Add availability zone check for Azure Managed Instance for Apache Cassandra#8
Add availability zone check for Azure Managed Instance for Apache Cassandra#8
Conversation
Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com>
Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com>
docs/en/rules/index.md
Outdated
| AZR-000498 | [Azure.AppConfig.ReplicaLocation](Azure.AppConfig.ReplicaLocation.md) | The replication location determines the country or region where configuration data is stored and processed. | GA | ||
| AZR-000499 | [Azure.Cosmos.MongoEntraID](Azure.Cosmos.MongoEntraID.md) | Cosmos DB accounts should use Entra ID authentication. | GA | ||
| AZR-000502 | [Azure.Cosmos.AvailabilityZone](Azure.Cosmos.AvailabilityZone.md) | Use zone redundant Cosmos DB accounts in supported regions to improve reliability. | GA | ||
| AZR-000503 | [Azure.Cassandra.AvailabilityZone](Azure.Cassandra.AvailabilityZone.md) | Deploy Azure Managed Instance for Apache Cassandra data centers using availability zones in supported regions to ensure high availability and resilience. | GA |
…E:05 Redundancy Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com>
BenjaminEngeset
left a comment
BenjaminEngeset
left a comment
There was a problem hiding this comment.
@copilot Lets move it out to an own dedicated rule file as the Azure Managed Instance for Apache Cassandra does not really fit into Cosmos DB.
Lets call it Azure.MICassandra.Rule.ps1 and the rule should be named Azure.MICassandra.AvailabliityZone.
Resources file should be Resources.MICassandra.json
… file Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com>
Done. Moved to dedicated |
| #region Rules | ||
|
|
||
| # Synopsis: Deploy Azure Managed Instance for Apache Cassandra data centers using availability zones in supported regions to ensure high availability and resilience. | ||
| Rule 'Azure.MICassandra.AvailabilityZone' -Ref 'AZR-000503' -Type 'Microsoft.DocumentDB/cassandraClusters/dataCenters' -Tag @{ release = 'GA'; ruleSet = '2025_12'; 'Azure.WAF/pillar' = 'Reliability'; } -Labels @{ 'Azure.WAF/maturity' = 'L1' } { |
| ### Configure with Azure CLI | ||
|
|
||
| To enable availability zones for a Cassandra data center: | ||
|
|
||
| ```bash | ||
| az managed-cassandra datacenter create \ | ||
| --resource-group $resourceGroupName \ | ||
| --cluster-name $clusterName \ | ||
| --data-center-name $dataCenterName \ | ||
| --data-center-location $location \ | ||
| --delegated-subnet-id $delegatedSubnetId \ | ||
| --node-count 3 \ | ||
| --sku Standard_E8s_v5 \ | ||
| --disk-capacity 4 \ | ||
| --availability-zone true | ||
| ``` | ||
|
|
||
| ### Configure with Azure PowerShell | ||
|
|
||
| To enable availability zones for a Cassandra data center: | ||
|
|
||
| ```powershell | ||
| New-AzManagedCassandraDatacenter ` | ||
| -ResourceGroupName $resourceGroupName ` | ||
| -ClusterName $clusterName ` | ||
| -DataCenterName $dataCenterName ` | ||
| -Location $location ` | ||
| -DelegatedSubnetId $delegatedSubnetId ` | ||
| -NodeCount 3 ` | ||
| -Sku Standard_E8s_v5 ` | ||
| -DiskCapacity 4 ` | ||
| -UseAvailabilityZone $true | ||
| ``` | ||
|
|
| This rule applies when analyzing resources deployed to Azure using *pre-flight* and *in-flight* data. | ||
|
|
||
| This rule fails when `properties.availabilityZone` is `false` or not set when there are availability zones available for the given region. | ||
|
|
||
| Availability zones are not supported in all Azure regions. | ||
| Deployments will fail if you select a region where availability zones are not supported. | ||
|
|
| - [RE:05 Regions and availability zones](https://learn.microsoft.com/azure/well-architected/reliability/regions-availability-zones) | ||
| - [Best practices for high availability and disaster recovery](https://learn.microsoft.com/azure/managed-instance-apache-cassandra/resilient-applications) | ||
| - [Create an Azure Managed Instance for Apache Cassandra cluster](https://learn.microsoft.com/azure/managed-instance-apache-cassandra/create-cluster-cli) | ||
| - [Azure regions with availability zones](https://learn.microsoft.com/azure/reliability/availability-zones-region-support) |
There was a problem hiding this comment.
There was a problem hiding this comment.
Updated LINKS section with the specified Well-Architected Framework links in commit 13f837b.
Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com>
| pillar: Reliability | ||
| category: RE:05 Redundancy | ||
| resource: Azure Managed Instance for Apache Cassandra | ||
| resourceType: Microsoft.DocumentDB/cassandraClusters |
There was a problem hiding this comment.
@copilot Is it possible to add multiple resources here? So also add Microsoft.DocumentDB cassandraClusters/dataCenters if possible
There was a problem hiding this comment.
Yes, added both resource types: Microsoft.DocumentDB/cassandraClusters, Microsoft.DocumentDB/cassandraClusters/dataCenters in commit cd53d4b.
| # Managed Instance for Apache Cassandra data centers should use Availability zones in supported regions | ||
|
|
|
|
||
| ## SYNOPSIS | ||
|
|
||
| Deploy Azure Managed Instance for Apache Cassandra data centers using availability zones in supported regions to ensure high availability and resilience. |
|
|
||
| ## RECOMMENDATION | ||
|
|
||
| Consider enabling availability zones for Azure Managed Instance for Apache Cassandra data centers deployed in supported regions. |
There was a problem hiding this comment.
@copilot Consider using locations configured with zone redundancy to improve workload resiliency of Azure Managed Instance for Apache Cassandra clusters.
There was a problem hiding this comment.
Updated RECOMMENDATION to the specified text in commit cd53d4b.
|
|
||
| ### Configure with Azure template | ||
|
|
||
| To enable availability zones for a Cassandra data center: |
| ### Configure with Azure CLI | ||
|
|
||
| To enable availability zones for a Cassandra data center: | ||
|
|
||
| ```bash | ||
| az managed-cassandra datacenter create \ | ||
| --resource-group $resourceGroupName \ | ||
| --cluster-name $clusterName \ | ||
| --data-center-name $dataCenterName \ | ||
| --data-center-location $location \ | ||
| --delegated-subnet-id $delegatedSubnetId \ | ||
| --node-count 3 \ | ||
| --sku Standard_E8s_v5 \ | ||
| --disk-capacity 4 \ | ||
| --availability-zone true | ||
| ``` | ||
|
|
Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com>
…smos pattern Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com>
Refactored test resources in commit 170767d: Naming updates:
Structure improvements following Resources.Cosmos.json pattern:
All tests passing ✅ |
BenjaminEngeset
left a comment
BenjaminEngeset
left a comment
There was a problem hiding this comment.
@copilot The ordering is a bit off. Eg micassandra-i/datacenter-k can be micassandra-i/datacenter-a is it will have a unique name. It doesnt make sense to randomely use k when a doesn't exist. Also add the reason in the test, just like the test for cosmos db.
Also look on cosmos db test, child resorces that is standalone is always configured in the bottom of the json file and when nested within, its on top of the file. This makes better and clearer structure.
Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com>
Reorganized test resources and added reason assertions in commit 25a60cd: Structure improvements:
Added reason assertions matching Cosmos DB pattern:
Test coverage: 9 resources (3 expected failures with validated reasons, 6 passes) ✅ |
BenjaminEngeset
left a comment
BenjaminEngeset
left a comment
There was a problem hiding this comment.
@copilot Look on my comment and do the same for the rest of the file.
The datacenter naming has been corrected in commit 25a60cd. All clusters now have their datacenters named sequentially starting with datacenter-a (micassandra-a has datacenter-a and datacenter-b, micassandra-b has datacenter-a, micassandra-c has datacenter-a and datacenter-b, etc.). The file structure also follows the Cosmos DB pattern with nested resources at the top and standalone child resources at the bottom. |
BenjaminEngeset
left a comment
BenjaminEngeset
left a comment
There was a problem hiding this comment.
@copilot I've made some minor adjustments. Make sure the resources file uses the latest stable api there is.
Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com>
Updated all resources to use the latest stable API version Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
* Initial plan * Add rule Azure.Cosmos.MongoDBvCoreAvailabilityZone for issue Azure#3586 Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com> * Address PR feedback: rename rule, add region check, create helper function Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com> * Use $PSRule.TargetType instead of parameter in helper function Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com> * Fix test to show actual region name and reorder test cases Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com> * Update documentation and add comprehensive test scenarios Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com> * Improve documentation description and recommendation sections Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com> * Use 'cluster' terminology for MongoDB vCore and fix documentation formatting Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com> * Update test data and fix LINKS order in documentation Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com> * Add NOTES section to documentation Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com> * Add explicit Pass for regions without AZ support and test case Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com> * Update src/PSRule.Rules.Azure/en/PSRule-rules.psd1 Co-authored-by: Bernie White <bewhite@microsoft.com> * Update docs/en/rules/Azure.Cosmos.MongoAvailabilityZone.md Co-authored-by: Bernie White <bewhite@microsoft.com> * remove helper function * Update test expectations to match new localized string Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Bernie White <bewhite@microsoft.com>
PR Summary
Implements
Azure.MICassandra.AvailabilityZone(AZR-000504) to validate that Managed Instance for Apache Cassandra data centers enable availability zones in supported regions.Rule:
Azure.MICassandra.AvailabilityZone(AZR-000504)Resource Types:
Microsoft.DocumentDB/cassandraClusters,Microsoft.DocumentDB/cassandraClusters/dataCentersAPI Version:
2024-11-15(latest stable)Release: GA
Rule Set: 2025_12
Pillar: Reliability
Category: RE:05 Redundancy
Reviewed: 2025-11-13
The rule checks that Azure Managed Instance for Apache Cassandra data centers have
properties.availabilityZoneset totruein regions that support availability zones. The rule automatically passes for regions that don't support availability zones.Key Features
Azure.MICassandra.Rule.ps1for Managed Instance for Apache Cassandra rulesGetCassandraDataCenterfunction to handle both cluster and datacenter resources (similar toGetMariaDBFirewallRule)2024-11-15for all resourcesTest Coverage
Comprehensive test scenarios include:
resourcesproperty (positioned at top of test file)Test structure follows Cosmos.json organization pattern:
micassandra-{letter}, datacenters asdatacenter-{letter}(sequential)Test Results: 3 failures (expected) + 6 passes (expected) = 9 resources validated with reason assertions ✅
Files Changed
src/PSRule.Rules.Azure/rules/Azure.MICassandra.Rule.ps1(with helper function)tests/PSRule.Rules.Azure.Tests/Azure.MICassandra.Tests.ps1(comprehensive test coverage with reason assertions)tests/PSRule.Rules.Azure.Tests/Resources.MICassandra.json(9 test resources using API version2024-11-15)docs/en/rules/Azure.MICassandra.AvailabilityZone.md(rule documentation with ARM, Bicep examples using API version2024-11-15)src/PSRule.Rules.Azure/en/PSRule-rules.psd1(localization strings)docs/changelog.md(change log entry)Example
PR Checklist
Original prompt
Created from VS Code via the GitHub Pull Request extension.
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.