Skip to content

Commit

Permalink
feat: Add onboardingStates extension resource to `avm/res/operational…
Browse files Browse the repository at this point in the history
…-insights/workspace` (Azure#3667)

## Description

- Adds new parameter `onboardWorkspaceToSentinel` controlling the
onboardingStates extension resource, which onboards the workspace to
Sentinel
- Adds references to the AVM common types
- Updated the cross-reference to the module
`avm/res/operations-management/solution`. Now referencing the newest
version 0.3.0, which offers more flexibility in the solution naming.
This should resolve Azure#3378.

> Note: this is a breaking change. The format of the expected values of
the `gallerySolutions` parameter has changed. Please refer to the
updated documentation and parameter descriptions for more information.

Resolves Azure#3340 
Resolves Azure#3378 

## Pipeline Reference

<!-- Insert your Pipeline Status Badge below -->

| Pipeline |
| -------- |
|
[![avm.res.operational-insights.workspace](https://github.com/krbar/bicep-registry-modules/actions/workflows/avm.res.operational-insights.workspace.yml/badge.svg?branch=users%2Fkrbar%2FlawOnboardingStates&event=workflow_dispatch)](https://github.com/krbar/bicep-registry-modules/actions/workflows/avm.res.operational-insights.workspace.yml)
|

## Type of Change

<!-- Use the checkboxes [x] on the options that are relevant. -->

- [ ] Update to CI Environment or utilities (Non-module affecting
changes)
- [x] Azure Verified Module updates:
- [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT
bumped the MAJOR or MINOR version in `version.json`:
- [x] Someone has opened a bug report issue, and I have included "Closes
#{bug_report_issue_number}" in the PR description.
- [ ] The bug was found by the module author, and no one has opened an
issue to report it yet.
- [x] Feature update backwards compatible feature updates, and I have
bumped the MINOR version in `version.json`.
- [x] Breaking changes and I have bumped the MAJOR version in
`version.json`.
  - [ ] Update to documentation

## Checklist

- [x] I'm sure there are no other open Pull Requests for the same
update/change
- [x] I have run `Set-AVMModule` locally to generate the supporting
module files.
- [x] My corresponding pipelines / checks run clean and green without
any errors or warnings

<!-- Please keep up to date with the contribution guide at
https://aka.ms/avm/contribute/bicep -->
  • Loading branch information
krbar authored Nov 7, 2024
1 parent a76899a commit d5bc11b
Show file tree
Hide file tree
Showing 10 changed files with 752 additions and 512 deletions.
186 changes: 155 additions & 31 deletions avm/res/operational-insights/workspace/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ This module deploys a Log Analytics Workspace.
| `Microsoft.OperationalInsights/workspaces/storageInsightConfigs` | [2020-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces/storageInsightConfigs) |
| `Microsoft.OperationalInsights/workspaces/tables` | [2022-10-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2022-10-01/workspaces/tables) |
| `Microsoft.OperationsManagement/solutions` | [2015-11-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.OperationsManagement/2015-11-01-preview/solutions) |
| `Microsoft.SecurityInsights/onboardingStates` | [2024-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.SecurityInsights/onboardingStates) |

## Usage examples

Expand Down Expand Up @@ -199,9 +200,10 @@ module workspace 'br/public:avm/res/operational-insights/workspace:<version>' =
]
gallerySolutions: [
{
name: 'AzureAutomation'
product: 'OMSGallery'
publisher: 'Microsoft'
name: 'AzureAutomation(oiwadv001)'
plan: {
product: 'OMSGallery/AzureAutomation'
}
}
]
linkedServices: [
Expand Down Expand Up @@ -507,9 +509,10 @@ module workspace 'br/public:avm/res/operational-insights/workspace:<version>' =
"gallerySolutions": {
"value": [
{
"name": "AzureAutomation",
"product": "OMSGallery",
"publisher": "Microsoft"
"name": "AzureAutomation(oiwadv001)",
"plan": {
"product": "OMSGallery/AzureAutomation"
}
}
]
},
Expand Down Expand Up @@ -825,9 +828,10 @@ param diagnosticSettings = [
]
param gallerySolutions = [
{
name: 'AzureAutomation'
product: 'OMSGallery'
publisher: 'Microsoft'
name: 'AzureAutomation(oiwadv001)'
plan: {
product: 'OMSGallery/AzureAutomation'
}
}
]
param linkedServices = [
Expand Down Expand Up @@ -1153,9 +1157,25 @@ module workspace 'br/public:avm/res/operational-insights/workspace:<version>' =
]
gallerySolutions: [
{
name: 'AzureAutomation'
product: 'OMSGallery'
publisher: 'Microsoft'
name: 'AzureAutomation(oiwmax001)'
plan: {
product: 'OMSGallery/AzureAutomation'
}
}
{
name: 'SecurityInsights(oiwmax001)'
plan: {
product: 'OMSGallery/SecurityInsights'
publisher: 'Microsoft'
}
}
{
name: 'SQLAuditing(oiwmax001)'
plan: {
name: 'SQLAuditing(oiwmax001)'
product: 'SQLAuditing'
publisher: 'Microsoft'
}
}
]
linkedServices: [
Expand All @@ -1178,6 +1198,7 @@ module workspace 'br/public:avm/res/operational-insights/workspace:<version>' =
managedIdentities: {
systemAssigned: true
}
onboardWorkspaceToSentinel: true
publicNetworkAccessForIngestion: 'Disabled'
publicNetworkAccessForQuery: 'Disabled'
roleAssignments: [
Expand Down Expand Up @@ -1455,9 +1476,25 @@ module workspace 'br/public:avm/res/operational-insights/workspace:<version>' =
"gallerySolutions": {
"value": [
{
"name": "AzureAutomation",
"product": "OMSGallery",
"publisher": "Microsoft"
"name": "AzureAutomation(oiwmax001)",
"plan": {
"product": "OMSGallery/AzureAutomation"
}
},
{
"name": "SecurityInsights(oiwmax001)",
"plan": {
"product": "OMSGallery/SecurityInsights",
"publisher": "Microsoft"
}
},
{
"name": "SQLAuditing(oiwmax001)",
"plan": {
"name": "SQLAuditing(oiwmax001)",
"product": "SQLAuditing",
"publisher": "Microsoft"
}
}
]
},
Expand Down Expand Up @@ -1491,6 +1528,9 @@ module workspace 'br/public:avm/res/operational-insights/workspace:<version>' =
"systemAssigned": true
}
},
"onboardWorkspaceToSentinel": {
"value": true
},
"publicNetworkAccessForIngestion": {
"value": "Disabled"
},
Expand Down Expand Up @@ -1773,9 +1813,25 @@ param diagnosticSettings = [
]
param gallerySolutions = [
{
name: 'AzureAutomation'
product: 'OMSGallery'
publisher: 'Microsoft'
name: 'AzureAutomation(oiwmax001)'
plan: {
product: 'OMSGallery/AzureAutomation'
}
}
{
name: 'SecurityInsights(oiwmax001)'
plan: {
product: 'OMSGallery/SecurityInsights'
publisher: 'Microsoft'
}
}
{
name: 'SQLAuditing(oiwmax001)'
plan: {
name: 'SQLAuditing(oiwmax001)'
product: 'SQLAuditing'
publisher: 'Microsoft'
}
}
]
param linkedServices = [
Expand All @@ -1798,6 +1854,7 @@ param lock = {
param managedIdentities = {
systemAssigned: true
}
param onboardWorkspaceToSentinel = true
param publicNetworkAccessForIngestion = 'Disabled'
param publicNetworkAccessForQuery = 'Disabled'
param roleAssignments = [
Expand Down Expand Up @@ -2062,9 +2119,10 @@ module workspace 'br/public:avm/res/operational-insights/workspace:<version>' =
]
gallerySolutions: [
{
name: 'AzureAutomation'
product: 'OMSGallery'
publisher: 'Microsoft'
name: 'AzureAutomation(oiwwaf001)'
plan: {
product: 'OMSGallery/AzureAutomation'
}
}
]
linkedServices: [
Expand Down Expand Up @@ -2231,9 +2289,10 @@ module workspace 'br/public:avm/res/operational-insights/workspace:<version>' =
"gallerySolutions": {
"value": [
{
"name": "AzureAutomation",
"product": "OMSGallery",
"publisher": "Microsoft"
"name": "AzureAutomation(oiwwaf001)",
"plan": {
"product": "OMSGallery/AzureAutomation"
}
}
]
},
Expand Down Expand Up @@ -2408,9 +2467,10 @@ param diagnosticSettings = [
]
param gallerySolutions = [
{
name: 'AzureAutomation'
product: 'OMSGallery'
publisher: 'Microsoft'
name: 'AzureAutomation(oiwwaf001)'
plan: {
product: 'OMSGallery/AzureAutomation'
}
}
]
param linkedServices = [
Expand Down Expand Up @@ -2483,6 +2543,7 @@ param useResourcePermissions = true
| [`location`](#parameter-location) | string | Location for all resources. |
| [`lock`](#parameter-lock) | object | The lock settings of the service. |
| [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both. |
| [`onboardWorkspaceToSentinel`](#parameter-onboardworkspacetosentinel) | bool | Onboard the Log Analytics Workspace to Sentinel. Requires 'SecurityInsights' solution to be in gallerySolutions. |
| [`publicNetworkAccessForIngestion`](#parameter-publicnetworkaccessforingestion) | string | The network access type for accessing Log Analytics ingestion. |
| [`publicNetworkAccessForQuery`](#parameter-publicnetworkaccessforquery) | string | The network access type for accessing Log Analytics query. |
| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. |
Expand Down Expand Up @@ -2717,7 +2778,61 @@ List of gallerySolutions to be created in the log analytics workspace.

- Required: No
- Type: array
- Default: `[]`

**Required parameters**

| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`name`](#parameter-gallerysolutionsname) | string | Name of the solution.<p>For solutions authored by Microsoft, the name must be in the pattern: `SolutionType(WorkspaceName)`, for example: `AntiMalware(contoso-Logs)`.<p>For solutions authored by third parties, the name should be in the pattern: `SolutionType[WorkspaceName]`, for example `MySolution[contoso-Logs]`.<p>The solution type is case-sensitive. |
| [`plan`](#parameter-gallerysolutionsplan) | object | Plan for solution object supported by the OperationsManagement resource provider. |

### Parameter: `gallerySolutions.name`

Name of the solution.<p>For solutions authored by Microsoft, the name must be in the pattern: `SolutionType(WorkspaceName)`, for example: `AntiMalware(contoso-Logs)`.<p>For solutions authored by third parties, the name should be in the pattern: `SolutionType[WorkspaceName]`, for example `MySolution[contoso-Logs]`.<p>The solution type is case-sensitive.

- Required: Yes
- Type: string

### Parameter: `gallerySolutions.plan`

Plan for solution object supported by the OperationsManagement resource provider.

- Required: Yes
- Type: object

**Required parameters**

| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`product`](#parameter-gallerysolutionsplanproduct) | string | The product name of the deployed solution.<p>For Microsoft published gallery solution it should be `OMSGallery/{solutionType}`, for example `OMSGallery/AntiMalware`.<p>For a third party solution, it can be anything.<p>This is case sensitive. |

**Optional parameters**

| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`name`](#parameter-gallerysolutionsplanname) | string | Name of the solution to be created.<p>For solutions authored by Microsoft, the name must be in the pattern: `SolutionType(WorkspaceName)`, for example: `AntiMalware(contoso-Logs)`.<p>For solutions authored by third parties, it can be anything.<p>The solution type is case-sensitive.<p>If not provided, the value of the `name` parameter will be used. |
| [`publisher`](#parameter-gallerysolutionsplanpublisher) | string | The publisher name of the deployed solution. For Microsoft published gallery solution, it is `Microsoft`, which is the default value. |

### Parameter: `gallerySolutions.plan.product`

The product name of the deployed solution.<p>For Microsoft published gallery solution it should be `OMSGallery/{solutionType}`, for example `OMSGallery/AntiMalware`.<p>For a third party solution, it can be anything.<p>This is case sensitive.

- Required: Yes
- Type: string

### Parameter: `gallerySolutions.plan.name`

Name of the solution to be created.<p>For solutions authored by Microsoft, the name must be in the pattern: `SolutionType(WorkspaceName)`, for example: `AntiMalware(contoso-Logs)`.<p>For solutions authored by third parties, it can be anything.<p>The solution type is case-sensitive.<p>If not provided, the value of the `name` parameter will be used.

- Required: No
- Type: string

### Parameter: `gallerySolutions.plan.publisher`

The publisher name of the deployed solution. For Microsoft published gallery solution, it is `Microsoft`, which is the default value.

- Required: No
- Type: string

### Parameter: `linkedServices`

Expand Down Expand Up @@ -2783,7 +2898,7 @@ The managed identity definition for this resource. Only one type of identity is
| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. |
| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. |
| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption. |

### Parameter: `managedIdentities.systemAssigned`

Expand All @@ -2794,11 +2909,19 @@ Enables system assigned managed identity on the resource.

### Parameter: `managedIdentities.userAssignedResourceIds`

The resource ID(s) to assign to the resource.
The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption.

- Required: No
- Type: array

### Parameter: `onboardWorkspaceToSentinel`

Onboard the Log Analytics Workspace to Sentinel. Requires 'SecurityInsights' solution to be in gallerySolutions.

- Required: No
- Type: bool
- Default: `False`

### Parameter: `publicNetworkAccessForIngestion`

The network access type for accessing Log Analytics ingestion.
Expand Down Expand Up @@ -3023,7 +3146,8 @@ This section gives you an overview of all local-referenced module files (i.e., o

| Reference | Type |
| :-- | :-- |
| `br/public:avm/res/operations-management/solution:0.1.0` | Remote reference |
| `br/public:avm/res/operations-management/solution:0.3.0` | Remote reference |
| `br/public:avm/utl/types/avm-common-types:0.2.1` | Remote reference |

## Data Collection

Expand Down
Loading

0 comments on commit d5bc11b

Please sign in to comment.