Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Zero Trust Option for Storage Accounts / CMK #713

Open
wants to merge 36 commits into
base: main
Choose a base branch
from
Open

Add Zero Trust Option for Storage Accounts / CMK #713

wants to merge 36 commits into from

Conversation

JCoreMS
Copy link
Contributor

@JCoreMS JCoreMS commented Nov 15, 2024

Overview/Summary

This change incorporates updates to the baseline deployment to add an option in the Storage section of the UI for Zero Trust which then allows for an additional Key Vault to be deployed. Keys created for each storage account and Customer Managed Keys configured for each storage account.

This PR fixes/adds/changes/removes

  1. Adjusted UI definition for custom names - prefix regex set for 1-6 chars but validation mesg said 1-90.
  2. Adds check box for Zero Trust in Custom UI Storage section
  3. Code includes logic to handle and deploy additional key vault, keys and associates with existing identity and storage accounts.

Breaking Changes

  1. N/A

Testing Evidence

Tested deployment in lab environment with multiple scenarios and successfully deployed each time to include the changes added with the option flag set.

As part of this Pull Request I have

  • Read the Contribution Guide and ensured this PR is compliant with the guide
  • Ensured the resource API versions in .bicep file/s I am adding/editing are using the latest API version possible
  • Checked for duplicate Pull Requests
  • Associated it with relevant GitHub Issues
  • (AVD LZA Team Only) Associated it with relevant ADO Items
  • Ensured my code/branch is up-to-date with the latest changes in the main branch
  • Performed testing and provided evidence.
  • Updated relevant and associated documentation (e.g. Contribution Guide, Module READMEs, Docs etc.)

@JCoreMS
initial CMK setup for zt storage
a153a1d
@JCoreMS
add baselineStorageResourceGroup dependency to key vault module
57a6af1
@JCoreMS
update key vault name format in baseline deployment
ee21491
@JCoreMS
add rotation policy for key vault keys with expiry and notification a…
fa5088c 
…ctions
@JCoreMS
add principalType to role assignments for key vault keys
b4ef84e
@JCoreMS
add principalType to role assignments for key vault keys
22be400
@JCoreMS
add rotation policy with expiry and notification actions for key vaul…
d3037c5 
…t keys
@JCoreMS
update principalId references to use managedIdentityStorageResourceId…
85f2713 
… for key vault role assignments
@JCoreMS
update principalId references to use managedIdentityStorageClientId f…
31b0ef6 
…or key vault role assignments
@JCoreMS
update principalId references to use managedIdentityStorageClientId f…
9cbfeff 
…or key vault role assignments
@JCoreMS
force update
3309a4d
@JCoreMS
update principalId references to use managedIdentityStoragePrincipalI…
40b2327 
…d for key vault role assignments
@JCoreMS
add managedIdentityStorageResourceId parameter for storage account in…
ffcfdc9 
… baseline deployment
@JCoreMS
update principalType to 'ServicePrincipal' in role assignments and up…
07c052f 
…date schema URL in portal UI baseline
@JCoreMS
update key vault module to include role assignments for managed ident…
3cafc1b 
…ity with specified encryption permissions
@JCoreMS
update key vault module to format storage key names from str acct nam…
90866b0 
…e to key-stracctname
@JCoreMS
update key vault module to change default name for zero trust disk en…
e569432 
…cryption keys and format key names in customer managed key
@JCoreMS
update key vault module to include key type and size for MSIX deploym…
35ea359 
…ent keys
@JCoreMS
update key vault module to centralize key rotation policy and simplif…
ec960c9 
…y key definitions
@JCoreMS
update storage modules to rename userAssignedIdentity to userAssigned…
9be465d 
…IdentityResourceId and update template hashes
@JCoreMS
update storage module to add managed identities support and update te…
ded4943 
…mplate hashes
@JCoreMS
ZT Storage CMK now implemented after storage acct created - initial
0228efe
@JCoreMS
update storage module to rename FSLogix CMK resources to resolve dupl…
677d6ac 
…icate name
@JCoreMS
update storage module to add managed identity support for storage acc…
feaa5a8 
…ounts
@JCoreMS
update storage module to modify template hashes and enhance key vault…
6a84db5 
… properties for storage services
@JCoreMS
update storage module to modify template hashes and enhance key vault…
08fd3ca 
… properties
@JCoreMS
update storage module to modify template hashes and add user-assigned…
9f84045 
… identity support for encryption
@JCoreMS
update baseline UI to include opt for zt on storage, update condition…
c0fd75e 
… for fslogix and msix zt config
@JCoreMS
update baseline UI to rename zero trust disk configuration to zero tr…
06ebaa6 
…ust storage configuration and enhance tooltip description for clarity
@JCoreMS
update storage module to use AVM
96d597e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@JCoreMS