Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding additional controls for resource discovery #609

Merged
merged 7 commits into from
May 5, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
91 changes: 87 additions & 4 deletions docs/wiki/Frequently-Asked-Questions.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,16 @@ This article answers frequently asked questions relating to AzOps.

## In this Section

- [Subscriptions or resources not showing up in repository](#subscriptions-or-resources-not-showing-up-in-repository)
- [Push fail with deployment already exists in location error](#push-fail-with-deployment-already-exists-in-location-error)
- [Pull fail with active pull request already exists error](#pull-fail-with-active-pull-request-already-exists-error)
- [AzOps FAQ](#azops-faq)
- [In this Section](#in-this-section)
- [Subscriptions or resources not showing up in repository](#subscriptions-or-resources-not-showing-up-in-repository)
- [Push fail with deployment already exists in location error](#push-fail-with-deployment-already-exists-in-location-error)
- [Pull fail with active pull request already exists error](#pull-fail-with-active-pull-request-already-exists-error)
- [Discovery scenarios and settings](#discovery-scenarios-and-settings)
- [**I want to discover all resources across all resource groups in one specific subscription**](#i-want-to-discover-all-resources-across-all-resource-groups-in-one-specific-subscription)
- [**I want to discover all resources in specific resource groups in one specific subscription**](#i-want-to-discover-all-resources-in-specific-resource-groups-in-one-specific-subscription)
- [**I want to discover a specific resource type in specific resource group in one specific subscription**](#i-want-to-discover-a-specific-resource-type-in-specific-resource-group-in-one-specific-subscription)
- [**I want to discover and manage several Azure Firewall Policy's and rule collections spread out across several resource groups and subscriptions**](#i-want-to-discover-and-manage-several-azure-firewall-policys-and-rule-collections-spread-out-across-several-resource-groups-and-subscriptions)

## Subscriptions or resources not showing up in repository

Expand Down Expand Up @@ -47,4 +54,80 @@ This happens because it is not supported in Azure DevOps to create a pull reques

To resolve the error, [complete or abandon the existing pull request (PR)](https://docs.microsoft.com/en-us/azure/devops/repos/git/complete-pull-requests?view=azure-devops&tabs=browser) first and then rerun the pipeline.

![PR](./Media/FAQ/pr.png)
![PR](./Media/FAQ/pr.png)

## Discovery scenarios and settings

### **I want to discover all resources across all resource groups in one specific subscription**

Can AzOps settings be configured to enable this?

Yes, ensure the following setting combinations are applied (replace `SubscriptionId` with your specific information)

```bash
"Core.IncludeResourcesInResourceGroup": ["*"]

"Core.IncludeResourceType": ["*"]

"Core.SkipResource": false

"Core.SkipResourceGroup": false

"Core.SubscriptionsToIncludeResourceGroups": ["SubscriptionId"]
```

### **I want to discover all resources in specific resource groups in one specific subscription**

Can AzOps settings be configured to enable this?

Yes, ensure the following setting combinations are applied (replace `rgname1`, `rgname2`, `rgname3` and `SubscriptionId` with your specific information)

```bash
"Core.IncludeResourcesInResourceGroup": ["rgname1","rgname2","rgname3"]

"Core.IncludeResourceType": ["*"]

"Core.SkipResource": false

"Core.SkipResourceGroup": false

"Core.SubscriptionsToIncludeResourceGroups": ["SubscriptionId"]
```

### **I want to discover a specific resource type in specific resource group in one specific subscription**

Can AzOps settings be configured to enable this?

Yes, ensure the following setting combinations are applied (replace `rgname1`, `resource-provider/resource-type` and `SubscriptionId` with your specific information)

```bash
"Core.IncludeResourcesInResourceGroup": ["rgname1"]

"Core.IncludeResourceType": ["resource-provider/resource-type"]

"Core.SkipResource": false

"Core.SkipResourceGroup": false

"Core.SubscriptionsToIncludeResourceGroups": ["SubscriptionId"]
```

### **I want to discover and manage several Azure Firewall Policy's and rule collections spread out across several resource groups and subscriptions**

Can AzOps settings be configured to enable this?

Yes, ensure the following setting combinations are applied (replace `rgname1`, `rgname2`, `Microsoft.Network/firewallPolicies` and `SubscriptionId1`, `SubscriptionId2` with your specific information)

```bash
"Core.IncludeResourcesInResourceGroup": ["rgname1","rgname2"]

"Core.IncludeResourceType": ["Microsoft.Network/firewallPolicies"]

"Core.SkipResource": false

"Core.SkipChildResource": false

"Core.SkipResourceGroup": false

"Core.SubscriptionsToIncludeResourceGroups": ["SubscriptionId1","SubscriptionId2"]
```
36 changes: 20 additions & 16 deletions docs/wiki/Settings.md
Original file line number Diff line number Diff line change
@@ -1,26 +1,30 @@
# AzOps Settings

The following configuration values can be modified within the `settings.json` file to change the default behavior of AzOps.

| Id | Name | Description | Example |
| ID | Name | Description | Example |
| --- | ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------- |
| 01 | AutoGeneratedTemplateFolderPath | Generate sub folder for composite resources (/.Az) | ![Auto-Generated-Template-FolderPath](./Media/Pipelines/Auto-Generated-Template-FolderPath.PNG) |
| 02 | AutoInitialize | Run Initialize-AzOpsEnvironment when module is loaded. *Not recommended to change* | `"Core.AutoInitialize": true` |
| 03 | DefaultDeploymentRegion | Default region for deployments | `"Core.DefaultDeploymentRegion": "northeurope"` |
| 04 | EnrollmentAccountPrincipalName | Default enrollment account for Subscription creation | `"Core.EnrollmentAccountPrincipalName": ""` |
| 05 | ExcludedSubOffer | Exclude specific Subscription offer types from pull | `"Core.ExcludedSubOffer": [ "AzurePass_2014-09-01","FreeTrial_2014-09-01","AAD_2015-09-01"]` |
| 05 | ExcludedSubOffer | Exclude specific Subscription offer types from pull | `"Core.ExcludedSubOffer": ["AzurePass_2014-09-01","FreeTrial_2014-09-01","AAD_2015-09-01"]` |
| 06 | ExcludedSubState | Exclude specific states of Subscription from pull | `"Core.ExcludedSubState": ["Disabled","Deleted","Warned","Expired"]` |
| 07 | ExportRawTemplate | Export generic templates without embedding them in the parameter block | `"Core.ExportRawTemplate": true` |
| 08 | IgnoreContextCheck | Skip Azure PowerShell context validation. *Not recommended to change* | `"Core.IgnoreContextCheck": false` |
| 09 | InvalidateCache | Invalidate cached Subscriptions and Management Groups and do a full discovery. *Not recommended to change* | `"Core.InvalidateCache": false` |
| 10 | OfferType | Default offer type for Subscription creation | `"Core.OfferType": "MS-AZR-0017P"` |
| 11 | PartialMgDiscoveryRoot | Generate folder hierachy for specific Management Groups | `"Core.PartialMgDiscoveryRoot": []"` |
| 12 | SkipPolicy | Do not include Azure Policy state in pull | `"Core.SkipPolicy": false` |
| 13 | SkipResource | Do not include Resources within Resource Groups | `"Core.SkipResource": false` |
| 14 | SkipChildResource | Do not include Azure child resources | `"Core.SkipChildResource": false` |
| 15 | SkipResourceGroup | Do not include Resource Groups in pull | `"Core.SkipResourceGroup": false` |
| 16 | SkipResourceType | Skip specific [Resource Types](https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types) (only targets Resource Group scoped resources) |
| 17 | SkipRole | Do not include Role types in pull | `"Core.SkipRole": false` |
| 18 | State | Folder to store AzOpsState artefact, defaults to `root` | ![State](./Media/Pipelines/State.PNG) |
| 19 | SubscriptionsToIncludeResourceGroups | Filter which Subscriptions should include Resource Groups in pull | `"Core.SubscriptionsToIncludeResourceGroups": "*"` |
| 20 | TemplateParameterFileSuffix | Default template file suffix. *Not recommended to change* | `"Core.TemplateParameterFileSuffix": ".json"` |
| 21 | ThrottleLimit | Default template file suffix. *Not recommended to change* | `"Core.ThrottleLimit": 10` |
| 22 | WhatifExcludedChangeTypes | Exclude specific change types from WhatIf operations | `"Core.WhatifExcludedChangeTypes": ["NoChange","Ignore"]` |
| 09 | IncludeResourcesInResourceGroup | Discover only resources in these resource groups | `"Core.IncludeResourcesInResourceGroup": ["rg1","rg2"]` |
| 10 | IncludeResourceType | Discover only specific resource types [Resource Types](https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types) (only targets Resource Group scoped resources) | `"Core.IncludeResourceType": ["Microsoft.Network/privateDnsZones","Microsoft.Network/firewallPolicies"]` |
| 11 | InvalidateCache | Invalidate cached Subscriptions and Management Groups and do a full discovery. *Not recommended to change* | `"Core.InvalidateCache": false` |
| 12 | OfferType | Default offer type for Subscription creation | `"Core.OfferType": "MS-AZR-0017P"` |
| 13 | PartialMgDiscoveryRoot | Generate folder hierachy for specific Management Groups | `"Core.PartialMgDiscoveryRoot": []` |
| 14 | SkipPolicy | Do not include Azure Policy state in pull | `"Core.SkipPolicy": false` |
| 15 | SkipResource | Do not include Resources within Resource Groups | `"Core.SkipResource": false` |
| 16 | SkipChildResource | Do not include Azure child resources | `"Core.SkipChildResource": false` |
| 17 | SkipResourceGroup | Do not include Resource Groups in pull | `"Core.SkipResourceGroup": false` |
| 18 | SkipResourceType | Skip specific [Resource Types](https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types) (only targets Resource Group scoped resources) | `"Core.SkipResourceType": ["Microsoft.VSOnline/plans"]` |
| 19 | SkipRole | Do not include Role types in pull | `"Core.SkipRole": false` |
| 20 | State | Folder to store AzOpsState artefact, defaults to `root` | ![State](./Media/Pipelines/State.PNG) |
| 21 | SubscriptionsToIncludeResourceGroups | Filter which Subscriptions should include Resource Groups in pull | `"Core.SubscriptionsToIncludeResourceGroups": ["*"]` |
| 22 | TemplateParameterFileSuffix | Default template file suffix. *Not recommended to change* | `"Core.TemplateParameterFileSuffix": ".json"` |
| 23 | ThrottleLimit | Default template file suffix. *Not recommended to change* | `"Core.ThrottleLimit": 10` |
| 24 | WhatifExcludedChangeTypes | Exclude specific change types from WhatIf operations | `"Core.WhatifExcludedChangeTypes": ["NoChange","Ignore"]` |
Loading