alzlib

package module
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 28, 2023 License: MIT Imports: 15 Imported by: 0

README

alzlib - a go module for reading Azure Landing Zones Terraform module lib definitions

Go test codecov

This module provides a go library for reading Azure Landing Zones Terraform module lib definitions.

It uses the Azure SDK for Go to get the data types required:

Usage

See the Example test funcs in alzlib_test.go for usage examples.

Documentation

Overview

Package alzlib provides the data structures needed to deploy Azure Landing Zones. It contains the custom Azure policies and policy sets needed to deploy the reference architecture. It also gets the referenced built-in definitions from the Azure Policy service.

Internally the Azure SDK is used to store the resources in memory. It is up to the caller to transform this data into the required format for deployment.

Index

Examples

Constants

This section is empty.

Variables

View Source 
var Lib embed.FS

Embed the Lib dir into the binary.

Functions

This section is empty.

Types

type AlzLib 

type AlzLib struct {
	Options    *AlzLibOptions
	Deployment *DeploymentType // Deployment is the deployment object that stores the management group hierarchy
	// contains filtered or unexported fields
}

AlzLib is the structure that gets built from the the library files do not create this directly, use NewAlzLib instead.

func NewAlzLib 

func NewAlzLib() *AlzLib

NewAlzLib returns a new instance of the alzlib library, optionally using the supplied directory for additional policy (set) definitions.

func (*AlzLib) AddManagementGroupToDeployment 

func (az *AlzLib) AddManagementGroupToDeployment(name, displayName, parent string, parentIsExternal bool, arch *Archetype) error

AddManagementGroupToDeployment adds a management group to the deployment, with a parent if specified. If the parent is not specified, the management group is considered the root of the hierarchy. You should pass the source Archetype through the .WithWellKnownPolicyParameters() method to ensure that the values in the wellKnownPolicyValues are honored.

func (*AlzLib) AddPolicyClient 

func (az *AlzLib) AddPolicyClient(client *armpolicy.ClientFactory)

AddPolicyClient adds an authenticated *armpolicy.ClientFactory to the AlzLib struct. This is needed to get policy objects from Azure.

func (*AlzLib) CopyArchetype 

func (az *AlzLib) CopyArchetype(name string, wkpv *WellKnownPolicyValues) (*Archetype, error)

CopyArchetype returns a copy of the requested archetype by name. The returned struct can be used as a parameter to the Deployment.AddManagementGroup method.

func (*AlzLib) GetBuiltInPolicies 

func (az *AlzLib) GetBuiltInPolicies(ctx context.Context, names []string) error

GetBuiltInPolicies retrieves the built-in policy definitions with the given names and adds them to the AlzLib struct.

func (*AlzLib) GetBuiltInPolicySets 

func (az *AlzLib) GetBuiltInPolicySets(ctx context.Context, names []string) error

GetBuiltInPolicySets retrieves the built-in policy set definitions with the given names and adds them to the AlzLib struct.

func (*AlzLib) GetDefinitionsFromAzure 

func (az *AlzLib) GetDefinitionsFromAzure(ctx context.Context, pds []string) error

GetDefinitionsFromAzure takes a slice of strings containing Azure resource IDs of policy definitions and policy set definitions. It then fetches them from Azure if needed and adds them to the AlzLib struct. For set definitions we need to get all of them, even if they exist in AlzLib already because they can contain built-in definitions.

func (*AlzLib) Init 

func (az *AlzLib) Init(ctx context.Context, libs ...fs.FS) error

Init processes ALZ libraries, supplied as fs.FS interfaces. These are typically the embed.FS global var `Lib`, or an `os.DirFS`. It populates the struct with the results of the processing.

Example

ExampleAlzLib_Init demonstrates the creation of a new AlzLib based a sample directory. 

az := NewAlzLib()
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
dirfs := os.DirFS("./testdata/simple")
err := az.Init(ctx, dirfs)
if err != nil {
	fmt.Println(err)
}
fmt.Printf("Archetype count: %d\n", len(az.archetypes))

Output:

Archetype count: 2

func (*AlzLib) ListArchetypes 

func (az *AlzLib) ListArchetypes() []string

ListArchetypes returns a list of the archetypes in the AlzLib struct.

func (*AlzLib) PolicyAssignmentExists 

func (az *AlzLib) PolicyAssignmentExists(name string) bool

PolicyAssignmentExists returns true if the policy assignment exists in the AlzLib struct.

func (*AlzLib) PolicyDefinitionExists 

func (az *AlzLib) PolicyDefinitionExists(name string) bool

PolicyDefinitionExists returns true if the policy definition exists in the AlzLib struct.

func (*AlzLib) PolicySetDefinitionExists 

func (az *AlzLib) PolicySetDefinitionExists(name string) bool

PolicySetDefinitionExists returns true if the policy set definition exists in the AlzLib struct.

func (*AlzLib) RoleDefinitionExists 

func (az *AlzLib) RoleDefinitionExists(name string) bool

RoleDefinitionExists returns true if the role definition exists in the AlzLib struct.

type AlzLibOptions 

type AlzLibOptions struct {
	AllowOverwrite bool // AllowOverwrite allows overwriting of existing policy assignments when processing additional libraries with AlzLib.Init()
	Parallelism    int  // Parallelism is the number of parallel requests to make to Azure APIs
}

AlzLibOptions are options for the AlzLib. This is created by NewAlzLib.

type AlzManagementGroup 

type AlzManagementGroup struct {
	// contains filtered or unexported fields
}

AlzManagementGroup represents an Azure Management Group within a hierarchy, with links to parent and children.

func (*AlzManagementGroup) GeneratePolicyAssignmentAdditionalRoleAssignments 

func (alzmg *AlzManagementGroup) GeneratePolicyAssignmentAdditionalRoleAssignments(az *AlzLib) error

GeneratePolicyAssignmentAdditionalRoleAssignments generates the additional role assignment data needed for the policy assignments It should be run once the policy assignments map has been fully populated for a given ALZManagementGroup. It will iterate through all policy assignments and generate the additional role assignments for each one, storing them in the AdditionalRoleAssignmentsByPolicyAssignment map.

func (*AlzManagementGroup) GetAdditionalRoleAssignmentsByPolicyAssignmentMap 

func (alzmg *AlzManagementGroup) GetAdditionalRoleAssignmentsByPolicyAssignmentMap() map[string]PolicyAssignmentAdditionalRoleAssignments

GetAdditionalRoleAssignmentsByPolicyAssignmentMap returns a copy of the additional role assignments by policy assignment map.

func (*AlzManagementGroup) GetChildren 

func (alzmg *AlzManagementGroup) GetChildren() []*AlzManagementGroup

GetChildren returns the children of the management group.

func (*AlzManagementGroup) GetParentId 

func (alzmg *AlzManagementGroup) GetParentId() string

GetParentId returns the ID of the parent management group. If the parent is external, this will be preferred. If neither are set an empty string is returned (though this should never happen).

func (*AlzManagementGroup) GetParentMg 

func (alzmg *AlzManagementGroup) GetParentMg() *AlzManagementGroup

GetParentMg returns parent *AlzManagementGroup. If the parent is external, the result will be nil.

func (*AlzManagementGroup) GetPolicyAssignmentMap 

func (alzmg *AlzManagementGroup) GetPolicyAssignmentMap() map[string]armpolicy.Assignment

GetPolicyAssignmentMap returns a copy of the policy assignments map.

func (*AlzManagementGroup) GetPolicyDefinitionsMap 

func (alzmg *AlzManagementGroup) GetPolicyDefinitionsMap() map[string]armpolicy.Definition

GetPolicyDefinitionsMap returns a copy of the policy definitions map.

func (*AlzManagementGroup) GetPolicySetDefinitionsMap 

func (alzmg *AlzManagementGroup) GetPolicySetDefinitionsMap() map[string]armpolicy.SetDefinition

GetPolicySetDefinitionsMap returns a copy of the policy definitions map.

func (*AlzManagementGroup) GetResourceId 

func (alzmg *AlzManagementGroup) GetResourceId() string

GetResourceId returns the resource ID for the management group.

func (*AlzManagementGroup) GetRoleAssignmentsMap 

func (alzmg *AlzManagementGroup) GetRoleAssignmentsMap() map[string]armauthorization.RoleAssignment

GetRoleAssignmentsMap returns a copy of the role Assignments map.

func (*AlzManagementGroup) GetRoleDefinitionsMap 

func (alzmg *AlzManagementGroup) GetRoleDefinitionsMap() map[string]armauthorization.RoleDefinition

GetRoleDefinitionsMap returns a copy of the role definitions map.

func (*AlzManagementGroup) ParentIsExternal 

func (alzmg *AlzManagementGroup) ParentIsExternal() bool

ParentIsExternal returns a bool value depending on whether the parent MG is external or not.

func (*AlzManagementGroup) ResourceId 

func (alzmg *AlzManagementGroup) ResourceId() string

ResourceId returns the resource ID of the management group.

func (*AlzManagementGroup) Update 

func (alzmg *AlzManagementGroup) Update(az *AlzLib, papv PolicyAssignmentsParameterValues) error

Update will Update the AlzManagementGroup resources with the correct resource ids, references, etc. Make sure to pass in any updates to the policy assignment parameter values.

func (*AlzManagementGroup) UpsertPolicyAssignments 

func (alzmg *AlzManagementGroup) UpsertPolicyAssignments(ctx context.Context, pas map[string]*armpolicy.Assignment, az *AlzLib) error

UpsertPolicyAssignments adds policy assignments to the management group. These can be net-new assignments, or amendments to existing assignments. It will deep merge the supplied assignments with the existing assignments. If the assignment already exists, its attributes will be updated, but not entirely replaced.

type Archetype 

type Archetype struct {
	PolicyDefinitions    sets.Set[string]
	PolicyAssignments    sets.Set[string]
	PolicySetDefinitions sets.Set[string]
	RoleDefinitions      sets.Set[string]
	// contains filtered or unexported fields
}

Archetype represents an archetype definition that hasn't been assigned to a management group The contents of the sets represent the map keys of the corresponding AlzLib maps.

type DeploymentType 

type DeploymentType struct {
	// contains filtered or unexported fields
}

DeploymentType represents a deployment of Azure management group.

func (*DeploymentType) GetManagementGroup added in v0.2.0 

func (d *DeploymentType) GetManagementGroup(name string) *AlzManagementGroup

GetManagementGroup returns the management group with the given name.

func (*DeploymentType) ListManagementGroups added in v0.2.0 

func (d *DeploymentType) ListManagementGroups() []string

ListManagementGroups returns the management group names as a slice of string.

type PolicyAssignmentAdditionalRoleAssignments 

type PolicyAssignmentAdditionalRoleAssignments struct {
	RoleDefinitionIds sets.Set[string]
	AdditionalScopes  sets.Set[string]
}

PolicyAssignmentAdditionalRoleAssignments represents the additional role assignments that need to be created for a management group. Since we could be using system assigned identities, we don't know the principal ID until after the deployment. Therefore this data can be used to create the role assignments after the deployment.

type PolicyAssignmentsParameterValues 

type PolicyAssignmentsParameterValues map[string]map[string]*armpolicy.ParameterValuesValue

PolicyAssignmentsParameterValues represents a data structure for replacing policy parameters. The first map key is the assignment name, the second is the parameter name, and the value is the parameter values value (an ARM SDK type).

func (PolicyAssignmentsParameterValues) Merge 

func (papv PolicyAssignmentsParameterValues) Merge(other PolicyAssignmentsParameterValues) PolicyAssignmentsParameterValues

Merge merges the other PolicyAssignmentsParameterValues into this one.

type WellKnownPolicyValues 

type WellKnownPolicyValues struct {
	DefaultLocation                string
	DefaultLogAnalyticsWorkspaceId string
}

WellKnownPolicyValues represents options for a deployment These are values that are typically replaced in the deployed resources E.g. location, log analytics workspace ID, etc.

Source Files

View all Source files

Directories

Path Synopsis
package processor is used to process the library files.
 package processor is used to process the library files.
Package to contains various type-conversion helper functions.
 Package to contains various type-conversion helper functions.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.