Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix def for cloud pricing api change for defenders for api #954

Merged
merged 10 commits into from
Mar 29, 2024
Merged

Fix def for cloud pricing api change for defenders for api #954

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
611bcc1
created routine for specialhandling std defender plans
jayhaddad Mar 29, 2024
38509b1
updated defender for cloud module and recompile mlz
jayhaddad Mar 29, 2024
3b6485f
updated code
jayhaddad Mar 29, 2024
4cfdc01
created routine for specialhandling std defender plans
jayhaddad Mar 29, 2024
b065f84
updated defender for cloud module and recompile mlz
jayhaddad Mar 29, 2024
8914ce3
updated code
jayhaddad Mar 29, 2024
9e68cd7
Merge branch 'defPlanRoutines' of https://github.com/Azure/missionlz …
jayhaddad Mar 29, 2024
317f509
GitHub Action: Build Bicep to JSON
invalid-email-address Mar 29, 2024
a63d84f
Merge branch 'main' into defPlanRoutines
Mar 29, 2024
89b05a9
Merge branch 'main' into defPlanRoutines
Mar 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 44 additions & 6 deletions src/bicep/mlz.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"_generator": {
"name": "bicep",
"version": "0.26.54.24096",
"templateHash": "8544707785042027382"
"templateHash": "9628455953298590978"
}
},
"parameters": {
Expand Down Expand Up @@ -8321,7 +8321,7 @@
"_generator": {
"name": "bicep",
"version": "0.26.54.24096",
"templateHash": "825251000097419332"
"templateHash": "12295251709791687425"
}
},
"parameters": {
Expand Down Expand Up @@ -8385,7 +8385,7 @@
"_generator": {
"name": "bicep",
"version": "0.26.54.24096",
"templateHash": "15033542879751971590"
"templateHash": "2376507858724004427"
}
},
"parameters": {
Expand Down Expand Up @@ -8433,24 +8433,62 @@
}
},
"variables": {
"autoProvisioning": "[if(parameters('enableAutoProvisioning'), 'On', 'Off')]"
"autoProvisioning": "[if(parameters('enableAutoProvisioning'), 'On', 'Off')]",
"defenderPaidPlansSpecialHandlingAzurePublicList": [
"Api"
],
"defenderPaidPlanConfig": {
"AzureCloud": {
"Api": {
"subPlan": "P1"
}
}
}
},
"resources": [
{
"copy": {
"name": "defenderPricing",
"name": "defenderFreeAllClouds",
"count": "[length(parameters('defenderPlans'))]",
"mode": "serial",
"batchSize": 1
},
"condition": "[and(not(empty(parameters('defenderPlans'))), equals(parameters('defenderSkuTier'), 'Free'))]",
"type": "Microsoft.Security/pricings",
"apiVersion": "2023-01-01",
"name": "[parameters('defenderPlans')[copyIndex()]]",
"properties": {
"pricingTier": "[parameters('defenderSkuTier')]"
}
},
{
"copy": {
"name": "defenderStandardNoSubplanNoExtensions",
"count": "[length(parameters('defenderPlans'))]",
"mode": "serial",
"batchSize": 1
},
"condition": "[not(empty(parameters('defenderPlans')))]",
"condition": "[and(and(not(empty(parameters('defenderPlans'))), equals(parameters('defenderSkuTier'), 'Standard')), not(contains(variables('defenderPaidPlansSpecialHandlingAzurePublicList'), parameters('defenderPlans')[copyIndex()])))]",
"type": "Microsoft.Security/pricings",
"apiVersion": "2023-01-01",
"name": "[parameters('defenderPlans')[copyIndex()]]",
"properties": {
"pricingTier": "[parameters('defenderSkuTier')]"
}
},
{
"copy": {
"name": "defenderStandardSubplanExtensionsAzureCloud",
"count": "[length(parameters('defenderPlans'))]",
"mode": "serial",
"batchSize": 1
},
"condition": "[and(and(and(not(empty(parameters('defenderPlans'))), equals(parameters('defenderSkuTier'), 'Standard')), contains(variables('defenderPaidPlansSpecialHandlingAzurePublicList'), parameters('defenderPlans')[copyIndex()])), equals(environment().name, 'AzureCloud'))]",
"type": "Microsoft.Security/pricings",
"apiVersion": "2023-01-01",
"name": "[parameters('defenderPlans')[copyIndex()]]",
"properties": "[if(not(contains(variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]], 'subPlan')), createObject('pricingTier', parameters('defenderSkuTier')), createObject('pricingTier', parameters('defenderSkuTier'), 'subPlan', variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]].subPlan))]"
},
{
"type": "Microsoft.Security/autoProvisioningSettings",
"apiVersion": "2019-01-01",
Expand Down
41 changes: 39 additions & 2 deletions src/bicep/modules/defenderForCloud.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,15 +24,52 @@ param policySetDescription string = 'The Microsoft Cloud Security Benchmark init
@description('[Standard/Free] The SKU for Defender. It defaults to "Free".')
param defenderSkuTier string = 'Free'

// defender for cloud turn on for both free and standard sku
// Variables for Defender for Cloud Paid Plan Handling for AzureCloud only

var defenderPaidPlansSpecialHandlingAzurePublicList = ['Api']

var defenderPaidPlanConfig = {
AzureCloud: {
Api: {
subPlan: 'P1'
}
}
}

// Defender for Cloud - Free SKU turn on for all clouds
@batchSize(1)
resource defenderPricing 'Microsoft.Security/pricings@2023-01-01' = [for name in defenderPlans: if (!empty(defenderPlans)) {
resource defenderFreeAllClouds 'Microsoft.Security/pricings@2023-01-01' = [for name in defenderPlans: if (!empty(defenderPlans) && defenderSkuTier == 'Free') {
name: name
properties: {
pricingTier: defenderSkuTier
}
}]


// defender for cloud Standard SKU - No subplan, no extensions

@batchSize(1)
resource defenderStandardNoSubplanNoExtensions 'Microsoft.Security/pricings@2023-01-01' = [for name in defenderPlans: if (!empty(defenderPlans) && defenderSkuTier == 'Standard' && !contains(defenderPaidPlansSpecialHandlingAzurePublicList, name)) {
name: name
properties: {
pricingTier: defenderSkuTier
}
}]


// defender for cloud Standard SKU - AzureCloud only - Handing instances with subplans must be defined
@batchSize(1)
resource defenderStandardSubplanExtensionsAzureCloud 'Microsoft.Security/pricings@2023-01-01' = [for name in defenderPlans: if (!empty(defenderPlans) && defenderSkuTier == 'Standard' && contains(defenderPaidPlansSpecialHandlingAzurePublicList, name) && environment().name == 'AzureCloud'){
name: name
properties: !contains(defenderPaidPlanConfig[environment().name][name], 'subPlan') ? {
pricingTier: defenderSkuTier
}:{
pricingTier: defenderSkuTier
subPlan: defenderPaidPlanConfig[environment().name][name].subPlan
}
}
]

// auto provisioing

resource autoProvision 'Microsoft.Security/autoProvisioningSettings@2019-01-01' = {
Expand Down