Closed Haakonak closed 3 weeks ago
anwather
commented
4 weeks ago I'll add some more info to the documentation - but basically EPAC doesn't care how you structure those folders as we just read all the files in there recursively. The way you have organised above is perfectly acceptable - I did a similar thing for a customer except under the ALZ folder we also had folders for their tenant e.g. Tenant1, Tenant2 and placed assignments under that.
Do whatever makes sense for you :)
Haakonak
commented
3 weeks ago Want me to close this issue, or keep it open for a future PR? @anwather
anwather
commented
3 weeks ago I've completed it in our Dev environment so will copy it over and close out the issue in the next couple of days - thanks
Get Outlook for Androidhttps://aka.ms/AAb9ysg
From: Håkon Kristiansen @.> Sent: Monday, November 4, 2024 6:58:19 PM To: Azure/enterprise-azure-policy-as-code @.> Cc: Mention @.>; Comment @.>; Assign @.>; Subscribed @.> Subject: Re: [Azure/enterprise-azure-policy-as-code] Extended documentation for Multi-Tenant Definitions folder structure (Issue #799)
Want me to close this issue, or keep it open for a future PR? @anwatherhttps://github.com/anwather
— Reply to this email directly, view it on GitHubhttps://github.com/Azure/enterprise-azure-policy-as-code/issues/799#issuecomment-2454032546 or unsubscribehttps://github.com/notifications/unsubscribe-auth/ACWCJVVWXMGJPTVCC5SZGPDZ64SJZBFKMF2HI4TJMJ2XIZLTSSBKK5TBNR2WLJDUOJ2WLJDOMFWWLO3UNBZGKYLEL5YGC4TUNFRWS4DBNZ2F6YLDORUXM2LUPGBKK5TBNR2WLJDUOJ2WLJDOMFWWLLTXMF2GG2C7MFRXI2LWNF2HTAVFOZQWY5LFUVUXG43VMWSG4YLNMWVXI2DSMVQWIX3UPFYGLAVFOZQWY5LFVIZDOMRVHE4DSNBYGCSG4YLNMWUWQYLTL5WGCYTFNSWHG5LCNJSWG5C7OR4XAZNMJFZXG5LFINXW23LFNZ2KM5DPOBUWG44TQKSHI6LQMWVHEZLQN5ZWS5DPOJ42K5TBNR2WLKJTGM3TCNRSHAZTRAVEOR4XAZNFNFZXG5LFUV3GC3DVMWVDENRRGE2DQNRXHA2YFJDUPFYGLJLMMFRGK3FFOZQWY5LFVIZDOMRVHE4DSNBYGCTXI4TJM5TWK4VGMNZGKYLUMU. You are receiving this email because you were mentioned.
Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
Is your feature request related to a problem? Please describe. When implementing EPAC in a multi-tenant environment, it could be more clear how the Definitions folder structure should be set up. For the global-settings.jsonc file, it is shown an example for multi tenant setup, which is easy to understand and copy.
Describe the solution you'd like Something similar to the documentation for global-settings.jsonc would be great to have. An example could be having both the existing Definitions Folder Structure chapter, and an example Definitions Multi-Tenant Folder Structure. chapter.
Describe alternatives you've considered We have landed this setup for the Definitions folder structure to support multi-tenant in the same folder structure:
By structuring the folders as per the example, we are able to separate different tenants and their policies while having them located in the same place. This setup also forces us to use multiple tenant-specific github workflows, such as tenant1-plan.yml, tenant1-deploy-policy.yml and so on.
Me and @ThomasStubergh have been working on this structure, but we are unsure if this setup is the right way to go when trying to keep the maintenance and upkeep of EPAC in a multi-tenant environment as simple as possible. We are considering using parameters in a CSV file, but this is for now a "next step" when we have a better understanding of the entire deployment.
If anyone has any previous experience regarding multi-tenant EPAC setups, we would be very happy with some feedback or tips.