Contributing

Contributions Notice

Currently we can only accept contributions from Microsoft FTEs. In the future we will look to change this.

Looking to contribute to the Azure Proactive Resiliency Library (APRL), well you have made it to the right place/page πŸ‘

Follow the below instructions, especially the pre-requisites, to get started contributing to the library.

Writing a recommendation

APRL recommendations are intended to enable and accelerate the delivery of Well Architected Reliability Assessments. The purpose of APRL is not to replace existing Azure public documentation and guidance on best practices.

Each recommendation should be actionable for the customer. The customer should be able to place the recommendation in their backlog and the engineer that picks it up should have complete clarity on the change that needs to be made and the specific resources that the change should be made to.

Each recommendation should include a descriptive title, a short guidance section that contains additional detail on the recommendation, links to public documentation that provide additional information related to the recommendation, and a query to identify resources that are not compliant with the recommendation. The title and guidance sections alone should provide sufficient information for a CSA to evaluate a resource.

Recommendations should not require the CSA to spend a lot of time on background reading, they should not be open to interpretation, and they should not be vague. Remember that the CSA delivering the WARA is reviewing a large number of Azure resources in a limited amount of time and is not an expert in every Azure service.

Examples

  • Good recommendation: Use a /24 subnet for the service
  • Bad recommendation: Size your subnet appropriately

Not all best practices make good APRL recommendations. If the best practice relates to a particular service configuration and can be checked with an ARG query, it probably makes for a good APRL recommendation. If the best practice is more aligned to general architectural concepts that are true for many service or workload types, we very likely already have a recommendation in the APRL WAF section that addresses the topic. If not, consider adding a WAF recommendation to APRL. If neither is the case, APRL may not be the best location for this content.

Context/Background

Before jumping into the pre-requisites and specific section contribution guidance, please familiarize yourself with this context/background on how this library is built to help you contribute going forward.

This site is built using Hugo, a static site generator, that’s source code is stored in the APRL GitHub repo (link in header of this site too) and is hosted on GitHub Pages, via the repo.

The reason for the combination of Hugo & GitHub pages is to allow us to present an easy to navigate and consume library, rather than using a native GitHub repo, which is not easy to consume when there are lots of pages and folders. Also Hugo generates the site in such a way that it is also friendly for mobile consumers.

But I don’t have any skills in Hugo?

That’s okay and you really don’t need them. Hugo just needs you to be able to author markdown (.md) files and it does the rest when it generates the site πŸ‘

Pre-Requisites

Read and follow the below sections to leave you in a “ready state” to contribute to APRL.

A “ready state” means you have a forked copy of the Azure/Azure-Proactive-Resiliency-Library repo cloned to your local machine and open in VS Code.

Run and Access a Local Copy of APRL During Development

When in VS Code you should be able to open a terminal and run the below commands to access a copy of the APRL website from a local web server, provided by Hugo, using the following address http://localhost:1313/Azure-Proactive-Resiliency-Library/:

cd docs
hugo server -D

Software/Applications

To contribute to this project/repo/library you will need the following installed:

  • Git
  • Visual Studio Code (VS Code)
    • Extensions:
      • editorconfig.editorconfig, streetsidesoftware.code-spell-checker, ms-vsliveshare.vsliveshare, medo64.render-crlf, vscode-icons-team.vscode-icons
      • VS Code will recommend automatically to install these when you open this repo, or a fork of it, in VS Code.
  • Hugo Extended

winget Install Commands

To install winget follow the install instructions here.

winget install --id 'Git.Git'
winget install --id 'Microsoft.VisualStudioCode'
winget install --id 'Hugo.Hugo.Extended'

Other requirements

Useful Resources

Below are links to a number of useful resources to have when contributing to APRL:

Steps to do before contributing anything (after pre-requisites)

Run the following commands in your terminal of choice from the directory where you fork of the repo is located:

git checkout main
git pull
git fetch -p
git fetch -p upstream
git pull upstream main
git push

Doing this will ensure you have the latest changes from the upstream repo and you are ready to now create a new branch from main by running the below commands:

git checkout main
git checkout -b <YOUR-DESIRED-BRANCH-NAME-HERE>

Creating a Service’s Recommendation Page

Important

Make sure you have followed the the Steps to do before contributing anything (after pre-requisites) before following this section.

The is a common task that is likely to be done is adding a new service to which you want to provide recommendations and supporting queries etc. for example Virtual Machines.

For this task we use Hugo’s archetype features which enables you to create a whole directory for a new service with a lot of templated content ready for you to change and use. This can be called by using the following command hugo new --kind service-bundle services/<category>/<service-name

You can see source code of the directory archetype called service-bundle here in the repo.

Steps to follow:

  1. In your terminal of choice run the following:
    cd docs/
hugo new --kind service-bundle services/compute/virtual-machines
  2. You will now see a new folder in content/services/compute called virtual-machines
    β”œβ”€β”€β”€content
β”‚   β”œβ”€β”€β”€contributing
β”‚   └───services
β”‚       β”œβ”€β”€β”€ai-ml
β”‚       β”œβ”€β”€β”€compute
β”‚       β”‚   └───virtual-machines
β”‚       β”‚       └───code
β”‚       β”‚           β”œβ”€β”€β”€cm-1
β”‚       β”‚           └───cm-2
  3. Inside the virtual-machines folder you will see the following files pre-staged
    β”‚       β”‚   └───virtual-machines
β”‚       β”‚       β”‚   _index.md
β”‚       β”‚       β”‚
β”‚       β”‚       └───code
β”‚       β”‚           β”œβ”€β”€β”€cm-1
β”‚       β”‚           β”‚       cm-1.kql
β”‚       β”‚           β”‚
β”‚       β”‚           β”‚
β”‚       β”‚           └───cm-2
β”‚       β”‚                   cm-2.kql
  4. Open _index.md in VS Code and make relevant changes
    • You can copy the recommendations labelled CM-1 or CM-2 multiple times to create more recommendations
  5. Update Azure Resource Graph queries in the code folder within virtual-machines
    • You will see there is a folder, e.g. cm-1, cm-2, per recommendation to help with file structure organization
  6. Ensure you use the correct Azure resource abbreviations provided within our Cloud Adoption Framework (CAF) documentation here. For example, use vm for Virtual Machines.
  7. Save, commit and push your changes to your branch and repo
  8. Create a create a Pull Request into the main branch of the upstream repo
  9. Get it merged

Automation Standards for Recommendations

When creating recommendations for a service, please follow the below standards:

Recommendation categories

Each recommendation should have one and only one associated category from this list below.

Recommendation CategoryCategory Description
Application ResilienceEnsures software applications remain functional under failures or disruptions. Utilizes fault-tolerance, stateless architecture, and microservices to maintain application health and reduce downtime.
AutomationUses automated systems or scripts for routine tasks, backups, and recovery. Minimizes human intervention, thereby reducing errors and speeding up recovery processes.
AvailabilityFocuses on ensuring services are accessible and operational. Combines basic mechanisms like backups with advanced techniques like clustering and data replication to achieve near-zero downtime. (Includes High Availability)
Access & SecurityEncompasses identity management, authentication, and security measures for safeguarding systems. Centralizes access control and employs robust security mechanisms like encryption and firewalls. (Includes Identity)
GovernanceInvolves policies, procedures, and oversight for IT resource utilization. Ensures adherence to legal, regulatory, and compatibility requirements, while guiding overall system management. (Includes Compliance and Compatibility)
Disaster RecoveryInvolves strategies and technologies to restore systems and data after catastrophic failures. Utilizes off-site backups, recovery sites, and detailed procedures for quick recovery after a disaster.
System EfficiencyMaintains acceptable service levels under varying conditions. Employs techniques like resource allocation, auto-scaling, and caching to handle changes in load and maintain smooth operation. (Includes Performance and Scalability)
MonitoringInvolves constant surveillance of system health, performance, and security. Utilizes real-time alerts and analytics to identify and resolve issues quickly, aiding in faster response times.
NetworkingAims to ensure uninterrupted network service through techniques like failover routing, load balancing, and redundancy. Focuses on maintaining the integrity and availability of network connections.
StorageFocuses on the integrity and availability of data storage systems. Employs techniques like RAID, data replication, and backups to safeguard against data loss or corruption.

Azure Resource Graph (ARG) Queries

  1. All ARG queries should have two comments at the top of the query, one comment stating Azure Resource Graph Query and another comment providing a description of the query results returned. For example:

    // Azure Resource Graph Query
// Provides a list of Azure Container Registry resources that do not have soft delete enabled

  2. If the ARG query is under development, the query should have a single line stating: // under-development

  3. If a recommendation query cannot be returned due to limitations with the data provided within ARG, the query should have a single line stating: // cannot-be-validated-with-arg

  4. Queries should only return resources that do not adhere to the APRL recommendation. For example, if the recommendation is to enable soft delete for Azure Container Registries, the associated query should only return Azure Container Registry resources that do not have soft delete enabled.

  5. If a ARG query folder has a file with a file type suffixed with .fix, this means that the current query does not work as anticipated and to consider using this as a starting point for fixing the query. Once you have validated that the query is working as anticipated, please remove the file with the .fix suffix.

  6. ARG query columns name returned should only include the following:

Column NameRequiredInformation Returned (Example)Description
recommendationIdYesaks-1The acronym of the Azure service that the query is returning results for, followed by the APRL recommendation number.
nameYestest-aksThe resource name of the Azure resource that does not adher to the APRL recommendation.
idYes/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/test-resource-group/providers/Microsoft.ContainerService/managedClusters/test-aksThe resource ID of the Azure resource that does not adhere to the APRL recommendation.
tagsNo{“Environment”:“Test”,“Department”:“IT”}Any relevant tags associated to the resource that does not adhere to the APRL recommendation.
param1NonetworkProfile:kubenetAny additional information that is necessary to provide clarification for the APRL recommendation.
param2NonetworkProfile:kubenetAny additional information that is necessary to provide clarification for the APRL recommendation.
param3NonetworkProfile:kubenetAny additional information that is necessary to provide clarification for the APRL recommendation.
param4NonetworkProfile:kubenetAny additional information that is necessary to provide clarification for the APRL recommendation.
param5NonetworkProfile:kubenetAny additional information that is necessary to provide clarification for the APRL recommendation.

Updating a Service’s Recommendation Page

Important

Make sure you have followed the the Steps to do before contributing anything (after pre-requisites) before following this section.

This is likely the most common task that will be performed.

All you need to do is just make edits directly to the existing markdown (.md) files, save your changes, commit, stage and push them to your branch and repo. Then create a Pull Request into the main branch of the upstream repo and you are done πŸ‘

Creating a Service Category

Important

Make sure you have followed the the Steps to do before contributing anything (after pre-requisites) before following this section.

For this task we use Hugo’s archetype features which enables you to create a whole directory for a new service with a lot of templated content ready for you to change and use. This can be called by using the following command hugo new --kind category-bundle services/<category>

You can see source code of the directory archetype called category-bundle here in the repo.

Steps to follow:

  1. In your terminal of choice run the following:
    cd docs/
hugo new --kind category-bundle services/aaa
  2. You will now see a new folder in content/services called aaa
    β”œβ”€β”€β”€content
β”‚   β”‚   _index.md
β”‚   β”‚
β”‚   β”œβ”€β”€β”€contributing
β”‚   β”‚       _index.md
β”‚   β”‚
β”‚   └───services
β”‚       β”‚   _index.md
β”‚       β”‚
β”‚       β”œβ”€β”€β”€aaa
β”‚       β”‚       _index.md
  3. Inside the aaa folder you will see the following file _index.md pre-staged
    β”œβ”€β”€β”€aaa
β”‚       β”‚       _index.md
  4. Open _index.md in VS Code and make relevant changes
  5. Save, commit and push your changes to your branch and repo
  6. Create a create a Pull Request into the main branch of the upstream repo
  7. Get it merged

Top Tips

  1. Sometimes the local version of the website may show some inconsistencies that don’t reflect the content you have created.
    • If this happens, simply kill the Hugo local web server by pressing CTRL+C and then restart the Hugo web server by running hugo server -D from the docs/ directory