Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: AZD ML Project - Adjusted KeyVault access policies deployment #3553

Merged
merged 2 commits into from
Oct 14, 2024
Merged

fix: AZD ML Project - Adjusted KeyVault access policies deployment #3553

merged 2 commits into from
Oct 14, 2024

Conversation

AlexanderSehr
Copy link
Contributor

@AlexanderSehr AlexanderSehr commented Oct 14, 2024
edited
Loading

Description

  • Fixed AZD ML Project access policies deployment to use native Bicep code.
  • Using the AVM module in this case is not a good idea as it sets several default values (such as purge protection)

Pipeline Reference

Pipeline
avm.ptn.azd.ml-project

Type of Change

  • Update to CI Environment or utilities (Non-module affecting changes)
  • Azure Verified Module updates:
    • Bugfix containing backwards-compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in version.json:
      • Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description.
      • The bug was found by the module author, and no one has opened an issue to report it yet.
    • Feature update backwards compatible feature updates, and I have bumped the MINOR version in version.json.
    • Breaking changes and I have bumped the MAJOR version in version.json.
    • Update to documentation

@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs: Triage 🔍 Maintainers need to triage still label Oct 14, 2024
@microsoft-github-policy-service Microsoft GitHub Policy Service
Copy link

Important

The "Needs: Triage 🔍" label must be removed once the triage process is complete!

Tip

For additional guidance on how to triage this issue/PR, see the BRM Issue Triage documentation.

@microsoft-github-policy-service microsoft-github-policy-service bot added the Type: AVM 🅰️ ✌️ Ⓜ️ This is an AVM related issue label Oct 14, 2024
@microsoft-github-policy-service Microsoft GitHub Policy Service
Copy link

Important

If this is a module-related PR, being submitted by the sole owner of the module, the AVM core team must review and approve it (as module owners can't approve their own PRs).

To indicate this PR needs the core team''s attention, apply the "Needs: Core Team 🧞" label!

The core team will only review and approve PRs that have this label applied!

@AlexanderSehr AlexanderSehr self-assigned this Oct 14, 2024
@AlexanderSehr AlexanderSehr added Type: Bug 🐛 Something isn't working Class: Pattern Module 📦 This is a pattern module AZD 🧑‍💻 These modules are requested/used by the AZD team. and removed Needs: Triage 🔍 Maintainers need to triage still labels Oct 14, 2024
@AlexanderSehr AlexanderSehr marked this pull request as ready for review October 14, 2024 13:48
@AlexanderSehr AlexanderSehr requested review from a team as code owners October 14, 2024 13:48
@AlexanderSehr AlexanderSehr enabled auto-merge (squash) October 14, 2024 13:48
@avm-team-linter avm-team-linter bot added the Needs: Module Owner 📣 This module needs an owner to develop or maintain it label Oct 14, 2024
@AlexanderSehr AlexanderSehr mentioned this pull request Oct 14, 2024
Merged
8 tasks
eriqua
eriqua reviewed Oct 14, 2024
View reviewed changes
Copy link
Contributor

@eriqua eriqua left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AlexanderSehr although the avm module sets secure values by default, it should always be possible to overwrite those values by explicitly passing them as input.
Out of curiosity, why not doing that instead of using the native resource?

@AlexanderSehr
Copy link
Contributor Author

@AlexanderSehr although the avm module sets secure values by default, it should always be possible to overwrite those values by explicitly passing them as input. Out of curiosity, why not doing that instead of using the native resource?

Great question. I'd advice against it because the unexpected overwrite of the purgeProtection that is the original reason I've created this PR may only be one of the properties that's overwritten. There are a lot more defaults in the Key Vault module that I'd need to guess even though the creator actually only wanted to deploy the accessPolicies child module. I hope that makes sense :)

@eriqua
Copy link
Contributor

eriqua commented Oct 14, 2024

d this PR may only be one of the properties that's overwritten. There are a lot more defaults in the Key Vault module that I'd need to guess even though the creator actually only wanted to deploy the accessPolicies child module. I hope that makes sense :)

Fair for me. I guess this can be updated if we get to the child module publishing, right?

eriqua
eriqua approved these changes Oct 14, 2024
View reviewed changes
Copy link
Contributor

@eriqua eriqua left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🆗

@AlexanderSehr AlexanderSehr merged commit 7869942 into main Oct 14, 2024
13 checks passed
@AlexanderSehr AlexanderSehr deleted the users/alsehr/azdMLSoftDelete2 branch October 14, 2024 17:03
@AlexanderSehr
Copy link
Contributor Author

d this PR may only be one of the properties that's overwritten. There are a lot more defaults in the Key Vault module that I'd need to guess even though the creator actually only wanted to deploy the accessPolicies child module. I hope that makes sense :)

Fair for me. I guess this can be updated if we get to the child module publishing, right?

Definitely 💪

AlexanderSehr added a commit that referenced this pull request Oct 14, 2024
@AlexanderSehr
fix: Added enforced location for ML-services (#3552)
b673ec8 
## Description

- Hardcoded test location to 'ukSouth' as 'NorthEurope' & 'EastAsia' are
not supported

Depends on #3553

## Pipeline Reference

<!-- Insert your Pipeline Status Badge below -->

| Pipeline |
| -------- |
|
[![avm.ptn.azd.ml-ai-environment](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.ptn.azd.ml-ai-environment.yml/badge.svg?branch=users%2Falsehr%2FazdaiMLLoc&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.ptn.azd.ml-ai-environment.yml)
|

## Type of Change

<!-- Use the checkboxes [x] on the options that are relevant. -->

- [ ] Update to CI Environment or utilities (Non-module affecting
changes)
- [x] Azure Verified Module updates:
- [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT
bumped the MAJOR or MINOR version in `version.json`:
- [ ] Someone has opened a bug report issue, and I have included "Closes
#{bug_report_issue_number}" in the PR description.
- [ ] The bug was found by the module author, and no one has opened an
issue to report it yet.
- [ ] Feature update backwards compatible feature updates, and I have
bumped the MINOR version in `version.json`.
- [ ] Breaking changes and I have bumped the MAJOR version in
`version.json`.
  - [ ] Update to documentation
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eriqua eriqua eriqua approved these changes

Assignees

@AlexanderSehr AlexanderSehr

Labels
AZD 🧑‍💻 These modules are requested/used by the AZD team. Class: Pattern Module 📦 This is a pattern module Needs: Module Owner 📣 This module needs an owner to develop or maintain it Type: AVM 🅰️ ✌️ Ⓜ️ This is an AVM related issue Type: Bug 🐛 Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AlexanderSehr @eriqua