From 1ca160e17e51a6721dce55b0f142e0c070beb33a Mon Sep 17 00:00:00 2001 From: Fabio Masciotra Date: Mon, 8 Jan 2024 15:11:27 +0100 Subject: [PATCH] [PSRule] Fix Rule Azure.VMSS.AMA (#3918) * updates * update readme * update --------- Co-authored-by: Fabio Masciotra --- .ps-rule/min-suppress.Rule.yaml | 1 + .../virtual-machine-scale-set/README.md | 8 +++ .../extension/main.json | 4 +- .../virtual-machine-scale-set/main.bicep | 12 ++--- .../virtual-machine-scale-set/main.json | 50 +++++++++---------- .../tests/e2e/linux.ssecmk/main.test.bicep | 3 ++ .../tests/e2e/linux/main.test.bicep | 2 +- ps-rule.yaml | 9 ++-- 8 files changed, 52 insertions(+), 37 deletions(-) diff --git a/.ps-rule/min-suppress.Rule.yaml b/.ps-rule/min-suppress.Rule.yaml index 794cfae88d..611c5ab863 100644 --- a/.ps-rule/min-suppress.Rule.yaml +++ b/.ps-rule/min-suppress.Rule.yaml @@ -9,6 +9,7 @@ spec: - Azure.Resource.UseTags - Azure.KeyVault.Logs - Azure.KeyVault.Firewall + - Azure.VMSS.AMA - Azure.Policy.ExemptionDescriptors - Azure.Policy.Descriptors - Azure.Policy.AssignmentDescriptors diff --git a/modules/compute/virtual-machine-scale-set/README.md b/modules/compute/virtual-machine-scale-set/README.md index 5479ba0268..6856cbc7f1 100644 --- a/modules/compute/virtual-machine-scale-set/README.md +++ b/modules/compute/virtual-machine-scale-set/README.md @@ -219,6 +219,9 @@ module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-se ] disablePasswordAuthentication: true enableDefaultTelemetry: '' + extensionMonitoringAgentConfig: { + enabled: true + } location: '' nicConfigurations: [ { @@ -317,6 +320,11 @@ module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-se "enableDefaultTelemetry": { "value": "" }, + "extensionMonitoringAgentConfig": { + "value": { + "enabled": true + } + }, "location": { "value": "" }, diff --git a/modules/compute/virtual-machine-scale-set/extension/main.json b/modules/compute/virtual-machine-scale-set/extension/main.json index 3ffa0a4e03..04ab8111c2 100644 --- a/modules/compute/virtual-machine-scale-set/extension/main.json +++ b/modules/compute/virtual-machine-scale-set/extension/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "7901509432352717969" + "version": "0.24.24.22086", + "templateHash": "11750050808770259539" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", diff --git a/modules/compute/virtual-machine-scale-set/main.bicep b/modules/compute/virtual-machine-scale-set/main.bicep index 0f845b192c..bd8bb169af 100644 --- a/modules/compute/virtual-machine-scale-set/main.bicep +++ b/modules/compute/virtual-machine-scale-set/main.bicep @@ -490,13 +490,13 @@ resource vmss_logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@20 scope: az.resourceGroup(split((!empty(monitoringWorkspaceId) ? monitoringWorkspaceId : '//'), '/')[2], split((!empty(monitoringWorkspaceId) ? monitoringWorkspaceId : '////'), '/')[4]) } -module vmss_microsoftMonitoringAgentExtension 'extension/main.bicep' = if (extensionMonitoringAgentConfig.enabled) { - name: '${uniqueString(deployment().name, location)}-VMSS-MicrosoftMonitoringAgent' +module vmss_azureMonitorAgentExtension 'extension/main.bicep' = if (extensionMonitoringAgentConfig.enabled) { + name: '${uniqueString(deployment().name, location)}-VMSS-AzureMonitorAgent' params: { virtualMachineScaleSetName: vmss.name - name: 'MicrosoftMonitoringAgent' - publisher: 'Microsoft.EnterpriseCloud.Monitoring' - type: osType == 'Windows' ? 'MicrosoftMonitoringAgent' : 'OmsAgentForLinux' + name: 'AzureMonitorAgent' + publisher: 'Microsoft.Azure.Monitor' + type: osType == 'Windows' ? 'AzureMonitorWindowsAgent' : 'AzureMonitorLinuxAgent' typeHandlerVersion: contains(extensionMonitoringAgentConfig, 'typeHandlerVersion') ? extensionMonitoringAgentConfig.typeHandlerVersion : (osType == 'Windows' ? '1.0' : '1.7') autoUpgradeMinorVersion: contains(extensionMonitoringAgentConfig, 'autoUpgradeMinorVersion') ? extensionMonitoringAgentConfig.autoUpgradeMinorVersion : true enableAutomaticUpgrade: contains(extensionMonitoringAgentConfig, 'enableAutomaticUpgrade') ? extensionMonitoringAgentConfig.enableAutomaticUpgrade : false @@ -591,7 +591,7 @@ module vmss_azureDiskEncryptionExtension 'extension/main.bicep' = if (extensionA } dependsOn: [ vmss_customScriptExtension - vmss_microsoftMonitoringAgentExtension + vmss_azureMonitorAgentExtension ] } diff --git a/modules/compute/virtual-machine-scale-set/main.json b/modules/compute/virtual-machine-scale-set/main.json index 95643ce69d..107c9cd3ab 100644 --- a/modules/compute/virtual-machine-scale-set/main.json +++ b/modules/compute/virtual-machine-scale-set/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "6314533557974797448" + "version": "0.24.24.22086", + "templateHash": "4789140627838282506" }, "name": "Virtual Machine Scale Sets", "description": "This module deploys a Virtual Machine Scale Set.", @@ -1030,8 +1030,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "7901509432352717969" + "version": "0.24.24.22086", + "templateHash": "11750050808770259539" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", @@ -1216,8 +1216,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "7901509432352717969" + "version": "0.24.24.22086", + "templateHash": "11750050808770259539" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", @@ -1363,11 +1363,11 @@ "vmss" ] }, - "vmss_microsoftMonitoringAgentExtension": { + "vmss_azureMonitorAgentExtension": { "condition": "[parameters('extensionMonitoringAgentConfig').enabled]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('{0}-VMSS-MicrosoftMonitoringAgent', uniqueString(deployment().name, parameters('location')))]", + "name": "[format('{0}-VMSS-AzureMonitorAgent', uniqueString(deployment().name, parameters('location')))]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -1378,12 +1378,12 @@ "value": "[parameters('name')]" }, "name": { - "value": "MicrosoftMonitoringAgent" + "value": "AzureMonitorAgent" }, "publisher": { - "value": "Microsoft.EnterpriseCloud.Monitoring" + "value": "Microsoft.Azure.Monitor" }, - "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'MicrosoftMonitoringAgent'), createObject('value', 'OmsAgentForLinux'))]", + "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'AzureMonitorWindowsAgent'), createObject('value', 'AzureMonitorLinuxAgent'))]", "typeHandlerVersion": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionMonitoringAgentConfig').typeHandlerVersion), if(equals(parameters('osType'), 'Windows'), createObject('value', '1.0'), createObject('value', '1.7')))]", "autoUpgradeMinorVersion": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionMonitoringAgentConfig').autoUpgradeMinorVersion), createObject('value', true()))]", "enableAutomaticUpgrade": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionMonitoringAgentConfig').enableAutomaticUpgrade), createObject('value', false()))]", @@ -1407,8 +1407,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "7901509432352717969" + "version": "0.24.24.22086", + "templateHash": "11750050808770259539" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", @@ -1589,8 +1589,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "7901509432352717969" + "version": "0.24.24.22086", + "templateHash": "11750050808770259539" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", @@ -1770,8 +1770,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "7901509432352717969" + "version": "0.24.24.22086", + "templateHash": "11750050808770259539" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", @@ -1955,8 +1955,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "7901509432352717969" + "version": "0.24.24.22086", + "templateHash": "11750050808770259539" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", @@ -2146,8 +2146,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "7901509432352717969" + "version": "0.24.24.22086", + "templateHash": "11750050808770259539" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", @@ -2332,8 +2332,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "7901509432352717969" + "version": "0.24.24.22086", + "templateHash": "11750050808770259539" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", @@ -2477,8 +2477,8 @@ }, "dependsOn": [ "vmss", - "vmss_customScriptExtension", - "vmss_microsoftMonitoringAgentExtension" + "vmss_azureMonitorAgentExtension", + "vmss_customScriptExtension" ] } }, diff --git a/modules/compute/virtual-machine-scale-set/tests/e2e/linux.ssecmk/main.test.bicep b/modules/compute/virtual-machine-scale-set/tests/e2e/linux.ssecmk/main.test.bicep index ac90b7dd77..e283b6b1b1 100644 --- a/modules/compute/virtual-machine-scale-set/tests/e2e/linux.ssecmk/main.test.bicep +++ b/modules/compute/virtual-machine-scale-set/tests/e2e/linux.ssecmk/main.test.bicep @@ -57,6 +57,9 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' scope: resourceGroup name: '${uniqueString(deployment().name, location)}-test-${serviceShort}-${iteration}' params: { + extensionMonitoringAgentConfig: { + enabled: true + } enableDefaultTelemetry: enableDefaultTelemetry location: location name: '${namePrefix}${serviceShort}001' diff --git a/modules/compute/virtual-machine-scale-set/tests/e2e/linux/main.test.bicep b/modules/compute/virtual-machine-scale-set/tests/e2e/linux/main.test.bicep index d11c193a6e..13f29dad53 100644 --- a/modules/compute/virtual-machine-scale-set/tests/e2e/linux/main.test.bicep +++ b/modules/compute/virtual-machine-scale-set/tests/e2e/linux/main.test.bicep @@ -9,7 +9,7 @@ targetScope = 'subscription' param resourceGroupName string = 'dep-${namePrefix}-compute.virtualmachinescalesets-${serviceShort}-rg' @description('Optional. The location to deploy resources to.') -param location string = deployment().location +param location string = 'westeurope' //deployment().location @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'cvmsslin' diff --git a/ps-rule.yaml b/ps-rule.yaml index 1efe9161f8..fd610c9d3f 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -16,7 +16,7 @@ binding: # Require minimum versions of modules. requires: PSRule: '@pre >=2.4.0' - PSRule.Rules.Azure: '@pre >=1.19.2' + PSRule.Rules.Azure: '@pre >=1.27.3' # Use PSRule for Azure. include: @@ -24,8 +24,10 @@ include: - PSRule.Rules.Azure execution: - suppressedRuleWarning: false - notProcessedWarning: false + # suppressedRuleWarning: false - no more supported in PsRule ver 3.0 + # notProcessedWarning: false - no more supported in PsRule ver 3.0 + ruleSuppressed: Warn + unprocessedObject: Warn output: culture: @@ -54,3 +56,4 @@ rule: exclude: # Ignore the following rules for all resources - Azure.KeyVault.PurgeProtect + - Azure.Resource.AllowedRegions