Update Storage Policies - Githubissues

microsoft / industry

This repository provides holistic architecture design and reference implementation for industry cloud based on proven success of large scale deployments and at-scale adoption with customers and partners.

MIT License

255 stars 72 forks source link

Update Storage Policies #397

Closed marvinbuss closed 1 year ago

marvinbuss commented 1 year ago

Summary of the Pull Request

The updates will not change the effect of the policies, but will unblock the Terraform deployment in a customer environment. Why will the effect not change?

If SFTP is disabled, local users will also not work.
Setting the key type to account for queue and table will also enforce users to enable encryption for these services.

PR Checklist

[x] Closes Issue #xxx
[x] Code of Conduct signed. If not, go to Code of Conduct.

Validation Steps Performed

Successfully tested the deployment and validated Policy alias.

marvinbuss commented 1 year ago

Can we please add a new policy definition instead of updating existing one because parameter names are significantly different and will cause the issue with how the policy is linked to assignment?

I created a new one before and then reverted the name back based on the review (see above). What do you want me to do in detail?

uday31in commented 1 year ago

@krnese does separating policies help to remove usage of localUser policy in policyset as disabled state and add sftp policy?

cc: @marvinbuss

krnese commented 1 year ago

@krnese does separating policies help to remove usage of localUser policy in policyset as disabled state and add sftp policy?

cc: @marvinbuss

Yes, but there's currently two issues in this PR:

"Deny-Storage-Sftp" is not referenced in the policySet.
The parameter "storageLocalUser" is not longer present which breaks existing policySet deployed by customers, which should be mapped to the "Deny-Storage-LocalUser" policyDefinition.

marvinbuss commented 1 year ago

@krnese Please review the update.