Merge branch 'main' into rosanto-adding-cognitive-services

Azure · Sep 27, 2024 · 7a0e5dd · 7a0e5dd
2 parents 8418f9f + b4b68ee
commit 7a0e5dd
Show file tree

Hide file tree

Showing 113 changed files with 9,558 additions and 960 deletions.
diff --git a/.github/scripts/build-recommendation-object.ps1 b/.github/scripts/build-recommendation-object.ps1
@@ -0,0 +1,39 @@
+install-module powershell-yaml -force -scope currentuser
+
+function Build-APRLJsonObject {
+  param (
+      [string]$path
+  )
+
+  $kqlfiles = Get-ChildItem -Path $path -Recurse -Filter "*.kql"
+  $yamlfiles = Get-ChildItem -Path $path -Recurse -Filter "*.yaml"
+
+  $yamlobj = foreach($file in $yamlfiles){
+      $content = Get-Content $file.FullName -Raw | ConvertFrom-Yaml
+      $content | Select-Object publishedToAdvisor,aprlGuid,recommendationTypeId,recommendationMetadataState,learnMoreLink,recommendationControl,longDescription,pgVerified,description,potentialBenefits,publishedToLearn,tags,recommendationResourceType,recommendationImpact,automationAvailable,query
+  }
+
+  $kqlobj = foreach($file in $kqlfiles){
+      $content = Get-Content $file.FullName -Raw
+      [PSCustomObject]@{
+          AprlGUID = $file.Name -replace ".kql",""
+          Query = $content
+      }
+  }
+
+  $aprlobj = foreach($obj in $yamlobj){
+      $obj.query = $($kqlobj.Where{$_.AprlGUID -eq $obj.aprlGuid}).Query
+      $obj
+  }
+  return $aprlobj
+}
+
+#Try to build and export the object. If it fails, catch the error and exit with code 1
+try{
+  Build-APRLJsonObject -path "./azure-resources" | ConvertTo-Json -Depth 10 | Out-File -FilePath "./tools/data/recommendations.json" -Force
+  exit 0
+}
+catch{
+  Write-Error $_.Exception.Message
+  exit 1
+}
diff --git a/...ripts/schemas/azure-resources-schema.yaml → ...hemas/azure-resources-and-waf-schema.yaml b/...ripts/schemas/azure-resources-schema.yaml → ...hemas/azure-resources-and-waf-schema.yaml
@@ -3,17 +3,16 @@ list(include('recommendation'), min=1)
 ---
 recommendation:
   description: str(max=100)
-  aprlGuid: any(regex('^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$'), null())
+  aprlGuid: regex('^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$')
   recommendationTypeId: any(regex('^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$'), null())
   recommendationControl: enum('High Availability', 'Business Continuity', 'Disaster Recovery', 'Scalability', 'Monitoring and Alerting', 'Service Upgrade and Retirement', 'Other Best Practices', 'Personalized', 'Governance', 'Security')
   recommendationImpact: enum('Low', 'Medium', 'High')
-  recommendationResourceType: regex('^Microsoft\.[a-zA-Z0-9.]+/[a-zA-Z0-9]+$')
+  recommendationResourceType: any(regex('^Microsoft\.[a-zA-Z0-9.]+/[a-zA-Z0-9]+$'), regex('^WellArchitected/[A-Za-z]+$'))
   recommendationMetadataState: enum('Active', 'Disabled')
   longDescription: str(max=300)
   potentialBenefits: str(max=60)
   pgVerified: bool()
   publishedToLearn: bool()
-  publishedToAdvisor: bool()
-  automationAvailable: any(enum('arg'), bool())
+  automationAvailable: bool()
   tags: null()
   learnMoreLink: list()
diff --git a/.github/scripts/schemas/azure-specialized-workloads-schema.yaml b/.github/scripts/schemas/azure-specialized-workloads-schema.yaml
@@ -3,7 +3,7 @@ list(include('recommendation'), min=1)
 ---
 recommendation:
   description: str(max=100)
-  aprlGuid: any(regex('^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$'), null())
+  aprlGuid: regex('^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$')
   recommendationTypeId: any(regex('^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$'), null())
   recommendationControl: enum('High Availability', 'Business Continuity', 'Disaster Recovery', 'Scalability', 'Monitoring and Alerting', 'Service Upgrade and Retirement', 'Other Best Practices', 'Personalized', 'Governance', 'Security')
   recommendationImpact: enum('Low', 'Medium', 'High')
@@ -13,7 +13,6 @@ recommendation:
   potentialBenefits: str(max=60)
   pgVerified: bool()
   publishedToLearn: bool()
-  publishedToAdvisor: bool()
-  automationAvailable: any(enum('arg'), bool())
+  automationAvailable: bool()
   tags: null()
   learnMoreLink: list()
diff --git a/.github/scripts/schemas/azure-waf-schema.yaml b/.github/scripts/schemas/azure-waf-schema.yaml
diff --git a/.github/scripts/validate-yaml-recommendations.py b/.github/scripts/validate-yaml-recommendations.py
@@ -33,9 +33,9 @@
 
 # Directories containing YAML files to validate
 directories = {
-    './azure-resources': './.github/scripts/schemas/azure-resources-schema.yaml',
+    './azure-resources': './.github/scripts/schemas/azure-resources-and-waf-schema.yaml',
     './azure-specialized-workloads': './.github/scripts/schemas/azure-specialized-workloads-schema.yaml',
-    './azure-waf': './.github/scripts/schemas/azure-waf-schema.yaml'
+    './azure-waf': './.github/scripts/schemas/azure-resources-and-waf-schema.yaml'
 }
 
 # Function to validate a YAML file against the schema

diff --git a/.github/workflows/build-recommendation-object.yml b/.github/workflows/build-recommendation-object.yml
@@ -0,0 +1,30 @@
+name: Nightly Recommendation Object Build
+
+on:
+  schedule:
+    - cron: "0 0 * * *"
+
+permissions:
+  contents: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+        with:
+          ref: main
+
+      - name: Run Recommendation Object Builder
+        run: |
+          pwsh .github/scripts/build-recommendation-object.ps1
+
+      - name: Commit and push changes
+        run: |
+          git config --global user.name 'github-actions[bot]'
+          git config --global user.email 'github-actions[bot]@users.noreply.github.com'
+          git add ./tools/data/recommendations.json
+          git commit -m "Update recommendations.json"
+          git push
diff --git a/.github/workflows/code-review.yml b/.github/workflows/code-review.yml
@@ -26,7 +26,7 @@ jobs:
           fetch-depth: 0
 
       - name: Run github/super-linter
-        uses: github/super-linter@v6
+        uses: github/super-linter@v7
         env:
           VALIDATE_ALL_CODEBASE: false
           # Need to define main branch as default is set to master in super-linter

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -59,7 +59,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
         with:
           name: SARIF file
           path: results.sarif
@@ -68,6 +68,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5
+        uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
         with:
           sarif_file: results.sarif
diff --git a/azure-resources/AAD/domainServices/recommendations.yaml b/azure-resources/AAD/domainServices/recommendations.yaml
@@ -10,8 +10,7 @@
   potentialBenefits: The Enterprise SKU enables creation of replica sets.
   pgVerified: false
   publishedToLearn: false
-  publishedToAdvisor: false
-  automationAvailable: arg
+  automationAvailable: true
   tags: null
   learnMoreLink:
     - name: Create and use replica sets for resiliency or geolocation in Microsoft Entra Domain Services
@@ -30,8 +29,7 @@
   potentialBenefits: The replica sets provide geographical resiliency.
   pgVerified: false
   publishedToLearn: false
-  publishedToAdvisor: false
-  automationAvailable: arg
+  automationAvailable: true
   tags: null
   learnMoreLink:
     - name: Create and use replica sets for resiliency or geolocation in Microsoft Entra Domain Services

diff --git a/azure-resources/AVS/privateClouds/recommendations.yaml b/azure-resources/AVS/privateClouds/recommendations.yaml
@@ -10,8 +10,7 @@
   potentialBenefits: Prompt mitigation of issues.
   pgVerified: true
   publishedToLearn: false
-  publishedToAdvisor: false
-  automationAvailable: arg
+  automationAvailable: true
   tags: null
   learnMoreLink:
     - name: Configure Azure Service Health alerts
@@ -29,8 +28,7 @@
   potentialBenefits: Proactive capacity planning
   pgVerified: true
   publishedToLearn: false
-  publishedToAdvisor: false
-  automationAvailable: no
+  automationAvailable: false
   tags: null
   learnMoreLink:
     - name: Configure and streamline alerts
@@ -48,8 +46,7 @@
   potentialBenefits: Proactive resource management
   pgVerified: true
   publishedToLearn: false
-  publishedToAdvisor: false
-  automationAvailable: no
+  automationAvailable: false
   tags: null
   learnMoreLink:
     - name: Configure and streamline alerts
@@ -67,8 +64,7 @@
   potentialBenefits: 99.99% SLA, 0 RPO, Multi-AZ
   pgVerified: true
   publishedToLearn: false
-  publishedToAdvisor: false
-  automationAvailable: arg
+  automationAvailable: true
   tags: null
   learnMoreLink:
     - name: Implement high availability
@@ -88,8 +84,7 @@
   potentialBenefits: Optimized capacity planning for vSAN
   pgVerified: true
   publishedToLearn: false
-  publishedToAdvisor: false
-  automationAvailable: arg
+  automationAvailable: true
   tags: null
   learnMoreLink:
     - name: Supported metrics and activities
@@ -107,8 +102,7 @@
   potentialBenefits: Faster issue resolution, early detection
   pgVerified: true
   publishedToLearn: false
-  publishedToAdvisor: false
-  automationAvailable: no
+  automationAvailable: false
   tags: null
   learnMoreLink:
     - name: Manage logs and archives
@@ -118,16 +112,15 @@
   aprlGuid: 4ee5d535-c47b-470a-9557-4a3dd297d62f
   recommendationTypeId: null
   recommendationControl: Monitoring and Alerting
-  recommendationImpact: Medium
+  recommendationImpact: High
   recommendationResourceType: Microsoft.AVS/privateClouds
   recommendationMetadataState: Active
   longDescription: |
     Ensure sufficient compute resources to avoid host resource exhaustion in Azure VMware Solution, which utilizes vSphere DRS and HA for dynamic workload resource management. However, sustained CPU utilization over 95% may increase CPU Ready times, impacting workloads.
   potentialBenefits: Avoids resource exhaustion, optimizes performance
   pgVerified: true
   publishedToLearn: false
-  publishedToAdvisor: false
-  automationAvailable: arg
+  automationAvailable: true
   tags: null
   learnMoreLink:
     - name: Configure and streamline alerts
@@ -137,16 +130,15 @@
   aprlGuid: 029208c8-5186-4a76-8ee8-6e3445fef4dd
   recommendationTypeId: null
   recommendationControl: Monitoring and Alerting
-  recommendationImpact: Medium
+  recommendationImpact: High
   recommendationResourceType: Microsoft.AVS/privateClouds
   recommendationMetadataState: Active
   longDescription: |
     Ensure sufficient memory resources to prevent host resource exhaustion in Azure VMware Solution. It uses vSphere DRS and vSphere HA for dynamic workload management. Yet, continuous memory use over 95% leads to disk swapping, affecting workloads.
   potentialBenefits: Avoids host exhaustion and swapping
   pgVerified: true
   publishedToLearn: false
-  publishedToAdvisor: false
-  automationAvailable: arg
+  automationAvailable: true
   tags: null
   learnMoreLink:
     - name: Configure and streamline alerts
@@ -164,8 +156,7 @@
   potentialBenefits: Prevents accidental deletion
   pgVerified: true
   publishedToLearn: false
-  publishedToAdvisor: false
-  automationAvailable: no
+  automationAvailable: false
   tags: null
   learnMoreLink:
     - name: Lock your resources to protect your infrastructure
@@ -183,8 +174,7 @@
   potentialBenefits: Avoid outages with key auto-rotation
   pgVerified: true
   publishedToLearn: false
-  publishedToAdvisor: false
-  automationAvailable: no
+  automationAvailable: false
   tags: null
   learnMoreLink:
     - name: Configure Customer Managed Keys
@@ -202,8 +192,7 @@
   potentialBenefits: Enhances reliability and avoids failure
   pgVerified: true
   publishedToLearn: false
-  publishedToAdvisor: false
-  automationAvailable: no
+  automationAvailable: false
   tags: null
   learnMoreLink:
     - name: Configure DNS forwarder

diff --git a/azure-resources/ApiManagement/service/recommendations.yaml b/azure-resources/ApiManagement/service/recommendations.yaml
@@ -10,8 +10,7 @@
   potentialBenefits: Enhanced availability and resilience
   pgVerified: false
   publishedToLearn: false
-  publishedToAdvisor: false
-  automationAvailable: arg
+  automationAvailable: true
   tags: null
   learnMoreLink:
     - name: Change your API Management service tier
@@ -31,8 +30,7 @@
   potentialBenefits: Improved resilience to zone failures
   pgVerified: false
   publishedToLearn: false
-  publishedToAdvisor: false
-  automationAvailable: arg
+  automationAvailable: true
   tags: null
   learnMoreLink:
     - name: Ensure API Management availability and reliability
@@ -52,8 +50,7 @@
   potentialBenefits: Ensures service continuity
   pgVerified: false
   publishedToLearn: false
-  publishedToAdvisor: false
-  automationAvailable: arg
+  automationAvailable: true
   tags: null
   learnMoreLink:
     - name: Azure API Management - stv1 platform retirement (August 2024)
@@ -73,8 +70,7 @@
   potentialBenefits: Enhanced availability and resilience
   pgVerified: false
   publishedToLearn: false
-  publishedToAdvisor: false
-  automationAvailable: no
+  automationAvailable: false
   tags: null
   learnMoreLink:
     - name: Setting up auto-scale for Azure API Management

diff --git a/azure-resources/App/containerApps/recommendations.yaml b/azure-resources/App/containerApps/recommendations.yaml
@@ -10,8 +10,7 @@
   potentialBenefits: Enhanced availability and resilience
   pgVerified: false
   publishedToLearn: false
-  publishedToAdvisor: false
-  automationAvailable: no
+  automationAvailable: false
   tags: null
   learnMoreLink:
     - name: Health probes for Azure Container Apps

diff --git a/azure-resources/App/managedEnvironments/recommendations.yaml b/azure-resources/App/managedEnvironments/recommendations.yaml
@@ -10,8 +10,7 @@
   potentialBenefits: Enhances app resiliency and reliability
   pgVerified: false
   publishedToLearn: false
-  publishedToAdvisor: false
-  automationAvailable: arg
+  automationAvailable: true
   tags: null
   learnMoreLink:
     - name: Reliability in Azure Container Apps

diff --git a/azure-resources/AppConfiguration/configurationStores/recommendations.yaml b/azure-resources/AppConfiguration/configurationStores/recommendations.yaml
@@ -10,8 +10,7 @@
   potentialBenefits: Prevent accidental deletion of configuration stores.
   pgVerified: false
   publishedToLearn: false
-  publishedToAdvisor: false
-  automationAvailable: arg
+  automationAvailable: true
   tags: null
   learnMoreLink:
     - name: Purge protection
@@ -29,8 +28,7 @@
   potentialBenefits: High availability, more storage, higher request quota.
   pgVerified: false
   publishedToLearn: false
-  publishedToAdvisor: false
-  automationAvailable: arg
+  automationAvailable: true
   tags: null
   learnMoreLink:
     - name: Choose App Configuration tier