Skip to content

Re-baseline policies against Azure/Enterprise-Scale
Compare
Choose a tag to compare
@krowlandson krowlandson released this 10 Mar 21:20
· 492 commits to main since this release
v0.1.0
945bfc8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

This release marks a major update to the Terraform Module for Cloud Adoption Framework Enterprise-scale, providing a full policy refresh to bring a more consistent experience between the Terraform and native ARM implementations of Enterprise-scale.

Policies are now updated to reflect the "foundation" policies as per the WingTip reference implementation, but also contains all policy definitions used as part of the AdventureWorks (Hub & Spoke) and Contoso (Azure vWAN) reference implementations.

⚠️ WARNING: Please note that this release contains a number of changes which may impact your deployment. Please review the Upgrade from v0.0.8 to v0.1.0 guidance before upgrading.

The following is a summary of the main changes being introduced:

  • Introduce automated testing to ensure module quality and functionality when releasing future updates.
  • Update Unit and E2E test pipelines to use YML templates and dynamic matrix generation.
  • Add custom PS module for Enterprise Scale Library Tools to handle automated library template updates.
  • Add script and GitHub Action to enable automated library template updates from Azure/Enterprise-Scale repository using a CI pipeline.
  • Add offline ProviderApiVersions cache in Enterprise Scale Library Tools to negate the need for Azure credentials.
  • Update Library Templates (automated) using new CI process.
  • Manual remediations to updated library templates to ensure full compatibility with Terraform (needs to be fixed at source to prevent regression).
  • Update Policy Assignments and archetypes to provide parity with WingTip reference Enterprise-Scale foundations.
  • Update Resource definitions in base module to use name field instead of properties.displayName to allow setting a more "human-friendly" displayName on policies and roles.
  • Fix bug where duplicate roles are created at the same scope for policy assignments with managed identity.
  • Add customizable delay between deployment of different resource types to reduce deployment errors due to caching and replication in the Azure API (Improvement to help Fix #37).
  • Update root_parent_id validation regex to include support for additional supported characters (Fix #43).
  • Update README as part of migrating documentation to the Wiki
  • Update names for allowed location policies from Allow to Deny for better consistency with other policies
  • Fix #47 assignableScope bug for Role Definitions
  • Fix #34 by adding dedicated CONTRIBUTING.md page
Assets 2
Loading