Skip to content

Commit

Permalink
[PSRule] Fix Rule Azure.VMSS.AMA (#3918)
Browse files Browse the repository at this point in the history
* updates

* update readme

* update

---------

Co-authored-by: Fabio Masciotra <[email protected]>
  • Loading branch information
fabmas and fabmas authored Jan 8, 2024
1 parent 36b627a commit 1ca160e
Show file tree
Hide file tree
Showing 8 changed files with 52 additions and 37 deletions.
1 change: 1 addition & 0 deletions .ps-rule/min-suppress.Rule.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ spec:
- Azure.Resource.UseTags
- Azure.KeyVault.Logs
- Azure.KeyVault.Firewall
- Azure.VMSS.AMA
- Azure.Policy.ExemptionDescriptors
- Azure.Policy.Descriptors
- Azure.Policy.AssignmentDescriptors
Expand Down
8 changes: 8 additions & 0 deletions modules/compute/virtual-machine-scale-set/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -219,6 +219,9 @@ module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-se
]
disablePasswordAuthentication: true
enableDefaultTelemetry: '<enableDefaultTelemetry>'
extensionMonitoringAgentConfig: {
enabled: true
}
location: '<location>'
nicConfigurations: [
{
Expand Down Expand Up @@ -317,6 +320,11 @@ module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-se
"enableDefaultTelemetry": {
"value": "<enableDefaultTelemetry>"
},
"extensionMonitoringAgentConfig": {
"value": {
"enabled": true
}
},
"location": {
"value": "<location>"
},
Expand Down
4 changes: 2 additions & 2 deletions modules/compute/virtual-machine-scale-set/extension/main.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.23.1.45101",
"templateHash": "7901509432352717969"
"version": "0.24.24.22086",
"templateHash": "11750050808770259539"
},
"name": "Virtual Machine Scale Set Extensions",
"description": "This module deploys a Virtual Machine Scale Set Extension.",
Expand Down
12 changes: 6 additions & 6 deletions modules/compute/virtual-machine-scale-set/main.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -490,13 +490,13 @@ resource vmss_logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@20
scope: az.resourceGroup(split((!empty(monitoringWorkspaceId) ? monitoringWorkspaceId : '//'), '/')[2], split((!empty(monitoringWorkspaceId) ? monitoringWorkspaceId : '////'), '/')[4])
}

module vmss_microsoftMonitoringAgentExtension 'extension/main.bicep' = if (extensionMonitoringAgentConfig.enabled) {
name: '${uniqueString(deployment().name, location)}-VMSS-MicrosoftMonitoringAgent'
module vmss_azureMonitorAgentExtension 'extension/main.bicep' = if (extensionMonitoringAgentConfig.enabled) {
name: '${uniqueString(deployment().name, location)}-VMSS-AzureMonitorAgent'
params: {
virtualMachineScaleSetName: vmss.name
name: 'MicrosoftMonitoringAgent'
publisher: 'Microsoft.EnterpriseCloud.Monitoring'
type: osType == 'Windows' ? 'MicrosoftMonitoringAgent' : 'OmsAgentForLinux'
name: 'AzureMonitorAgent'
publisher: 'Microsoft.Azure.Monitor'
type: osType == 'Windows' ? 'AzureMonitorWindowsAgent' : 'AzureMonitorLinuxAgent'
typeHandlerVersion: contains(extensionMonitoringAgentConfig, 'typeHandlerVersion') ? extensionMonitoringAgentConfig.typeHandlerVersion : (osType == 'Windows' ? '1.0' : '1.7')
autoUpgradeMinorVersion: contains(extensionMonitoringAgentConfig, 'autoUpgradeMinorVersion') ? extensionMonitoringAgentConfig.autoUpgradeMinorVersion : true
enableAutomaticUpgrade: contains(extensionMonitoringAgentConfig, 'enableAutomaticUpgrade') ? extensionMonitoringAgentConfig.enableAutomaticUpgrade : false
Expand Down Expand Up @@ -591,7 +591,7 @@ module vmss_azureDiskEncryptionExtension 'extension/main.bicep' = if (extensionA
}
dependsOn: [
vmss_customScriptExtension
vmss_microsoftMonitoringAgentExtension
vmss_azureMonitorAgentExtension
]
}

Expand Down
50 changes: 25 additions & 25 deletions modules/compute/virtual-machine-scale-set/main.json
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.23.1.45101",
"templateHash": "6314533557974797448"
"version": "0.24.24.22086",
"templateHash": "4789140627838282506"
},
"name": "Virtual Machine Scale Sets",
"description": "This module deploys a Virtual Machine Scale Set.",
Expand Down Expand Up @@ -1030,8 +1030,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.23.1.45101",
"templateHash": "7901509432352717969"
"version": "0.24.24.22086",
"templateHash": "11750050808770259539"
},
"name": "Virtual Machine Scale Set Extensions",
"description": "This module deploys a Virtual Machine Scale Set Extension.",
Expand Down Expand Up @@ -1216,8 +1216,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.23.1.45101",
"templateHash": "7901509432352717969"
"version": "0.24.24.22086",
"templateHash": "11750050808770259539"
},
"name": "Virtual Machine Scale Set Extensions",
"description": "This module deploys a Virtual Machine Scale Set Extension.",
Expand Down Expand Up @@ -1363,11 +1363,11 @@
"vmss"
]
},
"vmss_microsoftMonitoringAgentExtension": {
"vmss_azureMonitorAgentExtension": {
"condition": "[parameters('extensionMonitoringAgentConfig').enabled]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "[format('{0}-VMSS-MicrosoftMonitoringAgent', uniqueString(deployment().name, parameters('location')))]",
"name": "[format('{0}-VMSS-AzureMonitorAgent', uniqueString(deployment().name, parameters('location')))]",
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
Expand All @@ -1378,12 +1378,12 @@
"value": "[parameters('name')]"
},
"name": {
"value": "MicrosoftMonitoringAgent"
"value": "AzureMonitorAgent"
},
"publisher": {
"value": "Microsoft.EnterpriseCloud.Monitoring"
"value": "Microsoft.Azure.Monitor"
},
"type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'MicrosoftMonitoringAgent'), createObject('value', 'OmsAgentForLinux'))]",
"type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'AzureMonitorWindowsAgent'), createObject('value', 'AzureMonitorLinuxAgent'))]",
"typeHandlerVersion": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionMonitoringAgentConfig').typeHandlerVersion), if(equals(parameters('osType'), 'Windows'), createObject('value', '1.0'), createObject('value', '1.7')))]",
"autoUpgradeMinorVersion": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionMonitoringAgentConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
"enableAutomaticUpgrade": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionMonitoringAgentConfig').enableAutomaticUpgrade), createObject('value', false()))]",
Expand All @@ -1407,8 +1407,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.23.1.45101",
"templateHash": "7901509432352717969"
"version": "0.24.24.22086",
"templateHash": "11750050808770259539"
},
"name": "Virtual Machine Scale Set Extensions",
"description": "This module deploys a Virtual Machine Scale Set Extension.",
Expand Down Expand Up @@ -1589,8 +1589,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.23.1.45101",
"templateHash": "7901509432352717969"
"version": "0.24.24.22086",
"templateHash": "11750050808770259539"
},
"name": "Virtual Machine Scale Set Extensions",
"description": "This module deploys a Virtual Machine Scale Set Extension.",
Expand Down Expand Up @@ -1770,8 +1770,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.23.1.45101",
"templateHash": "7901509432352717969"
"version": "0.24.24.22086",
"templateHash": "11750050808770259539"
},
"name": "Virtual Machine Scale Set Extensions",
"description": "This module deploys a Virtual Machine Scale Set Extension.",
Expand Down Expand Up @@ -1955,8 +1955,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.23.1.45101",
"templateHash": "7901509432352717969"
"version": "0.24.24.22086",
"templateHash": "11750050808770259539"
},
"name": "Virtual Machine Scale Set Extensions",
"description": "This module deploys a Virtual Machine Scale Set Extension.",
Expand Down Expand Up @@ -2146,8 +2146,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.23.1.45101",
"templateHash": "7901509432352717969"
"version": "0.24.24.22086",
"templateHash": "11750050808770259539"
},
"name": "Virtual Machine Scale Set Extensions",
"description": "This module deploys a Virtual Machine Scale Set Extension.",
Expand Down Expand Up @@ -2332,8 +2332,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.23.1.45101",
"templateHash": "7901509432352717969"
"version": "0.24.24.22086",
"templateHash": "11750050808770259539"
},
"name": "Virtual Machine Scale Set Extensions",
"description": "This module deploys a Virtual Machine Scale Set Extension.",
Expand Down Expand Up @@ -2477,8 +2477,8 @@
},
"dependsOn": [
"vmss",
"vmss_customScriptExtension",
"vmss_microsoftMonitoringAgentExtension"
"vmss_azureMonitorAgentExtension",
"vmss_customScriptExtension"
]
}
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,9 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem'
scope: resourceGroup
name: '${uniqueString(deployment().name, location)}-test-${serviceShort}-${iteration}'
params: {
extensionMonitoringAgentConfig: {
enabled: true
}
enableDefaultTelemetry: enableDefaultTelemetry
location: location
name: '${namePrefix}${serviceShort}001'
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ targetScope = 'subscription'
param resourceGroupName string = 'dep-${namePrefix}-compute.virtualmachinescalesets-${serviceShort}-rg'

@description('Optional. The location to deploy resources to.')
param location string = deployment().location
param location string = 'westeurope' //deployment().location

@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
param serviceShort string = 'cvmsslin'
Expand Down
9 changes: 6 additions & 3 deletions ps-rule.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,16 +16,18 @@ binding:
# Require minimum versions of modules.
requires:
PSRule: '@pre >=2.4.0'
PSRule.Rules.Azure: '@pre >=1.19.2'
PSRule.Rules.Azure: '@pre >=1.27.3'

# Use PSRule for Azure.
include:
module:
- PSRule.Rules.Azure

execution:
suppressedRuleWarning: false
notProcessedWarning: false
# suppressedRuleWarning: false - no more supported in PsRule ver 3.0
# notProcessedWarning: false - no more supported in PsRule ver 3.0
ruleSuppressed: Warn
unprocessedObject: Warn

output:
culture:
Expand Down Expand Up @@ -54,3 +56,4 @@ rule:
exclude:
# Ignore the following rules for all resources
- Azure.KeyVault.PurgeProtect
- Azure.Resource.AllowedRegions

0 comments on commit 1ca160e

Please sign in to comment.