search

Azure / ALZ-Bicep

This repository contains the Azure Landing Zones (ALZ) Bicep modules that help deliver and deploy the Azure Landing Zone conceptual architecture in a modular approach. https://aka.ms/alz/docs
MIT License
757 stars 511 forks source link

💡 Feature Request - Make all modules compatible with WhatIf mode #249

Open olljanat opened 2 years ago

olljanat commented 2 years ago

Describe the solution you'd like

Picked up from https://github.com/Azure/ALZ-Bicep/issues/244#issuecomment-1137199634

I see that ability to be able to run pull requests with WhatIf mode against of production is very critical as other why it is not possible to have GIT repo with CI to production and multiple persons contributing to code without high risk to break things.

That why pull request validation here should contains following steps for all modules:

  1. Deploy
  2. Deploy again with WhatIf mode
  3. Check output from WhatIf to make sure that it does not find differences between code and environment.

Tricky part is long list of known issues listed on https://aka.ms/WhatIfIssues which can be only fixed by Microsoft.

Status per module:

Ready Order Module e2e WhatIf enabled on PR Known issues preventing WhatIf
  • - [x]
1 Management Groups #250 #276 -
  • - [ ]
2 Custom Policy Definitions
  • - [ ]
3 Custom Role Definitions
  • - [ ]
4 Logging & Sentinel
  • - [ ]
5 Hub Networking
  • - [ ]
6 Role Assignments
  • - [ ]
7 Subscription Placement
  • - [ ]
8 Built-In and Custom Policy Assignments
  • - [ ]
9 Corp Connected Spoke Network

Describe alternatives you've considered

I really don't see good alternatives for this.

Additional context

I did drop cleaned copy of my draft solution about how to use ALZ-Bicep with Azure DevOps CI to https://github.com/olljanat/alz-bicep-ci and it already contains WhatIf verification for pull requests on those parts which I have got working.

jtracey93 commented 2 years ago

Thanks for raising this @olljanat we will triage properly once #227 is merged

olljanat commented 2 years ago

FYI. I did figure out that if you run az deployment group what-if with flag --no-pretty-print then API will return JSON which can be easily parsed with PowerShell (included example to my )

jtracey93 commented 2 years ago

Ado sync

olljanat commented 2 years ago

FYI. As result of my ticket 2208010050001440 I ended up to creating this post https://feedback.azure.com/d365community/idea/2adb098a-4845-ed11-a81b-000d3a7b5d8c which was requested by Microsoft Support which they hoped to be able to use to raise this idea for wider awareness.

gaoyarui commented 1 year ago

You can make somethings leave,such as learning lecture, besides nature labor.

FallenHoot commented 10 months ago

It should be noted that What-If is currently having issues with ARM/Bicep as stated here issue 157. This should be added to the overall list.