Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ASC (MDFC) export to Azure Monitor is not reliable due to DINE policy race condition #438

Open
matt-FFFFFF opened this issue Aug 12, 2022 · 5 comments
Open

ASC (MDFC) export to Azure Monitor is not reliable due to DINE policy race condition #438

matt-FFFFFF opened this issue Aug 12, 2022 · 5 comments
Assignees
@lachaves
Labels
enhancement New feature or request v.next

Comments

@matt-FFFFFF
Copy link
Member

matt-FFFFFF commented Aug 12, 2022
edited by jtracey93
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Versions

terraform: 1.2.2

azure provider: 3.20

module: 3.1.2

Description

Describe the bug

MDFC export to LAW policy does not enable the functionality due to race condition.

Steps to Reproduce

  1. Deploy default architecture with configure_management_resources
  2. Observe subscription MDFC continuous export configuration not correct
  3. Observe Deploy-MDFC-Config policy not compliant

Screenshots

image

Additional context

Recommend declaring azurerm_security_center_automation resource to prevent this happening.

@ghost ghost added the Needs: Triage 🔍 Needs triaging by the team label Aug 12, 2022
@matt-FFFFFF matt-FFFFFF self-assigned this Aug 23, 2022
@ghost ghost removed the Needs: Triage 🔍 Needs triaging by the team label Aug 23, 2022
@jtracey93
Copy link
Collaborator

Trigger ADO Sync

@krowlandson
Copy link
Contributor

krowlandson commented Oct 10, 2022
edited
Loading

@matt-FFFFFF... We can implement this for the connectivity and management Subscriptions as we have providers configured for these, but not for any others.

Are you proposing we implement this in conjunction with future integrations between this module and lz-vending?

@krowlandson
Copy link
Contributor

Trigger ADO Sync

@krowlandson krowlandson assigned lachaves and unassigned matt-FFFFFF Nov 29, 2022
@krowlandson krowlandson added the enhancement New feature or request label Nov 29, 2022
@krowlandson krowlandson added this to the v3.1.0 milestone Nov 29, 2022
@krowlandson krowlandson modified the milestones: v3.1.0, v3.2.0 Dec 21, 2022
@matt-FFFFFF
Copy link
Member Author

Azure/terraform-azurerm-lz-vending#136 is the lz-vending issue

@matt-FFFFFF matt-FFFFFF mentioned this issue Mar 2, 2023
Closed
@matt-FFFFFF matt-FFFFFF added the long-term Long term item - used for automation label Mar 3, 2023
@matt-FFFFFF
Copy link
Member Author

matt-FFFFFF commented Mar 3, 2023
edited by azure-boards bot
Loading

AB#26868

@matt-FFFFFF matt-FFFFFF removed this from the v3.2.0 milestone Mar 24, 2023
@matt-FFFFFF matt-FFFFFF added v.next and removed long-term Long term item - used for automation labels Apr 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lachaves lachaves

Labels
enhancement New feature or request v.next
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@krowlandson @matt-FFFFFF @lachaves @jtracey93