diff --git a/examples-machine-config/data.tf b/examples-machine-config/data.tf index 15402cf..a9a4cdb 100644 --- a/examples-machine-config/data.tf +++ b/examples-machine-config/data.tf @@ -21,9 +21,9 @@ data "azurerm_storage_container" "guest_config_container" { storage_account_name = "guestconfig${substr(md5(data.azurerm_client_config.current.subscription_id), 0, 5)}" } -# Onboarding Prerequisites Initiatives Reference: +# Onboarding Prerequisites Initiative References: # [GA]: 12794019-7a00-42cf-95c2-882eed337cc8 "Deploy prerequisites to enable Guest Configuration policies on virtual machines" (SystemAssigned) # [Preview]: 2b0ce52e-301c-4221-ab38-1601e2b4cee3 "[Preview]: Deploy prerequisites to enable Guest Configuration policies on virtual machines using user-assigned managed identity" (UserAssigned) data "azurerm_policy_set_definition" "deploy_guest_config_prereqs_initiative" { - name = "12794019-7a00-42cf-95c2-882eed337cc8" #"Deploy prerequisites to enable Guest Configuration policies on virtual machines" + name = "12794019-7a00-42cf-95c2-882eed337cc8" } diff --git a/modules/def_assignment/README.md b/modules/def_assignment/README.md index 6314e62..5257877 100644 --- a/modules/def_assignment/README.md +++ b/modules/def_assignment/README.md @@ -13,7 +13,7 @@ Assignments can be scoped from overarching management groups right down to indiv module team_a_mg_inherit_resource_group_tags_modify { source = "gettek/policy-as-code/azurerm//modules/def_assignment" definition = module.inherit_resource_group_tags_modify.definition - assignment_scope = data.azurerm_management_group.org.id + assignment_scope = data.azurerm_management_group.team_a.id assignment_effect = "Modify" skip_remediation = var.skip_remediation @@ -33,7 +33,7 @@ data azurerm_role_definition contributor { module team_a_mg_inherit_resource_group_tags_modify { source = "gettek/policy-as-code/azurerm//modules/def_assignment" definition = module.inherit_resource_group_tags_modify.definition - assignment_scope = data.azurerm_management_group.org.id + assignment_scope = data.azurerm_management_group.team_a.id assignment_effect = "Modify" skip_remediation = var.skip_remediation @@ -59,10 +59,10 @@ data azurerm_policy_definition_built_in deploy_law_on_linux_vms { name = "053d3325-282c-4e5c-b944-24faffd30d77" #"Deploy Log Analytics extension for Linux VMs" } -module team_a_mg_inherit_resource_group_tags_modify { +module team_a_mg_deploy_law_on_linux_vms { source = "gettek/policy-as-code/azurerm//modules/def_assignment" definition = data.azurerm_policy_definition_built_in.deploy_law_on_linux_vms - assignment_scope = data.azurerm_management_group.org.id + assignment_scope = data.azurerm_management_group.team_a.id skip_remediation = var.skip_remediation assignment_parameters = { @@ -86,16 +86,13 @@ data "azuread_group" "policy_remediation" { module team_a_mg_inherit_resource_group_tags_modify { source = "gettek/policy-as-code/azurerm//modules/def_assignment" - definition = data.azurerm_policy_definition.deploy_law_on_linux_vms - assignment_scope = data.azurerm_management_group.org.id + definition = module.inherit_resource_group_tags_modify.definition + assignment_scope = data.azurerm_management_group.team_a.id skip_remediation = false skip_role_assignment = true # <- set this to true to avoid role assignments assignment_parameters = { - logAnalytics = local.dummy_resource_ids.azurerm_log_analytics_workspace - listOfImageIdToInclude = [ - local.dummy_resource_ids.custom_linux_image_id - ] + tagName = "environment" } } diff --git a/modules/def_assignment/TEMPLATE.md b/modules/def_assignment/TEMPLATE.md index d838679..64838e3 100644 --- a/modules/def_assignment/TEMPLATE.md +++ b/modules/def_assignment/TEMPLATE.md @@ -13,7 +13,7 @@ Assignments can be scoped from overarching management groups right down to indiv module team_a_mg_inherit_resource_group_tags_modify { source = "gettek/policy-as-code/azurerm//modules/def_assignment" definition = module.inherit_resource_group_tags_modify.definition - assignment_scope = data.azurerm_management_group.org.id + assignment_scope = data.azurerm_management_group.team_a.id assignment_effect = "Modify" skip_remediation = var.skip_remediation @@ -33,7 +33,7 @@ data azurerm_role_definition contributor { module team_a_mg_inherit_resource_group_tags_modify { source = "gettek/policy-as-code/azurerm//modules/def_assignment" definition = module.inherit_resource_group_tags_modify.definition - assignment_scope = data.azurerm_management_group.org.id + assignment_scope = data.azurerm_management_group.team_a.id assignment_effect = "Modify" skip_remediation = var.skip_remediation @@ -59,10 +59,10 @@ data azurerm_policy_definition_built_in deploy_law_on_linux_vms { name = "053d3325-282c-4e5c-b944-24faffd30d77" #"Deploy Log Analytics extension for Linux VMs" } -module team_a_mg_inherit_resource_group_tags_modify { +module team_a_mg_deploy_law_on_linux_vms { source = "gettek/policy-as-code/azurerm//modules/def_assignment" definition = data.azurerm_policy_definition_built_in.deploy_law_on_linux_vms - assignment_scope = data.azurerm_management_group.org.id + assignment_scope = data.azurerm_management_group.team_a.id skip_remediation = var.skip_remediation assignment_parameters = { @@ -86,16 +86,13 @@ data "azuread_group" "policy_remediation" { module team_a_mg_inherit_resource_group_tags_modify { source = "gettek/policy-as-code/azurerm//modules/def_assignment" - definition = data.azurerm_policy_definition.deploy_law_on_linux_vms - assignment_scope = data.azurerm_management_group.org.id + definition = module.inherit_resource_group_tags_modify.definition + assignment_scope = data.azurerm_management_group.team_a.id skip_remediation = false skip_role_assignment = true # <- set this to true to avoid role assignments assignment_parameters = { - logAnalytics = local.dummy_resource_ids.azurerm_log_analytics_workspace - listOfImageIdToInclude = [ - local.dummy_resource_ids.custom_linux_image_id - ] + tagName = "environment" } } diff --git a/scripts/precommit.ps1 b/scripts/precommit.ps1 index 00e7658..e76da5d 100644 --- a/scripts/precommit.ps1 +++ b/scripts/precommit.ps1 @@ -12,14 +12,14 @@ Push-Location -Path $PSScriptRoot/../modules (Get-ChildItem -Directory).BaseName | Foreach-Object { try { Push-Location -Path $_ - Write-Host "📜 Generating '$_' Docs..." -ForegroundColor Magenta - Get-Content TEMPLATE.md > README.md; "`n" >> README.md; terraform-docs md . >> README.md if ($tf) { terraform init -backend=false -upgrade Write-Host "✅ Terraform fmt & validate '$_'..." -ForegroundColor Magenta terraform fmt terraform validate } + Write-Host "📜 Generating '$_' Docs..." -ForegroundColor Magenta + Get-Content TEMPLATE.md > README.md; "`n" >> README.md; terraform-docs md . >> README.md } catch { Write-Host "🥵 Could not complete precommit tasks: $_" -ForegroundColor Red @@ -33,14 +33,14 @@ Push-Location -Path $PSScriptRoot/../ (Get-ChildItem -Directory -Path examples*).BaseName | Foreach-Object { try { Push-Location -Path $_ - Write-Host "📜 Generating '$_' Docs..." -ForegroundColor Magenta - Get-Content TEMPLATE.md > README.md; "`n" >> README.md; terraform-docs md . >> README.md if ($tf) { terraform init -backend=false -upgrade Write-Host "✅ Terraform fmt & validate '$_'..." -ForegroundColor Magenta terraform fmt terraform validate } + Write-Host "📜 Generating '$_' Docs..." -ForegroundColor Magenta + Get-Content TEMPLATE.md > README.md; "`n" >> README.md; terraform-docs md . >> README.md } catch { Write-Host "🥵 Could not complete precommit tasks: $_" -ForegroundColor Red