Consider private offerings when checking that a VM or VMSS has Linux #1725
Comments
|
Actually very interesting to see this now, was going to report it as I saw the same pattern for some agent pools I configured in the weekend. The rule was not excecuted due to this and just had outcome |
|
@VeraBE @bengeset96 So basically we are saying that there isn't really any way to determine is it Linux this from the resource configuration of the VM/VMSS (even under private offers) so we need to provide customers some option to configure offers that are Linux ideally through an automated export process. |
|
@BernieWhite I'm not sure if I understood the question, are you suggesting we let the customers specify which VMs are Linux and then we analyze those? Why do you say "even under private offers"? If we had all the public and private offerings the current check would work, but I don't know how could we validate the private ones For now, we could also just change the precondition to a merge between the current approach and what we had before: a VM has Linux if either the offering is a public Linux offering OR it defines a linuxConfiguration property OR the disk check, what do you think about that? |
|
I think it's better to have something than nothing, so what @VeraBE proposed here in the last statement would improve the confidence further for now. But the ultimate goal must be to be confident if it's I'm starting to see this pattern more and more for "new" resource declarations/updates provided by Microsoft, the resource declarations does not explicily state all potensial configuration anymore. It also means that we have to come up with a additional way of handling these scenarios/situations that I just assume will increase in close future. |
|
@VeraBE @bengeset96 Ok great. Thanks for the feedback. My thoughts would be:
While it is not 100% it should get us close. Any other gaps you can see with this? |
|
From my side I think this should cover it well, with fairly high confidence. |
|
@BernieWhite Sounds good to me. I can make a PR with those changes, but I don't have that much context on the last item. Is there a similar configuration parameter I can look at as a guide? |
|
Thanks @VeraBE. There is some documentation around configuration over here: https://microsoft.github.io/PSRule/v2/concepts/PSRule/en-US/about_PSRule_Variables/#configuration Here are some examples of usage: PSRule.Rules.Azure/src/PSRule.Rules.Azure/rules/Azure.Policy.Rule.ps1 Lines 33 to 35 in cc54e5f The configuration value defaults are defined over here: Because it is intended that customers override it, we can just leave it as an empty array. We have some basic documentation over here for the customer on the configuration option: https://github.com/Azure/PSRule.Rules.Azure/blob/main/docs/setup/configuring-rules.md / https://azure.github.io/PSRule.Rules.Azure/setup/configuring-rules/ |
When checking if a VM or VMSS has Linux (#1701) we should also account for private offerings
Reference: https://learn.microsoft.com/en-us/azure/marketplace/private-offers-api
The text was updated successfully, but these errors were encountered: