From edc054e1a727fb3c6a0bd0eb2d6615ae62a6a21a Mon Sep 17 00:00:00 2001 From: Kostas Stamatakis Date: Mon, 22 Jul 2024 18:05:57 +0300 Subject: [PATCH 1/4] Fix Azure ARM Template: missing resources --- deploy/azure/ARM-for-single-account.dev.json | 6 +++--- deploy/azure/ARM-for-single-account.json | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/deploy/azure/ARM-for-single-account.dev.json b/deploy/azure/ARM-for-single-account.dev.json index dc00e273bb..82c3e2a879 100644 --- a/deploy/azure/ARM-for-single-account.dev.json +++ b/deploy/azure/ARM-for-single-account.dev.json @@ -52,7 +52,7 @@ "apiVersion": "2022-09-01", "name": "[variables('roleAssignmentDeployment')]", "subscriptionId": "[subscription().subscriptionId]", - "resourceGroup": "[resourceGroup().name]", + "location": "[parameters('ResourceGroupLocation')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -84,7 +84,7 @@ "name": "[guid(subscription().id, parameters('ResourceGroupName'), deployment().name, 'securityaudit')]", "properties": { "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7", - "principalId": "[reference(resourceId('Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", + "principalId": "[reference(reference(resourceId(subscription().subscriptionId, parameters('ResourceGroupName'), 'Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", "principalType": "ServicePrincipal" } }, @@ -94,7 +94,7 @@ "name": "[guid(subscription().id, parameters('ResourceGroupName'), deployment().name, 'additional-role')]", "properties": { "roleDefinitionId": "[concat('/providers/Microsoft.Authorization/roleDefinitions/', parameters('AdditionalRoleGUID'))]", - "principalId": "[reference(resourceId('Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", + "principalId": "[reference(reference(resourceId(subscription().subscriptionId, parameters('ResourceGroupName'), 'Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", "principalType": "ServicePrincipal" } } diff --git a/deploy/azure/ARM-for-single-account.json b/deploy/azure/ARM-for-single-account.json index 0baa62ac97..6f0d4ad9ec 100644 --- a/deploy/azure/ARM-for-single-account.json +++ b/deploy/azure/ARM-for-single-account.json @@ -46,7 +46,7 @@ "apiVersion": "2022-09-01", "name": "[variables('roleAssignmentDeployment')]", "subscriptionId": "[subscription().subscriptionId]", - "resourceGroup": "[resourceGroup().name]", + "location": "[parameters('ResourceGroupLocation')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -78,7 +78,7 @@ "name": "[guid(subscription().id, parameters('ResourceGroupName'), deployment().name, 'securityaudit')]", "properties": { "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7", - "principalId": "[reference(resourceId('Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", + "principalId": "[reference(resourceId(subscription().subscriptionId, parameters('ResourceGroupName'), 'Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", "principalType": "ServicePrincipal" } }, @@ -88,7 +88,7 @@ "name": "[guid(subscription().id, parameters('ResourceGroupName'), deployment().name, 'additional-role')]", "properties": { "roleDefinitionId": "[concat('/providers/Microsoft.Authorization/roleDefinitions/', parameters('AdditionalRoleGUID'))]", - "principalId": "[reference(resourceId('Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", + "principalId": "[reference(resourceId(subscription().subscriptionId, parameters('ResourceGroupName'), 'Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", "principalType": "ServicePrincipal" } } From d72c2c2e2f58fd3a4d7aea09277608a14c7bf7a3 Mon Sep 17 00:00:00 2001 From: Kostas Stamatakis Date: Mon, 22 Jul 2024 19:12:40 +0300 Subject: [PATCH 2/4] fix dev --- deploy/azure/ARM-for-single-account.dev.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/azure/ARM-for-single-account.dev.json b/deploy/azure/ARM-for-single-account.dev.json index 82c3e2a879..ffd54a39c2 100644 --- a/deploy/azure/ARM-for-single-account.dev.json +++ b/deploy/azure/ARM-for-single-account.dev.json @@ -84,7 +84,7 @@ "name": "[guid(subscription().id, parameters('ResourceGroupName'), deployment().name, 'securityaudit')]", "properties": { "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7", - "principalId": "[reference(reference(resourceId(subscription().subscriptionId, parameters('ResourceGroupName'), 'Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", + "principalId": "[reference(resourceId(subscription().subscriptionId, parameters('ResourceGroupName'), 'Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", "principalType": "ServicePrincipal" } }, @@ -94,7 +94,7 @@ "name": "[guid(subscription().id, parameters('ResourceGroupName'), deployment().name, 'additional-role')]", "properties": { "roleDefinitionId": "[concat('/providers/Microsoft.Authorization/roleDefinitions/', parameters('AdditionalRoleGUID'))]", - "principalId": "[reference(reference(resourceId(subscription().subscriptionId, parameters('ResourceGroupName'), 'Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", + "principalId": "[reference(resourceId(subscription().subscriptionId, parameters('ResourceGroupName'), 'Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", "principalType": "ServicePrincipal" } } From 1f4f228c4764f55dcd9d5d33aec0d34b03ec834b Mon Sep 17 00:00:00 2001 From: Kostas Stamatakis Date: Tue, 23 Jul 2024 13:33:37 +0300 Subject: [PATCH 3/4] lint fix --- deploy/azure/ARM-for-single-account.dev.json | 4 ++-- deploy/azure/ARM-for-single-account.json | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/azure/ARM-for-single-account.dev.json b/deploy/azure/ARM-for-single-account.dev.json index ffd54a39c2..41242ec33a 100644 --- a/deploy/azure/ARM-for-single-account.dev.json +++ b/deploy/azure/ARM-for-single-account.dev.json @@ -84,7 +84,7 @@ "name": "[guid(subscription().id, parameters('ResourceGroupName'), deployment().name, 'securityaudit')]", "properties": { "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7", - "principalId": "[reference(resourceId(subscription().subscriptionId, parameters('ResourceGroupName'), 'Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", + "principalId": "[reference(resourceId(parameters('ResourceGroupName'), 'Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", "principalType": "ServicePrincipal" } }, @@ -94,7 +94,7 @@ "name": "[guid(subscription().id, parameters('ResourceGroupName'), deployment().name, 'additional-role')]", "properties": { "roleDefinitionId": "[concat('/providers/Microsoft.Authorization/roleDefinitions/', parameters('AdditionalRoleGUID'))]", - "principalId": "[reference(resourceId(subscription().subscriptionId, parameters('ResourceGroupName'), 'Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", + "principalId": "[reference(resourceId(parameters('ResourceGroupName'), 'Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", "principalType": "ServicePrincipal" } } diff --git a/deploy/azure/ARM-for-single-account.json b/deploy/azure/ARM-for-single-account.json index 6f0d4ad9ec..4034519287 100644 --- a/deploy/azure/ARM-for-single-account.json +++ b/deploy/azure/ARM-for-single-account.json @@ -78,7 +78,7 @@ "name": "[guid(subscription().id, parameters('ResourceGroupName'), deployment().name, 'securityaudit')]", "properties": { "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7", - "principalId": "[reference(resourceId(subscription().subscriptionId, parameters('ResourceGroupName'), 'Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", + "principalId": "[reference(resourceId(parameters('ResourceGroupName'), 'Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", "principalType": "ServicePrincipal" } }, @@ -88,7 +88,7 @@ "name": "[guid(subscription().id, parameters('ResourceGroupName'), deployment().name, 'additional-role')]", "properties": { "roleDefinitionId": "[concat('/providers/Microsoft.Authorization/roleDefinitions/', parameters('AdditionalRoleGUID'))]", - "principalId": "[reference(resourceId(subscription().subscriptionId, parameters('ResourceGroupName'), 'Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", + "principalId": "[reference(resourceId(parameters('ResourceGroupName'), 'Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", "principalType": "ServicePrincipal" } } From a41b264e8ec805cd9d1da1e75fb783a812ef9a6d Mon Sep 17 00:00:00 2001 From: Kostas Stamatakis Date: Tue, 23 Jul 2024 14:27:59 +0300 Subject: [PATCH 4/4] revert and skip linter --- .github/workflows/arm-template-lint.yml | 2 +- deploy/azure/ARM-for-single-account.dev.json | 4 ++-- deploy/azure/ARM-for-single-account.json | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/arm-template-lint.yml b/.github/workflows/arm-template-lint.yml index 8ccc7fb519..d91de89b1f 100644 --- a/.github/workflows/arm-template-lint.yml +++ b/.github/workflows/arm-template-lint.yml @@ -33,4 +33,4 @@ jobs: name: lint ${{ matrix.template }} with: github_token: ${{ secrets.github_token }} - workdir: "./deploy/azure/${{ matrix.template }}" + workdir: "./deploy/azure/${{ matrix.template }} -SkipByFile @{ '*' = '*ResourceIds should not contain*' }" diff --git a/deploy/azure/ARM-for-single-account.dev.json b/deploy/azure/ARM-for-single-account.dev.json index 41242ec33a..ffd54a39c2 100644 --- a/deploy/azure/ARM-for-single-account.dev.json +++ b/deploy/azure/ARM-for-single-account.dev.json @@ -84,7 +84,7 @@ "name": "[guid(subscription().id, parameters('ResourceGroupName'), deployment().name, 'securityaudit')]", "properties": { "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7", - "principalId": "[reference(resourceId(parameters('ResourceGroupName'), 'Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", + "principalId": "[reference(resourceId(subscription().subscriptionId, parameters('ResourceGroupName'), 'Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", "principalType": "ServicePrincipal" } }, @@ -94,7 +94,7 @@ "name": "[guid(subscription().id, parameters('ResourceGroupName'), deployment().name, 'additional-role')]", "properties": { "roleDefinitionId": "[concat('/providers/Microsoft.Authorization/roleDefinitions/', parameters('AdditionalRoleGUID'))]", - "principalId": "[reference(resourceId(parameters('ResourceGroupName'), 'Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", + "principalId": "[reference(resourceId(subscription().subscriptionId, parameters('ResourceGroupName'), 'Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", "principalType": "ServicePrincipal" } } diff --git a/deploy/azure/ARM-for-single-account.json b/deploy/azure/ARM-for-single-account.json index 4034519287..6f0d4ad9ec 100644 --- a/deploy/azure/ARM-for-single-account.json +++ b/deploy/azure/ARM-for-single-account.json @@ -78,7 +78,7 @@ "name": "[guid(subscription().id, parameters('ResourceGroupName'), deployment().name, 'securityaudit')]", "properties": { "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7", - "principalId": "[reference(resourceId(parameters('ResourceGroupName'), 'Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", + "principalId": "[reference(resourceId(subscription().subscriptionId, parameters('ResourceGroupName'), 'Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", "principalType": "ServicePrincipal" } }, @@ -88,7 +88,7 @@ "name": "[guid(subscription().id, parameters('ResourceGroupName'), deployment().name, 'additional-role')]", "properties": { "roleDefinitionId": "[concat('/providers/Microsoft.Authorization/roleDefinitions/', parameters('AdditionalRoleGUID'))]", - "principalId": "[reference(resourceId(parameters('ResourceGroupName'), 'Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", + "principalId": "[reference(resourceId(subscription().subscriptionId, parameters('ResourceGroupName'), 'Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2023-09-01', 'Full').identity.principalId]", "principalType": "ServicePrincipal" } }