runwhen-contrib · saurabh3460 · Jul 30, 2025 · Jul 30, 2025 · Jul 30, 2025 · Jul 30, 2025
@@ -0,0 +1,22 @@
+apiVersion: runwhen.com/v1
+kind: GenerationRules
+spec:
+  platform: azure
+  generationRules:
+    - resourceTypes:
+        - resource_group
+      matchRules:
+        - type: pattern
+          pattern: ".+"
+          properties: [name]
+          mode: substring
+      slxs:
+        - baseName: azure-planned-maintenance
+          qualifiers: ["subscription_id"]
+          baseTemplateName: azure-planned-maintenance
+          levelOfDetail: basic
+          outputItems:
+            - type: slx
+            - type: sli
+            - type: runbook
+              templateName: azure-planned-maintenance-taskset.yaml
@@ -0,0 +1,55 @@
+apiVersion: runwhen.com/v1
+kind: ServiceLevelIndicator
+metadata:
+  name: {{slx_name}}
+  labels:
+    {% include "common-labels.yaml" %}
+  annotations:
+    {% include "common-annotations.yaml" %}
+spec:
+  displayUnitsLong: OK
+  displayUnitsShort: ok
+  locations:
+    - {{default_location}}
+  description: Check for planned maintenance events in Azure subscription {{ match_resource.subscription_name }}.
+  codeBundle:
+    {% if repo_url %}
+    repoUrl: {{repo_url}}
+    {% else %}
+    repoUrl: https://github.com/runwhen-contrib/azure-c7n-codecollection.git
+    {% endif %}
+    {% if ref %}
+    ref: {{ref}}
+    {% else %}
+    ref: main
+    {% endif %}
+    pathToRobot: codebundles/azure-planned-maintenance/sli.robot
+  intervalStrategy: intermezzo
+  intervalSeconds: 600
+  configProvided:
+    - name: AZURE_RESOURCE_GROUP
+      value: "{{resource_group.name}}"
+    - name: AZURE_SUBSCRIPTION_NAME
+      value: "{{ subscription_name }}"
+    - name: AZURE_SUBSCRIPTION_ID
+      value: "{{ subscription_id }}"
+  secretsProvided:
+  {% if wb_version %}
+    {% include "azure-auth.yaml" ignore missing %}
+  {% else %}
+    - name: azure_credentials
+      workspaceKey: AUTH DETAILS NOT FOUND
+  {% endif %}
+  alerts:
+    warning:
+      operator: <
+      threshold: '1'
+      for: '20m'
+    ticket:
+      operator: <
+      threshold: '1'
+      for: '40m'
+    page:
+      operator: '=='
+      threshold: '0'
+      for: ''
@@ -0,0 +1,27 @@
+apiVersion: runwhen.com/v1
+kind: ServiceLevelX
+metadata:
+  name: {{slx_name}}
+  labels:
+    {% include "common-labels.yaml" %}
+  annotations:
+    {% include "common-annotations.yaml" %}
+spec:
+  imageURL: https://placeholder.svg
+  alias: {{ match_resource.subscription_name }} Azure Planned Maintenance
+  asMeasuredBy: Composite health score of resources & activities. 
+  configProvided:
+  - name: SLX_PLACEHOLDER
+    value: SLX_PLACEHOLDER
+  owners:
+  - {{workspace.owner_email}}
+  statement: Check for planned maintenance events on Azure resources.
+  additionalContext:  
+    {% include "azure-hierarchy.yaml" ignore missing %}
+    qualified_name: "{{ match_resource.qualified_name }}"
+  tags:
+    {% include "azure-tags.yaml" ignore missing %}
+    - name: service
+      value: resourcegraph
+    - name: access
+      value: read-only
@@ -0,0 +1,37 @@
+apiVersion: runwhen.com/v1
+kind: Runbook
+metadata:
+  name: {{slx_name}}
+  labels:
+    {% include "common-labels.yaml" %}
+  annotations:
+    {% include "common-annotations.yaml" %}
+spec:
+  location: {{default_location}}
+  description: List planned maintenance events in azure subscription {{ match_resource.subscription_name }}.
+  codeBundle:
+    {% if repo_url %}
+    repoUrl: {{repo_url}}
+    {% else %}
+    repoUrl: https://github.com/runwhen-contrib/azure-c7n-codecollection.git
+    {% endif %}
+    {% if ref %}
+    ref: {{ref}}
+    {% else %}
+    ref: main
+    {% endif %}
+    pathToRobot: codebundles/azure-planned-maintenance/runbook.robot
+  configProvided:
+    - name: AZURE_RESOURCE_GROUP
+      value: "{{resource_group.name}}"
+    - name: AZURE_SUBSCRIPTION_NAME
+      value: "{{ subscription_name }}"
+    - name: AZURE_SUBSCRIPTION_ID
+      value: "{{ subscription_id }}"
+  secretsProvided:
+  {% if wb_version %}
+    {% include "azure-auth.yaml" ignore missing %}
+  {% else %}
+    - name: azure_credentials
+      workspaceKey: AUTH DETAILS NOT FOUND
+  {% endif %}
@@ -0,0 +1,95 @@
+### How to test this codebundle? 
+
+#### Azure service principal Configuration
+
+We create two distinct Azure service principal with scoped access:
+
+
+**CloudCustodian Service principal**
+
+Purpose: Service Level Indicator (SLI) monitoring and runbook automation and configured with read only access principles
+
+```sh
+AZURE_SUBSCRIPTION_ID=""
+az ad sp create-for-rbac --name c7n --role reader --scopes /subscriptions/${AZURE_SUBSCRIPTION_ID}
+```
+
+**Infrastructure Deployment Service principal**
+Purpose: Cloud infrastructure provisioning and management using Terraform
+
+```sh
+AZURE_SUBSCRIPTION_ID=""
+az ad sp create-for-rbac --name provisioner --role contributor --scopes /subscriptions/${AZURE_SUBSCRIPTION_ID}
+```
+
+# Infrastructure Setup
+The terraform directory contains infrastructure used for testing. 
+
+
+#### Credential Setup
+
+Navigate to the `.test/terraform` directory and configure two secret files for authentication:
+
+`cb.secret` - CloudCustodian and RunWhen Credentials
+
+Create this file with the following environment variables:
+
+	```sh
+	export RW_PAT=""
+	export RW_WORKSPACE=""
+	export RW_API_URL="papi.beta.runwhen.com"
+
+	export ARM_SUBSCRIPTION_ID=""
+    export AZ_TENANT_ID=""
+    export AZ_CLIENT_SECRET=""
+    export AZ_CLIENT_ID=""
+	```
+
+
+`tf.secret` - Terraform Deployment Credentials
+
+Create this file with the following environment variables:
+
+	```sh
+	export ARM_SUBSCRIPTION_ID=""
+    export AZ_TENANT_ID=""
+    export AZ_CLIENT_SECRET=""
+    export AZ_CLIENT_ID=""
+	```
+
+
+# Local Development Testing
+
+Perform an azure login on the command line to interact with the infrastructure provisioned by Terraform. 
+
+
+```sh
+az login --service-principal \
+    --username "" \
+    --password "" \
+    --tenant ""
+```
+
+####  Testing Workflow
+
+1. Build test infra:
+	```sh
+		task build-infra
+	```	
+
+2. Generate RunWhen Configurations
+	```sh
+		tasks
+	```
+
+3. Upload generated SLx to RunWhen Platform
+
+	```sh
+		task upload-slxs
+	```
+
+4. At last, after testing, clean up the test infrastructure.
+
+    ```sh
+        task clean
+    ```