Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Align RBAC on Microsoft.Compute #367

Merged
merged 13 commits into from
Nov 5, 2021
Merged

Align RBAC on Microsoft.Compute #367

merged 13 commits into from
Nov 5, 2021

Conversation

MariusStorhaug
Copy link
Contributor

@MariusStorhaug MariusStorhaug commented Nov 3, 2021
edited
Loading

Change

Compute: Availabilitysets

Compute: Diskencryptionsets

Compute: Galleries - Removal failing, cannot find tags

Compute: Galleries Images - Removal failing, cannot find tags

Compute: Images

Compute: ProximityPlacementGroups

Compute: Virtualmachines

Compute: Virtualmachinescalesets

  • Moved builtInRoleNames variable to .bicep/nested_rbac.json
  • Using declaration of existing resource + scope reference in roleAssignment resource declaration
  • Updated Readme

Type of Change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update (Wiki)

Checklist

  • I'm sure there are no other open Pull Requests for the same update/change
  • My corresponding pipelines / checks run clean and green without any errors or warnings
  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation (readme)
  • I did format my code

@github-actions
Copy link

github-actions bot commented Nov 3, 2021
edited
Loading

Unit Test Results

  1 files  ±0  1 suites  ±0   15s ⏱️ +2s
  8 tests +4  8 ✔️ +4    0 💤 ±0  0 ±0 
39 runs  +4  8 ✔️ +4  31 💤 ±0  0 ±0 

Results for commit 3d15aa3. ± Comparison against base commit c69e175.

This pull request removes 4 and adds 8 tests. Note that renamed tests count towards both. 
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Api version tests [All apiVersions in the template should be 'recent'].In [Microsoft.DesktopVirtualization/hostpools] used resource type [diagnosticsettings] should use on of the recent API version(s). Currently using [2017-05-01-preview]
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Api version tests [All apiVersions in the template should be 'recent'].In [Microsoft.DesktopVirtualization/hostpools] used resource type [hostPools] should use on of the recent API version(s). Currently using [2021-07-12]
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Api version tests [All apiVersions in the template should be 'recent'].In [Microsoft.DesktopVirtualization/hostpools] used resource type [locks] should use on of the recent API version(s). Currently using [2016-09-01]
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Api version tests [All apiVersions in the template should be 'recent'].In [Microsoft.DesktopVirtualization/hostpools] used resource type [roleassignments] should use on of the recent API version(s). Currently using [2021-04-01-preview]

/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Api version tests [All apiVersions in the template should be 'recent'].In [Microsoft.Compute/virtualMachines] used resource type [diagnosticsettings] should use on of the recent API version(s). Currently using [2021-05-01-preview]
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Api version tests [All apiVersions in the template should be 'recent'].In [Microsoft.Compute/virtualMachines] used resource type [locks] should use on of the recent API version(s). Currently using [2017-04-01]
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Api version tests [All apiVersions in the template should be 'recent'].In [Microsoft.Compute/virtualMachines] used resource type [networkInterfaces] should use on of the recent API version(s). Currently using [2021-02-01]
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Api version tests [All apiVersions in the template should be 'recent'].In [Microsoft.Compute/virtualMachines] used resource type [publicIPAddresses] should use on of the recent API version(s). Currently using [2021-02-01]
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Api version tests [All apiVersions in the template should be 'recent'].In [Microsoft.Compute/virtualMachines] used resource type [roleassignments] should use on of the recent API version(s). Currently using [2020-04-01-preview]
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Api version tests [All apiVersions in the template should be 'recent'].In [Microsoft.Compute/virtualMachines] used resource type [vaults/backupFabrics/protectionContainers/protectedItems] should use on of the recent API version(s). Currently using [2021-06-01]
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Api version tests [All apiVersions in the template should be 'recent'].In [Microsoft.Compute/virtualMachines] used resource type [virtualMachines/extensions] should use on of the recent API version(s). Currently using [2021-04-01]
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Api version tests [All apiVersions in the template should be 'recent'].In [Microsoft.Compute/virtualMachines] used resource type [virtualMachines] should use on of the recent API version(s). Currently using [2021-04-01]

♻️ This comment has been updated with latest results.

@MariusStorhaug MariusStorhaug linked an issue Nov 3, 2021 that may be closed by this pull request
Move builtInRoleNames variable into rbac module #202
Closed
@MariusStorhaug MariusStorhaug requested a review from eriqua November 3, 2021 19:32
@MariusStorhaug
Copy link
Contributor Author

@eriqua - Could you help clarify why the Images are failing? Its referring to an old storage account and probably looking for a VHD in that SA. Do we have a new one?

@eriqua
Copy link
Contributor

eriqua commented Nov 4, 2021

@eriqua - Could you help clarify why the Images are failing? Its referring to an old storage account and probably looking for a VHD in that SA. Do we have a new one?

@MariusStorhaug For image dependencies I think what we did in the past was the following:

  1. Deploy an image through the Microsoft.VirtualMachineImages\imageTemplates module
  2. Wait for the image to be created
  3. Reuse it in the Microsoft.Compute\images module as a reference.

The challenge I see is that the storage account + the image name seem to be not deterministic in their names. I guess the imageTemplate is not idempotent either. So rerunning its pipeline would just create a different image name. For this reason it does not make much sense to add it to the dependency pipeline. This case would probably be challenging even with the new testing approach, as we won't be able to predict the vhd reference. As a quick win I started the deployment of a new image which should eventually be available in https://r0jskwdzcal7ss9okmxiyua3.blob.core.windows.net/vhds/48f94fc5-604e-4db2-bca4-e5a09e05b212.vhd. I'd say let's try if that solves for now but also let's have a brainstorm with the group to see if a more structured solution can be targeted going forward.

@MariusStorhaug MariusStorhaug self-assigned this Nov 4, 2021
@MariusStorhaug
Copy link
Contributor Author

@eriqua or @MrMCake : Do you know what pipeline to run to get the dependencies for VM up and running. Yesterday it was refering to a management-rg, looking for a Recovery Services Vault. I could not find one in the new env. Any suggestions?

@eriqua
Copy link
Contributor

eriqua commented Nov 4, 2021
edited
Loading

@eriqua or @MrMCake : Do you know what pipeline to run to get the dependencies for VM up and running. Yesterday it was refering to a management-rg, looking for a Recovery Services Vault. I could not find one in the new env. Any suggestions?

We have only 1 dependency pipeline, but the RSV is missing for the VM backup to work. I'll let you know once I'll be able to add it

UPDATE: @MariusStorhaug RSV has been added to the dependency workflow and already in place in the validation-rg. Name: adp-sxx-az-rsv-x-001

@MariusStorhaug MariusStorhaug enabled auto-merge (squash) November 4, 2021 20:56
@MariusStorhaug MariusStorhaug requested a review from eriqua November 4, 2021 20:56
eriqua
eriqua approved these changes Nov 5, 2021
View reviewed changes
Copy link
Contributor

@eriqua eriqua left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🆗

@MariusStorhaug MariusStorhaug merged commit 2c233ee into main Nov 5, 2021
@AlexanderSehr AlexanderSehr deleted the users/mast/MS.Compute_RBAC branch November 5, 2021 15:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eriqua eriqua eriqua approved these changes

Assignees

@MariusStorhaug MariusStorhaug

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Move builtInRoleNames variable into rbac module
2 participants
@MariusStorhaug @eriqua