diff --git a/.github/workflows/auto-test.yml b/.github/workflows/auto-test.yml index 494d53f1..4e342e3d 100644 --- a/.github/workflows/auto-test.yml +++ b/.github/workflows/auto-test.yml @@ -10,7 +10,7 @@ on: resource_priority_list: type: string description: Priority list for resources (you can remove unnecessary resources during testing) - default: '["storage", "webapp", "vnet", "network", "vm", "synapse", "sql", "mysql", "subscription", "disk", "postgresql", "cosmosdb", "signalr", "spring", "search", "service-fabric", "stream", "redis", "servicebus", "role", "monitor", "machine-learning", "logic", "kusto", "aks", "keyvault", "iothub", "front-door", "event", "data", "defender", "container", "cognitiveservice", "batch", "automation", "application", "app-configuration", "api", "alert"]' + default: '["storage", "synapse", "disk", "cosmosdb", "role", "data", "container"]' #'["storage", "webapp", "vnet", "network", "vm", "synapse", "sql", "mysql", "subscription", "disk", "postgresql", "cosmosdb", "signalr", "spring", "search", "service-fabric", "stream", "redis", "servicebus", "role", "monitor", "machine-learning", "logic", "kusto", "aks", "keyvault", "iothub", "front-door", "event", "data", "defender", "container", "cognitiveservice", "batch", "automation", "application", "app-configuration", "api", "alert"]' required: true @@ -24,7 +24,7 @@ env: AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} AZURE_SECRET_VALUE: ${{ secrets.AZURE_SECRET_VALUE }} - default_resource_priority_list: '["storage", "webapp", "vnet", "network", "vm", "synapse", "sql", "mysql", "subscription", "disk", "postgresql", "cosmosdb", "signalr", "spring", "search", "service-fabric", "stream", "redis", "servicebus", "role", "monitor", "machine-learning", "logic", "kusto", "aks", "keyvault", "iothub", "front-door", "event", "data", "defender", "container", "cognitiveservice", "batch", "automation", "application", "app-configuration", "api", "alert"]' + default_resource_priority_list: '["storage", "synapse", "disk", "cosmosdb", "role", "data", "container"]' #default_resource_priority_list: '["storage", "webapp", "vnet", "network", "vm", "synapse", "sql", "mysql", "subscription", "disk", "postgresql", "cosmosdb", "signalr", "spring", "search", "service-fabric", "stream", "redis", "servicebus", "role", "monitor", "machine-learning", "logic", "kusto", "aks", "keyvault", "iothub", "front-door", "event", "data", "defender", "container", "cognitiveservice", "batch", "automation", "application", "app-configuration", "api", "alert"]' TF_VAR_project: ${{ secrets.TF_VAR_project }} TF_VAR_region: ${{ secrets.AWS_REGION }} @@ -128,7 +128,7 @@ jobs: needs: [ deploy_common_resources, prepare_resource_matrix ] if: ${{ needs.prepare_resource_matrix.outputs.parallel_resources_list != '[]' }} strategy: - max-parallel: 5 + max-parallel: 10 fail-fast: false matrix: compliance: ['green', 'red'] diff --git a/auto_policy_testing/green/common_resources/provider.tf b/auto_policy_testing/green/common_resources/provider.tf index c3f5169c..360b6f37 100644 --- a/auto_policy_testing/green/common_resources/provider.tf +++ b/auto_policy_testing/green/common_resources/provider.tf @@ -18,7 +18,8 @@ provider "azurerm" { features { key_vault { purge_soft_delete_on_destroy = true - purge_soft_deleted_keys_on_destroy = false + purge_soft_deleted_keys_on_destroy = true + purge_soft_deleted_secrets_on_destroy = true } resource_group { diff --git a/auto_policy_testing/red/role/role_definitions.tf b/auto_policy_testing/red/role/role_definitions.tf index 59845fd7..5d49acb7 100644 --- a/auto_policy_testing/red/role/role_definitions.tf +++ b/auto_policy_testing/red/role/role_definitions.tf @@ -9,4 +9,10 @@ resource "azurerm_role_definition" "this" { actions = ["*"] } assignable_scopes = [data.azurerm_subscription.primary.id] +} + +resource "time_sleep" "wait_10_minutes" { + depends_on = [azurerm_role_definition.this] + + create_duration = "10m" } \ No newline at end of file