Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Add missing dns zones in relevant policy assignment and adjust workflow permissions #902

Closed
wants to merge 6 commits into from

Conversation

oZakari
Copy link
Contributor

@oZakari oZakari commented Nov 13, 2024

Overview/Summary

This pull request includes several updates to GitHub workflows and a significant change to a Bicep module template. The updates to the workflows involve setting permissions for reading contents, while the Bicep module template changes involve updating and adding various private DNS zone IDs.

Workflow Updates:

  • Added permissions: contents: read to the following workflow files to ensure they have the necessary read permissions:
    • .github/workflows/bicep-build-to-validate.yml
    • .github/workflows/gh-ado-sync.yml
    • .github/workflows/release-tests.yml
    • .github/workflows/scheduled-bicep-build.yml

Bicep Module Template Changes:

  • Updated infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_private_dns_zones.tmpl.json to correct and add various private DNS zone IDs, ensuring accurate resource ID references and expanding the list of supported DNS zones.

Related Issues/Work Items

Fixes #897

This PR fixes/adds/changes/removes

  1. Adds all missing dns zones from policy set definition file
  2. Adds top level permissions for workflows

Breaking Changes

None

Testing Evidence

Replace this with any testing evidence to show that your Pull Request works/fixes as described and planned (include screenshots, if appropriate).

As part of this Pull Request I have

@oZakari oZakari requested a review from jtracey93 November 13, 2024 22:48
@oZakari oZakari added Area: Policy 📝 Issues / PR's related to Policy Type: Bug 🪲 Something isn't working labels Nov 13, 2024
@oZakari
Copy link
Contributor Author

oZakari commented Nov 13, 2024

/azp run validateazcloud

Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@oZakari
Copy link
Contributor Author

oZakari commented Nov 14, 2024

/azp run validateazcloud

Copy link

Azure Pipelines successfully started running 1 pipeline(s).

Copy link
Contributor

@jtracey93 jtracey93 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs: Author Feedback 👂 Needs the author to provide feedback label Nov 14, 2024
@oZakari oZakari changed the title fix: Add missing dns zones in relevant policy assignment fix: Add missing dns zones in relevant policy assignment and adjust workflow permissions Nov 15, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot removed the Needs: Author Feedback 👂 Needs the author to provide feedback label Nov 15, 2024
@oZakari oZakari force-pushed the fix-dns-policy-assignment branch from f76b6e5 to fd6168e Compare November 15, 2024 23:09
@oZakari oZakari closed this Nov 15, 2024
@oZakari oZakari reopened this Nov 15, 2024
@oZakari oZakari closed this Nov 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Area: Policy 📝 Issues / PR's related to Policy Type: Bug 🪲 Something isn't working
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Azure Policy Assignment - Configure Azure PaaS services to use private DNS zones
2 participants