deployment

package
v0.29.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 5, 2026 License: MIT Imports: 20 Imported by: 0

Documentation

Overview

Package deployment contains the types and methods for managing the deployment of an Azure management group hierarchy using the supplied Alzlib.

Index

Constants

View Source 
const (
	// ManagementGroupIDFmt is the format string for management group resource IDs in Azure.
	ManagementGroupIDFmt = "/providers/Microsoft.Management/managementGroups/%s"

	// PolicyAssignmentIDFmt is the format string for policy assignment resource IDs in Azure.
	PolicyAssignmentIDFmt = "/providers/Microsoft.Management/managementGroups/%s" +
		"/providers/Microsoft.Authorization/policyAssignments/%s"

	// PolicyDefinitionIDFmt is the format string for policy definition resource IDs in Azure.
	PolicyDefinitionIDFmt = "/providers/Microsoft.Management/managementGroups/%s" +
		"/providers/Microsoft.Authorization/policyDefinitions/%s"

	// PolicySetDefinitionIDFmt is the format string for policy set definition resource IDs in Azure.
	PolicySetDefinitionIDFmt = "/providers/Microsoft.Management/managementGroups/%s" +
		"/providers/Microsoft.Authorization/policySetDefinitions/%s"

	// RoleDefinitionIDFmt is the format string for role definition resource IDs in Azure.
	RoleDefinitionIDFmt = "/providers/Microsoft.Management/managementGroups/%s" +
		"/providers/Microsoft.Authorization/roleDefinitions/%s"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type FSWriter added in v0.28.0 

type FSWriter struct {
	// contains filtered or unexported fields
}

FSWriter writes a Hierarchy to the local filesystem.

func NewFSWriter added in v0.28.0 

func NewFSWriter(opt FSWriterOptions) *FSWriter

NewFSWriter creates a new filesystem writer with optional configuration.

func (*FSWriter) Write added in v0.28.0 

func (w *FSWriter) Write(ctx context.Context, h *Hierarchy, outDir string) error

Write implements HierarchyWriter.

type FSWriterOptions added in v0.28.0 

type FSWriterOptions struct {
	// number of times to escape ARM expressions in policy definitions
	ArmEscapePolicyDefinitions uint
	// number of times to escape ARM expressions in policy set definitions
	ArmEscapePolicySetDefinitions uint
	// number of times to escape ARM expressions in role definitions
	ArmEscapeRoleDefinitions uint
	// number of times to escape ARM expressions in policy assignments
	ArmEscapePolicyAssignments uint
	// options for customization of policy set definitions
	PolicySetOptions FSWriterPolicySetOptions
}

FSWriterOptions defines options for the filesystem writer.

type FSWriterPolicySetOptions added in v0.28.0 

type FSWriterPolicySetOptions struct {
	// if true, replaces custom policy definition references in policy set definitions
	CustomPolicyDefinitionReferencesUpdate bool
	// regular expression to match custom policy definition references
	CustomPolicyDefinitionReferenceRegExp *regexp.Regexp
	// value to replace custom policy definition references
	CustomPolicyDefinitionReferenceReplaceValue string
}

FSWriterPolicySetOptions defines options for the policy set definitions.

type Hierarchy 

type Hierarchy struct {
	// contains filtered or unexported fields
}

Hierarchy represents a deployment of Azure management group hierarchy. Do not create this struct directly, use NewHierarchy instead.

func NewHierarchy 

func NewHierarchy(alzlib *alzlib.AlzLib) *Hierarchy

NewHierarchy creates a new Hierarchy with the given AlzLib.

func (*Hierarchy) AddDefaultPolicyAssignmentValue added in v0.19.0 

func (h *Hierarchy) AddDefaultPolicyAssignmentValue(
	_ context.Context,
	defaultName string,
	defaultValue *armpolicy.ParameterValuesValue,
) error

AddDefaultPolicyAssignmentValue adds a default policy assignment value to the hierarchy.

func (*Hierarchy) FromArchitecture 

func (h *Hierarchy) FromArchitecture(
	ctx context.Context,
	arch, externalParentID, location string,
) error

FromArchitecture creates a hierarchy from the given architecture.

func (*Hierarchy) ManagementGroup 

func (h *Hierarchy) ManagementGroup(name string) *HierarchyManagementGroup

ManagementGroup returns the management group with the given name.

func (*Hierarchy) ManagementGroupNames 

func (h *Hierarchy) ManagementGroupNames() []string

ManagementGroupNames returns the management group names as a slice of string.

func (*Hierarchy) ManagementGroupsAtLevel 

func (h *Hierarchy) ManagementGroupsAtLevel(level int) map[string]*HierarchyManagementGroup

ManagementGroupsAtLevel returns the management groups from the given level as a map of string to *HierarchyManagementGroup.

func (*Hierarchy) PolicyRoleAssignments 

func (h *Hierarchy) PolicyRoleAssignments(
	_ context.Context,
) (mapset.Set[PolicyRoleAssignment], error)

PolicyRoleAssignments returns the policy assignments required for the hierarchy. This error returned bay be a PolicyRoleAssignmentErrors, which contains a slice of errors. This is so that callers can choose to issue a warning here instead of halting the process.

type HierarchyManagementGroup 

type HierarchyManagementGroup struct {
	// contains filtered or unexported fields
}

HierarchyManagementGroup represents an Azure Management Group within a hierarchy, with links to parent and children.

func (*HierarchyManagementGroup) Children 

func (mg *HierarchyManagementGroup) Children() []*HierarchyManagementGroup

Children returns the children of the management group.

func (*HierarchyManagementGroup) DisplayName 

func (mg *HierarchyManagementGroup) DisplayName() string

DisplayName returns the display name of the management group.

func (*HierarchyManagementGroup) Exists added in v0.15.0 

func (mg *HierarchyManagementGroup) Exists() bool

Exists returns a bool value depending on whether the management group exists.

func (*HierarchyManagementGroup) HasParent 

func (mg *HierarchyManagementGroup) HasParent(id string) bool

HasParent returns a bool value depending on whether the management group has a given parent. Only works for internal parents.

func (*HierarchyManagementGroup) Level added in v0.15.0 

func (mg *HierarchyManagementGroup) Level() int

Level returns the level of the management group in the hierarchy.

func (*HierarchyManagementGroup) Location added in v0.15.0 

func (mg *HierarchyManagementGroup) Location() string

Location returns the default location to use for artifacts in the management group.

func (HierarchyManagementGroup) MarshalJSON added in v0.20.0 

func (mg HierarchyManagementGroup) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface for HierarchyManagementGroup.

func (*HierarchyManagementGroup) ModifyPolicyAssignment 

func (mg *HierarchyManagementGroup) ModifyPolicyAssignment(
	name string,
	opts ...ModifyPolicyAssignmentOption,
) error

ModifyPolicyAssignment modifies an existing policy assignment in the management group. It will deep merge the supplied assignments with the existing assignments.

func (*HierarchyManagementGroup) Name 

func (mg *HierarchyManagementGroup) Name() string

Name returns the name/id of the management group.

func (*HierarchyManagementGroup) Parent 

func (mg *HierarchyManagementGroup) Parent() *HierarchyManagementGroup

Parent returns parent *AlzManagementGroup. If the parent is external, the result will be nil.

func (*HierarchyManagementGroup) ParentID added in v0.27.0 

func (mg *HierarchyManagementGroup) ParentID() string

ParentID returns the ID of the parent management group. If the parent is external, this will be preferred. If neither are set an empty string is returned (though this should never happen).

func (*HierarchyManagementGroup) ParentIsExternal 

func (mg *HierarchyManagementGroup) ParentIsExternal() bool

ParentIsExternal returns a bool value depending on whether the parent MG is external or not.

func (*HierarchyManagementGroup) PolicyAssignmentMap 

func (mg *HierarchyManagementGroup) PolicyAssignmentMap() map[string]*assets.PolicyAssignment

PolicyAssignmentMap returns a copy of the policy assignments map.

func (*HierarchyManagementGroup) PolicyDefinitionsMap 

func (mg *HierarchyManagementGroup) PolicyDefinitionsMap() map[string]*assets.PolicyDefinition

PolicyDefinitionsMap returns a copy of the policy definitions map.

func (*HierarchyManagementGroup) PolicySetDefinitionsMap 

func (mg *HierarchyManagementGroup) PolicySetDefinitionsMap() map[string]*assets.PolicySetDefinition

PolicySetDefinitionsMap returns a copy of the policy definitions map.

func (*HierarchyManagementGroup) ResourceID added in v0.27.0 

func (mg *HierarchyManagementGroup) ResourceID() string

ResourceID returns the resource ID of the management group.

func (*HierarchyManagementGroup) RoleDefinitionsMap 

func (mg *HierarchyManagementGroup) RoleDefinitionsMap() map[string]*assets.RoleDefinition

RoleDefinitionsMap returns a copy of the role definitions map.

type HierarchyWriter added in v0.28.0 

type HierarchyWriter interface {
	// Write exports the hierarchy to outDir. Each management group becomes a directory
	// (nested according to parent/child), and each asset (policy assignment/definition,
	// policy set definition, role definition) is written as a separate JSON file named
	// using the asset JSON .name plus a type-specific suffix.
	Write(ctx context.Context, h *Hierarchy, outDir string) error
}

HierarchyWriter writes a Hierarchy to a target location. Implementations should mirror the management group hierarchy on the target.

type ModifyPolicyAssignmentOption added in v0.29.3 

type ModifyPolicyAssignmentOption func(*HierarchyManagementGroup, string) error

ModifyPolicyAssignmentOption is a functional option for ModifyPolicyAssignment.

func WithEnforcementMode added in v0.29.3 

func WithEnforcementMode(enforcementMode *armpolicy.EnforcementMode) ModifyPolicyAssignmentOption

WithEnforcementMode sets the enforcement mode for the policy assignment.

func WithIdentity added in v0.29.3 

func WithIdentity(identity *armpolicy.Identity) ModifyPolicyAssignmentOption

WithIdentity sets the identity for the policy assignment.

func WithNonComplianceMessages added in v0.29.3 

func WithNonComplianceMessages(nonComplianceMessages []*armpolicy.NonComplianceMessage) ModifyPolicyAssignmentOption

WithNonComplianceMessages sets the non-compliance messages for the policy assignment.

func WithNotScopes added in v0.29.3 

func WithNotScopes(notScopes []*string) ModifyPolicyAssignmentOption

WithNotScopes sets the not scopes for the policy assignment. If supplied, the existing value of NotScopes is overwritten. Each string value should be a valid ARM resource ID. Nil values in the supplied slice are filtered out.

func WithOverrides added in v0.29.3 

func WithOverrides(overrides []*armpolicy.Override) ModifyPolicyAssignmentOption

WithOverrides sets the overrides for the policy assignment.

func WithParameters added in v0.29.3 

func WithParameters(parameters map[string]*armpolicy.ParameterValuesValue) ModifyPolicyAssignmentOption

WithParameters sets the parameters for the policy assignment.

func WithResourceSelectors added in v0.29.3 

func WithResourceSelectors(resourceSelectors []*armpolicy.ResourceSelector) ModifyPolicyAssignmentOption

WithResourceSelectors sets the resource selectors for the policy assignment.

type PolicyRoleAssignment 

type PolicyRoleAssignment struct {
	RoleDefinitionID  string `json:"role_definition_id,omitempty"`
	Scope             string `json:"scope,omitempty"`
	AssignmentName    string `json:"assignment_name,omitempty"`
	ManagementGroupID string `json:"management_group_id,omitempty"`
}

PolicyRoleAssignment represents the role assignments that need to be created for a management group. Since we could be using system assigned identities, we don't know the principal ID until after the deployment. Therefore this data can be used to create the role assignments after the deployment.

type PolicyRoleAssignmentError added in v0.23.1 

type PolicyRoleAssignmentError struct {
	// contains filtered or unexported fields
}

PolicyRoleAssignmentError represents an error that occurred while generating a role assignment for a policy assignment.

func NewPolicyRoleAssignmentError added in v0.23.1 

func NewPolicyRoleAssignmentError(
	assignmentName string,
	assignmentScope string,
	defParameterName string,
	pdref string,
	roleDefinitionIDs []string,
	innerError error,
) *PolicyRoleAssignmentError

NewPolicyRoleAssignmentError creates a new PolicyRoleAssignmentError with the provided parameters.

func (*PolicyRoleAssignmentError) Error added in v0.23.1 

func (e *PolicyRoleAssignmentError) Error() string

Error implements the error interface.

func (*PolicyRoleAssignmentError) Unwrap added in v0.24.0 

func (e *PolicyRoleAssignmentError) Unwrap() error

type PolicyRoleAssignmentErrors added in v0.23.1 

type PolicyRoleAssignmentErrors struct {
	// contains filtered or unexported fields
}

PolicyRoleAssignmentErrors represents a collection of PolicyRoleAssignmentError. It can be used by the caller to emit a warning rather than halt execution.

func NewPolicyRoleAssignmentErrors added in v0.23.1 

func NewPolicyRoleAssignmentErrors() *PolicyRoleAssignmentErrors

NewPolicyRoleAssignmentErrors creates a new PolicyRoleAssignmentErrors collection.

func (*PolicyRoleAssignmentErrors) Add added in v0.23.1 

func (e *PolicyRoleAssignmentErrors) Add(err ...*PolicyRoleAssignmentError)

Add adds one or more PolicyRoleAssignmentError to the collection.

func (*PolicyRoleAssignmentErrors) Error added in v0.23.1 

func (e *PolicyRoleAssignmentErrors) Error() string

Error implements the error interface.

func (*PolicyRoleAssignmentErrors) Errors added in v0.23.1 

func (e *PolicyRoleAssignmentErrors) Errors() []*PolicyRoleAssignmentError

Errors returns the collection of PolicyRoleAssignmentError.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.