected]>
Date:   Fri Jan 21 23:23:45 2022 -0500

    Flexible policy assignment scope (#147)

    * Add deployment scope for policy assignment

    * Add branch test config

    * Set new parameter for policy assignment scope:  var-policyAssignme…

Loading branch information

21 people authored Apr 19, 2024

1 parent f959fde commit 7d35a3e

.github/workflows/0-everything.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -31,7 +31,7 @@ on: @@
             required: false
           environmentName:
             type: string
-            description: Environment name (optional), e.g. CanadaESLZ-main
+            description: Environment name (optional), e.g. CanadaPubSecALZ-main
             required: false
     defaults:
@@ Expand Down @@

.github/workflows/1-management-groups.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -14,8 +14,9 @@ on: @@
         inputs:
           environmentName:
             type: string
-            description: Environment name (optional), e.g. CanadaESLZ-main
+            description: Environment name (optional), e.g. CanadaPubSecALZ-main
             required: false
+            default: cdssnc-main
     defaults:
       run:
@@ Expand Down @@

.github/workflows/2-roles.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -14,8 +14,9 @@ on: @@
         inputs:
           environmentName:
             type: string
-            description: Environment name (optional), e.g. CanadaESLZ-main
+            description: Environment name (optional), e.g. CanadaPubSecALZ-main
             required: false
+            default: cdssnc-main
     defaults:
       run:
@@ Expand Down @@

.github/workflows/3-logging.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -14,8 +14,9 @@ on: @@
         inputs:
           environmentName:
             type: string
-            description: Environment name (optional), e.g. CanadaESLZ-main
+            description: Environment name (optional), e.g. CanadaPubSecALZ-main
             required: false
+            default: cdssnc-main
     defaults:
       run:
@@ Expand Down @@

.github/workflows/4-policy.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -14,9 +14,10 @@ on: @@
         inputs:
           environmentName:
             type: string
-            description: Environment name (optional), e.g. CanadaESLZ-main
+            description: Environment name (optional), e.g. CanadaPubSecALZ-main
             required: false
+            default: cdssnc-main
     defaults:
       run:
         shell: pwsh
@@ Expand Down @@

.github/workflows/5-azure-firewall-policy.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -14,8 +14,9 @@ on: @@
         inputs:
           environmentName:
             type: string
-            description: Environment name (optional), e.g. CanadaESLZ-main
+            description: Environment name (optional), e.g. CanadaPubSecALZ-main
             required: false
+            default: cdssnc-main
     defaults:
       run:
@@ Expand Down @@

.github/workflows/5-hub-network-with-azure-firewall.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -14,8 +14,9 @@ on: @@
         inputs:
           environmentName:
             type: string
-            description: Environment name (optional), e.g. CanadaESLZ-main
+            description: Environment name (optional), e.g. CanadaPubSecALZ-main
             required: false
+            default: cdssnc-main
     defaults:
       run:
@@ Expand Down @@

.github/workflows/5-hub-network-with-nva.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -14,8 +14,9 @@ on: @@
         inputs:
           environmentName:
             type: string
-            description: Environment name (optional), e.g. CanadaESLZ-main
+            description: Environment name (optional), e.g. CanadaPubSecALZ-main
             required: false
+            default: cdssnc-main
     defaults:
       run:
@@ Expand Down @@

.github/workflows/6-identity.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -14,8 +14,9 @@ on: @@
         inputs:
           environmentName:
             type: string
-            description: Environment name (optional), e.g. CanadaESLZ-main
+            description: Environment name (optional), e.g. CanadaPubSecALZ-main
             required: false
+            default: cdssnc-main
     defaults:
       run:
@@ Expand Down @@

.github/workflows/6-subscriptions.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -20,6 +20,7 @@ on: @@
             type: string
             description: Environment name (optional), e.g. CanadaESLZ-main
             required: false
+            default: cdssnc-main
     defaults:
       run:
@@ Expand Down @@

.github/workflows/7-subscriptions.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -19,8 +19,9 @@ on: @@
             required: true
           environmentName:
             type: string
-            description: Environment name (optional), e.g. CanadaESLZ-main
+            description: Environment name (optional), e.g. CanadaPubSecALZ-main
             required: false
+            default: cdssnc-main
     defaults:
       run:
@@ Expand Down @@

.gitignore

-Original file line number
+Diff line change
@@ -1,5 +1,6 @@
     experiments/*
     **/*.swp
+    **/*.diff
     .vscode/*
     /*.sh
     /*.ps1
@@ Expand Down @@

.pipelines/templates/jobs/trigger-subscriptions.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -89,13 +89,17 @@ jobs: @@
             {
               $url = "$($env:SYSTEM_TEAMFOUNDATIONCOLLECTIONURI)$env:SYSTEM_TEAMPROJECTID/_apis/pipelines/$($env:SYSTEM_DEFINITIONID)/runs?api-version=6.0-preview.1"
               Write-Host "Invoking pipeline definition with URL: $url"
+              $paths = $env:SUBSCRIPTION_CHANGES -split ','
+              $guids = $paths -replace '.*?([0-9a-f]{8}[-]?([0-9a-f]{4}[-]?){3}[0-9a-f]{12}).*', '$1'
+              $changes = $guids -join ','
               $body = @"
               {
                 "templateParameters": {
-                  "subscriptions":"[$env:SUBSCRIPTION_CHANGES]"
+                  "subscriptions":"[$changes]"
                   },
               }
             "@
+              Write-Host "Invoking pipeline definition with body: $body"
               $headers = @{ Authorization = "Bearer $env:SYSTEM_ACCESSTOKEN" }
               $pipeline = Invoke-RestMethod -Uri $url -Headers $headers -Method Post -Body $body -ContentType application/json
               Write-Host "Pipeline invocation result = $($pipeline | ConvertTo-Json -Depth 100)"
@@ Expand Down @@

README.md

-Original file line number
+Diff line change
@@ Expand Up / @@ -34,6 +34,7 @@ See the following onboarding guides for setup instructions: @@
     * [Azure DevOps Setup](docs/onboarding/azure-devops-setup.md) provides guidance on considerations and recommended practices when creating and configuring your Azure DevOps Services environment.
     * [Azure DevOps Scripts](docs/onboarding/azure-devops-scripts.md) provides guidance on the scripts available to help simplify the onboarding process to Azure Landing Zones design using Azure DevOps pipelines.
     * [Azure DevOps Pipelines](docs/onboarding/azure-devops-pipelines.md) provides guidance on the manual steps for onboarding to the Azure Landing Zones design using Azure DevOps Pipelines.
+    * [Configuration Scripts](docs/onboarding/configuration-scripts.md) provides guidance on the scripts available to help simplify the configuration process of the Azure Landing Zones design.
     ## Goals
@@ Expand Down @@

config/identity/CanadaPubSecALZ-main/identity.parameters.json

-Original file line number
+Diff line change
@@ -0,0 +1,187 @@
+    {
+      "$schema": "https://raw.githubusercontent.com/Azure/CanadaPubSecALZ/main/schemas/latest/landingzones/lz-platform-identity.json#",
+      "contentVersion": "1.0.0.0",
+      "parameters": {
+        "serviceHealthAlerts": {
+          "value": {
+            "alertRuleName": "Identity Alerts",
+            "receivers": {
+              "app": [
+                "[email protected]"
+              ],
+              "sms": [
+                {
+                  "countryCode": "1",
+                  "phoneNumber": "6135555555"
+                }
+              ],
+              "email": [
+                "[email protected]"
+              ],
+              "voice": [
+                {
+                  "countryCode": "1",
+                  "phoneNumber": "6135555555"
+                }
+              ]
+            },
+            "regions": [
+              "Global",
+              "Canada Central",
+              "Canada East"
+            ],
+            "resourceGroupName": "service-health-alerts-rg",
+            "actionGroupName": "Identity Alerts",
+            "actionGroupShortName": "identity-ag",
+            "incidentTypes": [
+              "Incident",
+              "Security"
+            ],
+            "alertRuleDescription": "Identity Alerts for Incidents and Security"
+          }
+        },
+        "securityCenter": {
+          "value": {
+            "email": "[email protected]",
+            "phone": "6135555555"
+          }
+        },
+        "subscriptionRoleAssignments": {
+          "value": [
+            {
+              "comments": "Built-in Contributor Role",
+              "securityGroupObjectIds": [
+                "b4df54ba-7232-40fa-8f51-f84e8d149322"
+              ],
+              "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c"
+            }
+          ]
+        },
+        "subscriptionBudget": {
+          "value": {
+            "createBudget": false
+          }
+        },
+        "subscriptionTags": {
+          "value": {
+            "ISSO": "isso-tbd",
+            "ClientOrganization": "client-organization-tag",
+            "CostCenter": "cost-center-tag",
+            "DataSensitivity": "data-sensitivity-tag",
+            "ProjectContact": "project-contact-tag",
+            "ProjectName": "project-name-tag",
+            "TechnicalContact": "technical-contact-tag"
+          }
+        },
+        "resourceTags": {
+          "value": {
+            "ClientOrganization": "client-organization-tag",
+            "CostCenter": "cost-center-tag",
+            "DataSensitivity": "data-sensitivity-tag",
+            "ProjectContact": "project-contact-tag",
+            "ProjectName": "project-name-tag",
+            "TechnicalContact": "technical-contact-tag"
+          }
+        },
+        "resourceGroups": {
+          "value": {
+            "automation": "automation",
+            "networking": "networking",
+            "networkWatcher": "NetworkWatcherRG",
+            "backupRecoveryVault": "backup",
+            "domainControllers": "DomainControllersRG",
+            "dnsResolver": "dns-resolverRG",
+            "dnsCondionalForwarders": "dns-CondionalForwardersRG",
+            "privateDnsZones": "pubsec-dns"
+          }
+        },
+        "automation": {
+          "value": {
+            "name": "automation"
+          }
+        },
+        "backupRecoveryVault": {
+          "value": {
+            "enabled": true,
+            "name": "backup-vault"
+          }
+        },
+        "privateDnsZones": {
+          "value": {
+            "enabled": false,
+            "resourceGroupName": "pubsec-dns"
+          }
+        },
+        "privateDnsResolver": {
+          "value": {
+            "enabled": true,
+            "name": "dns-resolver",
+            "inboundEndpointName": "dns-resolver-Inbound",
+            "outboundEndpointName": "dns-resolver-Outbound"
+          }
+        },
+        "privateDnsResolverRuleset": {
+          "value": {
+            "enabled": true,
+            "name": "dns-resolver-ruleset",
+            "linkRuleSetToVnet": true,
+            "linkRuleSetToVnetName": "dns-resolver-vnet-link",
+            "forwardingRules": [
+              {
+                "name": "default",
+                "domain": "dontMakeMeThink.local",
+                "state": "Enabled",
+                "targetDnsServers": [
+                  {
+                    "ipAddress": "10.99.99.100"
+                  },
+                  {
+                    "ipAddress": "10.99.99.99"
+                  }
+                ]
+              }
+            ]
+          }
+        },
+        "hubNetwork": {
+          "value": {
+            "virtualNetworkId": "/subscriptions/4fd845de-f6c8-4e6d-9a87-c21c4ebf7edd/resourceGroups/pubsec-hub-networking/providers/Microsoft.Network/virtualNetworks/hub-vnet",
+            "rfc1918IPRange": "10.18.0.0/22",
+            "rfc6598IPRange": "100.60.0.0/16",
+            "egressVirtualApplianceIp": "10.18.1.4"
+          }
+        },
+        "network": {
+          "value": {
+            "deployVnet": true,
+            "peerToHubVirtualNetwork": true,
+            "useRemoteGateway": false,
+            "name": "id-vnet",
+            "dnsServers": [
+              "10.18.1.4"
+            ],
+            "addressPrefixes": [
+              "10.15.0.0/24"
+            ],
+            "subnets": {
+              "domainControllers": {
+                "comments": "Identity Subnet for Domain Controllers and VM-Based DNS Servers",
+                "name": "DomainControllers",
+                "addressPrefix": "10.15.0.0/27"
+              },
+              "dnsResolverInbound": {
+                "comments": "Azure DNS Resolver Inbound Requests subnet",
+                "name": "AzureDNSResolver-Inbound",
+                "addressPrefix": "10.15.0.32/27"
+              },
+              "dnsResolverOutbound": {
+                "comments": "Azure DNS Resolver Outbound Requests subnet",
+                "name": "AzureDNSResolver-Outbound",
+                "addressPrefix": "10.15.0.64/27"
+              },
+              "optional": []
+            }
+          }
+        }
+      }
+    }

0 comments on commit `7d35a3e`

Please sign in to comment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `7d35a3e`

Commit

There are no files selected for viewing

0 comments on commit 7d35a3e

0 comments on commit `7d35a3e`