Skip to content

v0.11.0
Compare
Choose a tag to compare
@jtracey93 jtracey93 released this 08 Nov 13:02
· 252 commits to main since this release
v0.11.0
cc3e2bb
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Summary

This release does bring a couple of slight "breaking changes" (see below section for details) however, aside from this there are a few key call outs to note:

Breaking Changes

As mentioned above there are a couple of "slight" breaking changes that are introduced with this release.

Breaking Change 1 - mgDiagSettingsAll.bicep deployment scope change from Tenant to Management Group

This change was made based on customer feedback around using least privileged access in #338, which we agreed was valid and the right thing to do, hence the change.

Handling this change is as simple as changing the deployment scoping from Tenant to Management Group e.g. from New-AzTenantDeployment to New-AzManagementGroupDeployment.

The module README in the module documents the commands to use for PowerShell or Az CLI

Breaking Change 2 - customRoleDefinitions.bicep now has more unique GUIDs and Role Names based on Management Group ID/Name

This change was reported as a bug in #362 which meant if you followed our canary guidance you would not have been able to create the custom role definitions in each of the Management Group hierarchies as the GUIDs and names for the custom role definitions were not based on the Management Group ID/Name they were being deployed on.

We have now changed this so they are based on the Management Group ID/Name so they can be deployed across as many Management Group hierarchies in the same AAD Tenant 👍

What is the breaking change?

If you redeploy the latest version of the customRoleDefinitons.bicep you will get a set of new roles based on the new GUID and Name uniqueness that is based on the Management Group ID/Name you deploy them to, as detailed in the module README

So, this will not break anything, but it will just create a duplicate set of role definitions on your Management Group.

You should look to migrate all assignments of the old custom role definitions to the newly created ones, in this release, to ensure you can adopt scenarios like canary later on in your ALZ journey 👍

What's Changed

  • Azure China Cloud - Policy Refactoring by @JamJarchitect in #351
  • Update Policy Library for Azure China (automated) by @github-actions in #352
  • Fix bicep example for parLandingZoneMgChildren by @coolhome in #353
  • Updated markdowns to correspond with the Bicep files by @johnlokerse in #331
  • Update Policy Library for Azure China (automated) by @github-actions in #361
  • Update Policy Library (automated) by @github-actions in #360
  • Support for groups as part of policy Initiatives by @vedagudipati in #364
  • Update Policy Library (automated) by @github-actions in #366
  • Add metadata filtering to China .github/scripts/Invoke-PolicyToBicep-China.ps1 by @jtracey93 in #369
  • Guidance Update - Policies to Built-In by @jfaurskov in #363
  • Response to FRs - Issues #267 and #290 - POC in RG Name and Deployment Snippets by @JamJarchitect in #312
  • Change deployment scope for MG Diagnostics #338 by @lachaves in #372
  • Update Policy Library (automated) by @github-actions in #373
  • Feature: Add ability to exclude policy set/initiative child definitions for China policies by @jtracey93 in #377
  • Update Policy Library for Azure China (automated) by @github-actions in #378
  • fix: Update role ID and name by @DaFitRobsta in #379
  • Release v0.11.0 prep by @jtracey93 in #380

New Contributors

Full Changelog: v0.10.6...v0.11.0

Contributors

coolhome, johnlokerse, and 6 other contributors
Assets 2
Loading