From 3b092ac04fccece03e141f72b09cca472267c161 Mon Sep 17 00:00:00 2001 From: Jan Faurskov <22591930+jfaurskov@users.noreply.github.com> Date: Mon, 15 May 2023 10:26:46 +0200 Subject: [PATCH 01/12] Add ado pipelines --- .../ado-pipelines/deploy-hub-networking.yml | 137 ++++++++++++++++++ .../ado-pipelines/deploy-vwan-networking.yml | 137 ++++++++++++++++++ 2 files changed, 274 insertions(+) create mode 100644 src/resources/arm/testing/ado-pipelines/deploy-hub-networking.yml create mode 100644 src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml diff --git a/src/resources/arm/testing/ado-pipelines/deploy-hub-networking.yml b/src/resources/arm/testing/ado-pipelines/deploy-hub-networking.yml new file mode 100644 index 00000000..300105c4 --- /dev/null +++ b/src/resources/arm/testing/ado-pipelines/deploy-hub-networking.yml @@ -0,0 +1,137 @@ +name: "Deploy ALZ in HUB Networking configuration" + +trigger: none + +variables: + - group: csu-alz-monitor + - name: Location + value: "norwayeast" + - name: ManagementGroupPrefix + value: hubnw + - name: TopLevelManagementGroupDisplayName + value: "Hub Networking management group hierarchy" + - name: identityManagementGroup + value: "hubnw-platform-identity" + - name: managementManagementGroup + value: "hubnw-platform-management" + - name: connectivityManagementGroup + value: "hubnw-platform-connectivity" + - name: alzManagementGroup + value: "hubnw-landingzones" + +jobs: + - job: HubNW_deploy + displayName: Deploy hub/spoke Networking + pool: + vmImage: ubuntu-latest + steps: + - task: AzureCLI@2 + displayeName: Az CLI Deploy Management Groups for hubnw + inputs: + azureSubscription: 'serviceconnection' + scriptType: 'batch' + scriptLocation: 'inlineScript' + inlineScript: | + az deployment tenant create --template-file infra-as-code/bicep/modules/managementGroups/managementGroups.bicep --parameters parTopLevelManagementGroupPrefix=$(ManagementGroupPrefix) parTopLevelManagementGroupDisplayName="$(TopLevelManagementGroupDisplayName)" --location $(Location) --name $(ManagementGroupPrefix) + + - task: AzureCLI@2 + displayName: Az CLI Deploy Custom Role Definitions + inputs: + azureSubscription: 'serviceconnection' + scriptType: 'batch' + scriptLocation: 'inlineScript' + inlineScript: | + az deployment mg create --template-file infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep --parameters @infra-as-code/bicep/modules/customRoleDefinitions/parameters/customRoleDefinitions.parameters.all.json parAssignableScopeManagementGroupId=$(ManagementGroupPrefix) --location $(Location) --management-group-id $(ManagementGroupPrefix) + + - task: AzureCLI@2 + displayName: Az CLI Deploy Custom Policy Definitions + inputs: + azureSubscription: 'serviceconnection' + scriptType: 'batch' + scriptLocation: 'inlineScript' + inlineScript: | + az deployment mg create --template-file infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep --parameters @infra-as-code/bicep/modules/policy/definitions/parameters/customPolicyDefinitions.parameters.all.json parTargetManagementGroupId=$(ManagementGroupPrefix) --location $(Location) --management-group-id $(ManagementGroupPrefix) + + - task: AzureCLI@2 + displayName: Az CLI Deploy Monitor Policy Definitions + inputs: + azureSubscription: 'serviceconnection' + scriptType: 'batch' + scriptLocation: 'inlineScript' + inlineScript: | + az deployment mg create --template-file infra-as-code/bicep/deploy_dine_policies.bicep --location $(Location) --management-group-id $(ManagementGroupPrefix) + + - task: AzureCLI@2 + displayName: Az CLI Deploy Monitor Policy Initiatives + inputs: + azureSubscription: 'serviceconnection' + scriptType: 'batch' + scriptLocation: 'inlineScript' + inlineScript: | + az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorConnectivity.json --location $(Location) --management-group-id $(ManagementGroupPrefix) + az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorIdentity.json --location $(Location) --management-group-id $(ManagementGroupPrefix) + az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorManagement.json --location $(Location) --management-group-id $(ManagementGroupPrefix) + az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorLandingZone.json --location $(Location) --management-group-id $(ManagementGroupPrefix) + az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorServiceHealth.json --location $(Location) --management-group-id $(ManagementGroupPrefix) + + - task: AzureCLI@2 + displayName: Az CLI Deploy Logging + inputs: + azureSubscription: 'serviceconnection' + scriptType: 'batch' + scriptLocation: 'inlineScript' + inlineScript: | + az account set --subscription $(mgSubscriptionId) + az group create --name $(mgResourceGroup) --location $(Location) + az deployment group create --resource-group $(mgResourceGroup) --template-file infra-as-code/bicep/modules/logging/logging.bicep --parameters @infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json + + - task: AzureCLI@2 + displayName: Az CLI Deploy ALZ Policy assignments + inputs: + azureSubscription: 'serviceconnection' + scriptType: 'batch' + scriptLocation: 'inlineScript' + inlineScript: | + az deployment mg create --template-file infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep --parameters @infra-as-code/bicep/modules/policy/assignments/alzDefaults/parameters/alzDefaultPolicyAssignments.parameters.all.json parTopLevelManagementGroupPrefix=$(ManagementGroupPrefix) parLogAnalyticsWorkSpaceAndAutomationAccountLocation=$(Location) parLogAnalyticsWorkspaceResourceId="/subscriptions/$(mgSubscriptionId)/resourceGroups/$(mgResourceGroup)/providers/Microsoft.OperationalInsights/workspaces/alz-log-analytics" --location $(Location) --management-group-id "$(ManagementGroupPrefix)-landingzones" + + - task: AzureCLI@2 + displayName: Az CLI Monitor Policy initiative assignments + inputs: + azureSubscription: 'serviceconnection' + scriptType: 'batch' + scriptLocation: 'inlineScript' + inlineScript: | + az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_identity.bicep --location $(Location) --management-group-id $(identityManagementGroup) --parameters ./infra-as-code/bicep/parameters-complete-identity.json parPolicyManagementGroupId=$(ManagementGroupPrefix) + az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_management.bicep --location $(Location) --management-group-id $(managementManagementGroup) --parameters ./infra-as-code/bicep/parameters-complete-management.json parPolicyManagementGroupId=$(ManagementGroupPrefix) + az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_connectivity.bicep --location $(Location) --management-group-id $(connectivityManagementGroup) --parameters ./infra-as-code/bicep/parameters-complete-connectivity.json parPolicyManagementGroupId=$(ManagementGroupPrefix) + az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_landingzones.bicep --location $(Location) --management-group-id $(alzManagementGroup) --parameters ./infra-as-code/bicep/parameters-complete-landingzones.json parPolicyManagementGroupId=$(ManagementGroupPrefix) + az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_servicehealth.bicep --location $(Location) --management-group-id $(ManagementGroupPrefix) --parameters ./infra-as-code/bicep/parameters-complete-servicehealth.json parPolicyManagementGroupId=$(ManagementGroupPrefix) + + - task: AzureCLI@2 + displayName: Az CLI Subscription Placement + inputs: + azureSubscription: 'serviceconnection' + scriptType: 'batch' + scriptLocation: 'inlineScript' + inlineScript: | + az deployment mg create --template-file infra-as-code/bicep/orchestration/subPlacementAll/subPlacementAll.bicep --parameters parPlatformManagementMgSubs='["$(mgSubscriptionId)"]' parPlatformConnectivityMgSubs='["$(connSubscriptionId)"]' parLandingZonesCorpMgSubs='["$(spokeSubscriptionId)"]' parPlatformIdentityMgSubs='["$(idSubscriptionId)"]' parTopLevelManagementGroupPrefix=$(ManagementGroupPrefix) --location $(Location) --management-group-id $(ManagementGroupPrefix) + + - task: AzureCLI@2 + displayName: Az CLI Deploy Hub Networking + inputs: + azureSubscription: 'serviceconnection' + scriptType: 'bash' + scriptLocation: 'inlineScript' + inlineScript: | + az account set --subscription $(connSubscriptionId) + az group create --name $(connResourceGroup) --location $(Location) + az deployment group create --resource-group $(connResourceGroup) --template-file infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep --parameters @infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json parLocation=$(Location) + + - task: AzureCLI@2 + displayName: Az CLI Deploy Spoke Networking + inputs: + azureSubscription: 'serviceconnection' + scriptType: 'bash' + scriptLocation: 'inlineScript' + inlineScript: | + az deployment mg create --template-file infra-as-code/bicep/orchestration/hubPeeredSpoke/hubPeeredSpoke.bicep --parameters @infra-as-code/bicep/orchestration/hubPeeredSpoke/parameters/hubPeeredSpoke.parameters.hubnw.json parPeeredVnetSubscriptionId=$(spokeSubscriptionId) parHubVirtualNetworkId="/subscriptions/$(connSubscriptionId)/resourceGroups/hubnw-connectivity/providers/Microsoft.Network/virtualNetworks/alz-hub-eastus" --location $(Location) --management-group-id $(ManagementGroupPrefix) diff --git a/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml b/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml new file mode 100644 index 00000000..3a44cc98 --- /dev/null +++ b/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml @@ -0,0 +1,137 @@ +name: "Deploy ALZ in VWAN Networking configuration" + +trigger: none + +variables: + - group: csu-alz-monitor + - name: Location + value: "norwayeast" + - name: ManagementGroupPrefix + value: vwan + - name: TopLevelManagementGroupDisplayName + value: "vwan Networking management group hierarchy" + - name: identityManagementGroup + value: "vwan-platform-identity" + - name: managementManagementGroup + value: "vwan-platform-management" + - name: connectivityManagementGroup + value: "vwan-platform-connectivity" + - name: alzManagementGroup + value: "vwan-landingzones" + +jobs: + - job: vwan_deploy + displayName: Deploy VWAN Networking + pool: + vmImage: ubuntu-latest + steps: + - task: AzureCLI@2 + displayeName: Az CLI Deploy Management Groups for vwan + inputs: + azureSubscription: 'serviceconnection' + scriptType: 'batch' + scriptLocation: 'inlineScript' + inlineScript: | + az deployment tenant create --template-file infra-as-code/bicep/modules/managementGroups/managementGroups.bicep --parameters parTopLevelManagementGroupPrefix=$(ManagementGroupPrefix) parTopLevelManagementGroupDisplayName="$(TopLevelManagementGroupDisplayName)" --location $(Location) --name $(ManagementGroupPrefix) + + - task: AzureCLI@2 + displayName: Az CLI Deploy Custom Role Definitions + inputs: + azureSubscription: 'serviceconnection' + scriptType: 'batch' + scriptLocation: 'inlineScript' + inlineScript: | + az deployment mg create --template-file infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep --parameters @infra-as-code/bicep/modules/customRoleDefinitions/parameters/customRoleDefinitions.parameters.all.json parAssignableScopeManagementGroupId=$(ManagementGroupPrefix) --location $(Location) --management-group-id $(ManagementGroupPrefix) + + - task: AzureCLI@2 + displayName: Az CLI Deploy Custom Policy Definitions + inputs: + azureSubscription: 'serviceconnection' + scriptType: 'batch' + scriptLocation: 'inlineScript' + inlineScript: | + az deployment mg create --template-file infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep --parameters @infra-as-code/bicep/modules/policy/definitions/parameters/customPolicyDefinitions.parameters.all.json parTargetManagementGroupId=$(ManagementGroupPrefix) --location $(Location) --management-group-id $(ManagementGroupPrefix) + + - task: AzureCLI@2 + displayName: Az CLI Deploy Monitor Policy Definitions + inputs: + azureSubscription: 'serviceconnection' + scriptType: 'batch' + scriptLocation: 'inlineScript' + inlineScript: | + az deployment mg create --template-file infra-as-code/bicep/deploy_dine_policies.bicep --location $(Location) --management-group-id $(ManagementGroupPrefix) + + - task: AzureCLI@2 + displayName: Az CLI Deploy Monitor Policy Initiatives + inputs: + azureSubscription: 'serviceconnection' + scriptType: 'batch' + scriptLocation: 'inlineScript' + inlineScript: | + az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorConnectivity.json --location $(Location) --management-group-id $(ManagementGroupPrefix) + az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorIdentity.json --location $(Location) --management-group-id $(ManagementGroupPrefix) + az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorManagement.json --location $(Location) --management-group-id $(ManagementGroupPrefix) + az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorLandingZone.json --location $(Location) --management-group-id $(ManagementGroupPrefix) + az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorServiceHealth.json --location $(Location) --management-group-id $(ManagementGroupPrefix) + + - task: AzureCLI@2 + displayName: Az CLI Deploy Logging + inputs: + azureSubscription: 'serviceconnection' + scriptType: 'batch' + scriptLocation: 'inlineScript' + inlineScript: | + az account set --subscription $(mgSubscriptionId) + az group create --name $(mgResourceGroup) --location $(Location) + az deployment group create --resource-group $(mgResourceGroup) --template-file infra-as-code/bicep/modules/logging/logging.bicep --parameters @infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json + + - task: AzureCLI@2 + displayName: Az CLI Deploy ALZ Policy assignments + inputs: + azureSubscription: 'serviceconnection' + scriptType: 'batch' + scriptLocation: 'inlineScript' + inlineScript: | + az deployment mg create --template-file infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep --parameters @infra-as-code/bicep/modules/policy/assignments/alzDefaults/parameters/alzDefaultPolicyAssignments.parameters.all.json parTopLevelManagementGroupPrefix=$(ManagementGroupPrefix) parLogAnalyticsWorkSpaceAndAutomationAccountLocation=$(Location) parLogAnalyticsWorkspaceResourceId="/subscriptions/$(mgSubscriptionId)/resourceGroups/$(mgResourceGroup)/providers/Microsoft.OperationalInsights/workspaces/alz-log-analytics" --location $(Location) --management-group-id "$(ManagementGroupPrefix)-landingzones" + + - task: AzureCLI@2 + displayName: Az CLI Monitor Policy initiative assignments + inputs: + azureSubscription: 'serviceconnection' + scriptType: 'batch' + scriptLocation: 'inlineScript' + inlineScript: | + az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_identity.bicep --location $(Location) --management-group-id $(identityManagementGroup) --parameters ./infra-as-code/bicep/parameters-complete-identity.json parPolicyManagementGroupId=$(ManagementGroupPrefix) + az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_management.bicep --location $(Location) --management-group-id $(managementManagementGroup) --parameters ./infra-as-code/bicep/parameters-complete-management.json parPolicyManagementGroupId=$(ManagementGroupPrefix) + az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_connectivity.bicep --location $(Location) --management-group-id $(connectivityManagementGroup) --parameters ./infra-as-code/bicep/parameters-complete-connectivity.json parPolicyManagementGroupId=$(ManagementGroupPrefix) + az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_landingzones.bicep --location $(Location) --management-group-id $(alzManagementGroup) --parameters ./infra-as-code/bicep/parameters-complete-landingzones.json parPolicyManagementGroupId=$(ManagementGroupPrefix) + az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_servicehealth.bicep --location $(Location) --management-group-id $(ManagementGroupPrefix) --parameters ./infra-as-code/bicep/parameters-complete-servicehealth.json parPolicyManagementGroupId=$(ManagementGroupPrefix) + + - task: AzureCLI@2 + displayName: Az CLI Subscription Placement + inputs: + azureSubscription: 'serviceconnection' + scriptType: 'batch' + scriptLocation: 'inlineScript' + inlineScript: | + az deployment mg create --template-file infra-as-code/bicep/orchestration/subPlacementAll/subPlacementAll.bicep --parameters parPlatformManagementMgSubs='["$(mgSubscriptionId)"]' parPlatformConnectivityMgSubs='["$(connSubscriptionId)"]' parLandingZonesCorpMgSubs='["$(spokeSubscriptionId)"]' parPlatformIdentityMgSubs='["$(idSubscriptionId)"]' parTopLevelManagementGroupPrefix=$(ManagementGroupPrefix) --location $(Location) --management-group-id $(ManagementGroupPrefix) + + - task: AzureCLI@2 + displayName: Az CLI Deploy Hub Networking + inputs: + azureSubscription: 'serviceconnection' + scriptType: 'bash' + scriptLocation: 'inlineScript' + inlineScript: | + az account set --subscription $(connSubscriptionId) + az group create --name $(connResourceGroup) --location $(Location) + az deployment group create --resource-group $(connResourceGroup) --template-file infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep --parameters @infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json parLocation=$(Location) + + - task: AzureCLI@2 + displayName: Az CLI Deploy Spoke Networking + inputs: + azureSubscription: 'serviceconnection' + scriptType: 'bash' + scriptLocation: 'inlineScript' + inlineScript: | + az deployment mg create --template-file infra-as-code/bicep/orchestration/hubPeeredSpoke/hubPeeredSpoke.bicep --parameters @infra-as-code/bicep/orchestration/hubPeeredSpoke/parameters/hubPeeredSpoke.parameters.vwan.json --location $(Location) --management-group-id $(ManagementGroupPrefix) From 8ccd6a522007d9287f9b1783f7b02c212a17702b Mon Sep 17 00:00:00 2001 From: Jan Faurskov <22591930+jfaurskov@users.noreply.github.com> Date: Mon, 15 May 2023 10:29:22 +0200 Subject: [PATCH 02/12] displayname --- .../arm/testing/ado-pipelines/deploy-hub-networking.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/resources/arm/testing/ado-pipelines/deploy-hub-networking.yml b/src/resources/arm/testing/ado-pipelines/deploy-hub-networking.yml index 300105c4..88430898 100644 --- a/src/resources/arm/testing/ado-pipelines/deploy-hub-networking.yml +++ b/src/resources/arm/testing/ado-pipelines/deploy-hub-networking.yml @@ -26,7 +26,7 @@ jobs: vmImage: ubuntu-latest steps: - task: AzureCLI@2 - displayeName: Az CLI Deploy Management Groups for hubnw + displayName: Az CLI Deploy Management Groups for hubnw inputs: azureSubscription: 'serviceconnection' scriptType: 'batch' From 9cb0389e0ff0691b54cd14914565af7a809242b8 Mon Sep 17 00:00:00 2001 From: Jan Faurskov <22591930+jfaurskov@users.noreply.github.com> Date: Mon, 15 May 2023 10:33:12 +0200 Subject: [PATCH 03/12] bash --- .../ado-pipelines/deploy-hub-networking.yml | 18 +++++++++--------- .../ado-pipelines/deploy-vwan-networking.yml | 18 +++++++++--------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/src/resources/arm/testing/ado-pipelines/deploy-hub-networking.yml b/src/resources/arm/testing/ado-pipelines/deploy-hub-networking.yml index 88430898..c17d1c41 100644 --- a/src/resources/arm/testing/ado-pipelines/deploy-hub-networking.yml +++ b/src/resources/arm/testing/ado-pipelines/deploy-hub-networking.yml @@ -29,7 +29,7 @@ jobs: displayName: Az CLI Deploy Management Groups for hubnw inputs: azureSubscription: 'serviceconnection' - scriptType: 'batch' + scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | az deployment tenant create --template-file infra-as-code/bicep/modules/managementGroups/managementGroups.bicep --parameters parTopLevelManagementGroupPrefix=$(ManagementGroupPrefix) parTopLevelManagementGroupDisplayName="$(TopLevelManagementGroupDisplayName)" --location $(Location) --name $(ManagementGroupPrefix) @@ -38,7 +38,7 @@ jobs: displayName: Az CLI Deploy Custom Role Definitions inputs: azureSubscription: 'serviceconnection' - scriptType: 'batch' + scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | az deployment mg create --template-file infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep --parameters @infra-as-code/bicep/modules/customRoleDefinitions/parameters/customRoleDefinitions.parameters.all.json parAssignableScopeManagementGroupId=$(ManagementGroupPrefix) --location $(Location) --management-group-id $(ManagementGroupPrefix) @@ -47,7 +47,7 @@ jobs: displayName: Az CLI Deploy Custom Policy Definitions inputs: azureSubscription: 'serviceconnection' - scriptType: 'batch' + scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | az deployment mg create --template-file infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep --parameters @infra-as-code/bicep/modules/policy/definitions/parameters/customPolicyDefinitions.parameters.all.json parTargetManagementGroupId=$(ManagementGroupPrefix) --location $(Location) --management-group-id $(ManagementGroupPrefix) @@ -56,7 +56,7 @@ jobs: displayName: Az CLI Deploy Monitor Policy Definitions inputs: azureSubscription: 'serviceconnection' - scriptType: 'batch' + scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | az deployment mg create --template-file infra-as-code/bicep/deploy_dine_policies.bicep --location $(Location) --management-group-id $(ManagementGroupPrefix) @@ -65,7 +65,7 @@ jobs: displayName: Az CLI Deploy Monitor Policy Initiatives inputs: azureSubscription: 'serviceconnection' - scriptType: 'batch' + scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorConnectivity.json --location $(Location) --management-group-id $(ManagementGroupPrefix) @@ -78,7 +78,7 @@ jobs: displayName: Az CLI Deploy Logging inputs: azureSubscription: 'serviceconnection' - scriptType: 'batch' + scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | az account set --subscription $(mgSubscriptionId) @@ -89,7 +89,7 @@ jobs: displayName: Az CLI Deploy ALZ Policy assignments inputs: azureSubscription: 'serviceconnection' - scriptType: 'batch' + scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | az deployment mg create --template-file infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep --parameters @infra-as-code/bicep/modules/policy/assignments/alzDefaults/parameters/alzDefaultPolicyAssignments.parameters.all.json parTopLevelManagementGroupPrefix=$(ManagementGroupPrefix) parLogAnalyticsWorkSpaceAndAutomationAccountLocation=$(Location) parLogAnalyticsWorkspaceResourceId="/subscriptions/$(mgSubscriptionId)/resourceGroups/$(mgResourceGroup)/providers/Microsoft.OperationalInsights/workspaces/alz-log-analytics" --location $(Location) --management-group-id "$(ManagementGroupPrefix)-landingzones" @@ -98,7 +98,7 @@ jobs: displayName: Az CLI Monitor Policy initiative assignments inputs: azureSubscription: 'serviceconnection' - scriptType: 'batch' + scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_identity.bicep --location $(Location) --management-group-id $(identityManagementGroup) --parameters ./infra-as-code/bicep/parameters-complete-identity.json parPolicyManagementGroupId=$(ManagementGroupPrefix) @@ -111,7 +111,7 @@ jobs: displayName: Az CLI Subscription Placement inputs: azureSubscription: 'serviceconnection' - scriptType: 'batch' + scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | az deployment mg create --template-file infra-as-code/bicep/orchestration/subPlacementAll/subPlacementAll.bicep --parameters parPlatformManagementMgSubs='["$(mgSubscriptionId)"]' parPlatformConnectivityMgSubs='["$(connSubscriptionId)"]' parLandingZonesCorpMgSubs='["$(spokeSubscriptionId)"]' parPlatformIdentityMgSubs='["$(idSubscriptionId)"]' parTopLevelManagementGroupPrefix=$(ManagementGroupPrefix) --location $(Location) --management-group-id $(ManagementGroupPrefix) diff --git a/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml b/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml index 3a44cc98..0d62bf39 100644 --- a/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml +++ b/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml @@ -29,7 +29,7 @@ jobs: displayeName: Az CLI Deploy Management Groups for vwan inputs: azureSubscription: 'serviceconnection' - scriptType: 'batch' + scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | az deployment tenant create --template-file infra-as-code/bicep/modules/managementGroups/managementGroups.bicep --parameters parTopLevelManagementGroupPrefix=$(ManagementGroupPrefix) parTopLevelManagementGroupDisplayName="$(TopLevelManagementGroupDisplayName)" --location $(Location) --name $(ManagementGroupPrefix) @@ -38,7 +38,7 @@ jobs: displayName: Az CLI Deploy Custom Role Definitions inputs: azureSubscription: 'serviceconnection' - scriptType: 'batch' + scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | az deployment mg create --template-file infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep --parameters @infra-as-code/bicep/modules/customRoleDefinitions/parameters/customRoleDefinitions.parameters.all.json parAssignableScopeManagementGroupId=$(ManagementGroupPrefix) --location $(Location) --management-group-id $(ManagementGroupPrefix) @@ -47,7 +47,7 @@ jobs: displayName: Az CLI Deploy Custom Policy Definitions inputs: azureSubscription: 'serviceconnection' - scriptType: 'batch' + scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | az deployment mg create --template-file infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep --parameters @infra-as-code/bicep/modules/policy/definitions/parameters/customPolicyDefinitions.parameters.all.json parTargetManagementGroupId=$(ManagementGroupPrefix) --location $(Location) --management-group-id $(ManagementGroupPrefix) @@ -56,7 +56,7 @@ jobs: displayName: Az CLI Deploy Monitor Policy Definitions inputs: azureSubscription: 'serviceconnection' - scriptType: 'batch' + scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | az deployment mg create --template-file infra-as-code/bicep/deploy_dine_policies.bicep --location $(Location) --management-group-id $(ManagementGroupPrefix) @@ -65,7 +65,7 @@ jobs: displayName: Az CLI Deploy Monitor Policy Initiatives inputs: azureSubscription: 'serviceconnection' - scriptType: 'batch' + scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorConnectivity.json --location $(Location) --management-group-id $(ManagementGroupPrefix) @@ -78,7 +78,7 @@ jobs: displayName: Az CLI Deploy Logging inputs: azureSubscription: 'serviceconnection' - scriptType: 'batch' + scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | az account set --subscription $(mgSubscriptionId) @@ -89,7 +89,7 @@ jobs: displayName: Az CLI Deploy ALZ Policy assignments inputs: azureSubscription: 'serviceconnection' - scriptType: 'batch' + scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | az deployment mg create --template-file infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep --parameters @infra-as-code/bicep/modules/policy/assignments/alzDefaults/parameters/alzDefaultPolicyAssignments.parameters.all.json parTopLevelManagementGroupPrefix=$(ManagementGroupPrefix) parLogAnalyticsWorkSpaceAndAutomationAccountLocation=$(Location) parLogAnalyticsWorkspaceResourceId="/subscriptions/$(mgSubscriptionId)/resourceGroups/$(mgResourceGroup)/providers/Microsoft.OperationalInsights/workspaces/alz-log-analytics" --location $(Location) --management-group-id "$(ManagementGroupPrefix)-landingzones" @@ -98,7 +98,7 @@ jobs: displayName: Az CLI Monitor Policy initiative assignments inputs: azureSubscription: 'serviceconnection' - scriptType: 'batch' + scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_identity.bicep --location $(Location) --management-group-id $(identityManagementGroup) --parameters ./infra-as-code/bicep/parameters-complete-identity.json parPolicyManagementGroupId=$(ManagementGroupPrefix) @@ -111,7 +111,7 @@ jobs: displayName: Az CLI Subscription Placement inputs: azureSubscription: 'serviceconnection' - scriptType: 'batch' + scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | az deployment mg create --template-file infra-as-code/bicep/orchestration/subPlacementAll/subPlacementAll.bicep --parameters parPlatformManagementMgSubs='["$(mgSubscriptionId)"]' parPlatformConnectivityMgSubs='["$(connSubscriptionId)"]' parLandingZonesCorpMgSubs='["$(spokeSubscriptionId)"]' parPlatformIdentityMgSubs='["$(idSubscriptionId)"]' parTopLevelManagementGroupPrefix=$(ManagementGroupPrefix) --location $(Location) --management-group-id $(ManagementGroupPrefix) From 69496a578c0bf5d930d16a5ea0b6d72e8264f07d Mon Sep 17 00:00:00 2001 From: Jan Faurskov <22591930+jfaurskov@users.noreply.github.com> Date: Mon, 15 May 2023 11:18:12 +0200 Subject: [PATCH 04/12] Secrets --- .../arm/testing/ado-pipelines/deploy-hub-networking.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/resources/arm/testing/ado-pipelines/deploy-hub-networking.yml b/src/resources/arm/testing/ado-pipelines/deploy-hub-networking.yml index c17d1c41..d2266169 100644 --- a/src/resources/arm/testing/ado-pipelines/deploy-hub-networking.yml +++ b/src/resources/arm/testing/ado-pipelines/deploy-hub-networking.yml @@ -81,7 +81,7 @@ jobs: scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | - az account set --subscription $(mgSubscriptionId) + az account set --name $(hubMgmtSubscription) az group create --name $(mgResourceGroup) --location $(Location) az deployment group create --resource-group $(mgResourceGroup) --template-file infra-as-code/bicep/modules/logging/logging.bicep --parameters @infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json @@ -123,7 +123,7 @@ jobs: scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | - az account set --subscription $(connSubscriptionId) + az account set --name $(hubSubscription) az group create --name $(connResourceGroup) --location $(Location) az deployment group create --resource-group $(connResourceGroup) --template-file infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep --parameters @infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json parLocation=$(Location) @@ -134,4 +134,4 @@ jobs: scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | - az deployment mg create --template-file infra-as-code/bicep/orchestration/hubPeeredSpoke/hubPeeredSpoke.bicep --parameters @infra-as-code/bicep/orchestration/hubPeeredSpoke/parameters/hubPeeredSpoke.parameters.hubnw.json parPeeredVnetSubscriptionId=$(spokeSubscriptionId) parHubVirtualNetworkId="/subscriptions/$(connSubscriptionId)/resourceGroups/hubnw-connectivity/providers/Microsoft.Network/virtualNetworks/alz-hub-eastus" --location $(Location) --management-group-id $(ManagementGroupPrefix) + az deployment mg create --template-file infra-as-code/bicep/orchestration/hubPeeredSpoke/hubPeeredSpoke.bicep --parameters @infra-as-code/bicep/orchestration/hubPeeredSpoke/parameters/hubPeeredSpoke.parameters.hubnw.json parPeeredVnetSubscriptionId=$(hubSpokeSubscriptionId) parHubVirtualNetworkId="/subscriptions/$(hubSubscriptionId)/resourceGroups/hubnw-connectivity/providers/Microsoft.Network/virtualNetworks/alz-hub-eastus" --location $(Location) --management-group-id $(ManagementGroupPrefix) From 1eace536e80521aa9e4092eaf4204dceb8005504 Mon Sep 17 00:00:00 2001 From: Jan Faurskov <22591930+jfaurskov@users.noreply.github.com> Date: Mon, 15 May 2023 11:29:01 +0200 Subject: [PATCH 05/12] reource group --- .../arm/testing/ado-pipelines/deploy-hub-networking.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/resources/arm/testing/ado-pipelines/deploy-hub-networking.yml b/src/resources/arm/testing/ado-pipelines/deploy-hub-networking.yml index d2266169..1ac46567 100644 --- a/src/resources/arm/testing/ado-pipelines/deploy-hub-networking.yml +++ b/src/resources/arm/testing/ado-pipelines/deploy-hub-networking.yml @@ -18,6 +18,10 @@ variables: value: "hubnw-platform-connectivity" - name: alzManagementGroup value: "hubnw-landingzones" + - name: mgResourceGroup + value: "hubnw-mgmt" + - name: connResourceGroup + value: "hubnw-connectivity" jobs: - job: HubNW_deploy From e79a7f7acbd96b861c2beca97f5b2351b9663b5a Mon Sep 17 00:00:00 2001 From: Jan Faurskov <22591930+jfaurskov@users.noreply.github.com> Date: Mon, 15 May 2023 11:44:43 +0200 Subject: [PATCH 06/12] update vwan --- .../arm/testing/ado-pipelines/deploy-vwan-networking.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml b/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml index 0d62bf39..c6cc14b2 100644 --- a/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml +++ b/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml @@ -18,6 +18,10 @@ variables: value: "vwan-platform-connectivity" - name: alzManagementGroup value: "vwan-landingzones" + - name: mgResourceGroup + value: "hubnw-mgmt" + - name: connResourceGroup + value: "hubnw-connectivity" jobs: - job: vwan_deploy @@ -81,7 +85,7 @@ jobs: scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | - az account set --subscription $(mgSubscriptionId) + az account set --name $(vwanMgmtSubscription) az group create --name $(mgResourceGroup) --location $(Location) az deployment group create --resource-group $(mgResourceGroup) --template-file infra-as-code/bicep/modules/logging/logging.bicep --parameters @infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json From 10e51bb48a2c7e94871a3bbf9258db4f99b5220c Mon Sep 17 00:00:00 2001 From: Jan Faurskov <22591930+jfaurskov@users.noreply.github.com> Date: Mon, 15 May 2023 11:47:05 +0200 Subject: [PATCH 07/12] displayname --- .../arm/testing/ado-pipelines/deploy-vwan-networking.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml b/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml index c6cc14b2..d9615a64 100644 --- a/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml +++ b/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml @@ -30,7 +30,7 @@ jobs: vmImage: ubuntu-latest steps: - task: AzureCLI@2 - displayeName: Az CLI Deploy Management Groups for vwan + displayName: Az CLI Deploy Management Groups for vwan inputs: azureSubscription: 'serviceconnection' scriptType: 'bash' From e3f8bfe00d4deccebe3b1163b5cc42023055306c Mon Sep 17 00:00:00 2001 From: Jan Faurskov <22591930+jfaurskov@users.noreply.github.com> Date: Mon, 15 May 2023 12:12:45 +0200 Subject: [PATCH 08/12] subscriptionIds --- .../arm/testing/ado-pipelines/deploy-hub-networking.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/resources/arm/testing/ado-pipelines/deploy-hub-networking.yml b/src/resources/arm/testing/ado-pipelines/deploy-hub-networking.yml index 1ac46567..a5ba2b8a 100644 --- a/src/resources/arm/testing/ado-pipelines/deploy-hub-networking.yml +++ b/src/resources/arm/testing/ado-pipelines/deploy-hub-networking.yml @@ -118,7 +118,7 @@ jobs: scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | - az deployment mg create --template-file infra-as-code/bicep/orchestration/subPlacementAll/subPlacementAll.bicep --parameters parPlatformManagementMgSubs='["$(mgSubscriptionId)"]' parPlatformConnectivityMgSubs='["$(connSubscriptionId)"]' parLandingZonesCorpMgSubs='["$(spokeSubscriptionId)"]' parPlatformIdentityMgSubs='["$(idSubscriptionId)"]' parTopLevelManagementGroupPrefix=$(ManagementGroupPrefix) --location $(Location) --management-group-id $(ManagementGroupPrefix) + az deployment mg create --template-file infra-as-code/bicep/orchestration/subPlacementAll/subPlacementAll.bicep --parameters parPlatformManagementMgSubs='["$(hubMgmtSubscriptionId)"]' parPlatformConnectivityMgSubs='["$(hubSubscriptionId)"]' parLandingZonesCorpMgSubs='["$(hubSpokeSubscriptionId)"]' parPlatformIdentityMgSubs='["$(hubIdentitySubscriptionId)"]' parTopLevelManagementGroupPrefix=$(ManagementGroupPrefix) --location $(Location) --management-group-id $(ManagementGroupPrefix) - task: AzureCLI@2 displayName: Az CLI Deploy Hub Networking From f179bcdaf039a5444f83635de90107a5c9524359 Mon Sep 17 00:00:00 2001 From: Jan Faurskov <22591930+jfaurskov@users.noreply.github.com> Date: Mon, 15 May 2023 12:16:56 +0200 Subject: [PATCH 09/12] variables --- .../arm/testing/ado-pipelines/deploy-vwan-networking.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml b/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml index d9615a64..e270eb19 100644 --- a/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml +++ b/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml @@ -118,7 +118,7 @@ jobs: scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | - az deployment mg create --template-file infra-as-code/bicep/orchestration/subPlacementAll/subPlacementAll.bicep --parameters parPlatformManagementMgSubs='["$(mgSubscriptionId)"]' parPlatformConnectivityMgSubs='["$(connSubscriptionId)"]' parLandingZonesCorpMgSubs='["$(spokeSubscriptionId)"]' parPlatformIdentityMgSubs='["$(idSubscriptionId)"]' parTopLevelManagementGroupPrefix=$(ManagementGroupPrefix) --location $(Location) --management-group-id $(ManagementGroupPrefix) + az deployment mg create --template-file infra-as-code/bicep/orchestration/subPlacementAll/subPlacementAll.bicep --parameters parPlatformManagementMgSubs='["$(vwanMgmtSubscriptionId)"]' parPlatformConnectivityMgSubs='["$(vwanSubscriptionId)"]' parLandingZonesCorpMgSubs='["$(vwanSpokeSubscriptionId)"]' parPlatformIdentityMgSubs='["$(vwanIdentitySubscriptionId)"]' parTopLevelManagementGroupPrefix=$(ManagementGroupPrefix) --location $(Location) --management-group-id $(ManagementGroupPrefix) - task: AzureCLI@2 displayName: Az CLI Deploy Hub Networking From fc6b057e1797e0a1a6812fb341a2b494923efc50 Mon Sep 17 00:00:00 2001 From: Jan Faurskov <22591930+jfaurskov@users.noreply.github.com> Date: Mon, 15 May 2023 15:35:38 +0200 Subject: [PATCH 10/12] fix subscription --- .../arm/testing/ado-pipelines/deploy-vwan-networking.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml b/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml index e270eb19..c81d7f4d 100644 --- a/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml +++ b/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml @@ -121,13 +121,13 @@ jobs: az deployment mg create --template-file infra-as-code/bicep/orchestration/subPlacementAll/subPlacementAll.bicep --parameters parPlatformManagementMgSubs='["$(vwanMgmtSubscriptionId)"]' parPlatformConnectivityMgSubs='["$(vwanSubscriptionId)"]' parLandingZonesCorpMgSubs='["$(vwanSpokeSubscriptionId)"]' parPlatformIdentityMgSubs='["$(vwanIdentitySubscriptionId)"]' parTopLevelManagementGroupPrefix=$(ManagementGroupPrefix) --location $(Location) --management-group-id $(ManagementGroupPrefix) - task: AzureCLI@2 - displayName: Az CLI Deploy Hub Networking + displayName: Az CLI Deploy vwan Networking inputs: azureSubscription: 'serviceconnection' scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | - az account set --subscription $(connSubscriptionId) + az account set --name $(vwanSubscription) az group create --name $(connResourceGroup) --location $(Location) az deployment group create --resource-group $(connResourceGroup) --template-file infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep --parameters @infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json parLocation=$(Location) From cefc765139a727e1e4fa465bfd4f4f902ab0da40 Mon Sep 17 00:00:00 2001 From: Jan Faurskov <22591930+jfaurskov@users.noreply.github.com> Date: Mon, 15 May 2023 16:15:22 +0200 Subject: [PATCH 11/12] Delete GH actions --- .github/workflows/deploy-hub-networking.yml | 124 ------------------- .github/workflows/deploy-vwan-networking.yml | 123 ------------------ 2 files changed, 247 deletions(-) delete mode 100644 .github/workflows/deploy-hub-networking.yml delete mode 100644 .github/workflows/deploy-vwan-networking.yml diff --git a/.github/workflows/deploy-hub-networking.yml b/.github/workflows/deploy-hub-networking.yml deleted file mode 100644 index 9311a2b5..00000000 --- a/.github/workflows/deploy-hub-networking.yml +++ /dev/null @@ -1,124 +0,0 @@ - -name: Deploy ALZ in HUB Networking configuration - -# only trigger on pull request closed events -on: - workflow_dispatch: {} - -permissions: - id-token: write - contents: read - -env: - Location: "norwayeast" - ManagementGroupPrefix: "hubnw" - TopLevelManagementGroupDisplayName: "Hub Networking management group hierarchy" - identityManagementGroup: "hubnw-platform-identity" - managementManagementGroup: "hubnw-platform-management" - connectivityManagementGroup: "hubnw-platform-connectivity" - alzManagementGroup: "hubnw-landingzones" - mgSubscriptionId: ${{ secrets.HUBNW_MGMT_SUBSCRIPTIONID }} - mgResourceGroup: "hubnw-mgmt" - connSubscriptionId: ${{ secrets.HUBNW_CONNECTIVITY_SUBSCRIPTIONID }} - connResourceGroup: "hubnw-connectivity" - spokeSubscriptionId: ${{ secrets.HUBNW_SPOKE_SUBSCRIPTIONID }} - spokeResourceGroup: "spoke-connectivity" - idSubscriptionId: ${{ secrets.HUBNW_IDENTITY_SUBSCRIPTIONID }} - - -jobs: - deploy_job: - runs-on: ubuntu-latest - environment: deploy - - steps: - - name: Checkout Repo - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - - name: 'Az CLI login' - uses: azure/login@v1 - with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - enable-AzPSSession: true - - - name: Az CLI Deploy Management Groups for PR - id: create_mgs - shell: bash - run: | - az deployment tenant create --template-file infra-as-code/bicep/modules/managementGroups/managementGroups.bicep --parameters parTopLevelManagementGroupPrefix=${{ env.ManagementGroupPrefix }} parTopLevelManagementGroupDisplayName="${{ env.TopLevelManagementGroupDisplayName }}" --location ${{ env.Location }} --name ${{ env.ManagementGroupPrefix }} - - - name: Az CLI Deploy Custom Role Definitions for PR - id: create_rbac_roles - shell: bash - run: | - az deployment mg create --template-file infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep --parameters @infra-as-code/bicep/modules/customRoleDefinitions/parameters/customRoleDefinitions.parameters.all.json parAssignableScopeManagementGroupId=${{ env.ManagementGroupPrefix }} --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }} - - - name: Az CLI Deploy Custom Policy Definitions for PR - id: create_policy_defs - shell: bash - run: | - az deployment mg create --template-file infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep --parameters @infra-as-code/bicep/modules/policy/definitions/parameters/customPolicyDefinitions.parameters.all.json parTargetManagementGroupId=${{ env.ManagementGroupPrefix }} --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }} - - - name: Az CLI Deploy Monitor Policy Definitions - id: create_monitor_policy_defs - shell: bash - run: | - az deployment mg create --template-file infra-as-code/bicep/deploy_dine_policies.bicep --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }} - - - name: Az CLI Deploy Monitor Policy Initiatives - id: create_monitor_policy_initiatives - shell: bash - run: | - az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorConnectivity.json --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }} - az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorIdentity.json --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }} - az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorManagement.json --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }} - az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorLandingZone.json --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }} - az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorServiceHealth.json --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }} - - - name: Az CLI Deploy Logging for PR - id: create_logging - shell: bash - run: | - az account set --subscription ${{ env.mgSubscriptionId }} - az group create --name ${{ env.mgResourceGroup }} --location ${{ env.Location }} - az deployment group create --resource-group ${{ env.mgResourceGroup }} --template-file infra-as-code/bicep/modules/logging/logging.bicep --parameters @infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json - - - name: Az CLI Default ALZ Policy assignments - id: create_policy_assignment_dine - shell: bash - run: | - az deployment mg create --template-file infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep --parameters @infra-as-code/bicep/modules/policy/assignments/alzDefaults/parameters/alzDefaultPolicyAssignments.parameters.all.json parTopLevelManagementGroupPrefix=${{ env.ManagementGroupPrefix }} parLogAnalyticsWorkSpaceAndAutomationAccountLocation=${{ env.Location }} parLogAnalyticsWorkspaceResourceId="/subscriptions/${{ env.mgSubscriptionId }}/resourceGroups/${{ env.mgResourceGroup }}/providers/Microsoft.OperationalInsights/workspaces/alz-log-analytics" --location ${{ env.Location }} --management-group-id "${{ env.ManagementGroupPrefix }}-landingzones" - - - name: Az CLI Monitor Policy initiative assignments - id: assign_monitor_policy_initiatives - shell: bash - run: | - az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_identity.bicep --location ${{ env.Location }} --management-group-id ${{ env.identityManagementGroup }} --parameters ./infra-as-code/bicep/parameters-complete-identity.json parPolicyManagementGroupId=${{ env.ManagementGroupPrefix }} - az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_management.bicep --location ${{ env.Location }} --management-group-id ${{ env.managementManagementGroup }} --parameters ./infra-as-code/bicep/parameters-complete-management.json parPolicyManagementGroupId=${{ env.ManagementGroupPrefix }} - az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_connectivity.bicep --location ${{ env.Location }} --management-group-id ${{ env.connectivityManagementGroup }} --parameters ./infra-as-code/bicep/parameters-complete-connectivity.json parPolicyManagementGroupId=${{ env.ManagementGroupPrefix }} - az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_landingzones.bicep --location ${{ env.Location }} --management-group-id ${{ env.alzManagementGroup }} --parameters ./infra-as-code/bicep/parameters-complete-landingzones.json parPolicyManagementGroupId=${{ env.ManagementGroupPrefix }} - az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_servicehealth.bicep --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }} --parameters ./infra-as-code/bicep/parameters-complete-servicehealth.json parPolicyManagementGroupId=${{ env.ManagementGroupPrefix }} - - - name: Az CLI Subscription Placement for PR - id: move_sub - shell: bash - run: | - az deployment mg create --template-file infra-as-code/bicep/orchestration/subPlacementAll/subPlacementAll.bicep --parameters parPlatformManagementMgSubs='["${{ env.mgSubscriptionId }}"]' parPlatformConnectivityMgSubs='["${{ env.connSubscriptionId }}"]' parLandingZonesCorpMgSubs='["${{ env.spokeSubscriptionId }}"]' parPlatformIdentityMgSubs='["${{ env.idSubscriptionId }}"]' parTopLevelManagementGroupPrefix=${{ env.ManagementGroupPrefix }} --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }} - - - name: Az CLI Deploy Hub Networking for PR - id: create_hub_network - shell: bash - run: | - az account set --subscription ${{ env.connSubscriptionId }} - az group create --name ${{ env.connResourceGroup }} --location ${{ env.Location }} - az deployment group create --resource-group ${{ env.connResourceGroup }} --template-file infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep --parameters @infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json parLocation=${{ env.Location }} - - - name: Az CLI Deploy Spoke Networking for PR - id: create_spoke_network - shell: bash - run: | - az deployment mg create --template-file infra-as-code/bicep/orchestration/hubPeeredSpoke/hubPeeredSpoke.bicep --parameters @infra-as-code/bicep/orchestration/hubPeeredSpoke/parameters/hubPeeredSpoke.parameters.hubnw.json parPeeredVnetSubscriptionId=${{ env.spokeSubscriptionId }} parHubVirtualNetworkId="/subscriptions/${{ env.connSubscriptionId }}/resourceGroups/hubnw-connectivity/providers/Microsoft.Network/virtualNetworks/alz-hub-eastus" --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }} diff --git a/.github/workflows/deploy-vwan-networking.yml b/.github/workflows/deploy-vwan-networking.yml deleted file mode 100644 index c05c5f0d..00000000 --- a/.github/workflows/deploy-vwan-networking.yml +++ /dev/null @@ -1,123 +0,0 @@ - -name: Deploy ALZ in vwan Networking configuration - -# only trigger on pull request closed events -on: - workflow_dispatch: {} - -permissions: - id-token: write - contents: read - -env: - Location: "norwayeast" - ManagementGroupPrefix: "vwan" - TopLevelManagementGroupDisplayName: "VWAN Networking management group hierarchy" - identityManagementGroup: "vwan-platform-identity" - managementManagementGroup: "vwan-platform-management" - connectivityManagementGroup: "vwan-platform-connectivity" - alzManagementGroup: "vwan-landingzones" - mgSubscriptionId: ${{ secrets.VWAN_MGMT_SUBSCRIPTIONID }} - mgResourceGroup: "vwan-mgmt" - connSubscriptionId: ${{ secrets.VWAN_CONNECTIVITY_SUBSCRIPTIONID }} - connResourceGroup: "vwan-connectivity" - spokeSubscriptionId: ${{ secrets.VWAN_SPOKE_SUBSCRIPTIONID }} - spokeResourceGroup: "spoke-connectivity" - idSubscriptionId: ${{ secrets.VWAN_IDENTITY_SUBSCRIPTIONID }} - -jobs: - deploy_job: - runs-on: ubuntu-latest - environment: deploy - - steps: - - name: Checkout Repo - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - - name: 'Az CLI login' - uses: azure/login@v1 - with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - enable-AzPSSession: true - - - name: Az CLI Deploy Management Groups - id: create_mgs - shell: bash - run: | - az deployment tenant create --template-file infra-as-code/bicep/modules/managementGroups/managementGroups.bicep --parameters parTopLevelManagementGroupPrefix=${{ env.ManagementGroupPrefix }} parTopLevelManagementGroupDisplayName="${{ env.TopLevelManagementGroupDisplayName }}" --location ${{ env.Location }} --name ${{ env.ManagementGroupPrefix }} - - - name: Az CLI Deploy Custom Role Definitions - id: create_rbac_roles - shell: bash - run: | - az deployment mg create --template-file infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep --parameters @infra-as-code/bicep/modules/customRoleDefinitions/parameters/customRoleDefinitions.parameters.all.json parAssignableScopeManagementGroupId=${{ env.ManagementGroupPrefix }} --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }} - - - name: Az CLI Deploy Custom Policy Definitions for PR - id: create_policy_defs - shell: bash - run: | - az deployment mg create --template-file infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep --parameters @infra-as-code/bicep/modules/policy/definitions/parameters/customPolicyDefinitions.parameters.all.json parTargetManagementGroupId=${{ env.ManagementGroupPrefix }} --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }} - - - name: Az CLI Deploy Monitor Policy Definitions - id: create_monitor_policy_defs - shell: bash - run: | - az deployment mg create --template-file infra-as-code/bicep/deploy_dine_policies.bicep --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }} - - - name: Az CLI Deploy Monitor Policy Initiatives - id: create_monitor_policy_initiatives - shell: bash - run: | - az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorConnectivity.json --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }} - az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorIdentity.json --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }} - az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorManagement.json --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }} - az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorLandingZone.json --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }} - az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorServiceHealth.json --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }} - - - name: Az CLI Deploy Logging for PR - id: create_logging - shell: bash - run: | - az account set --subscription ${{ env.mgSubscriptionId }} - az group create --name ${{ env.mgResourceGroup }} --location ${{ env.Location }} - az deployment group create --resource-group ${{ env.mgResourceGroup }} --template-file infra-as-code/bicep/modules/logging/logging.bicep --parameters @infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json - - - name: Az CLI Default ALZ Policy assignments - id: create_policy_assignment_dine - shell: bash - run: | - az deployment mg create --template-file infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep --parameters @infra-as-code/bicep/modules/policy/assignments/alzDefaults/parameters/alzDefaultPolicyAssignments.parameters.all.json parTopLevelManagementGroupPrefix=${{ env.ManagementGroupPrefix }} parLogAnalyticsWorkSpaceAndAutomationAccountLocation=${{ env.Location }} parLogAnalyticsWorkspaceResourceId="/subscriptions/${{ env.mgSubscriptionId }}/resourceGroups/${{ env.mgResourceGroup }}/providers/Microsoft.OperationalInsights/workspaces/alz-log-analytics" --location ${{ env.Location }} --management-group-id "${{ env.ManagementGroupPrefix }}-landingzones" - - - name: Az CLI Monitor Policy initiative assignments - id: assign_monitor_policy_initiatives - shell: bash - run: | - az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_identity.bicep --location ${{ env.Location }} --management-group-id ${{ env.identityManagementGroup }} --parameters ./infra-as-code/bicep/parameters-complete-identity.json parPolicyManagementGroupId=${{ env.ManagementGroupPrefix }} - az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_management.bicep --location ${{ env.Location }} --management-group-id ${{ env.managementManagementGroup }} --parameters ./infra-as-code/bicep/parameters-complete-management.json parPolicyManagementGroupId=${{ env.ManagementGroupPrefix }} - az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_connectivity.bicep --location ${{ env.Location }} --management-group-id ${{ env.connectivityManagementGroup }} --parameters ./infra-as-code/bicep/parameters-complete-connectivity.json parPolicyManagementGroupId=${{ env.ManagementGroupPrefix }} - az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_landingzones.bicep --location ${{ env.Location }} --management-group-id ${{ env.alzManagementGroup }} --parameters ./infra-as-code/bicep/parameters-complete-landingzones.json parPolicyManagementGroupId=${{ env.ManagementGroupPrefix }} - az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_servicehealth.bicep --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }} --parameters ./infra-as-code/bicep/parameters-complete-servicehealth.json parPolicyManagementGroupId=${{ env.ManagementGroupPrefix }} - - - name: Az CLI Subscription Placement for PR - id: move_sub - shell: bash - run: | - az deployment mg create --template-file infra-as-code/bicep/orchestration/subPlacementAll/subPlacementAll.bicep --parameters parPlatformManagementMgSubs='["${{ env.mgSubscriptionId }}"]' parPlatformConnectivityMgSubs='["${{ env.connSubscriptionId }}"]' parLandingZonesCorpMgSubs='["${{ env.spokeSubscriptionId }}"]' parPlatformIdentityMgSubs='["${{ env.idSubscriptionId }}"]' parTopLevelManagementGroupPrefix=${{ env.ManagementGroupPrefix }} --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }} - - - name: Az CLI Deploy VWAN Networking for PR - id: create_hub_network - shell: bash - run: | - az account set --subscription ${{ env.connSubscriptionId }} - az group create --name ${{ env.connResourceGroup }} --location ${{ env.Location }} - az deployment group create --resource-group ${{ env.connResourceGroup }} --template-file infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep --parameters @infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json parLocation=${{ env.Location }} - - - name: Az CLI Deploy Spoke Networking for PR - id: create_spoke_network - shell: bash - run: | - az deployment mg create --template-file infra-as-code/bicep/orchestration/hubPeeredSpoke/hubPeeredSpoke.bicep --parameters @infra-as-code/bicep/orchestration/hubPeeredSpoke/parameters/hubPeeredSpoke.parameters.vwan.json --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }} From f5d269b85ca5c30e2ce109a25af7da8f5219769d Mon Sep 17 00:00:00 2001 From: Jan Faurskov <22591930+jfaurskov@users.noreply.github.com> Date: Mon, 15 May 2023 17:02:51 +0200 Subject: [PATCH 12/12] fix resource group names --- .../arm/testing/ado-pipelines/deploy-vwan-networking.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml b/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml index c81d7f4d..210f4f40 100644 --- a/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml +++ b/src/resources/arm/testing/ado-pipelines/deploy-vwan-networking.yml @@ -19,9 +19,9 @@ variables: - name: alzManagementGroup value: "vwan-landingzones" - name: mgResourceGroup - value: "hubnw-mgmt" + value: "vwan-mgmt" - name: connResourceGroup - value: "hubnw-connectivity" + value: "vwan-connectivity" jobs: - job: vwan_deploy