Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PSRule] Fix Rule Azure.VMSS.AMA #3918

Merged
merged 8 commits into from
Jan 8, 2024
Merged
Show file tree
Hide file tree
Changes from 7 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .ps-rule/min-suppress.Rule.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ spec:
- Azure.Resource.UseTags
- Azure.KeyVault.Logs
- Azure.KeyVault.Firewall
- Azure.VMSS.AMA
- Azure.Policy.ExemptionDescriptors
- Azure.Policy.Descriptors
- Azure.Policy.AssignmentDescriptors
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,9 @@ module testDeployment '../../main.bicep' = {
scope: resourceGroup
name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
params: {
extensionMonitoringAgentConfig: {
enabled: true
}
enableDefaultTelemetry: enableDefaultTelemetry
location: location
name: '${namePrefix}${serviceShort}001'
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ targetScope = 'subscription'
param resourceGroupName string = 'ms.compute.virtualmachinescalesets-${serviceShort}-rg'

@description('Optional. The location to deploy resources to.')
param location string = deployment().location
param location string = 'westeurope' //deployment().location
fabmas marked this conversation as resolved.
Show resolved Hide resolved

@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
param serviceShort string = 'cvmsslin'
Expand Down
8 changes: 8 additions & 0 deletions modules/compute/virtual-machine-scale-set/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -1436,6 +1436,9 @@ module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' =
]
disablePasswordAuthentication: true
enableDefaultTelemetry: '<enableDefaultTelemetry>'
extensionMonitoringAgentConfig: {
enabled: true
}
location: '<location>'
nicConfigurations: [
{
Expand Down Expand Up @@ -1534,6 +1537,11 @@ module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' =
"enableDefaultTelemetry": {
"value": "<enableDefaultTelemetry>"
},
"extensionMonitoringAgentConfig": {
"value": {
"enabled": true
}
},
"location": {
"value": "<location>"
},
Expand Down
12 changes: 6 additions & 6 deletions modules/compute/virtual-machine-scale-set/main.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -503,13 +503,13 @@ resource vmss_logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@20
scope: resourceGroup(split(monitoringWorkspaceId, '/')[2], split(monitoringWorkspaceId, '/')[4])
}

module vmss_microsoftMonitoringAgentExtension 'extension/main.bicep' = if (extensionMonitoringAgentConfig.enabled) {
name: '${uniqueString(deployment().name, location)}-VMSS-MicrosoftMonitoringAgent'
module vmss_azureMonitorAgentExtension 'extension/main.bicep' = if (extensionMonitoringAgentConfig.enabled) {
AlexanderSehr marked this conversation as resolved.
Show resolved Hide resolved
name: '${uniqueString(deployment().name, location)}-VMSS-AzureMonitorAgent'
params: {
virtualMachineScaleSetName: vmss.name
name: 'MicrosoftMonitoringAgent'
publisher: 'Microsoft.EnterpriseCloud.Monitoring'
type: osType == 'Windows' ? 'MicrosoftMonitoringAgent' : 'OmsAgentForLinux'
name: 'AzureMonitorAgent'
publisher: 'Microsoft.Azure.Monitor'
type: osType == 'Windows' ? 'AzureMonitorWindowsAgent' : 'AzureMonitorLinuxAgent'
typeHandlerVersion: contains(extensionMonitoringAgentConfig, 'typeHandlerVersion') ? extensionMonitoringAgentConfig.typeHandlerVersion : (osType == 'Windows' ? '1.0' : '1.7')
autoUpgradeMinorVersion: contains(extensionMonitoringAgentConfig, 'autoUpgradeMinorVersion') ? extensionMonitoringAgentConfig.autoUpgradeMinorVersion : true
enableAutomaticUpgrade: contains(extensionMonitoringAgentConfig, 'enableAutomaticUpgrade') ? extensionMonitoringAgentConfig.enableAutomaticUpgrade : false
Expand Down Expand Up @@ -604,7 +604,7 @@ module vmss_azureDiskEncryptionExtension 'extension/main.bicep' = if (extensionA
}
dependsOn: [
vmss_customScriptExtension
vmss_microsoftMonitoringAgentExtension
vmss_azureMonitorAgentExtension
]
}

Expand Down
9 changes: 6 additions & 3 deletions ps-rule.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,16 +16,18 @@ binding:
# Require minimum versions of modules.
requires:
PSRule: '@pre >=2.4.0'
PSRule.Rules.Azure: '@pre >=1.19.2'
PSRule.Rules.Azure: '@pre >=1.27.3'

# Use PSRule for Azure.
include:
module:
- PSRule.Rules.Azure

execution:
suppressedRuleWarning: false
notProcessedWarning: false
# suppressedRuleWarning: false - no more supported in PsRule ver 3.0
# notProcessedWarning: false - no more supported in PsRule ver 3.0
ruleSuppressed: Warn
unprocessedObject: Warn

output:
culture:
Expand Down Expand Up @@ -54,3 +56,4 @@ rule:
exclude:
# Ignore the following rules for all resources
- Azure.KeyVault.PurgeProtect
- Azure.Resource.AllowedRegions