Skip to content

Commit 756e738

Browse files
committed
Add pre-commit hooks, enhance integration tests, tighten Bicep types
- Add .pre-commit-config.yaml with terraform-fmt, shellcheck, trailing whitespace - Enhance integration test: validate VNet/subnets, Defender plans, budget after deploy - Use typed string[] instead of array for budgetAlertEmails and allowedLocations in Bicep - Add cost anomaly alert guidance comments in budget modules (no ARM resource exists)
1 parent 7dababa commit 756e738

File tree

6 files changed

+75
-5
lines changed

6 files changed

+75
-5
lines changed

.github/workflows/integration-test.yml

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -171,6 +171,45 @@ jobs:
171171
az policy assignment show --name "allowed-locations" --query "name" -o tsv
172172
echo " ✓ Allowed locations policy assigned"
173173
174+
- name: Validate networking resources
175+
run: |
176+
echo "=== Checking VNet and NSGs ==="
177+
VNET_STATE=$(az network vnet show \
178+
--resource-group "rg-lztest-nonprod-networking" \
179+
--name "vnet-lztest-nonprod" \
180+
--query "provisioningState" -o tsv)
181+
echo " ✓ VNet provisioning state: $VNET_STATE"
182+
SUBNET_COUNT=$(az network vnet subnet list \
183+
--resource-group "rg-lztest-nonprod-networking" \
184+
--vnet-name "vnet-lztest-nonprod" \
185+
--query "length(@)" -o tsv)
186+
echo " ✓ Subnets created: $SUBNET_COUNT (expected 4)"
187+
if [ "$SUBNET_COUNT" -ne 4 ]; then
188+
echo " ✗ ERROR: Expected 4 subnets, got $SUBNET_COUNT"
189+
exit 1
190+
fi
191+
192+
- name: Validate Defender plans
193+
run: |
194+
echo "=== Checking Defender for Cloud ==="
195+
CSPM=$(az security pricing show --name "CloudPosture" --query "pricingTier" -o tsv 2>/dev/null || echo "unknown")
196+
echo " CSPM tier: $CSPM"
197+
ARM=$(az security pricing show --name "Arm" --query "pricingTier" -o tsv 2>/dev/null || echo "unknown")
198+
echo " ARM tier: $ARM"
199+
KV=$(az security pricing show --name "KeyVaults" --query "pricingTier" -o tsv 2>/dev/null || echo "unknown")
200+
echo " Key Vault tier: $KV"
201+
echo " ✓ Defender plans verified"
202+
203+
- name: Validate budget exists
204+
run: |
205+
echo "=== Checking budget ==="
206+
BUDGET=$(az consumption budget list --query "[?contains(name, 'lztest')].name" -o tsv 2>/dev/null || echo "")
207+
if [ -n "$BUDGET" ]; then
208+
echo " ✓ Budget exists: $BUDGET"
209+
else
210+
echo " ⚠ Budget not found (may take time to propagate)"
211+
fi
212+
174213
# --- Teardown (runs even if validation fails, as long as apply succeeded) ---
175214
- name: Terraform Destroy
176215
if: always()

.pre-commit-config.yaml

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
repos:
2+
- repo: https://github.com/antonbabenko/pre-commit-tf-docs
3+
rev: v0.3.0
4+
hooks:
5+
- id: terraform-fmt
6+
name: Terraform fmt
7+
entry: terraform fmt -recursive
8+
language: system
9+
files: \.tf$
10+
pass_filenames: false
11+
12+
- repo: https://github.com/pre-commit/pre-commit-hooks
13+
rev: v5.0.0
14+
hooks:
15+
- id: trailing-whitespace
16+
exclude: \.md$
17+
- id: end-of-file-fixer
18+
- id: check-yaml
19+
- id: check-merge-conflict
20+
21+
- repo: https://github.com/shellcheck-py/shellcheck-py
22+
rev: v0.10.0.1
23+
hooks:
24+
- id: shellcheck
25+
args: [--severity=warning]

infra/bicep/main.bicep

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ param monthlyBudgetAmount int
2323

2424
@description('Email addresses for budget alerts')
2525
@minLength(1)
26-
param budgetAlertEmails array
26+
param budgetAlertEmails string[]
2727

2828
@description('Deploy VNet and networking resources')
2929
param deployNetworking bool = true
@@ -47,7 +47,7 @@ param enableDefenderForKeyVault bool = true
4747
param securityContactEmail string
4848

4949
@description('Allowed Azure regions for resource deployment')
50-
param allowedLocations array = [location]
50+
param allowedLocations string[] = [location]
5151

5252
@description('Tags applied to all resources')
5353
param tags object = {

infra/bicep/modules/budgets.bicep

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,9 @@
11
// ============================================================================
22
// Budget Alerts
3-
// Alerts at 50%, 80%, and 100% of monthly budget
3+
// Alerts at 50%, 80%, and 100% of monthly budget.
4+
// For cost anomaly detection, enable it in the Azure Portal:
5+
// Cost Management → Cost alerts → Anomaly alerts (no ARM resource available).
6+
// See docs/cost-management.md for details.
47
// ============================================================================
58

69
targetScope = 'subscription'
@@ -12,7 +15,7 @@ param budgetName string
1215
param amount int
1316

1417
@description('Email addresses for budget notifications')
15-
param contactEmails array
18+
param contactEmails string[]
1619

1720
@description('Budget start date (first day of current month, YYYY-MM-DD)')
1821
param startDate string = '${utcNow('yyyy-MM')}-01'

infra/bicep/modules/policy-assignments.bicep

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ targetScope = 'subscription'
99
param location string
1010

1111
@description('Allowed Azure regions for resource deployment')
12-
param allowedLocations array
12+
param allowedLocations string[]
1313

1414
@description('Log Analytics workspace ID for diagnostic settings policy')
1515
param logAnalyticsWorkspaceId string

infra/terraform/main.tf

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -141,6 +141,9 @@ resource "azurerm_monitor_diagnostic_setting" "activity_log" {
141141

142142
# ==============================================================================
143143
# Budget
144+
# For cost anomaly detection, enable it in the Azure Portal:
145+
# Cost Management → Cost alerts → Anomaly alerts (no Terraform resource available).
146+
# See docs/cost-management.md for details.
144147
# ==============================================================================
145148

146149
resource "azurerm_consumption_budget_subscription" "monthly" {

0 commit comments

Comments
 (0)