ansible / azure-aap-deployment-driver

Apache License 2.0
2 stars 13 forks source link

Enforce Policy Checking #9

Open aatenahasan opened 1 year ago

aatenahasan commented 1 year ago

Background

The current state of Red Hat’s deployment engine for Ansible Automation Platform in Microsoft Azure gives customers a containerized process of their Ansible Automation deployment. Simply put, this engine deploys Ansible Automation on Microsoft Azure, walking through the entire deployment process, displaying deployment step completion in a serial manner in real time, and failing at the end of the processes if any issues have been found. If the deployment has failed, the customer then has to fix related issues, and redeploy the entire instance themselves.

As a Azure customer utilizing the deployment driver, I want the driver to policy check my deployment to verify and enforce my environment early on to prevent any late failures.

tznamena commented 1 year ago

The terms "policy check my deployment" and "verify and enforce my environment" need to be specified. Also, this should either be an Epic or a User Story, not both at the same time I would say.

bobjac commented 1 year ago

I am looking to address this is the cross-repo issue that I listed above. I am understanding the "policy check my deployment to mean":

As an example, if I have an Azure policy applied to my resource group that says "Do not deploy this Azure resource type unless it has the property "publicNetworkAccess": "Disabled", and the deployment template has it set to "Enabled", the DryRun will catch the policy violation before attempting the deployment.

I am adding more implementation details and pre-requisites to the cross-repo issue listed above.

bobjac commented 1 year ago

Policy checking is being addressed in this cross-repo issue https://github.com/microsoft/commercial-marketplace-offer-deploy/issues/9. The current implementation detects policy violations for an Azure deployment.

This should be available with the integration of the client sdk.