Include tags for security controls when MicroHack is using Microsoft-sponsored external tenants. Also, add a small script to remove all soft-deleted resources to make redeployment easier.#41
Open
tkopacz wants to merge 6 commits intomicrosoft:mainfrom
Conversation
pewill-msft
reviewed
Feb 6, 2026
Collaborator
pewill-msft
left a comment
pewill-msft
left a comment
There was a problem hiding this comment.
Thanks for the ideas. I would like to avoid adding things unless they are crucial for the participants to complete the exercises
Collaborator
There was a problem hiding this comment.
I don't see redeployment as an issue during the hacks since the participants typically use only one version of the deployed resources and there is no need to run multiple deployments. Adding this to the instructions can cause confusion.
|
|
||
| # Create resource group | ||
| az group create --name $RESOURCE_GROUP --location $LOCATION | ||
| az group create --name $RESOURCE_GROUP --location $LOCATION --tags SecurityControl=Ignore SecurityExemption=StorageAccountKeyAccess |
Collaborator
There was a problem hiding this comment.
I would prefer not to have MSFT specific tags in the documentation
| project.lock.json | ||
| project.fragment.lock.json | ||
| artifacts/ | ||
| challenge-2/RepairPlanner/ |
Collaborator
There was a problem hiding this comment.
I think the RepairPlanner should be included in git since the hack participants might want to commit their changes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces several enhancements and utilities to streamline Azure resource management and data seeding for the project. The most significant changes include the addition of a comprehensive script to purge soft-deleted Azure resources, a new Python script for seeding Cosmos DB with sample data, and updates to deployment instructions for improved automation and troubleshooting.
Azure resource management improvements:
purge-soft-deleted.shto automate purging of soft-deleted Azure resources (Key Vaults, Cognitive Services, API Management, App Configuration) for a given resource group, improving environment cleanup and redeployment reliability.challenge-0/README.mdto include instructions for running the purge script after redeployment, and enhanced the resource group creation command to add security-related tags. [1] [2]Developer experience and environment setup:
challenge-2/README.mdto ensure the correct.envfile is sourced when running the agent.Infrastructure and local development:
__azurite_db_queue__.json,__azurite_db_queue_extent__.json) to support local Azure Storage Queue emulation, aiding in development and testing scenarios. [1] [2]This pull request introduces improvements to the Azure deployment workflow, focusing on resource cleanup and deployment reliability. The main changes add a script to purge soft-deleted Azure resources, update deployment instructions to use this script, and enhance resource group tagging for compliance. Additionally, there are minor fixes to environment variable loading and the addition of local Azurite database files.
Deployment and resource management improvements:
purge-soft-deleted.shthat automates purging of soft-deleted Azure resources (Key Vaults, Cognitive Services, API Management, App Configuration) for a given resource group, improving redeployment reliability.challenge-0/README.mdto instruct users to run the new purge script after redeployment, ensuring clean state and avoiding resource name conflicts.challenge-0/README.mdto include specific tags for security control and exemption, supporting compliance requirements.Other changes:
challenge-2/README.mdto correctly reference the.envfile.__azurite_db_queue__.json,__azurite_db_queue_extent__.json) to the repository, supporting local Azure Storage queue emulation. [1] [2]This pull request adds automation for purging soft-deleted Azure resources and updates deployment instructions to improve resource management and usability. The main focus is on making it easier to clean up resources during redeployment and ensuring environment variables are loaded from the correct location.
Resource management improvements:
purge-soft-deleted.shthat can automatically purge soft-deleted Azure resources (Key Vaults, Cognitive Services, API Management, and App Configuration) in a specified resource group. This helps prevent issues when redeploying infrastructure.challenge-0/README.mdto document the use of the new purge script after redeployment, making the workflow clearer for users.Deployment and usability enhancements:
challenge-0/README.mdto include tags for security controls and exemptions, aligning with organizational requirements..envfile inchallenge-2/README.mdto ensure environment variables are loaded correctly when running the agent.