From 7597f29b69aa16c248d8b3bacd086072154fd1c1 Mon Sep 17 00:00:00 2001 From: Marius Date: Thu, 10 Feb 2022 23:27:17 +0100 Subject: [PATCH 01/33] initial version of Microsoft.Web/staticSite --- .github/workflows/ms.web.staticsites.yml | 138 +++++++++++++++ .../staticSites/.bicep/nested_cuaId.bicep | 1 + .../.bicep/nested_privateEndpoint.bicep | 49 ++++++ .../staticSites/.bicep/nested_rbac.bicep | 34 ++++ .../.parameters/min.parameters.json | 9 + arm/Microsoft.Web/staticSites/deploy.bicep | 161 ++++++++++++++++++ arm/Microsoft.Web/staticSites/readme.md | 135 +++++++++++++++ arm/Microsoft.Web/staticSites/version.json | 4 + 8 files changed, 531 insertions(+) create mode 100644 .github/workflows/ms.web.staticsites.yml create mode 100644 arm/Microsoft.Web/staticSites/.bicep/nested_cuaId.bicep create mode 100644 arm/Microsoft.Web/staticSites/.bicep/nested_privateEndpoint.bicep create mode 100644 arm/Microsoft.Web/staticSites/.bicep/nested_rbac.bicep create mode 100644 arm/Microsoft.Web/staticSites/.parameters/min.parameters.json create mode 100644 arm/Microsoft.Web/staticSites/deploy.bicep create mode 100644 arm/Microsoft.Web/staticSites/readme.md create mode 100644 arm/Microsoft.Web/staticSites/version.json diff --git a/.github/workflows/ms.web.staticsites.yml b/.github/workflows/ms.web.staticsites.yml new file mode 100644 index 0000000000..f636e939ef --- /dev/null +++ b/.github/workflows/ms.web.staticsites.yml @@ -0,0 +1,138 @@ +name: 'Web: StaticSites' + +on: + workflow_dispatch: + inputs: + removeDeployment: + type: boolean + description: 'Remove deployed module' + required: false + default: 'true' + prerelease: + type: boolean + description: 'Publish prerelease module' + required: false + default: 'true' + push: + # branches: + # - main + paths: + - '.github/actions/templates/**' + - '.github/workflows/ms.web.staticsites.yml' + - 'arm/Microsoft.Web/staticSites/**' + - '!*/**/readme.md' + - 'utilities/pipelines/**' + - '!utilities/pipelines/dependencies/**' + +env: + modulePath: 'arm/Microsoft.Web/staticSites' + workflowPath: '.github/workflows/ms.web.staticsites.yml' + AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} + ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + ARM_MGMTGROUP_ID: '${{ secrets.ARM_MGMTGROUP_ID }}' + ARM_TENANT_ID: '${{ secrets.ARM_TENANT_ID }}' + DEPLOYMENT_SP_ID: '${{ secrets.DEPLOYMENT_SP_ID }}' + +jobs: + ############################ + # SET INPUT PARAMETERS # + ############################ + job_set_workflow_param: + runs-on: ubuntu-20.04 + name: 'Set input parameters to output variables' + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Set input parameters' + id: get-workflow-param + uses: ./.github/actions/templates/getWorkflowInput + with: + workflowPath: '${{ env.workflowPath}}' + outputs: + removeDeployment: ${{ steps.get-workflow-param.outputs.removeDeployment }} + + #################### + # Pester Tests # + #################### + job_module_pester_validation: + runs-on: ubuntu-20.04 + name: 'Pester tests' + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Run tests' + uses: ./.github/actions/templates/validateModulePester + with: + modulePath: '${{ env.modulePath }}' + + #################### + # Deployment tests # + #################### + job_module_deploy_validation: + runs-on: ubuntu-20.04 + name: 'Deployment tests' + needs: + - job_set_workflow_param + - job_module_pester_validation + strategy: + fail-fast: false + matrix: + parameterFilePaths: + [ + 'min.parameters.json' + ] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Set environment variables + uses: deep-mm/set-variables@v1.0 + with: + variableFileName: 'global.variables' + - name: 'Using parameter file [${{ matrix.parameterFilePaths }}]' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: '${{ env.modulePath }}/deploy.bicep' + parameterFilePath: '${{ env.modulePath }}/.parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ needs.job_set_workflow_param.outputs.removeDeployment }}' + + ############### + # PUBLISH # + ############### + job_publish_module: + name: 'Publish module' + if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' + runs-on: ubuntu-20.04 + needs: + - job_set_workflow_param + - job_module_deploy_validation + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Set environment variables + uses: deep-mm/set-variables@v1.0 + with: + variableFileName: 'global.variables' + - name: 'Publish module' + uses: ./.github/actions/templates/publishModule + with: + templateFilePath: '${{ env.modulePath }}/deploy.bicep' + templateSpecsRGName: '${{ env.templateSpecsRGName }}' + templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + templateSpecsDescription: '${{ env.templateSpecsDescription }}' + templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + bicepRegistryName: '${{ env.bicepRegistryName }}' + bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' diff --git a/arm/Microsoft.Web/staticSites/.bicep/nested_cuaId.bicep b/arm/Microsoft.Web/staticSites/.bicep/nested_cuaId.bicep new file mode 100644 index 0000000000..8b13789179 --- /dev/null +++ b/arm/Microsoft.Web/staticSites/.bicep/nested_cuaId.bicep @@ -0,0 +1 @@ + diff --git a/arm/Microsoft.Web/staticSites/.bicep/nested_privateEndpoint.bicep b/arm/Microsoft.Web/staticSites/.bicep/nested_privateEndpoint.bicep new file mode 100644 index 0000000000..f262061706 --- /dev/null +++ b/arm/Microsoft.Web/staticSites/.bicep/nested_privateEndpoint.bicep @@ -0,0 +1,49 @@ +param privateEndpointResourceId string +param privateEndpointVnetLocation string +param privateEndpointObj object +param tags object + +var privateEndpointResourceName = last(split(privateEndpointResourceId, '/')) +var privateEndpoint_var = { + name: contains(privateEndpointObj, 'name') ? (!empty(privateEndpointObj.name) ? privateEndpointObj.name : '${privateEndpointResourceName}-${privateEndpointObj.service}') : '${privateEndpointResourceName}-${privateEndpointObj.service}' + subnetResourceId: privateEndpointObj.subnetResourceId + service: [ + privateEndpointObj.service + ] + privateDnsZoneResourceIds: contains(privateEndpointObj, 'privateDnsZoneResourceIds') ? (!empty(privateEndpointObj.privateDnsZoneResourceIds) ? privateEndpointObj.privateDnsZoneResourceIds : []) : [] + customDnsConfigs: contains(privateEndpointObj, 'customDnsConfigs') ? (!empty(privateEndpointObj.customDnsConfigs) ? privateEndpointObj.customDnsConfigs : null) : null +} + +resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-03-01' = { + name: privateEndpoint_var.name + location: privateEndpointVnetLocation + tags: tags + properties: { + privateLinkServiceConnections: [ + { + name: privateEndpoint_var.name + properties: { + privateLinkServiceId: privateEndpointResourceId + groupIds: privateEndpoint_var.service + } + } + ] + manualPrivateLinkServiceConnections: [] + subnet: { + id: privateEndpoint_var.subnetResourceId + } + customDnsConfigs: privateEndpoint_var.customDnsConfigs + } +} + +resource privateDnsZoneGroups 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2021-03-01' = if (!empty(privateEndpoint_var.privateDnsZoneResourceIds)) { + name: '${privateEndpoint.name}/default' + properties: { + privateDnsZoneConfigs: [for privateDnsZoneResourceId in privateEndpoint_var.privateDnsZoneResourceIds: { + name: last(split(privateDnsZoneResourceId, '/')) + properties: { + privateDnsZoneId: privateDnsZoneResourceId + } + }] + } +} diff --git a/arm/Microsoft.Web/staticSites/.bicep/nested_rbac.bicep b/arm/Microsoft.Web/staticSites/.bicep/nested_rbac.bicep new file mode 100644 index 0000000000..4bc032e557 --- /dev/null +++ b/arm/Microsoft.Web/staticSites/.bicep/nested_rbac.bicep @@ -0,0 +1,34 @@ +param principalIds array +param roleDefinitionIdOrName string +param resourceId string + +var builtInRoleNames = { + 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') + 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') + 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') + 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') + 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') + 'Logic App Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '87a39d53-fc1b-424a-814c-f7e04687dc9e') + 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') + 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') + 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') + 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') + 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') + 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') + 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') + 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') + 'Website Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'de139f84-1756-47ae-9be6-808fbbe84772') +} + +resource app 'Microsoft.Web/staticSites@2021-02-01' existing = { + name: last(split(resourceId, '/')) +} + +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { + name: guid(app.name, principalId, roleDefinitionIdOrName) + properties: { + roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName + principalId: principalId + } + scope: app +}] diff --git a/arm/Microsoft.Web/staticSites/.parameters/min.parameters.json b/arm/Microsoft.Web/staticSites/.parameters/min.parameters.json new file mode 100644 index 0000000000..1db7fc3a37 --- /dev/null +++ b/arm/Microsoft.Web/staticSites/.parameters/min.parameters.json @@ -0,0 +1,9 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "<>-az-wss-x-001" + } + } +} diff --git a/arm/Microsoft.Web/staticSites/deploy.bicep b/arm/Microsoft.Web/staticSites/deploy.bicep new file mode 100644 index 0000000000..07c9c617fe --- /dev/null +++ b/arm/Microsoft.Web/staticSites/deploy.bicep @@ -0,0 +1,161 @@ +@description('Required. Name of the static site.') +@minLength(1) +@maxLength(40) +param name string + +@description('Optional. Location for all Resources.') +param location string = resourceGroup().location + +@allowed([ + 'Free' + 'Standard' +]) +@description('Optional. Type of static site to deploy.') +param sku string = 'Free' + +@description('Optional. If config file is locked for this static web app.') +param allowConfigFileUpdates bool = true + +// @allowed([ +// 'CentralUS' +// 'EastUS2' +// 'EastAsia' +// 'WestEurope' +// 'WestUS2' +// '' +// ]) +// param stagingEnvironment string = '' + +@allowed([ + 'Enabled' + 'Disabled' +]) +@description('Optional. State indicating whether staging environments are allowed or not allowed for a static web app.') +param stagingEnvironmentPolicy string = 'Enabled' + +// @secure() +// @description('Optional. The Personal Access Token for accessing the GitHub repo.') +// param repositoryToken string = '' + +// @description('Optional. The owner of the GitHub repo.') +// param owner string = '' + +// @description('Optional. The name of the GitHub repo.') +// param repository string = '' + +// @description('Optional. The branch name of the GitHub repo.') +// param branch string = '' + +@description('Optional. Enables system assigned managed identity on the resource.') +param systemAssignedIdentity bool = false + +@description('Optional. The ID(s) to assign to the resource.') +param userAssignedIdentities object = {} + +@allowed([ + 'CanNotDelete' + 'NotSpecified' + 'ReadOnly' +]) +@description('Optional. Specify the type of lock.') +param lock string = 'NotSpecified' + +@description('Optional. Configuration details for private endpoints.') +param privateEndpoints array = [] + +@description('Optional. Tags of the resource.') +param tags object = {} + +@description('Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered.') +param cuaId string = '' + +@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') +param roleAssignments array = [] + +var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None') + +var identity = identityType != 'None' ? { + type: identityType + userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null +} : null + +module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { + name: 'pid-${cuaId}' + params: {} +} + +resource staticSite 'Microsoft.Web/staticSites@2021-02-01' = { + name: name + location: location + tags: tags + sku: { + name: sku + tier: sku + } + identity: identity + properties: { + allowConfigFileUpdates: allowConfigFileUpdates + stagingEnvironmentPolicy: stagingEnvironmentPolicy + } +} +// properties: { + // branch: branch + // buildProperties: { + // apiBuildCommand: 'string' + // apiLocation: 'string' + // appArtifactLocation: 'string' + // appBuildCommand: 'string' + // appLocation: 'string' + // githubActionSecretNameOverride: 'string' + // outputLocation: 'string' + // skipGithubActionWorkflowGeneration: true + // } + // repositoryToken: repositoryToken + // repositoryUrl: 'https://github.com/${owner}/${repository}' + // templateProperties: { + // description: 'string' + // isPrivate: false + // owner: owner + // repositoryName: repository + // templateRepositoryUrl: 'string' + // } + +resource staticSite_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { + name: '${staticSite.name}-${lock}-lock' + properties: { + level: lock + notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + } + scope: staticSite +} + +module staticSite_rbac '.bicep/nested_rbac.bicep' = [for (roleAssignment, index) in roleAssignments: { + name: '${uniqueString(deployment().name, location)}-StaticSite-Rbac-${index}' + params: { + principalIds: roleAssignment.principalIds + roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + resourceId: staticSite.id + } +}] + +module staticSite_privateEndpoint '.bicep/nested_privateEndpoint.bicep' = [for (privateEndpoint, index) in privateEndpoints: { + name: '${uniqueString(deployment().name, location)}-StaticSite-PrivateEndpoints-${index}' + params: { + privateEndpointResourceId: staticSite.id + privateEndpointVnetLocation: reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location + privateEndpointObj: privateEndpoint + tags: tags + } +}] + +@description('The name of the static site.') +output name string = staticSite.name + +@description('The resource ID of the static site.') +output resourceId string = staticSite.id + +@description('The resource group the static site was deployed into.') +output resourceGroupName string = resourceGroup().name + +@description('The principal ID of the system assigned identity.') +output systemAssignedPrincipalId string = systemAssignedIdentity && contains(staticSite.identity, 'principalId') ? staticSite.identity.principalId : '' diff --git a/arm/Microsoft.Web/staticSites/readme.md b/arm/Microsoft.Web/staticSites/readme.md new file mode 100644 index 0000000000..e23472d080 --- /dev/null +++ b/arm/Microsoft.Web/staticSites/readme.md @@ -0,0 +1,135 @@ +# Web StaticSites `[Microsoft.Web/staticSites]` + +This module deploys Web StaticSites. + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | +| `Microsoft.Network/privateEndpoints` | 2021-03-01 | +| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2021-03-01 | +| `Microsoft.Web/staticSites` | 2021-02-01 | + +## Parameters + +| Parameter Name | Type | Default Value | Possible Values | Description | +| :-- | :-- | :-- | :-- | :-- | +| `allowConfigFileUpdates` | bool | `True` | | Optional. If config file is locked for this static web app. | +| `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered. | +| `location` | string | `[resourceGroup().location]` | | Optional. Location for all Resources. | +| `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | +| `name` | string | | | Required. Name of the static site. | +| `privateEndpoints` | array | `[]` | | Optional. Configuration details for private endpoints. | +| `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| `sku` | string | `Free` | `[Free, Standard]` | Optional. Type of static site to deploy. | +| `stagingEnvironmentPolicy` | string | `Enabled` | `[Enabled, Disabled]` | Optional. State indicating whether staging environments are allowed or not allowed for a static web app. | +| `systemAssignedIdentity` | bool | | | Optional. Enables system assigned managed identity on the resource. | +| `tags` | object | `{object}` | | Optional. Tags of the resource. | +| `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | + +### Parameter Usage: `privateEndpoints` + +To use Private Endpoint the following dependencies must be deployed: + +- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module. +- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information. + +```json +"privateEndpoints": { + "value": [ + // Example showing all available fields + { + "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here + "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", + "service": "blob", + "privateDnsZoneResourceIds": [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified + "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net" + ], + "customDnsConfigs": [ // Optional + { + "fqdn": "customname.test.local", + "ipAddresses": [ + "10.10.10.10" + ] + } + ] + }, + // Example showing only mandatory fields + { + "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", + "service": "file" + } + ] +} +``` + +### Parameter Usage: `roleAssignments` + +```json +"roleAssignments": { + "value": [ + { + "roleDefinitionIdOrName": "Reader", + "principalIds": [ + "12345678-1234-1234-1234-123456789012", // object 1 + "78945612-1234-1234-1234-123456789012" // object 2 + ] + }, + { + "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", + "principalIds": [ + "12345678-1234-1234-1234-123456789012" // object 1 + ] + } + ] +} +``` + +### Parameter Usage: `tags` + +Tag names and tag values can be provided as needed. A tag can be left without a value. + +```json +"tags": { + "value": { + "Environment": "Non-Prod", + "Contact": "test.user@testcompany.com", + "PurchaseOrder": "1234", + "CostCenter": "7890", + "ServiceName": "DeploymentValidation", + "Role": "DeploymentValidation" + } +} +``` + +### Parameter Usage: `userAssignedIdentities` + +You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format: + +```json +"userAssignedIdentities": { + "value": { + "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {}, + "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {} + } +}, +``` + +## Outputs + +| Output Name | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the static site. | +| `resourceGroupName` | string | The resource group the static site was deployed into. | +| `resourceId` | string | The resource ID of the static site. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Template references + +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints) +- [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints/privateDnsZoneGroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/roleAssignments) +- [Staticsites](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-02-01/staticSites) diff --git a/arm/Microsoft.Web/staticSites/version.json b/arm/Microsoft.Web/staticSites/version.json new file mode 100644 index 0000000000..a8f667f92c --- /dev/null +++ b/arm/Microsoft.Web/staticSites/version.json @@ -0,0 +1,4 @@ +{ + "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", + "version": "0.0" +} From 2a977f7d9f7e255614b68166bbccb29fc79e2adb Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 09:51:24 +0100 Subject: [PATCH 02/33] Test site --- .github/workflows/ms.web.staticsites.yml | 4 +- .../.bicep/nested_privateEndpoint.bicep | 4 +- arm/Microsoft.Web/staticSites/deploy.bicep | 94 ++++++++++--------- arm/Microsoft.Web/staticSites/readme.md | 18 ++-- 4 files changed, 67 insertions(+), 53 deletions(-) diff --git a/.github/workflows/ms.web.staticsites.yml b/.github/workflows/ms.web.staticsites.yml index f636e939ef..e59cf8b350 100644 --- a/.github/workflows/ms.web.staticsites.yml +++ b/.github/workflows/ms.web.staticsites.yml @@ -7,12 +7,12 @@ on: type: boolean description: 'Remove deployed module' required: false - default: 'true' + default: true prerelease: type: boolean description: 'Publish prerelease module' required: false - default: 'true' + default: true push: # branches: # - main diff --git a/arm/Microsoft.Web/staticSites/.bicep/nested_privateEndpoint.bicep b/arm/Microsoft.Web/staticSites/.bicep/nested_privateEndpoint.bicep index f262061706..517bc60383 100644 --- a/arm/Microsoft.Web/staticSites/.bicep/nested_privateEndpoint.bicep +++ b/arm/Microsoft.Web/staticSites/.bicep/nested_privateEndpoint.bicep @@ -14,7 +14,7 @@ var privateEndpoint_var = { customDnsConfigs: contains(privateEndpointObj, 'customDnsConfigs') ? (!empty(privateEndpointObj.customDnsConfigs) ? privateEndpointObj.customDnsConfigs : null) : null } -resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-03-01' = { +resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-05-01' = { name: privateEndpoint_var.name location: privateEndpointVnetLocation tags: tags @@ -36,7 +36,7 @@ resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-03-01' = { } } -resource privateDnsZoneGroups 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2021-03-01' = if (!empty(privateEndpoint_var.privateDnsZoneResourceIds)) { +resource privateDnsZoneGroups 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2021-05-01' = if (!empty(privateEndpoint_var.privateDnsZoneResourceIds)) { name: '${privateEndpoint.name}/default' properties: { privateDnsZoneConfigs: [for privateDnsZoneResourceId in privateEndpoint_var.privateDnsZoneResourceIds: { diff --git a/arm/Microsoft.Web/staticSites/deploy.bicep b/arm/Microsoft.Web/staticSites/deploy.bicep index 07c9c617fe..61189eb1d7 100644 --- a/arm/Microsoft.Web/staticSites/deploy.bicep +++ b/arm/Microsoft.Web/staticSites/deploy.bicep @@ -16,16 +16,6 @@ param sku string = 'Free' @description('Optional. If config file is locked for this static web app.') param allowConfigFileUpdates bool = true -// @allowed([ -// 'CentralUS' -// 'EastUS2' -// 'EastAsia' -// 'WestEurope' -// 'WestUS2' -// '' -// ]) -// param stagingEnvironment string = '' - @allowed([ 'Enabled' 'Disabled' @@ -33,18 +23,18 @@ param allowConfigFileUpdates bool = true @description('Optional. State indicating whether staging environments are allowed or not allowed for a static web app.') param stagingEnvironmentPolicy string = 'Enabled' -// @secure() -// @description('Optional. The Personal Access Token for accessing the GitHub repo.') -// param repositoryToken string = '' +@secure() +@description('Optional. The Personal Access Token for accessing the GitHub repo.') +param repositoryToken string = '' -// @description('Optional. The owner of the GitHub repo.') -// param owner string = '' +@description('Optional. The owner of the GitHub repo.') +param owner string = '' -// @description('Optional. The name of the GitHub repo.') -// param repository string = '' +@description('Optional. The name of the GitHub repo.') +param repositoryUrl string = '' -// @description('Optional. The branch name of the GitHub repo.') -// param branch string = '' +@description('Optional. The branch name of the GitHub repo.') +param branch string = '' @description('Optional. Enables system assigned managed identity on the resource.') param systemAssignedIdentity bool = false @@ -84,41 +74,61 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource staticSite 'Microsoft.Web/staticSites@2021-02-01' = { +resource staticSite 'Microsoft.Web/staticSites@2021-03-01' = { name: name location: location tags: tags + identity: identity sku: { name: sku tier: sku + skuCapacity: { + default: 2 + elasticMaximum: 5 + maximum:5 + minimum: 2 + scaleType: '' + } + size: '' + capabilities: [ + { + name: '' + reason: '' + value: '' + } + ] + family: '' + locations: [ + '' + ] } - identity: identity + kind: 'Microsoft.Web/staticSites' properties: { allowConfigFileUpdates: allowConfigFileUpdates stagingEnvironmentPolicy: stagingEnvironmentPolicy + provider: 'GitHub' + branch: branch + buildProperties: { + apiBuildCommand: '' + apiLocation: '' + appArtifactLocation: '' + appBuildCommand: '' + appLocation: '' + githubActionSecretNameOverride: '' + outputLocation: '' + skipGithubActionWorkflowGeneration: true + } + repositoryToken: repositoryToken + repositoryUrl: repositoryUrl + templateProperties: { + isPrivate: true + description: '' + owner: owner + repositoryName: '' + templateRepositoryUrl: '' + } } } -// properties: { - // branch: branch - // buildProperties: { - // apiBuildCommand: 'string' - // apiLocation: 'string' - // appArtifactLocation: 'string' - // appBuildCommand: 'string' - // appLocation: 'string' - // githubActionSecretNameOverride: 'string' - // outputLocation: 'string' - // skipGithubActionWorkflowGeneration: true - // } - // repositoryToken: repositoryToken - // repositoryUrl: 'https://github.com/${owner}/${repository}' - // templateProperties: { - // description: 'string' - // isPrivate: false - // owner: owner - // repositoryName: repository - // templateRepositoryUrl: 'string' - // } resource staticSite_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${staticSite.name}-${lock}-lock' diff --git a/arm/Microsoft.Web/staticSites/readme.md b/arm/Microsoft.Web/staticSites/readme.md index e23472d080..caa032bd73 100644 --- a/arm/Microsoft.Web/staticSites/readme.md +++ b/arm/Microsoft.Web/staticSites/readme.md @@ -8,24 +8,28 @@ This module deploys Web StaticSites. | :-- | :-- | | `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | -| `Microsoft.Network/privateEndpoints` | 2021-03-01 | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2021-03-01 | -| `Microsoft.Web/staticSites` | 2021-02-01 | +| `Microsoft.Network/privateEndpoints` | 2021-05-01 | +| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2021-05-01 | +| `Microsoft.Web/staticSites` | 2021-03-01 | ## Parameters | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `allowConfigFileUpdates` | bool | `True` | | Optional. If config file is locked for this static web app. | +| `branch` | string | | | Optional. The branch name of the GitHub repo. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all Resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `name` | string | | | Required. Name of the static site. | +| `owner` | string | | | Optional. The owner of the GitHub repo. | | `privateEndpoints` | array | `[]` | | Optional. Configuration details for private endpoints. | +| `repositoryToken` | secureString | | | Optional. The Personal Access Token for accessing the GitHub repo. | +| `repositoryUrl` | string | | | Optional. The name of the GitHub repo. | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `sku` | string | `Free` | `[Free, Standard]` | Optional. Type of static site to deploy. | | `stagingEnvironmentPolicy` | string | `Enabled` | `[Enabled, Disabled]` | Optional. State indicating whether staging environments are allowed or not allowed for a static web app. | -| `systemAssignedIdentity` | bool | | | Optional. Enables system assigned managed identity on the resource. | +| `systemAssignedIdentity` | bool | `False` | | Optional. Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | @@ -129,7 +133,7 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references - [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) -- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints) -- [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints/privateDnsZoneGroups) +- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) +- [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints/privateDnsZoneGroups) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/roleAssignments) -- [Staticsites](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-02-01/staticSites) +- [Staticsites](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-03-01/staticSites) From 1da7aaa527cce1d8830ccdd0d7edc2fde2abbbfc Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 10:09:22 +0100 Subject: [PATCH 03/33] Simplication or parameters --- arm/Microsoft.Web/staticSites/deploy.bicep | 63 ++++++++-------------- arm/Microsoft.Web/staticSites/readme.md | 5 +- 2 files changed, 26 insertions(+), 42 deletions(-) diff --git a/arm/Microsoft.Web/staticSites/deploy.bicep b/arm/Microsoft.Web/staticSites/deploy.bicep index 61189eb1d7..9f021ee426 100644 --- a/arm/Microsoft.Web/staticSites/deploy.bicep +++ b/arm/Microsoft.Web/staticSites/deploy.bicep @@ -23,13 +23,28 @@ param allowConfigFileUpdates bool = true @description('Optional. State indicating whether staging environments are allowed or not allowed for a static web app.') param stagingEnvironmentPolicy string = 'Enabled' +@allowed([ + 'Disabled' + 'Disabling' + 'Enabled' + 'Enabling' +]) +@description('Optional. State indicating the status of the enterprise grade CDN serving traffic to the static web app.') +param enterpriseGradeCdnStatus string = 'Enabled' + +@description('Optional. Build properties for the static site.') +param buildProperties object = {} + +@description('Optional. Template Options for the static site.') +param templateProperties object = {} + +@description('Optional. The provider that submitted the last deployment to the primary environment of the static site.') +param provider string = '' + @secure() @description('Optional. The Personal Access Token for accessing the GitHub repo.') param repositoryToken string = '' -@description('Optional. The owner of the GitHub repo.') -param owner string = '' - @description('Optional. The name of the GitHub repo.') param repositoryUrl string = '' @@ -82,51 +97,17 @@ resource staticSite 'Microsoft.Web/staticSites@2021-03-01' = { sku: { name: sku tier: sku - skuCapacity: { - default: 2 - elasticMaximum: 5 - maximum:5 - minimum: 2 - scaleType: '' - } - size: '' - capabilities: [ - { - name: '' - reason: '' - value: '' - } - ] - family: '' - locations: [ - '' - ] } - kind: 'Microsoft.Web/staticSites' properties: { allowConfigFileUpdates: allowConfigFileUpdates stagingEnvironmentPolicy: stagingEnvironmentPolicy - provider: 'GitHub' + enterpriseGradeCdnStatus: enterpriseGradeCdnStatus + provider: provider branch: branch - buildProperties: { - apiBuildCommand: '' - apiLocation: '' - appArtifactLocation: '' - appBuildCommand: '' - appLocation: '' - githubActionSecretNameOverride: '' - outputLocation: '' - skipGithubActionWorkflowGeneration: true - } + buildProperties: buildProperties repositoryToken: repositoryToken repositoryUrl: repositoryUrl - templateProperties: { - isPrivate: true - description: '' - owner: owner - repositoryName: '' - templateRepositoryUrl: '' - } + templateProperties: templateProperties } } diff --git a/arm/Microsoft.Web/staticSites/readme.md b/arm/Microsoft.Web/staticSites/readme.md index caa032bd73..47d9d335fc 100644 --- a/arm/Microsoft.Web/staticSites/readme.md +++ b/arm/Microsoft.Web/staticSites/readme.md @@ -18,12 +18,14 @@ This module deploys Web StaticSites. | :-- | :-- | :-- | :-- | :-- | | `allowConfigFileUpdates` | bool | `True` | | Optional. If config file is locked for this static web app. | | `branch` | string | | | Optional. The branch name of the GitHub repo. | +| `buildProperties` | object | `{object}` | | Optional. Build properties for the static site. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered. | +| `enterpriseGradeCdnStatus` | string | `Enabled` | `[Disabled, Disabling, Enabled, Enabling]` | Optional. State indicating the status of the enterprise grade CDN serving traffic to the static web app. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all Resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `name` | string | | | Required. Name of the static site. | -| `owner` | string | | | Optional. The owner of the GitHub repo. | | `privateEndpoints` | array | `[]` | | Optional. Configuration details for private endpoints. | +| `provider` | string | | | Optional. The provider that submitted the last deployment to the primary environment of the static site. | | `repositoryToken` | secureString | | | Optional. The Personal Access Token for accessing the GitHub repo. | | `repositoryUrl` | string | | | Optional. The name of the GitHub repo. | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | @@ -31,6 +33,7 @@ This module deploys Web StaticSites. | `stagingEnvironmentPolicy` | string | `Enabled` | `[Enabled, Disabled]` | Optional. State indicating whether staging environments are allowed or not allowed for a static web app. | | `systemAssignedIdentity` | bool | `False` | | Optional. Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | +| `templateProperties` | object | `{object}` | | Optional. Template Options for the static site. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | ### Parameter Usage: `privateEndpoints` From 9ccb891afe5d63819f878f1f62ebf054abd65ce2 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 10:20:59 +0100 Subject: [PATCH 04/33] test empty repoURL --- arm/Microsoft.Web/staticSites/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Web/staticSites/deploy.bicep b/arm/Microsoft.Web/staticSites/deploy.bicep index 9f021ee426..1491ab3f8c 100644 --- a/arm/Microsoft.Web/staticSites/deploy.bicep +++ b/arm/Microsoft.Web/staticSites/deploy.bicep @@ -106,7 +106,7 @@ resource staticSite 'Microsoft.Web/staticSites@2021-03-01' = { branch: branch buildProperties: buildProperties repositoryToken: repositoryToken - repositoryUrl: repositoryUrl + repositoryUrl: !empty(repositoryUrl) ? repositoryUrl : null templateProperties: templateProperties } } From d1d87cabd92d7166ebfa1dbff229c5919c31a264 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 10:37:18 +0100 Subject: [PATCH 05/33] test --- arm/Microsoft.Web/staticSites/deploy.bicep | 29 ++++++++++++++-------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/arm/Microsoft.Web/staticSites/deploy.bicep b/arm/Microsoft.Web/staticSites/deploy.bicep index 1491ab3f8c..abbf789847 100644 --- a/arm/Microsoft.Web/staticSites/deploy.bicep +++ b/arm/Microsoft.Web/staticSites/deploy.bicep @@ -3,9 +3,6 @@ @maxLength(40) param name string -@description('Optional. Location for all Resources.') -param location string = resourceGroup().location - @allowed([ 'Free' 'Standard' @@ -16,6 +13,16 @@ param sku string = 'Free' @description('Optional. If config file is locked for this static web app.') param allowConfigFileUpdates bool = true +@allowed([ + 'CentralUS' + 'EastUS2' + 'EastAsia' + 'WestEurope' + 'WestUS2' + '' +]) +param stagingEnvironment string = 'WestEurope' + @allowed([ 'Enabled' 'Disabled' @@ -30,7 +37,7 @@ param stagingEnvironmentPolicy string = 'Enabled' 'Enabling' ]) @description('Optional. State indicating the status of the enterprise grade CDN serving traffic to the static web app.') -param enterpriseGradeCdnStatus string = 'Enabled' +param enterpriseGradeCdnStatus string = 'Disabled' @description('Optional. Build properties for the static site.') param buildProperties object = {} @@ -39,7 +46,7 @@ param buildProperties object = {} param templateProperties object = {} @description('Optional. The provider that submitted the last deployment to the primary environment of the static site.') -param provider string = '' +param provider string = 'None' @secure() @description('Optional. The Personal Access Token for accessing the GitHub repo.') @@ -91,7 +98,7 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { resource staticSite 'Microsoft.Web/staticSites@2021-03-01' = { name: name - location: location + location: stagingEnvironment tags: tags identity: identity sku: { @@ -102,12 +109,12 @@ resource staticSite 'Microsoft.Web/staticSites@2021-03-01' = { allowConfigFileUpdates: allowConfigFileUpdates stagingEnvironmentPolicy: stagingEnvironmentPolicy enterpriseGradeCdnStatus: enterpriseGradeCdnStatus - provider: provider - branch: branch - buildProperties: buildProperties - repositoryToken: repositoryToken + provider: !empty(provider) ? provider : 'None' + branch: !empty(branch) ? branch : null + buildProperties: !empty(buildProperties) ? buildProperties : null + repositoryToken: !empty(repositoryToken) ? repositoryToken : null repositoryUrl: !empty(repositoryUrl) ? repositoryUrl : null - templateProperties: templateProperties + templateProperties: !empty(templateProperties) ? templateProperties : null } } From a36e42ea674ce2589042dcedf1f44daa2be05a30 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 10:50:00 +0100 Subject: [PATCH 06/33] Fix some parameters and location pointer --- arm/Microsoft.Web/staticSites/deploy.bicep | 2 +- arm/Microsoft.Web/staticSites/readme.md | 11 ++++++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/arm/Microsoft.Web/staticSites/deploy.bicep b/arm/Microsoft.Web/staticSites/deploy.bicep index abbf789847..0061547034 100644 --- a/arm/Microsoft.Web/staticSites/deploy.bicep +++ b/arm/Microsoft.Web/staticSites/deploy.bicep @@ -19,7 +19,6 @@ param allowConfigFileUpdates bool = true 'EastAsia' 'WestEurope' 'WestUS2' - '' ]) param stagingEnvironment string = 'WestEurope' @@ -84,6 +83,7 @@ param cuaId string = '' @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] +var location = stagingEnvironment var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None') var identity = identityType != 'None' ? { diff --git a/arm/Microsoft.Web/staticSites/readme.md b/arm/Microsoft.Web/staticSites/readme.md index 47d9d335fc..3519362fd3 100644 --- a/arm/Microsoft.Web/staticSites/readme.md +++ b/arm/Microsoft.Web/staticSites/readme.md @@ -1,6 +1,7 @@ # Web StaticSites `[Microsoft.Web/staticSites]` This module deploys Web StaticSites. +// TODO: Replace Resource and fill in description ## Resource Types @@ -20,22 +21,26 @@ This module deploys Web StaticSites. | `branch` | string | | | Optional. The branch name of the GitHub repo. | | `buildProperties` | object | `{object}` | | Optional. Build properties for the static site. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered. | -| `enterpriseGradeCdnStatus` | string | `Enabled` | `[Disabled, Disabling, Enabled, Enabling]` | Optional. State indicating the status of the enterprise grade CDN serving traffic to the static web app. | -| `location` | string | `[resourceGroup().location]` | | Optional. Location for all Resources. | +| `enterpriseGradeCdnStatus` | string | `Disabled` | `[Disabled, Disabling, Enabled, Enabling]` | Optional. State indicating the status of the enterprise grade CDN serving traffic to the static web app. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `name` | string | | | Required. Name of the static site. | | `privateEndpoints` | array | `[]` | | Optional. Configuration details for private endpoints. | -| `provider` | string | | | Optional. The provider that submitted the last deployment to the primary environment of the static site. | +| `provider` | string | `None` | | Optional. The provider that submitted the last deployment to the primary environment of the static site. | | `repositoryToken` | secureString | | | Optional. The Personal Access Token for accessing the GitHub repo. | | `repositoryUrl` | string | | | Optional. The name of the GitHub repo. | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `sku` | string | `Free` | `[Free, Standard]` | Optional. Type of static site to deploy. | +| `stagingEnvironment` | string | `WestEurope` | `[CentralUS, EastUS2, EastAsia, WestEurope, WestUS2]` | | | `stagingEnvironmentPolicy` | string | `Enabled` | `[Enabled, Disabled]` | Optional. State indicating whether staging environments are allowed or not allowed for a static web app. | | `systemAssignedIdentity` | bool | `False` | | Optional. Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `templateProperties` | object | `{object}` | | Optional. Template Options for the static site. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | +### Parameter Usage: `` + +// TODO: Fill in Parameter usage + ### Parameter Usage: `privateEndpoints` To use Private Endpoint the following dependencies must be deployed: From 4851cee7db9149ac064684ecf9a3eeae5499c3d1 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 10:57:07 +0100 Subject: [PATCH 07/33] Change location to be global --- arm/Microsoft.Web/staticSites/deploy.bicep | 6 ++++-- arm/Microsoft.Web/staticSites/readme.md | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/arm/Microsoft.Web/staticSites/deploy.bicep b/arm/Microsoft.Web/staticSites/deploy.bicep index 0061547034..89a67140d4 100644 --- a/arm/Microsoft.Web/staticSites/deploy.bicep +++ b/arm/Microsoft.Web/staticSites/deploy.bicep @@ -20,6 +20,7 @@ param allowConfigFileUpdates bool = true 'WestEurope' 'WestUS2' ]) +@description('Optional. Location to deploy static site.') param stagingEnvironment string = 'WestEurope' @allowed([ @@ -83,7 +84,8 @@ param cuaId string = '' @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] -var location = stagingEnvironment +var location = 'Global' + var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None') var identity = identityType != 'None' ? { @@ -98,7 +100,7 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { resource staticSite 'Microsoft.Web/staticSites@2021-03-01' = { name: name - location: stagingEnvironment + location: location tags: tags identity: identity sku: { diff --git a/arm/Microsoft.Web/staticSites/readme.md b/arm/Microsoft.Web/staticSites/readme.md index 3519362fd3..cf63636bdd 100644 --- a/arm/Microsoft.Web/staticSites/readme.md +++ b/arm/Microsoft.Web/staticSites/readme.md @@ -30,7 +30,7 @@ This module deploys Web StaticSites. | `repositoryUrl` | string | | | Optional. The name of the GitHub repo. | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `sku` | string | `Free` | `[Free, Standard]` | Optional. Type of static site to deploy. | -| `stagingEnvironment` | string | `WestEurope` | `[CentralUS, EastUS2, EastAsia, WestEurope, WestUS2]` | | +| `stagingEnvironment` | string | `WestEurope` | `[CentralUS, EastUS2, EastAsia, WestEurope, WestUS2]` | Optional. Location to deploy static site. | | `stagingEnvironmentPolicy` | string | `Enabled` | `[Enabled, Disabled]` | Optional. State indicating whether staging environments are allowed or not allowed for a static web app. | | `systemAssignedIdentity` | bool | `False` | | Optional. Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | From 2cb504cf1cd4b56013dc6a5eb4abec4ffb545281 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 11:20:22 +0100 Subject: [PATCH 08/33] map stagingEnvironment to location --- arm/Microsoft.Web/staticSites/deploy.bicep | 4 +--- arm/Microsoft.Web/staticSites/readme.md | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/arm/Microsoft.Web/staticSites/deploy.bicep b/arm/Microsoft.Web/staticSites/deploy.bicep index 89a67140d4..ff0a23edaf 100644 --- a/arm/Microsoft.Web/staticSites/deploy.bicep +++ b/arm/Microsoft.Web/staticSites/deploy.bicep @@ -21,7 +21,7 @@ param allowConfigFileUpdates bool = true 'WestUS2' ]) @description('Optional. Location to deploy static site.') -param stagingEnvironment string = 'WestEurope' +param location string = 'WestEurope' @allowed([ 'Enabled' @@ -84,8 +84,6 @@ param cuaId string = '' @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] -var location = 'Global' - var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None') var identity = identityType != 'None' ? { diff --git a/arm/Microsoft.Web/staticSites/readme.md b/arm/Microsoft.Web/staticSites/readme.md index cf63636bdd..849d6f7f17 100644 --- a/arm/Microsoft.Web/staticSites/readme.md +++ b/arm/Microsoft.Web/staticSites/readme.md @@ -22,6 +22,7 @@ This module deploys Web StaticSites. | `buildProperties` | object | `{object}` | | Optional. Build properties for the static site. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered. | | `enterpriseGradeCdnStatus` | string | `Disabled` | `[Disabled, Disabling, Enabled, Enabling]` | Optional. State indicating the status of the enterprise grade CDN serving traffic to the static web app. | +| `location` | string | `WestEurope` | `[CentralUS, EastUS2, EastAsia, WestEurope, WestUS2]` | Optional. Location to deploy static site. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `name` | string | | | Required. Name of the static site. | | `privateEndpoints` | array | `[]` | | Optional. Configuration details for private endpoints. | @@ -30,7 +31,6 @@ This module deploys Web StaticSites. | `repositoryUrl` | string | | | Optional. The name of the GitHub repo. | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `sku` | string | `Free` | `[Free, Standard]` | Optional. Type of static site to deploy. | -| `stagingEnvironment` | string | `WestEurope` | `[CentralUS, EastUS2, EastAsia, WestEurope, WestUS2]` | Optional. Location to deploy static site. | | `stagingEnvironmentPolicy` | string | `Enabled` | `[Enabled, Disabled]` | Optional. State indicating whether staging environments are allowed or not allowed for a static web app. | | `systemAssignedIdentity` | bool | `False` | | Optional. Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | From 0be6ebfc27a149b5913f762f86b721cfe1c6cee4 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 11:32:45 +0100 Subject: [PATCH 09/33] Revert location to default, but use desc to add supported locs --- arm/Microsoft.Web/staticSites/deploy.bicep | 11 ++--------- arm/Microsoft.Web/staticSites/readme.md | 6 +----- 2 files changed, 3 insertions(+), 14 deletions(-) diff --git a/arm/Microsoft.Web/staticSites/deploy.bicep b/arm/Microsoft.Web/staticSites/deploy.bicep index ff0a23edaf..03ff5d5251 100644 --- a/arm/Microsoft.Web/staticSites/deploy.bicep +++ b/arm/Microsoft.Web/staticSites/deploy.bicep @@ -13,15 +13,8 @@ param sku string = 'Free' @description('Optional. If config file is locked for this static web app.') param allowConfigFileUpdates bool = true -@allowed([ - 'CentralUS' - 'EastUS2' - 'EastAsia' - 'WestEurope' - 'WestUS2' -]) -@description('Optional. Location to deploy static site.') -param location string = 'WestEurope' +@description('Optional. Location to deploy static site. The following locations are supported: CentralUS, EastUS2, EastAsia, WestEurope, WestUS2') +param location string = resourceGroup().location @allowed([ 'Enabled' diff --git a/arm/Microsoft.Web/staticSites/readme.md b/arm/Microsoft.Web/staticSites/readme.md index 849d6f7f17..3e924f726d 100644 --- a/arm/Microsoft.Web/staticSites/readme.md +++ b/arm/Microsoft.Web/staticSites/readme.md @@ -22,7 +22,7 @@ This module deploys Web StaticSites. | `buildProperties` | object | `{object}` | | Optional. Build properties for the static site. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered. | | `enterpriseGradeCdnStatus` | string | `Disabled` | `[Disabled, Disabling, Enabled, Enabling]` | Optional. State indicating the status of the enterprise grade CDN serving traffic to the static web app. | -| `location` | string | `WestEurope` | `[CentralUS, EastUS2, EastAsia, WestEurope, WestUS2]` | Optional. Location to deploy static site. | +| `location` | string | `[resourceGroup().location]` | | Optional. Location to deploy static site. The following locations are supported: CentralUS, EastUS2, EastAsia, WestEurope, WestUS2 | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `name` | string | | | Required. Name of the static site. | | `privateEndpoints` | array | `[]` | | Optional. Configuration details for private endpoints. | @@ -37,10 +37,6 @@ This module deploys Web StaticSites. | `templateProperties` | object | `{object}` | | Optional. Template Options for the static site. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | -### Parameter Usage: `` - -// TODO: Fill in Parameter usage - ### Parameter Usage: `privateEndpoints` To use Private Endpoint the following dependencies must be deployed: From 4a74ddf32ff430aa56faea01379a6f6dee308ded Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 11:46:25 +0100 Subject: [PATCH 10/33] More test cases --- .github/workflows/ms.web.staticsites.yml | 1 + .../.parameters/github.parameters.json | 60 +++++++++++++++++++ arm/Microsoft.Web/staticSites/version.json | 2 +- 3 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 arm/Microsoft.Web/staticSites/.parameters/github.parameters.json diff --git a/.github/workflows/ms.web.staticsites.yml b/.github/workflows/ms.web.staticsites.yml index e59cf8b350..f1ca13a55e 100644 --- a/.github/workflows/ms.web.staticsites.yml +++ b/.github/workflows/ms.web.staticsites.yml @@ -84,6 +84,7 @@ jobs: parameterFilePaths: [ 'min.parameters.json' + 'github.parameters.json' ] steps: - name: 'Checkout' diff --git a/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json b/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json new file mode 100644 index 0000000000..5bfdbd7f93 --- /dev/null +++ b/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json @@ -0,0 +1,60 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "<>-az-wss-x-001" + }, + "repositoryUrl": { + "value": "https://github.com/Azure/ResourceModules" + }, + "branch": { + "value": "main" + }, + "stagingEnvironmentPolicy": { + "value": "Enabled" + }, + "allowConfigFileUpdates": { + "value": true + }, + "provider": { + "value": "GitHub" + }, + "enterpriseGradeCdnStatus": { + "value": "Disabled" + }, + "systemAssignedIdentity": { + "value": true + }, + "userAssignedIdentities": { + "value": { + "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} + } + }, + "roleAssignments": { + "value": [ + { + "roleDefinitionIdOrName": "Reader", + "principalIds": [ + "<>" + ] + } + ] + }, + "diagnosticLogsRetentionInDays": { + "value": 7 + }, + "diagnosticStorageAccountId": { + "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" + }, + "diagnosticWorkspaceId": { + "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" + }, + "diagnosticEventHubAuthorizationRuleId": { + "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" + }, + "diagnosticEventHubName": { + "value": "adp-<>-az-evh-x-001" + } + } +} diff --git a/arm/Microsoft.Web/staticSites/version.json b/arm/Microsoft.Web/staticSites/version.json index a8f667f92c..41f66cc990 100644 --- a/arm/Microsoft.Web/staticSites/version.json +++ b/arm/Microsoft.Web/staticSites/version.json @@ -1,4 +1,4 @@ { "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.0" + "version": "0.1" } From 2384a90e5f559f692e3cb12600b8e95e7e7f30f0 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 11:47:43 +0100 Subject: [PATCH 11/33] Fix github test with standard sku --- .../staticSites/.parameters/github.parameters.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json b/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json index 5bfdbd7f93..f25112037f 100644 --- a/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json +++ b/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json @@ -11,6 +11,9 @@ "branch": { "value": "main" }, + "sku": { + "value": "Standard" + }, "stagingEnvironmentPolicy": { "value": "Enabled" }, From 30fdcd226403ec0d3d697e37848b616d8a565c4b Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 11:48:46 +0100 Subject: [PATCH 12/33] Fix workflow file syntax mistake --- .github/workflows/ms.web.staticsites.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ms.web.staticsites.yml b/.github/workflows/ms.web.staticsites.yml index f1ca13a55e..0f9ad0e20f 100644 --- a/.github/workflows/ms.web.staticsites.yml +++ b/.github/workflows/ms.web.staticsites.yml @@ -83,7 +83,7 @@ jobs: matrix: parameterFilePaths: [ - 'min.parameters.json' + 'min.parameters.json', 'github.parameters.json' ] steps: From e1743d9f9ef51a2f10e64d63698bae53c84c546c Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 11:53:23 +0100 Subject: [PATCH 13/33] Test with fixed parameters on github test case --- .../.parameters/github.parameters.json | 31 ++++++++++--------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json b/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json index f25112037f..dfeb20f075 100644 --- a/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json +++ b/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json @@ -43,21 +43,22 @@ ] } ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" } + // , + // "diagnosticLogsRetentionInDays": { + // "value": 7 + // }, + // "diagnosticStorageAccountId": { + // "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" + // }, + // "diagnosticWorkspaceId": { + // "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" + // }, + // "diagnosticEventHubAuthorizationRuleId": { + // "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" + // }, + // "diagnosticEventHubName": { + // "value": "adp-<>-az-evh-x-001" + // } } } From 118f3eac9307c72e4e3fe6409ef2bb6ffe5699db Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 12:18:53 +0100 Subject: [PATCH 14/33] Test with reference to a KV for PAT and staticwebsite quickstarter --- .../staticSites/.parameters/github.parameters.json | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json b/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json index dfeb20f075..e05ef79d6c 100644 --- a/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json +++ b/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json @@ -6,11 +6,19 @@ "value": "<>-az-wss-x-001" }, "repositoryUrl": { - "value": "https://github.com/Azure/ResourceModules" + "value": "https://github.com/MariusStorhaug/static-website" }, "branch": { "value": "main" }, + "repositoryToken": { + "reference": { + "keyVault": { + "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001" + }, + "secretName": "repoPAT" + } + }, "sku": { "value": "Standard" }, From ac2b696cf50ce0b6f8884d2cbc037aaff47b66e9 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 12:33:39 +0100 Subject: [PATCH 15/33] Add build props --- .../staticSites/.parameters/github.parameters.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json b/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json index e05ef79d6c..e1542afd37 100644 --- a/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json +++ b/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json @@ -19,6 +19,17 @@ "secretName": "repoPAT" } }, + "buildProperties": { + "value": { + "appLocation": "/", + "apiLocation": "", + "appArtifactLocation": "src", + "appSettings": { + "MY_APP_SETTING1": "value 1", + "MY_APP_SETTING2": "value 2" + } + } + }, "sku": { "value": "Standard" }, From ff406badfb0aa04f9c96f54a90b3edcabdcbbabb Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 12:45:25 +0100 Subject: [PATCH 16/33] test run 2 --- .github/workflows/ms.web.staticsites.yml | 2 +- .../staticSites/.parameters/github.parameters.json | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ms.web.staticsites.yml b/.github/workflows/ms.web.staticsites.yml index 0f9ad0e20f..113d26fd18 100644 --- a/.github/workflows/ms.web.staticsites.yml +++ b/.github/workflows/ms.web.staticsites.yml @@ -7,7 +7,7 @@ on: type: boolean description: 'Remove deployed module' required: false - default: true + default: false prerelease: type: boolean description: 'Publish prerelease module' diff --git a/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json b/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json index e1542afd37..006546a4b3 100644 --- a/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json +++ b/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json @@ -26,7 +26,8 @@ "appArtifactLocation": "src", "appSettings": { "MY_APP_SETTING1": "value 1", - "MY_APP_SETTING2": "value 2" + "MY_APP_SETTING2": "value 2", + "MY_APP_SETTING3": "value 3" } } }, From a09c5b5876b0c8c8f1c72a7e492fd24b0412e4a8 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 12:54:33 +0100 Subject: [PATCH 17/33] test without identity --- arm/Microsoft.Web/staticSites/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Web/staticSites/deploy.bicep b/arm/Microsoft.Web/staticSites/deploy.bicep index 03ff5d5251..fdf1e3f99b 100644 --- a/arm/Microsoft.Web/staticSites/deploy.bicep +++ b/arm/Microsoft.Web/staticSites/deploy.bicep @@ -93,7 +93,7 @@ resource staticSite 'Microsoft.Web/staticSites@2021-03-01' = { name: name location: location tags: tags - identity: identity + //identity: identity sku: { name: sku tier: sku From 301dac5ba386706d3ae208d01337c53317ade06a Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 13:07:37 +0100 Subject: [PATCH 18/33] test standard sku on min --- arm/Microsoft.Web/staticSites/.parameters/min.parameters.json | 3 +++ arm/Microsoft.Web/staticSites/deploy.bicep | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/arm/Microsoft.Web/staticSites/.parameters/min.parameters.json b/arm/Microsoft.Web/staticSites/.parameters/min.parameters.json index 1db7fc3a37..3284b01440 100644 --- a/arm/Microsoft.Web/staticSites/.parameters/min.parameters.json +++ b/arm/Microsoft.Web/staticSites/.parameters/min.parameters.json @@ -4,6 +4,9 @@ "parameters": { "name": { "value": "<>-az-wss-x-001" + }, + "sku": { + "value": "Standard" } } } diff --git a/arm/Microsoft.Web/staticSites/deploy.bicep b/arm/Microsoft.Web/staticSites/deploy.bicep index fdf1e3f99b..2238d89012 100644 --- a/arm/Microsoft.Web/staticSites/deploy.bicep +++ b/arm/Microsoft.Web/staticSites/deploy.bicep @@ -82,7 +82,7 @@ var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'S var identity = identityType != 'None' ? { type: identityType userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null -} : null +} : {} module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { name: 'pid-${cuaId}' @@ -93,7 +93,7 @@ resource staticSite 'Microsoft.Web/staticSites@2021-03-01' = { name: name location: location tags: tags - //identity: identity + identity: identity sku: { name: sku tier: sku From 63bccb11013adb03c49c5ab87c7e260325e9767b Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 13:09:58 +0100 Subject: [PATCH 19/33] Test deployment with new names --- .../staticSites/.parameters/github.parameters.json | 2 +- .../staticSites/.parameters/min.parameters.json | 5 +---- arm/Microsoft.Web/staticSites/deploy.bicep | 2 +- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json b/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json index 006546a4b3..9b6dd42fa1 100644 --- a/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json +++ b/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json @@ -3,7 +3,7 @@ "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "<>-az-wss-x-001" + "value": "<>-az-wss-gh-001" }, "repositoryUrl": { "value": "https://github.com/MariusStorhaug/static-website" diff --git a/arm/Microsoft.Web/staticSites/.parameters/min.parameters.json b/arm/Microsoft.Web/staticSites/.parameters/min.parameters.json index 3284b01440..b5781f46f0 100644 --- a/arm/Microsoft.Web/staticSites/.parameters/min.parameters.json +++ b/arm/Microsoft.Web/staticSites/.parameters/min.parameters.json @@ -3,10 +3,7 @@ "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "<>-az-wss-x-001" - }, - "sku": { - "value": "Standard" + "value": "<>-az-wss-min-001" } } } diff --git a/arm/Microsoft.Web/staticSites/deploy.bicep b/arm/Microsoft.Web/staticSites/deploy.bicep index 2238d89012..03ff5d5251 100644 --- a/arm/Microsoft.Web/staticSites/deploy.bicep +++ b/arm/Microsoft.Web/staticSites/deploy.bicep @@ -82,7 +82,7 @@ var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'S var identity = identityType != 'None' ? { type: identityType userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null -} : {} +} : null module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { name: 'pid-${cuaId}' From 48a53a7e7917f93dfeb3d393e2688234ce44c16d Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 13:43:41 +0100 Subject: [PATCH 20/33] added doc for object params --- arm/Microsoft.Web/staticSites/readme.md | 34 +++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/arm/Microsoft.Web/staticSites/readme.md b/arm/Microsoft.Web/staticSites/readme.md index 3e924f726d..c525302724 100644 --- a/arm/Microsoft.Web/staticSites/readme.md +++ b/arm/Microsoft.Web/staticSites/readme.md @@ -37,6 +37,40 @@ This module deploys Web StaticSites. | `templateProperties` | object | `{object}` | | Optional. Template Options for the static site. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | +### Parameter Usage: `buildProperties` + +[StaticSiteBuildProperties - Microsoft.Web/staticSites 2021-03-01 - Bicep & ARM template reference | Microsoft Docs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-03-01/staticSites?tabs=bicep#staticsitebuildproperties) + +```bicep + buildProperties: { + apiBuildCommand: 'string' + apiLocation: 'string' + appArtifactLocation: 'string' + appBuildCommand: 'string' + appLocation: 'string' + githubActionSecretNameOverride: 'string' + outputLocation: 'string' + skipGithubActionWorkflowGeneration: bool + } +``` + +### Parameter Usage: `templateProperties` + +[StaticSiteTemplateOptions - Microsoft.Web/staticSites 2021-03-01 - Bicep & ARM template reference | Microsoft Docs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-03-01/staticSites?tabs=bicep#staticsitetemplateoptions) + +```bicep + buildProperties: { + apiBuildCommand: 'string' + apiLocation: 'string' + appArtifactLocation: 'string' + appBuildCommand: 'string' + appLocation: 'string' + githubActionSecretNameOverride: 'string' + outputLocation: 'string' + skipGithubActionWorkflowGeneration: bool + } +``` + ### Parameter Usage: `privateEndpoints` To use Private Endpoint the following dependencies must be deployed: From 340512151c8a5f41d081fffaefe67c0f237e9412 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 13:48:49 +0100 Subject: [PATCH 21/33] added pipeline file --- .../modulePipelines/ms.web.staticsites.yml | 52 +++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 .azuredevops/modulePipelines/ms.web.staticsites.yml diff --git a/.azuredevops/modulePipelines/ms.web.staticsites.yml b/.azuredevops/modulePipelines/ms.web.staticsites.yml new file mode 100644 index 0000000000..05b230e943 --- /dev/null +++ b/.azuredevops/modulePipelines/ms.web.staticsites.yml @@ -0,0 +1,52 @@ +name: 'Web - StaticSites' + +parameters: + - name: removeDeployment + displayName: Remove deployed module + type: boolean + default: true + - name: prerelease + displayName: Publish prerelease module + type: boolean + default: false + +trigger: + batch: true + branches: + include: + - main + paths: + include: + - '/.azuredevops/modulePipelines/ms.web.staticsites.yml' + - '/.azuredevops/pipelineTemplates/module.*.yml' + - '/arm/Microsoft.Web/staticSites/*' + exclude: + - '/**/*.md' + +variables: + - template: '/.azuredevops/pipelineVariables/global.variables.yml' + - group: 'PLATFORM_VARIABLES' + - name: modulePath + value: '/arm/Microsoft.Web/staticSites' + +stages: + - stage: Validation + displayName: Pester tests + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModulePester.yml + + - stage: Deployment + displayName: Deployment tests + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + removeDeployment: '${{ parameters.removeDeployment }}' + deploymentBlocks: + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/github.parameters.json + + - stage: Publishing + displayName: Publish module + condition: and(succeeded(), or(eq(variables['Build.SourceBranch'], 'refs/heads/main'), eq(variables['Build.SourceBranch'], 'refs/heads/master'), eq('${{ parameters.prerelease }}', 'true'))) + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.publishModule.yml From 564d011d19751e548451938377391688194b710f Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 13:49:00 +0100 Subject: [PATCH 22/33] cleanup workflow file --- .github/workflows/ms.web.staticsites.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ms.web.staticsites.yml b/.github/workflows/ms.web.staticsites.yml index 113d26fd18..48747b8768 100644 --- a/.github/workflows/ms.web.staticsites.yml +++ b/.github/workflows/ms.web.staticsites.yml @@ -7,15 +7,15 @@ on: type: boolean description: 'Remove deployed module' required: false - default: false + default: true prerelease: type: boolean description: 'Publish prerelease module' required: false default: true push: - # branches: - # - main + branches: + - main paths: - '.github/actions/templates/**' - '.github/workflows/ms.web.staticsites.yml' From 475728cc5cf7cda83bba1f0ae59e99287d918ea4 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 13:59:32 +0100 Subject: [PATCH 23/33] test with endpoint --- .github/workflows/ms.web.staticsites.yml | 4 ++-- .../.parameters/github.parameters.json | 24 +++++++------------ 2 files changed, 10 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ms.web.staticsites.yml b/.github/workflows/ms.web.staticsites.yml index 48747b8768..0f9ad0e20f 100644 --- a/.github/workflows/ms.web.staticsites.yml +++ b/.github/workflows/ms.web.staticsites.yml @@ -14,8 +14,8 @@ on: required: false default: true push: - branches: - - main + # branches: + # - main paths: - '.github/actions/templates/**' - '.github/workflows/ms.web.staticsites.yml' diff --git a/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json b/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json index 9b6dd42fa1..3fc5993057 100644 --- a/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json +++ b/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json @@ -63,22 +63,14 @@ ] } ] + }, + "privateEndpoints": { + "value": [ + { + "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", + "service": "staticSites" + } + ] } - // , - // "diagnosticLogsRetentionInDays": { - // "value": 7 - // }, - // "diagnosticStorageAccountId": { - // "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - // }, - // "diagnosticWorkspaceId": { - // "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - // }, - // "diagnosticEventHubAuthorizationRuleId": { - // "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - // }, - // "diagnosticEventHubName": { - // "value": "adp-<>-az-evh-x-001" - // } } } From fb18901e4a893f94e50f5129b57739fa03ac44ec Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 14:15:41 +0100 Subject: [PATCH 24/33] test deployment --- .github/workflows/ms.web.staticsites.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ms.web.staticsites.yml b/.github/workflows/ms.web.staticsites.yml index 0f9ad0e20f..113d26fd18 100644 --- a/.github/workflows/ms.web.staticsites.yml +++ b/.github/workflows/ms.web.staticsites.yml @@ -7,7 +7,7 @@ on: type: boolean description: 'Remove deployed module' required: false - default: true + default: false prerelease: type: boolean description: 'Publish prerelease module' From 75c0777d37d654b11f6ea7450f5d264c9db5d304 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 14:26:29 +0100 Subject: [PATCH 25/33] fix rbac list --- .../staticSites/.bicep/nested_rbac.bicep | 28 +++++++++---------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/arm/Microsoft.Web/staticSites/.bicep/nested_rbac.bicep b/arm/Microsoft.Web/staticSites/.bicep/nested_rbac.bicep index 4bc032e557..46877c811c 100644 --- a/arm/Microsoft.Web/staticSites/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Web/staticSites/.bicep/nested_rbac.bicep @@ -3,21 +3,19 @@ param roleDefinitionIdOrName string param resourceId string var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Logic App Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '87a39d53-fc1b-424a-814c-f7e04687dc9e') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') - 'Website Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'de139f84-1756-47ae-9be6-808fbbe84772') + 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','8e3af657-a8ff-443c-a75c-2fe8c4bcb635') + 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','b24988ac-6180-42a0-ab88-20f7382dd24c') + 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','acdd72a7-3385-48ef-bd42-f606fba81ae7') + 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','92aaf0da-9dab-42b6-94a3-d43ce8d16293') + 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','73c42c96-874c-492b-b04d-ab87d138a893') + 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','641177b8-a67a-45b9-a033-47bc880bb21e') + 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','c7393b34-138c-406f-901b-d8cf2b17e6ae') + 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','b9331d33-8a36-4f8c-b097-4f54124fdb44') + 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','749f88d5-cbae-40b8-bcfc-e573ddc772fa') + 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','3913510d-42f4-4e42-8a64-420c390055eb') + 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','43d0d8ad-25c7-4714-9337-8ba259a9fe05') + 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','36243c78-bf99-498c-9df9-86d9f8d28608') + 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') } resource app 'Microsoft.Web/staticSites@2021-02-01' existing = { From 3df9ab498cce9b6d883f9a64be3bf5ab6b967f3a Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 20:06:48 +0100 Subject: [PATCH 26/33] Update arm/Microsoft.Web/staticSites/.bicep/nested_rbac.bicep Co-authored-by: Alexander Sehr --- arm/Microsoft.Web/staticSites/.bicep/nested_rbac.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Web/staticSites/.bicep/nested_rbac.bicep b/arm/Microsoft.Web/staticSites/.bicep/nested_rbac.bicep index 46877c811c..e924bff33a 100644 --- a/arm/Microsoft.Web/staticSites/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Web/staticSites/.bicep/nested_rbac.bicep @@ -18,7 +18,7 @@ var builtInRoleNames = { 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') } -resource app 'Microsoft.Web/staticSites@2021-02-01' existing = { +resource staticSite 'Microsoft.Web/staticSites@2021-02-01' existing = { name: last(split(resourceId, '/')) } From b2f58361d043b9d414b04a44d5f48f9494e24d24 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 20:06:55 +0100 Subject: [PATCH 27/33] Update arm/Microsoft.Web/staticSites/.bicep/nested_rbac.bicep Co-authored-by: Alexander Sehr --- arm/Microsoft.Web/staticSites/.bicep/nested_rbac.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Web/staticSites/.bicep/nested_rbac.bicep b/arm/Microsoft.Web/staticSites/.bicep/nested_rbac.bicep index e924bff33a..faf5d86a2c 100644 --- a/arm/Microsoft.Web/staticSites/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Web/staticSites/.bicep/nested_rbac.bicep @@ -28,5 +28,5 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId } - scope: app + scope: staticSite }] From 4cf1d34726da92679098bd2a9f189b7a2a2df825 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 20:12:05 +0100 Subject: [PATCH 28/33] Remove TODO marks --- arm/Microsoft.Web/staticSites/readme.md | 1 - 1 file changed, 1 deletion(-) diff --git a/arm/Microsoft.Web/staticSites/readme.md b/arm/Microsoft.Web/staticSites/readme.md index c525302724..1a00541c38 100644 --- a/arm/Microsoft.Web/staticSites/readme.md +++ b/arm/Microsoft.Web/staticSites/readme.md @@ -1,7 +1,6 @@ # Web StaticSites `[Microsoft.Web/staticSites]` This module deploys Web StaticSites. -// TODO: Replace Resource and fill in description ## Resource Types From e52850e350ef762ad10f2161ab3819b47db8472f Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 20:31:55 +0100 Subject: [PATCH 29/33] add tests for ado and full but empty scenario --- .../modulePipelines/ms.web.staticsites.yml | 2 + .github/workflows/ms.web.staticsites.yml | 2 + .../.parameters/azuredevops.parameters.json | 76 +++++++++++++++++++ .../staticSites/.parameters/parameters.json | 50 ++++++++++++ 4 files changed, 130 insertions(+) create mode 100644 arm/Microsoft.Web/staticSites/.parameters/azuredevops.parameters.json create mode 100644 arm/Microsoft.Web/staticSites/.parameters/parameters.json diff --git a/.azuredevops/modulePipelines/ms.web.staticsites.yml b/.azuredevops/modulePipelines/ms.web.staticsites.yml index 05b230e943..b4ed210b37 100644 --- a/.azuredevops/modulePipelines/ms.web.staticsites.yml +++ b/.azuredevops/modulePipelines/ms.web.staticsites.yml @@ -43,6 +43,8 @@ stages: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.parameters/azuredevops.parameters.json - path: $(modulePath)/.parameters/github.parameters.json - stage: Publishing diff --git a/.github/workflows/ms.web.staticsites.yml b/.github/workflows/ms.web.staticsites.yml index 113d26fd18..2b3e27590a 100644 --- a/.github/workflows/ms.web.staticsites.yml +++ b/.github/workflows/ms.web.staticsites.yml @@ -83,7 +83,9 @@ jobs: matrix: parameterFilePaths: [ + 'parameters.json', 'min.parameters.json', + 'azuredevops.parameters.json', 'github.parameters.json' ] steps: diff --git a/arm/Microsoft.Web/staticSites/.parameters/azuredevops.parameters.json b/arm/Microsoft.Web/staticSites/.parameters/azuredevops.parameters.json new file mode 100644 index 0000000000..1e5f56e8e0 --- /dev/null +++ b/arm/Microsoft.Web/staticSites/.parameters/azuredevops.parameters.json @@ -0,0 +1,76 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "<>-az-wss-gh-001" + }, + "repositoryUrl": { + "value": "https://dev.azure.com/MariusStorhaug/static-website" + }, + "branch": { + "value": "main" + }, + "repositoryToken": { + "reference": { + "keyVault": { + "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001" + }, + "secretName": "GitHubPAT" + } + }, + "buildProperties": { + "value": { + "appLocation": "/", + "apiLocation": "", + "appArtifactLocation": "src", + "appSettings": { + "MY_APP_SETTING1": "value 1", + "MY_APP_SETTING2": "value 2", + "MY_APP_SETTING3": "value 3" + } + } + }, + "sku": { + "value": "Standard" + }, + "stagingEnvironmentPolicy": { + "value": "Enabled" + }, + "allowConfigFileUpdates": { + "value": true + }, + "provider": { + "value": "DevOps" + }, + "enterpriseGradeCdnStatus": { + "value": "Disabled" + }, + "systemAssignedIdentity": { + "value": true + }, + "userAssignedIdentities": { + "value": { + "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} + } + }, + "roleAssignments": { + "value": [ + { + "roleDefinitionIdOrName": "Reader", + "principalIds": [ + "<>" + ] + } + ] + }, + "privateEndpoints": { + "value": [ + { + "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", + "service": "staticSites" + } + ] + } + } +} diff --git a/arm/Microsoft.Web/staticSites/.parameters/parameters.json b/arm/Microsoft.Web/staticSites/.parameters/parameters.json new file mode 100644 index 0000000000..11a90b25f4 --- /dev/null +++ b/arm/Microsoft.Web/staticSites/.parameters/parameters.json @@ -0,0 +1,50 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "<>-az-wss-x-001" + }, + "sku": { + "value": "Standard" + }, + "stagingEnvironmentPolicy": { + "value": "Enabled" + }, + "allowConfigFileUpdates": { + "value": true + }, + "provider": { + "value": "Other" + }, + "enterpriseGradeCdnStatus": { + "value": "Disabled" + }, + "systemAssignedIdentity": { + "value": true + }, + "userAssignedIdentities": { + "value": { + "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} + } + }, + "roleAssignments": { + "value": [ + { + "roleDefinitionIdOrName": "Reader", + "principalIds": [ + "<>" + ] + } + ] + }, + "privateEndpoints": { + "value": [ + { + "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", + "service": "staticSites" + } + ] + } + } +} From dab113987c30d8aa6ba0ff97020856ff3e624ae3 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 20:37:05 +0100 Subject: [PATCH 30/33] fix reference in rbac after symb name change --- arm/Microsoft.Web/staticSites/.bicep/nested_rbac.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Web/staticSites/.bicep/nested_rbac.bicep b/arm/Microsoft.Web/staticSites/.bicep/nested_rbac.bicep index faf5d86a2c..e836ef8554 100644 --- a/arm/Microsoft.Web/staticSites/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Web/staticSites/.bicep/nested_rbac.bicep @@ -23,7 +23,7 @@ resource staticSite 'Microsoft.Web/staticSites@2021-02-01' existing = { } resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { - name: guid(app.name, principalId, roleDefinitionIdOrName) + name: guid(staticSite.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId From d59b89ab07707f166d4ca61a735bfca111d39931 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 20:54:13 +0100 Subject: [PATCH 31/33] Fix test params --- .../staticSites/.parameters/azuredevops.parameters.json | 2 +- .../staticSites/.parameters/github.parameters.json | 2 +- arm/Microsoft.Web/staticSites/.parameters/parameters.json | 3 --- 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/arm/Microsoft.Web/staticSites/.parameters/azuredevops.parameters.json b/arm/Microsoft.Web/staticSites/.parameters/azuredevops.parameters.json index 1e5f56e8e0..a4abdd3340 100644 --- a/arm/Microsoft.Web/staticSites/.parameters/azuredevops.parameters.json +++ b/arm/Microsoft.Web/staticSites/.parameters/azuredevops.parameters.json @@ -16,7 +16,7 @@ "keyVault": { "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001" }, - "secretName": "GitHubPAT" + "secretName": "AzureDevOpsPAT" } }, "buildProperties": { diff --git a/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json b/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json index 3fc5993057..bcd0eac505 100644 --- a/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json +++ b/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json @@ -16,7 +16,7 @@ "keyVault": { "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001" }, - "secretName": "repoPAT" + "secretName": "GitHubPAT" } }, "buildProperties": { diff --git a/arm/Microsoft.Web/staticSites/.parameters/parameters.json b/arm/Microsoft.Web/staticSites/.parameters/parameters.json index 11a90b25f4..46d43ca75f 100644 --- a/arm/Microsoft.Web/staticSites/.parameters/parameters.json +++ b/arm/Microsoft.Web/staticSites/.parameters/parameters.json @@ -14,9 +14,6 @@ "allowConfigFileUpdates": { "value": true }, - "provider": { - "value": "Other" - }, "enterpriseGradeCdnStatus": { "value": "Disabled" }, From 7c6e6787955c53999cf8c1613c503c7a0144adec Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 21:27:56 +0100 Subject: [PATCH 32/33] Clean up testcases to maintainable scenarios --- .../modulePipelines/ms.web.staticsites.yml | 2 - .github/workflows/ms.web.staticsites.yml | 4 +- .../.parameters/azuredevops.parameters.json | 76 ------------------- .../.parameters/github.parameters.json | 76 ------------------- 4 files changed, 1 insertion(+), 157 deletions(-) delete mode 100644 arm/Microsoft.Web/staticSites/.parameters/azuredevops.parameters.json delete mode 100644 arm/Microsoft.Web/staticSites/.parameters/github.parameters.json diff --git a/.azuredevops/modulePipelines/ms.web.staticsites.yml b/.azuredevops/modulePipelines/ms.web.staticsites.yml index b4ed210b37..ce57e715f4 100644 --- a/.azuredevops/modulePipelines/ms.web.staticsites.yml +++ b/.azuredevops/modulePipelines/ms.web.staticsites.yml @@ -44,8 +44,6 @@ stages: deploymentBlocks: - path: $(modulePath)/.parameters/min.parameters.json - path: $(modulePath)/.parameters/parameters.json - - path: $(modulePath)/.parameters/azuredevops.parameters.json - - path: $(modulePath)/.parameters/github.parameters.json - stage: Publishing displayName: Publish module diff --git a/.github/workflows/ms.web.staticsites.yml b/.github/workflows/ms.web.staticsites.yml index 2b3e27590a..3c6aa4fd46 100644 --- a/.github/workflows/ms.web.staticsites.yml +++ b/.github/workflows/ms.web.staticsites.yml @@ -83,10 +83,8 @@ jobs: matrix: parameterFilePaths: [ - 'parameters.json', 'min.parameters.json', - 'azuredevops.parameters.json', - 'github.parameters.json' + 'parameters.json' ] steps: - name: 'Checkout' diff --git a/arm/Microsoft.Web/staticSites/.parameters/azuredevops.parameters.json b/arm/Microsoft.Web/staticSites/.parameters/azuredevops.parameters.json deleted file mode 100644 index a4abdd3340..0000000000 --- a/arm/Microsoft.Web/staticSites/.parameters/azuredevops.parameters.json +++ /dev/null @@ -1,76 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-wss-gh-001" - }, - "repositoryUrl": { - "value": "https://dev.azure.com/MariusStorhaug/static-website" - }, - "branch": { - "value": "main" - }, - "repositoryToken": { - "reference": { - "keyVault": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001" - }, - "secretName": "AzureDevOpsPAT" - } - }, - "buildProperties": { - "value": { - "appLocation": "/", - "apiLocation": "", - "appArtifactLocation": "src", - "appSettings": { - "MY_APP_SETTING1": "value 1", - "MY_APP_SETTING2": "value 2", - "MY_APP_SETTING3": "value 3" - } - } - }, - "sku": { - "value": "Standard" - }, - "stagingEnvironmentPolicy": { - "value": "Enabled" - }, - "allowConfigFileUpdates": { - "value": true - }, - "provider": { - "value": "DevOps" - }, - "enterpriseGradeCdnStatus": { - "value": "Disabled" - }, - "systemAssignedIdentity": { - "value": true - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "staticSites" - } - ] - } - } -} diff --git a/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json b/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json deleted file mode 100644 index bcd0eac505..0000000000 --- a/arm/Microsoft.Web/staticSites/.parameters/github.parameters.json +++ /dev/null @@ -1,76 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-wss-gh-001" - }, - "repositoryUrl": { - "value": "https://github.com/MariusStorhaug/static-website" - }, - "branch": { - "value": "main" - }, - "repositoryToken": { - "reference": { - "keyVault": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001" - }, - "secretName": "GitHubPAT" - } - }, - "buildProperties": { - "value": { - "appLocation": "/", - "apiLocation": "", - "appArtifactLocation": "src", - "appSettings": { - "MY_APP_SETTING1": "value 1", - "MY_APP_SETTING2": "value 2", - "MY_APP_SETTING3": "value 3" - } - } - }, - "sku": { - "value": "Standard" - }, - "stagingEnvironmentPolicy": { - "value": "Enabled" - }, - "allowConfigFileUpdates": { - "value": true - }, - "provider": { - "value": "GitHub" - }, - "enterpriseGradeCdnStatus": { - "value": "Disabled" - }, - "systemAssignedIdentity": { - "value": true - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "staticSites" - } - ] - } - } -} From 7bebadc2a4269ed88ff940c61f15c91944843e90 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 21:44:43 +0100 Subject: [PATCH 33/33] reset workflow file --- .github/workflows/ms.web.staticsites.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ms.web.staticsites.yml b/.github/workflows/ms.web.staticsites.yml index 3c6aa4fd46..2d35caab4b 100644 --- a/.github/workflows/ms.web.staticsites.yml +++ b/.github/workflows/ms.web.staticsites.yml @@ -7,15 +7,15 @@ on: type: boolean description: 'Remove deployed module' required: false - default: false + default: true prerelease: type: boolean description: 'Publish prerelease module' required: false - default: true + default: false push: - # branches: - # - main + branches: + - main paths: - '.github/actions/templates/**' - '.github/workflows/ms.web.staticsites.yml'