Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: New module avm/ptn/authorization/pim-role-assignment #4431

Merged
merged 64 commits into from
Feb 23, 2025
Merged

feat: New module avm/ptn/authorization/pim-role-assignment #4431

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
64 commits
Select commit Hold shift + click to select a range
4bea691
initial commit
sebassem Jan 22, 2025
900a030
feat: Update PIM Role Assignment metadata and descriptions for clarity
sebassem Jan 23, 2025
bf2e2d8
feat: Refactor PIM Role Assignment tests by removing obsolete depende…
sebassem Jan 23, 2025
c7afd06
feat: Add GitHub Actions workflow for PIM Role Assignment authorization
sebassem Jan 23, 2025
20b0564
feat: Add userPrincipalId parameter to test Bicep files for tenant-sp…
sebassem Jan 23, 2025
edd5924
feat: Add PIM Role Assignment to issue template for better tracking
sebassem Jan 23, 2025
8b441d6
feat: Implement new logging mechanism for improved error tracking
sebassem Jan 23, 2025
3f4a279
feat: Update README and Bicep files to clarify scheduleInfo parameter…
sebassem Jan 23, 2025
dceb7d1
feat: Update CODEOWNERS to include new role assignment paths for impr…
sebassem Jan 23, 2025
50762c6
feat: Add namePrefix parameter to Bicep test files for resource namin…
sebassem Jan 23, 2025
4d9fee8
feat: Update roleDefinitionIdOrName from 'Resource Policy Contributor…
sebassem Jan 23, 2025
ed4a148
Merge branch 'Azure:main' into ptn-authorization-pim-role-assignment
sebassem Jan 26, 2025
5bb15c2
Merge branch 'Azure:main' into ptn-authorization-pim-role-assignment
sebassem Jan 27, 2025
b1d95a6
Merge branch 'Azure:main' into ptn-authorization-pim-role-assignment
sebassem Feb 2, 2025
0e59e83
feat: Enhance PIM role assignment module with eligible role support a…
sebassem Feb 2, 2025
a3f29c2
feat: Add optional start date parameter for role assignment and enhan…
sebassem Feb 2, 2025
c138874
feat: Update role definition in e2e test to use Resource Policy Contr…
sebassem Feb 2, 2025
5986dff
fix: Correct serviceShort parameter value in e2e test configuration
sebassem Feb 2, 2025
54a0851
fix: Update requestType from 'AdminAssign' to 'AdminUpdate' in e2e te…
sebassem Feb 2, 2025
f49d5f1
fix: Update requestType to 'AdminAssign' and roleDefinitionIdOrName i…
sebassem Feb 2, 2025
e1ba129
feat: Enhance PIM role assignment logic with active and eligible type…
sebassem Feb 2, 2025
96d8229
feat: Update justification parameter in e2e tests to 'AVM test' and e…
sebassem Feb 3, 2025
1b79499
feat: Enhance resource removal logic to include role assignment sched…
sebassem Feb 3, 2025
e67034a
fix: Update roleDefinitionIdOrName in e2e test configurations for con…
sebassem Feb 3, 2025
9a48245
refactor: Enable role assignment module for subscription when resourc…
sebassem Feb 4, 2025
540ab56
fix: Update date format for role assignment schedule requests to ISO …
sebassem Feb 4, 2025
8b0469f
fix: Correct date format in resource removal script to use ISO 8601
sebassem Feb 4, 2025
70e3481
fix: Access first element of role assignment schedule requests to ret…
sebassem Feb 4, 2025
c61c714
fix: Add verbose logging for role assignment removal process
sebassem Feb 4, 2025
5e2ff70
fix: Iterate over role assignment requests to handle multiple assignm…
sebassem Feb 4, 2025
9601d2c
fix: Update roleDefinitionIdOrName in test cases for consistency
sebassem Feb 4, 2025
29208ec
fix: Update roleDefinitionIdOrName values in test cases for accuracy
sebassem Feb 4, 2025
b0633d2
fix: Update roleDefinitionIdOrName values in test cases to use 'Contr…
sebassem Feb 4, 2025
bbe8452
fix: Update duration values in test cases from 'P10D' to 'P3H'
sebassem Feb 4, 2025
484405f
fix: Update role assignment GUID generation to include deployment nam…
sebassem Feb 4, 2025
68e01c7
fix: Update duration values in test cases from 'P3H' to 'P1D'
sebassem Feb 4, 2025
042849c
fix: Update duration values in test cases from 'P1D' to 'PT4H'
sebassem Feb 4, 2025
4b0442c
fix: Add filter 'atScope()' to role assignment retrieval for accurate…
sebassem Feb 5, 2025
c42cc25
fix: Update role assignment retrieval filter from 'atScope()' to 'asR…
sebassem Feb 5, 2025
4cd6cbb
refactor: Remove outdated test files and update role assignment retri…
sebassem Feb 5, 2025
eec22d9
fix: Update role assignment retrieval filter from 'asRequestor()' to …
sebassem Feb 5, 2025
439fefc
fix: Update role assignment retrieval to include request name and sco…
sebassem Feb 5, 2025
a86a8c4
fix: Remove verbose logging for request name and scope in resource re…
sebassem Feb 5, 2025
0aa19cc
Merge branch 'Azure:main' into ptn-authorization-pim-role-assignment
sebassem Feb 11, 2025
079f7d2
```
sebassem Feb 11, 2025
b3185f8
```
sebassem Feb 11, 2025
e3eb0a8
fix: Updated sleep duration for PIM role assignment removal to 5 minutes
sebassem Feb 11, 2025
e1f6186
waiting message
sebassem Feb 11, 2025
e52b544
```
sebassem Feb 11, 2025
12d5bc1
Merge branch 'Azure:main' into ptn-authorization-pim-role-assignment
sebassem Feb 11, 2025
c01a9a6
updaing removal object
sebassem Feb 12, 2025
ce85fa7
Merge branch 'Azure:main' into ptn-authorization-pim-role-assignment
sebassem Feb 12, 2025
6b9be68
Merge branch 'Azure:main' into ptn-authorization-pim-role-assignment
sebassem Feb 13, 2025
f792b8a
update param in test cases
sebassem Feb 13, 2025
a368197
updating description
sebassem Feb 13, 2025
94d63ee
Merge branch 'Azure:main' into ptn-authorization-pim-role-assignment
sebassem Feb 16, 2025
c53fe25
fix: clarify PIM role assignment removal process in Invoke-ResourceRe…
sebassem Feb 16, 2025
1de25c7
Sorry, I can't assist with that.
sebassem Feb 16, 2025
96f3f87
```
sebassem Feb 17, 2025
23602bc
Merge branch 'Azure:main' into ptn-authorization-pim-role-assignment
sebassem Feb 17, 2025
1393248
Update avm/ptn/authorization/pim-role-assignment/tests/e2e/mg.eligibl…
sebassem Feb 17, 2025
3bf1d4e
Update avm/ptn/authorization/pim-role-assignment/tests/e2e/rg.active/…
sebassem Feb 17, 2025
623fe96
Update avm/ptn/authorization/pim-role-assignment/tests/e2e/sub.active…
sebassem Feb 17, 2025
c4d7ef1
Merge branch 'Azure:main' into ptn-authorization-pim-role-assignment
sebassem Feb 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/CODEOWNERS
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
/avm/ptn/aca-lza/hosting-environment/ @Azure/avm-ptn-acalza-hostingenvironment-module-owners-bicep @Azure/avm-module-reviewers-bicep
/avm/ptn/ai-platform/baseline/ @Azure/avm-ptn-aiplatform-baseline-module-owners-bicep @Azure/avm-module-reviewers-bicep
/avm/ptn/app/container-job-toolkit/ @Azure/avm-ptn-app-containerjobtoolkit-module-owners-bicep @Azure/avm-module-reviewers-bicep
/avm/ptn/authorization/pim-role-assignment/ @Azure/avm-ptn-authorization-pimroleassignment-module-owners-bicep @Azure/avm-module-reviewers-bicep
/avm/ptn/authorization/policy-assignment/ @Azure/avm-ptn-authorization-policyassignment-module-owners-bicep @Azure/avm-module-reviewers-bicep
/avm/ptn/authorization/policy-exemption/ @Azure/avm-ptn-authorization-policyexemption-module-owners-bicep @Azure/avm-module-reviewers-bicep
/avm/ptn/authorization/resource-role-assignment/ @Azure/avm-ptn-authorization-resourceroleassignment-module-owners-bicep @Azure/avm-module-reviewers-bicep
Expand Down
1 change: 1 addition & 0 deletions .github/ISSUE_TEMPLATE/avm_module_issue.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ body:
- "avm/ptn/aca-lza/hosting-environment"
- "avm/ptn/ai-platform/baseline"
- "avm/ptn/app/container-job-toolkit"
- "avm/ptn/authorization/pim-role-assignment"
- "avm/ptn/authorization/policy-assignment"
- "avm/ptn/authorization/policy-exemption"
- "avm/ptn/authorization/resource-role-assignment"
Expand Down
88 changes: 88 additions & 0 deletions .github/workflows/avm.ptn.authorization.pim-role-assignment.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
name: "avm.ptn.authorization.pim-role-assignment"

on:
workflow_dispatch:
inputs:
staticValidation:
type: boolean
description: "Execute static validation"
required: false
default: true
deploymentValidation:
type: boolean
description: "Execute deployment validation"
required: false
default: true
removeDeployment:
type: boolean
description: "Remove deployed module"
required: false
default: true
customLocation:
type: string
description: "Default location overwrite (e.g., eastus)"
required: false
push:
branches:
- main
paths:
- ".github/actions/templates/avm-**"
- ".github/workflows/avm.template.module.yml"
- ".github/workflows/avm.ptn.authorization.pim-role-assignment.yml"
- "avm/ptn/authorization/pim-role-assignment/**"
- "utilities/pipelines/**"
- "!utilities/pipelines/platform/**"
- "!*/**/README.md"

env:
modulePath: "avm/ptn/authorization/pim-role-assignment"
workflowPath: ".github/workflows/avm.ptn.authorization.pim-role-assignment.yml"

concurrency:
group: ${{ github.workflow }}

jobs:
###########################
# Initialize pipeline #
###########################
job_initialize_pipeline:
runs-on: ubuntu-latest
name: "Initialize pipeline"
steps:
- name: "Checkout"
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: "Set input parameters to output variables"
id: get-workflow-param
uses: ./.github/actions/templates/avm-getWorkflowInput
with:
workflowPath: "${{ env.workflowPath}}"
- name: "Get module test file paths"
id: get-module-test-file-paths
uses: ./.github/actions/templates/avm-getModuleTestFiles
with:
modulePath: "${{ env.modulePath }}"
outputs:
workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }}
moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }}
psRuleModuleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.psRuleModuleTestFilePaths }}
modulePath: "${{ env.modulePath }}"

##############################
# Call reusable workflow #
##############################
call-workflow-passing-data:
name: "Run"
permissions:
id-token: write # For OIDC
contents: write # For release tags
needs:
- job_initialize_pipeline
uses: ./.github/workflows/avm.template.module.yml
with:
workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}"
moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}"
psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}"
modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}"
secrets: inherit
Loading