From d928be7bb98f307ee767224bee7e7b851bdc86cc Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 12:17:22 +0200 Subject: [PATCH 01/52] solutions module --- .github/workflows/platform.dependencies.yml | 2 +- .../solutions/.parameters/parameters.json | 12 ++ .../solutions/deploy.bicep | 118 ++++++++++++++++++ .../solutions/readme.md | 0 .../solutions/version.json | 4 + .../workspaces/parameters/sol.parameters.json | 9 ++ 6 files changed, 144 insertions(+), 1 deletion(-) create mode 100644 arm/Microsoft.OperationsManagement/solutions/.parameters/parameters.json create mode 100644 arm/Microsoft.OperationsManagement/solutions/deploy.bicep create mode 100644 arm/Microsoft.OperationsManagement/solutions/readme.md create mode 100644 arm/Microsoft.OperationsManagement/solutions/version.json create mode 100644 utilities/pipelines/dependencies/Microsoft.OperationalInsights/workspaces/parameters/sol.parameters.json diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index 15a77c9477..400fc2281e 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -254,7 +254,7 @@ jobs: fail-fast: false matrix: parameterFilePaths: - ['appi.parameters.json', 'aut.parameters.json', 'parameters.json'] + ['appi.parameters.json', 'aut.parameters.json', 'sol.parameters.json', 'parameters.json'] steps: - name: 'Checkout' uses: actions/checkout@v2 diff --git a/arm/Microsoft.OperationsManagement/solutions/.parameters/parameters.json b/arm/Microsoft.OperationsManagement/solutions/.parameters/parameters.json new file mode 100644 index 0000000000..6844bb4688 --- /dev/null +++ b/arm/Microsoft.OperationsManagement/solutions/.parameters/parameters.json @@ -0,0 +1,12 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "Updates" + }, + "logAnalyticsWorkspaceName": { + "value": "adp-<>-az-law-sol-001" + } + } +} diff --git a/arm/Microsoft.OperationsManagement/solutions/deploy.bicep b/arm/Microsoft.OperationsManagement/solutions/deploy.bicep new file mode 100644 index 0000000000..70ff1d4a11 --- /dev/null +++ b/arm/Microsoft.OperationsManagement/solutions/deploy.bicep @@ -0,0 +1,118 @@ +@description('Required. Name of the solution.') +param name string + +@description('Required. Name of the Log Analytics workspace where the solution will be deployed/enabled.') +param logAnalyticsWorkspaceName string + +@description('Optional. Location for all resources.') +param location string = resourceGroup().location + +@description('Optional. The product of the deployed solution. For Microsoft published gallery solution it should be OMSGallery. This is case sensitive.') +param product string = 'OMSGallery' + +@description('Optional. The publisher name of the deployed solution. For gallery solution, it is Microsoft.') +param publisher string = 'Microsoft' + +@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2020-08-01' existing = { + name: logAnalyticsWorkspaceName +} + +var solutionName = '${name}(${logAnalyticsWorkspace.name})' + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +resource solution 'Microsoft.OperationsManagement/solutions@2015-11-01-preview' = { + name: solutionName + location: location + properties: { + workspaceResourceId: logAnalyticsWorkspace.id + } + plan: { + name: solutionName + promotionCode: '' + product: '${product}/${name}' + publisher: publisher + } +} + +@description('The name of the deployed solution.') +output name string = solution.name + +@description('The resource ID of the deployed solution.') +output resourceId string = solution.id + +@description('The resource group where the solution is deployed.') +output resourceGroupName string = resourceGroup().name + +@description('The location the resource was deployed into.') +output location string = logAnalyticsWorkspace.location + +// resource symbolicname 'Microsoft.OperationsManagement/solutions@2015-11-01-preview' = { +// name: 'string' +// location: 'string' +// tags: { +// tagName1: 'tagValue1' +// tagName2: 'tagValue2' +// } +// plan: { +// name: 'string' +// product: 'string' +// promotionCode: 'string' +// publisher: 'string' +// } +// properties: { +// containedResources: [ +// 'string' +// ] +// referencedResources: [ +// 'string' +// ] +// workspaceResourceId: 'string' +// } +// } + +// param gallerySolution string +// param logAnalyticsWorkspaceName string +// param location string +// param product string = 'OMSGallery' +// param publisher string = 'Microsoft' + +// resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2020-08-01' existing = { +// name: logAnalyticsWorkspaceName +// } + +// resource solution 'Microsoft.OperationsManagement/solutions@2015-11-01-preview' = { +// name: '${gallerySolution}(${logAnalyticsWorkspace.name})' +// location: location +// properties: { +// workspaceResourceId: logAnalyticsWorkspace.id +// } +// plan: { +// name: '${gallerySolution}(${logAnalyticsWorkspace.name})' +// product: '${product}/${gallerySolution}' +// promotionCode: '' +// publisher: publisher +// } +// } + +// @description('The resource ID of the deployed solution') +// output resourceId string = solution.id + +// @description('The resource group where the solution will be deployed') +// output resourceGroupName string = resourceGroup().name + +// @description('The name of the deployed solution') +// output name string = solution.name diff --git a/arm/Microsoft.OperationsManagement/solutions/readme.md b/arm/Microsoft.OperationsManagement/solutions/readme.md new file mode 100644 index 0000000000..e69de29bb2 diff --git a/arm/Microsoft.OperationsManagement/solutions/version.json b/arm/Microsoft.OperationsManagement/solutions/version.json new file mode 100644 index 0000000000..41f66cc990 --- /dev/null +++ b/arm/Microsoft.OperationsManagement/solutions/version.json @@ -0,0 +1,4 @@ +{ + "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", + "version": "0.1" +} diff --git a/utilities/pipelines/dependencies/Microsoft.OperationalInsights/workspaces/parameters/sol.parameters.json b/utilities/pipelines/dependencies/Microsoft.OperationalInsights/workspaces/parameters/sol.parameters.json new file mode 100644 index 0000000000..d8e7e24346 --- /dev/null +++ b/utilities/pipelines/dependencies/Microsoft.OperationalInsights/workspaces/parameters/sol.parameters.json @@ -0,0 +1,9 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "adp-<>-az-law-sol-001" + } + } +} From 1c96b3199aba050f785bb1a59d8ab4f275c8f5d3 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 12:22:37 +0200 Subject: [PATCH 02/52] rke settings --- global.variables.yml | 2 +- settings.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/global.variables.yml b/global.variables.yml index 7fed8d13f9..2897f2078e 100644 --- a/global.variables.yml +++ b/global.variables.yml @@ -24,7 +24,7 @@ variables: ###################################### bicepRegistryDoPublish: true # Set to true, if you would like to publish module templates to a bicep registry - bicepRegistryName: adpsxxazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. + bicepRegistryName: adprkeazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. bicepRegistryRGName: 'artifacts-rg' # The resource group that hosts the private bicep registry (ACR) bicepRegistryRgLocation: 'West Europe' # The location of the resource group to publish to diff --git a/settings.json b/settings.json index 9198a0f7d0..6146e07c81 100644 --- a/settings.json +++ b/settings.json @@ -5,7 +5,7 @@ "localTokens": [ { "name": "namePrefix", - "value": "carml", + "value": "rke", "metadata": { "description": "A 3-5 character length string, included in the resources names" } From 40289a338cf11fd8bbad07fde958216e395f2ed7 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 12:29:57 +0200 Subject: [PATCH 03/52] workflow --- .../ms.operationsmanagement.solutions.yml | 142 ++++++++++++++++++ 1 file changed, 142 insertions(+) create mode 100644 .github/workflows/ms.operationsmanagement.solutions.yml diff --git a/.github/workflows/ms.operationsmanagement.solutions.yml b/.github/workflows/ms.operationsmanagement.solutions.yml new file mode 100644 index 0000000000..db74fec086 --- /dev/null +++ b/.github/workflows/ms.operationsmanagement.solutions.yml @@ -0,0 +1,142 @@ +name: 'OperationsManagement: Solutions' + +on: + workflow_dispatch: + inputs: + removeDeployment: + type: boolean + description: 'Remove deployed module' + required: false + default: true + prerelease: + type: boolean + description: 'Publish prerelease module' + required: false + default: false + push: + branches: + - main + paths: + - '.github/actions/templates/**' + - '.github/workflows/ms.operationsmanagement.solutions.yml' + - 'arm/Microsoft.OperationsManagement/solutions/**' + - 'arm/.global/global.module.tests.ps1' + - '!*/**/readme.md' + - 'utilities/pipelines/**' + - '!utilities/pipelines/dependencies/**' + +env: + variablesPath: 'global.variables.yml' + modulePath: 'arm/Microsoft.OperationsManagement/solutions' + workflowPath: '.github/workflows/ms.operationsmanagement.solutions.yml' + AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} + ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + ARM_MGMTGROUP_ID: '${{ secrets.ARM_MGMTGROUP_ID }}' + ARM_TENANT_ID: '${{ secrets.ARM_TENANT_ID }}' + DEPLOYMENT_SP_ID: '${{ secrets.DEPLOYMENT_SP_ID }}' + +jobs: + ########################### + # Initialize pipeline # + ########################### + job_initialize_pipeline: + runs-on: ubuntu-20.04 + name: 'Initialize pipeline' + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Set input parameters to output variables' + id: get-workflow-param + uses: ./.github/actions/templates/getWorkflowInput + with: + workflowPath: '${{ env.workflowPath}}' + - name: 'Get parameter file paths' + id: get-parameter-file-paths + uses: ./.github/actions/templates/getParameterFiles + with: + modulePath: '${{ env.modulePath }}' + outputs: + removeDeployment: ${{ steps.get-workflow-param.outputs.removeDeployment }} + parameterFilePaths: ${{ steps.get-parameter-file-paths.outputs.parameterFilePaths }} + + ######################### + # Static validation # + ######################### + job_module_pester_validation: + runs-on: ubuntu-20.04 + name: 'Static validation' + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Run tests' + uses: ./.github/actions/templates/validateModulePester + with: + modulePath: '${{ env.modulePath }}' + + ############################# + # Deployment validation # + ############################# + job_module_deploy_validation: + runs-on: ubuntu-20.04 + name: 'Deployment validation' + needs: + - job_initialize_pipeline + - job_module_pester_validation + strategy: + fail-fast: false + matrix: + parameterFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.parameterFilePaths) }} + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Using parameter file [${{ matrix.parameterFilePaths }}]' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: '${{ env.modulePath }}/deploy.bicep' + parameterFilePath: '${{ env.modulePath }}/${{ matrix.parameterFilePaths }}' + location: '${{ env.location }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' + + ################## + # Publishing # + ################## + job_publish_module: + name: 'Publishing' + if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' + runs-on: ubuntu-20.04 + needs: + - job_module_deploy_validation + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Publishing' + uses: ./.github/actions/templates/publishModule + with: + templateFilePath: '${{ env.modulePath }}/deploy.bicep' + templateSpecsRGName: '${{ env.templateSpecsRGName }}' + templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + templateSpecsDescription: '${{ env.templateSpecsDescription }}' + templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + bicepRegistryName: '${{ env.bicepRegistryName }}' + bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' From 89768907b496711b62b1bfd30543ba424a2108e3 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 12:41:21 +0200 Subject: [PATCH 04/52] skip validation --- .github/workflows/ms.operationsmanagement.solutions.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ms.operationsmanagement.solutions.yml b/.github/workflows/ms.operationsmanagement.solutions.yml index db74fec086..be58dc9621 100644 --- a/.github/workflows/ms.operationsmanagement.solutions.yml +++ b/.github/workflows/ms.operationsmanagement.solutions.yml @@ -72,10 +72,10 @@ jobs: uses: actions/checkout@v2 with: fetch-depth: 0 - - name: 'Run tests' - uses: ./.github/actions/templates/validateModulePester - with: - modulePath: '${{ env.modulePath }}' + # - name: 'Run tests' + # uses: ./.github/actions/templates/validateModulePester + # with: + # modulePath: '${{ env.modulePath }}' ############################# # Deployment validation # From df46d20d3955a8e8fa3dc9e6b469e79823475e0c Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 13:10:12 +0200 Subject: [PATCH 05/52] law and automation account --- arm/Microsoft.Automation/automationAccounts/deploy.bicep | 5 ++++- .../workspaces/deploy.bicep | 9 +++++---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/arm/Microsoft.Automation/automationAccounts/deploy.bicep b/arm/Microsoft.Automation/automationAccounts/deploy.bicep index 596bc84a0e..7304c079cf 100644 --- a/arm/Microsoft.Automation/automationAccounts/deploy.bicep +++ b/arm/Microsoft.Automation/automationAccounts/deploy.bicep @@ -269,12 +269,15 @@ module automationAccount_linkedService '../../Microsoft.OperationalInsights/work scope: resourceGroup(!empty(linkedWorkspaceResourceId) ? split(linkedWorkspaceResourceId, '/')[2] : subscription().subscriptionId, !empty(linkedWorkspaceResourceId) ? split(linkedWorkspaceResourceId, '/')[4] : resourceGroup().name) } -module automationAccount_solutions '.bicep/nested_solution.bicep' = [for (gallerySolution, index) in gallerySolutions: if (!empty(linkedWorkspaceResourceId)) { +module automationAccount_solutions '../../Microsoft.OperationsManagement/solutions/deploy.bicep' = [for (gallerySolution, index) in gallerySolutions: if (!empty(linkedWorkspaceResourceId)) { name: '${uniqueString(deployment().name, location)}-AutoAccount-Solution-${index}' params: { name: gallerySolution location: location logAnalyticsWorkspaceName: last(split(linkedWorkspaceResourceId, '/')) + product: contains(gallerySolution, 'product') ? gallerySolution.product : 'OMSGallery' + publisher: contains(gallerySolution, 'publisher') ? gallerySolution.publisher : 'Microsoft' + enableDefaultTelemetry: enableDefaultTelemetry } // This is to support solution to law in different subscription and resource group than the automation account. // The current scope is used by default if no linked service is intended to be created. diff --git a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep index 1ee9049636..1a9e13b578 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep +++ b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep @@ -235,14 +235,15 @@ module logAnalyticsWorkspace_dataSources 'dataSources/deploy.bicep' = [for (data } }] -module logAnalyticsWorkspace_solutions '.bicep/nested_solutions.bicep' = [for (gallerySolution, index) in gallerySolutions: if (!empty(gallerySolutions)) { +module logAnalyticsWorkspace_solutions '../../Microsoft.OperationsManagement/solutions/deploy.bicep' = [for (gallerySolution, index) in gallerySolutions: if (!empty(gallerySolutions)) { name: '${uniqueString(deployment().name, location)}-LAW-Solution-${index}' params: { - gallerySolution: gallerySolution.name + name: gallerySolution.name location: location logAnalyticsWorkspaceName: logAnalyticsWorkspace.name - product: gallerySolution.product - publisher: gallerySolution.publisher + product: contains(gallerySolution, 'product') ? gallerySolution.product : 'OMSGallery' + publisher: contains(gallerySolution, 'publisher') ? gallerySolution.publisher : 'Microsoft' + enableDefaultTelemetry: enableDefaultTelemetry } }] From f4eb7128d686a349b39b5965ab22a7c1719cfc22 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 13:14:49 +0200 Subject: [PATCH 06/52] readme --- .../solutions/readme.md | 84 +++++++++++++++++++ 1 file changed, 84 insertions(+) diff --git a/arm/Microsoft.OperationsManagement/solutions/readme.md b/arm/Microsoft.OperationsManagement/solutions/readme.md index e69de29bb2..cf7afdaffc 100644 --- a/arm/Microsoft.OperationsManagement/solutions/readme.md +++ b/arm/Microsoft.OperationsManagement/solutions/readme.md @@ -0,0 +1,84 @@ +# OperationsManagement Solutions `[Microsoft.OperationsManagement/solutions]` + +This module deploys OperationsManagement Solutions. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Deployment examples](#Deployment-examples) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.OperationsManagement/solutions` | [2015-11-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationsManagement/2015-11-01-preview/solutions) | + +## Parameters + +**Required parameters** +| Parameter Name | Type | Description | +| :-- | :-- | :-- | +| `logAnalyticsWorkspaceName` | string | Name of the Log Analytics workspace where the solution will be deployed/enabled. | +| `name` | string | Name of the solution. | + +**Optional parameters** +| Parameter Name | Type | Default Value | Description | +| :-- | :-- | :-- | :-- | +| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| `location` | string | `[resourceGroup().location]` | Location for all resources. | +| `product` | string | `'OMSGallery'` | The product of the deployed solution. For Microsoft published gallery solution it should be OMSGallery. This is case sensitive. | +| `publisher` | string | `'Microsoft'` | The publisher name of the deployed solution. For gallery solution, it is Microsoft. | + + +## Outputs + +| Output Name | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed solution. | +| `resourceGroupName` | string | The resource group where the solution is deployed. | +| `resourceId` | string | The resource ID of the deployed solution. | + +## Deployment examples + +

Example 1

+ +
+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "Updates" + }, + "logAnalyticsWorkspaceName": { + "value": "adp-<>-az-law-sol-001" + } + } +} + +``` + +
+ +
+ +via Bicep module + +```bicep +module solutions './Microsoft.OperationsManagement/solutions/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-solutions' + params: { + name: 'Updates' + logAnalyticsWorkspaceName: 'adp-<>-az-law-sol-001' + } +``` + +
+

From 964358bf02070609547e7b3bdf9b7f1816f3e680 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 13:18:34 +0200 Subject: [PATCH 07/52] law and automation account skip pester --- .github/workflows/ms.automation.automationaccounts.yml | 8 ++++---- .github/workflows/ms.operationalinsights.workspaces.yml | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ms.automation.automationaccounts.yml b/.github/workflows/ms.automation.automationaccounts.yml index e2a3cc2bc9..b0736ff965 100644 --- a/.github/workflows/ms.automation.automationaccounts.yml +++ b/.github/workflows/ms.automation.automationaccounts.yml @@ -73,10 +73,10 @@ jobs: uses: actions/checkout@v2 with: fetch-depth: 0 - - name: 'Run tests' - uses: ./.github/actions/templates/validateModulePester - with: - modulePath: '${{ env.modulePath }}' + # - name: 'Run tests' + # uses: ./.github/actions/templates/validateModulePester + # with: + # modulePath: '${{ env.modulePath }}' ############################# # Deployment validation # diff --git a/.github/workflows/ms.operationalinsights.workspaces.yml b/.github/workflows/ms.operationalinsights.workspaces.yml index 9ddfc177f5..9d5f0a9814 100644 --- a/.github/workflows/ms.operationalinsights.workspaces.yml +++ b/.github/workflows/ms.operationalinsights.workspaces.yml @@ -72,10 +72,10 @@ jobs: uses: actions/checkout@v2 with: fetch-depth: 0 - - name: 'Run tests' - uses: ./.github/actions/templates/validateModulePester - with: - modulePath: '${{ env.modulePath }}' + # - name: 'Run tests' + # uses: ./.github/actions/templates/validateModulePester + # with: + # modulePath: '${{ env.modulePath }}' ############################# # Deployment validation # From d60d13de93c7a2a9783fb9a3e1f3e898f92f8ba6 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 13:21:58 +0200 Subject: [PATCH 08/52] ado --- .../ms.operationsmanagement.solutions.yml | 54 +++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 .azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml diff --git a/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml b/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml new file mode 100644 index 0000000000..2a57dac61d --- /dev/null +++ b/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml @@ -0,0 +1,54 @@ +name: 'OperationsManagement - Solutions' + +parameters: + - name: removeDeployment + displayName: Remove deployed module + type: boolean + default: true + - name: prerelease + displayName: Publish prerelease module + type: boolean + default: false + +pr: none + +trigger: + batch: true + branches: + include: + - main + paths: + include: + - '/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml' + - '/.azuredevops/pipelineTemplates/module.*.yml' + - '/arm/Microsoft.OperationsManagement/solutions/*' + - '/arm/.global/global.module.tests.ps1' + exclude: + - '/**/*.md' + +variables: + - template: '../../global.variables.yml' + - group: 'PLATFORM_VARIABLES' + - name: modulePath + value: '/arm/Microsoft.OperationsManagement/solutions' + +stages: + - stage: Validation + displayName: Static validation + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModulePester.yml + + - stage: Deployment + displayName: Deployment validation + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + removeDeployment: '${{ parameters.removeDeployment }}' + deploymentBlocks: + - path: $(modulePath)/.parameters/parameters.json + + - stage: Publishing + displayName: Publishing + condition: and(succeeded(), or(eq(variables['Build.SourceBranch'], 'refs/heads/main'), eq(variables['Build.SourceBranch'], 'refs/heads/master'), eq('${{ parameters.prerelease }}', 'true'))) + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.publishModule.yml From 307319078b253285f26387aa841aa9f1a89946b6 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 13:51:46 +0200 Subject: [PATCH 09/52] enable pester --- .github/workflows/ms.automation.automationaccounts.yml | 8 ++++---- .github/workflows/ms.operationalinsights.workspaces.yml | 8 ++++---- .github/workflows/ms.operationsmanagement.solutions.yml | 8 ++++---- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/ms.automation.automationaccounts.yml b/.github/workflows/ms.automation.automationaccounts.yml index b0736ff965..e2a3cc2bc9 100644 --- a/.github/workflows/ms.automation.automationaccounts.yml +++ b/.github/workflows/ms.automation.automationaccounts.yml @@ -73,10 +73,10 @@ jobs: uses: actions/checkout@v2 with: fetch-depth: 0 - # - name: 'Run tests' - # uses: ./.github/actions/templates/validateModulePester - # with: - # modulePath: '${{ env.modulePath }}' + - name: 'Run tests' + uses: ./.github/actions/templates/validateModulePester + with: + modulePath: '${{ env.modulePath }}' ############################# # Deployment validation # diff --git a/.github/workflows/ms.operationalinsights.workspaces.yml b/.github/workflows/ms.operationalinsights.workspaces.yml index 9d5f0a9814..9ddfc177f5 100644 --- a/.github/workflows/ms.operationalinsights.workspaces.yml +++ b/.github/workflows/ms.operationalinsights.workspaces.yml @@ -72,10 +72,10 @@ jobs: uses: actions/checkout@v2 with: fetch-depth: 0 - # - name: 'Run tests' - # uses: ./.github/actions/templates/validateModulePester - # with: - # modulePath: '${{ env.modulePath }}' + - name: 'Run tests' + uses: ./.github/actions/templates/validateModulePester + with: + modulePath: '${{ env.modulePath }}' ############################# # Deployment validation # diff --git a/.github/workflows/ms.operationsmanagement.solutions.yml b/.github/workflows/ms.operationsmanagement.solutions.yml index be58dc9621..db74fec086 100644 --- a/.github/workflows/ms.operationsmanagement.solutions.yml +++ b/.github/workflows/ms.operationsmanagement.solutions.yml @@ -72,10 +72,10 @@ jobs: uses: actions/checkout@v2 with: fetch-depth: 0 - # - name: 'Run tests' - # uses: ./.github/actions/templates/validateModulePester - # with: - # modulePath: '${{ env.modulePath }}' + - name: 'Run tests' + uses: ./.github/actions/templates/validateModulePester + with: + modulePath: '${{ env.modulePath }}' ############################# # Deployment validation # From b41c970268bde55d5d80cf9550f28d30434cc1fe Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 14:04:51 +0200 Subject: [PATCH 10/52] fix static val location --- .../.bicep/nested_solution.bicep | 43 -------------- .../workspaces/.bicep/nested_solutions.bicep | 32 ---------- .../solutions/.parameters/min.parameters.json | 12 ++++ .../solutions/.parameters/parameters.json | 8 ++- .../solutions/deploy.bicep | 59 +------------------ .../solutions/readme.md | 48 +++++++++++++++ 6 files changed, 68 insertions(+), 134 deletions(-) delete mode 100644 arm/Microsoft.Automation/automationAccounts/.bicep/nested_solution.bicep delete mode 100644 arm/Microsoft.OperationalInsights/workspaces/.bicep/nested_solutions.bicep create mode 100644 arm/Microsoft.OperationsManagement/solutions/.parameters/min.parameters.json diff --git a/arm/Microsoft.Automation/automationAccounts/.bicep/nested_solution.bicep b/arm/Microsoft.Automation/automationAccounts/.bicep/nested_solution.bicep deleted file mode 100644 index b6cbf586ea..0000000000 --- a/arm/Microsoft.Automation/automationAccounts/.bicep/nested_solution.bicep +++ /dev/null @@ -1,43 +0,0 @@ -@description('Required. Name of the solution') -param name string - -@description('Required. Name of the Log Analytics workspace') -param logAnalyticsWorkspaceName string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. The product of the deployed solution. For gallery solution, it is OMSGallery.') -param product string = 'OMSGallery' - -@description('Optional. The publisher name of the deployed solution. For gallery solution, it is Microsoft.') -param publisher string = 'Microsoft' - -resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2020-08-01' existing = { - name: logAnalyticsWorkspaceName -} - -var solutionName = '${name}(${logAnalyticsWorkspace.name})' - -resource solution 'Microsoft.OperationsManagement/solutions@2015-11-01-preview' = { - name: solutionName - location: location - properties: { - workspaceResourceId: logAnalyticsWorkspace.id - } - plan: { - name: solutionName - promotionCode: '' - product: '${product}/${name}' - publisher: publisher - } -} - -@description('The name of the deployed solution') -output name string = solution.name - -@description('The resource ID of the deployed solution') -output resourceId string = solution.id - -@description('The resource group where the solution is deployed') -output resourceGroupName string = resourceGroup().name diff --git a/arm/Microsoft.OperationalInsights/workspaces/.bicep/nested_solutions.bicep b/arm/Microsoft.OperationalInsights/workspaces/.bicep/nested_solutions.bicep deleted file mode 100644 index 341438497c..0000000000 --- a/arm/Microsoft.OperationalInsights/workspaces/.bicep/nested_solutions.bicep +++ /dev/null @@ -1,32 +0,0 @@ -param gallerySolution string -param logAnalyticsWorkspaceName string -param location string -param product string = 'OMSGallery' -param publisher string = 'Microsoft' - -resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2020-08-01' existing = { - name: logAnalyticsWorkspaceName -} - -resource solution 'Microsoft.OperationsManagement/solutions@2015-11-01-preview' = { - name: '${gallerySolution}(${logAnalyticsWorkspace.name})' - location: location - properties: { - workspaceResourceId: logAnalyticsWorkspace.id - } - plan: { - name: '${gallerySolution}(${logAnalyticsWorkspace.name})' - product: '${product}/${gallerySolution}' - promotionCode: '' - publisher: publisher - } -} - -@description('The resource ID of the deployed solution') -output resourceId string = solution.id - -@description('The resource group where the solution will be deployed') -output resourceGroupName string = resourceGroup().name - -@description('The name of the deployed solution') -output name string = solution.name diff --git a/arm/Microsoft.OperationsManagement/solutions/.parameters/min.parameters.json b/arm/Microsoft.OperationsManagement/solutions/.parameters/min.parameters.json new file mode 100644 index 0000000000..6844bb4688 --- /dev/null +++ b/arm/Microsoft.OperationsManagement/solutions/.parameters/min.parameters.json @@ -0,0 +1,12 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "Updates" + }, + "logAnalyticsWorkspaceName": { + "value": "adp-<>-az-law-sol-001" + } + } +} diff --git a/arm/Microsoft.OperationsManagement/solutions/.parameters/parameters.json b/arm/Microsoft.OperationsManagement/solutions/.parameters/parameters.json index 6844bb4688..c7dcb66400 100644 --- a/arm/Microsoft.OperationsManagement/solutions/.parameters/parameters.json +++ b/arm/Microsoft.OperationsManagement/solutions/.parameters/parameters.json @@ -3,10 +3,16 @@ "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "Updates" + "value": "AzureAutomation" }, "logAnalyticsWorkspaceName": { "value": "adp-<>-az-law-sol-001" + }, + "product": { + "value": "OMSGallery" + }, + "publisher": { + "value": "Microsoft" } } } diff --git a/arm/Microsoft.OperationsManagement/solutions/deploy.bicep b/arm/Microsoft.OperationsManagement/solutions/deploy.bicep index 70ff1d4a11..4a5298e65a 100644 --- a/arm/Microsoft.OperationsManagement/solutions/deploy.bicep +++ b/arm/Microsoft.OperationsManagement/solutions/deploy.bicep @@ -58,61 +58,4 @@ output resourceId string = solution.id output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') -output location string = logAnalyticsWorkspace.location - -// resource symbolicname 'Microsoft.OperationsManagement/solutions@2015-11-01-preview' = { -// name: 'string' -// location: 'string' -// tags: { -// tagName1: 'tagValue1' -// tagName2: 'tagValue2' -// } -// plan: { -// name: 'string' -// product: 'string' -// promotionCode: 'string' -// publisher: 'string' -// } -// properties: { -// containedResources: [ -// 'string' -// ] -// referencedResources: [ -// 'string' -// ] -// workspaceResourceId: 'string' -// } -// } - -// param gallerySolution string -// param logAnalyticsWorkspaceName string -// param location string -// param product string = 'OMSGallery' -// param publisher string = 'Microsoft' - -// resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2020-08-01' existing = { -// name: logAnalyticsWorkspaceName -// } - -// resource solution 'Microsoft.OperationsManagement/solutions@2015-11-01-preview' = { -// name: '${gallerySolution}(${logAnalyticsWorkspace.name})' -// location: location -// properties: { -// workspaceResourceId: logAnalyticsWorkspace.id -// } -// plan: { -// name: '${gallerySolution}(${logAnalyticsWorkspace.name})' -// product: '${product}/${gallerySolution}' -// promotionCode: '' -// publisher: publisher -// } -// } - -// @description('The resource ID of the deployed solution') -// output resourceId string = solution.id - -// @description('The resource group where the solution will be deployed') -// output resourceGroupName string = resourceGroup().name - -// @description('The name of the deployed solution') -// output name string = solution.name +output location string = solution.location diff --git a/arm/Microsoft.OperationsManagement/solutions/readme.md b/arm/Microsoft.OperationsManagement/solutions/readme.md index cf7afdaffc..e811889681 100644 --- a/arm/Microsoft.OperationsManagement/solutions/readme.md +++ b/arm/Microsoft.OperationsManagement/solutions/readme.md @@ -82,3 +82,51 @@ module solutions './Microsoft.OperationsManagement/solutions/deploy.bicep' = {

+ +

Example 2

+ +
+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "AzureAutomation" + }, + "logAnalyticsWorkspaceName": { + "value": "adp-<>-az-law-sol-001" + }, + "product": { + "value": "OMSGallery" + }, + "publisher": { + "value": "Microsoft" + } + } +} + +``` + +
+ +
+ +via Bicep module + +```bicep +module solutions './Microsoft.OperationsManagement/solutions/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-solutions' + params: { + name: 'AzureAutomation' + logAnalyticsWorkspaceName: 'adp-<>-az-law-sol-001' + product: 'OMSGallery' + publisher: 'Microsoft' + } +``` + +
+

From d900fb3d9372d121a5e0e01a434ee1714fbbc3f2 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 14:25:03 +0200 Subject: [PATCH 11/52] carml tokens --- .../solutions/deploy.bicep | 12 ++++++------ global.variables.yml | 2 +- settings.json | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/arm/Microsoft.OperationsManagement/solutions/deploy.bicep b/arm/Microsoft.OperationsManagement/solutions/deploy.bicep index 4a5298e65a..6a810b2fb2 100644 --- a/arm/Microsoft.OperationsManagement/solutions/deploy.bicep +++ b/arm/Microsoft.OperationsManagement/solutions/deploy.bicep @@ -16,12 +16,6 @@ param publisher string = 'Microsoft' @description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') param enableDefaultTelemetry bool = true -resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2020-08-01' existing = { - name: logAnalyticsWorkspaceName -} - -var solutionName = '${name}(${logAnalyticsWorkspace.name})' - resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' properties: { @@ -34,6 +28,12 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } +resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2020-08-01' existing = { + name: logAnalyticsWorkspaceName +} + +var solutionName = '${name}(${logAnalyticsWorkspace.name})' + resource solution 'Microsoft.OperationsManagement/solutions@2015-11-01-preview' = { name: solutionName location: location diff --git a/global.variables.yml b/global.variables.yml index 2897f2078e..7fed8d13f9 100644 --- a/global.variables.yml +++ b/global.variables.yml @@ -24,7 +24,7 @@ variables: ###################################### bicepRegistryDoPublish: true # Set to true, if you would like to publish module templates to a bicep registry - bicepRegistryName: adprkeazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. + bicepRegistryName: adpsxxazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. bicepRegistryRGName: 'artifacts-rg' # The resource group that hosts the private bicep registry (ACR) bicepRegistryRgLocation: 'West Europe' # The location of the resource group to publish to diff --git a/settings.json b/settings.json index 6146e07c81..9198a0f7d0 100644 --- a/settings.json +++ b/settings.json @@ -5,7 +5,7 @@ "localTokens": [ { "name": "namePrefix", - "value": "rke", + "value": "carml", "metadata": { "description": "A 3-5 character length string, included in the resources names" } From 9c198ba011b8b15a4b1a80b092d395cbd4b0afa4 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 14:37:20 +0200 Subject: [PATCH 12/52] fix input --- .../automationAccounts/deploy.bicep | 2 +- .../workspaces/deploy.bicep | 2 +- .../workspaces/readme.md | 98 +++++++++---------- 3 files changed, 51 insertions(+), 51 deletions(-) diff --git a/arm/Microsoft.Automation/automationAccounts/deploy.bicep b/arm/Microsoft.Automation/automationAccounts/deploy.bicep index 7304c079cf..ac0f58bac8 100644 --- a/arm/Microsoft.Automation/automationAccounts/deploy.bicep +++ b/arm/Microsoft.Automation/automationAccounts/deploy.bicep @@ -272,7 +272,7 @@ module automationAccount_linkedService '../../Microsoft.OperationalInsights/work module automationAccount_solutions '../../Microsoft.OperationsManagement/solutions/deploy.bicep' = [for (gallerySolution, index) in gallerySolutions: if (!empty(linkedWorkspaceResourceId)) { name: '${uniqueString(deployment().name, location)}-AutoAccount-Solution-${index}' params: { - name: gallerySolution + name: gallerySolution.name location: location logAnalyticsWorkspaceName: last(split(linkedWorkspaceResourceId, '/')) product: contains(gallerySolution, 'product') ? gallerySolution.product : 'OMSGallery' diff --git a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep index 1a9e13b578..3777f50cfb 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep +++ b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep @@ -25,7 +25,7 @@ param savedSearches array = [] @description('Optional. LAW data sources to configure.') param dataSources array = [] -@description('Optional. LAW gallerySolutions from the gallery.') +@description('Optional. List of gallerySolutions to be created in the log analytics workspace.') param gallerySolutions array = [] @description('Optional. Number of days data will be retained for.') diff --git a/arm/Microsoft.OperationalInsights/workspaces/readme.md b/arm/Microsoft.OperationalInsights/workspaces/readme.md index 41aa525520..7fa1ff3952 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/readme.md +++ b/arm/Microsoft.OperationalInsights/workspaces/readme.md @@ -45,7 +45,7 @@ This template deploys a log analytics workspace. | `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | | `diagnosticWorkspaceId` | string | `''` | | Resource ID of a log analytics workspace. | | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `gallerySolutions` | array | `[]` | | LAW gallerySolutions from the gallery. | +| `gallerySolutions` | array | `[]` | | List of gallerySolutions to be created in the log analytics workspace. | | `linkedServices` | _[linkedServices](linkedServices/readme.md)_ array | `[]` | | List of services to be linked. | | `location` | string | `[resourceGroup().location]` | | Location for all resources. | | `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | @@ -70,122 +70,122 @@ This template deploys a log analytics workspace. "value": [ { "name": "AgentHealthAssessment", - "product": "OMSGallery/AgentHealthAssessment", + "product": "OMSGallery", "publisher": "Microsoft" }, { "name": "AlertManagement", - "product": "OMSGallery/AlertManagement", + "product": "OMSGallery", "publisher": "Microsoft" }, { "name": "AntiMalware", - "product": "OMSGallery/AntiMalware", + "product": "OMSGallery", "publisher": "Microsoft" }, { "name": "AzureActivity", - "product": "OMSGallery/AzureActivity", + "product": "OMSGallery", "publisher": "Microsoft" }, { "name": "AzureAutomation", - "product": "OMSGallery/AzureAutomation", + "product": "OMSGallery", "publisher": "Microsoft" }, { "name": "AzureCdnCoreAnalytics", - "product": "OMSGallery/AzureCdnCoreAnalytics", + "product": "OMSGallery", "publisher": "Microsoft" }, { "name": "AzureDataFactoryAnalytics", - "product": "OMSGallery/AzureDataFactoryAnalytics", + "product": "OMSGallery", "publisher": "Microsoft" }, { "name": "AzureNSGAnalytics", - "product": "OMSGallery/AzureNSGAnalytics", + "product": "OMSGallery", "publisher": "Microsoft" }, { "name": "AzureSQLAnalytics", - "product": "OMSGallery/AzureSQLAnalytics", + "product": "OMSGallery", "publisher": "Microsoft" }, { "name": "ChangeTracking", - "product": "OMSGallery/ChangeTracking", + "product": "OMSGallery", "publisher": "Microsoft" }, { "name": "Containers", - "product": "OMSGallery/Containers", + "product": "OMSGallery", "publisher": "Microsoft" }, { "name": "InfrastructureInsights", - "product": "OMSGallery/InfrastructureInsights", + "product": "OMSGallery", "publisher": "Microsoft" }, { "name": "KeyVaultAnalytics", - "product": "OMSGallery/KeyVaultAnalytics", + "product": "OMSGallery", "publisher": "Microsoft" }, { "name": "LogicAppsManagement", - "product": "OMSGallery/LogicAppsManagement", + "product": "OMSGallery", "publisher": "Microsoft" }, { "name": "NetworkMonitoring", - "product": "OMSGallery/NetworkMonitoring", + "product": "OMSGallery", "publisher": "Microsoft" }, { "name": "Security", - "product": "OMSGallery/Security", + "product": "OMSGallery", "publisher": "Microsoft" }, { "name": "SecurityCenterFree", - "product": "OMSGallery/SecurityCenterFree", + "product": "OMSGallery", "publisher": "Microsoft" }, { "name": "ServiceFabric", - "product": "OMSGallery/ServiceFabric", + "product": "OMSGallery", "publisher": "Microsoft" }, { "name": "ServiceMap", - "product": "OMSGallery/ServiceMap", + "product": "OMSGallery", "publisher": "Microsoft" }, { "name": "SQLAssessment", - "product": "OMSGallery/SQLAssessment", + "product": "OMSGallery", "publisher": "Microsoft" }, { "name": "Updates", - "product": "OMSGallery/Updates", + "product": "OMSGallery", "publisher": "Microsoft" }, { "name": "VMInsights", - "product": "OMSGallery/VMInsights", + "product": "OMSGallery", "publisher": "Microsoft" }, { "name": "WireData2", - "product": "OMSGallery/WireData2", + "product": "OMSGallery", "publisher": "Microsoft" }, { "name": "WaaSUpdateInsights", - "product": "OMSGallery/WaaSUpdateInsights", + "product": "OMSGallery", "publisher": "Microsoft" } ] @@ -202,122 +202,122 @@ This template deploys a log analytics workspace. gallerySolutions: [ { name: 'AgentHealthAssessment' - product: 'OMSGallery/AgentHealthAssessment' + product: 'OMSGallery' publisher: 'Microsoft' } { name: 'AlertManagement' - product: 'OMSGallery/AlertManagement' + product: 'OMSGallery' publisher: 'Microsoft' } { name: 'AntiMalware' - product: 'OMSGallery/AntiMalware' + product: 'OMSGallery' publisher: 'Microsoft' } { name: 'AzureActivity' - product: 'OMSGallery/AzureActivity' + product: 'OMSGallery' publisher: 'Microsoft' } { name: 'AzureAutomation' - product: 'OMSGallery/AzureAutomation' + product: 'OMSGallery' publisher: 'Microsoft' } { name: 'AzureCdnCoreAnalytics' - product: 'OMSGallery/AzureCdnCoreAnalytics' + product: 'OMSGallery' publisher: 'Microsoft' } { name: 'AzureDataFactoryAnalytics' - product: 'OMSGallery/AzureDataFactoryAnalytics' + product: 'OMSGallery' publisher: 'Microsoft' } { name: 'AzureNSGAnalytics' - product: 'OMSGallery/AzureNSGAnalytics' + product: 'OMSGallery' publisher: 'Microsoft' } { name: 'AzureSQLAnalytics' - product: 'OMSGallery/AzureSQLAnalytics' + product: 'OMSGallery' publisher: 'Microsoft' } { name: 'ChangeTracking' - product: 'OMSGallery/ChangeTracking' + product: 'OMSGallery' publisher: 'Microsoft' } { name: 'Containers' - product: 'OMSGallery/Containers' + product: 'OMSGallery' publisher: 'Microsoft' } { name: 'InfrastructureInsights' - product: 'OMSGallery/InfrastructureInsights' + product: 'OMSGallery' publisher: 'Microsoft' } { name: 'KeyVaultAnalytics' - product: 'OMSGallery/KeyVaultAnalytics' + product: 'OMSGallery' publisher: 'Microsoft' } { name: 'LogicAppsManagement' - product: 'OMSGallery/LogicAppsManagement' + product: 'OMSGallery' publisher: 'Microsoft' } { name: 'NetworkMonitoring' - product: 'OMSGallery/NetworkMonitoring' + product: 'OMSGallery' publisher: 'Microsoft' } { name: 'Security' - product: 'OMSGallery/Security' + product: 'OMSGallery' publisher: 'Microsoft' } { name: 'SecurityCenterFree' - product: 'OMSGallery/SecurityCenterFree' + product: 'OMSGallery' publisher: 'Microsoft' } { name: 'ServiceFabric' - product: 'OMSGallery/ServiceFabric' + product: 'OMSGallery' publisher: 'Microsoft' } { name: 'ServiceMap' - product: 'OMSGallery/ServiceMap' + product: 'OMSGallery' publisher: 'Microsoft' } { name: 'SQLAssessment' - product: 'OMSGallery/SQLAssessment' + product: 'OMSGallery' publisher: 'Microsoft' } { name: 'Updates' - product: 'OMSGallery/Updates' + product: 'OMSGallery' publisher: 'Microsoft' } { name: 'VMInsights' - product: 'OMSGallery/VMInsights' + product: 'OMSGallery' publisher: 'Microsoft' } { name: 'WireData2' - product: 'OMSGallery/WireData2' + product: 'OMSGallery' publisher: 'Microsoft' } { name: 'WaaSUpdateInsights' - product: 'OMSGallery/WaaSUpdateInsights' + product: 'OMSGallery' publisher: 'Microsoft' } ] From 555b9eab1159b841e14705e57742941619f0df9a Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 14:40:39 +0200 Subject: [PATCH 13/52] rke --- settings.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/settings.json b/settings.json index 9198a0f7d0..6146e07c81 100644 --- a/settings.json +++ b/settings.json @@ -5,7 +5,7 @@ "localTokens": [ { "name": "namePrefix", - "value": "carml", + "value": "rke", "metadata": { "description": "A 3-5 character length string, included in the resources names" } From 27651f44a67e086e109943cba10426b720a89992 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 14:46:55 +0200 Subject: [PATCH 14/52] carml --- settings.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/settings.json b/settings.json index 6146e07c81..9198a0f7d0 100644 --- a/settings.json +++ b/settings.json @@ -5,7 +5,7 @@ "localTokens": [ { "name": "namePrefix", - "value": "rke", + "value": "carml", "metadata": { "description": "A 3-5 character length string, included in the resources names" } From 07303eb10a26574811743b9cd80e258037a685bb Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 14:58:47 +0200 Subject: [PATCH 15/52] disabling telemetry --- arm/Microsoft.Automation/automationAccounts/deploy.bicep | 2 +- arm/Microsoft.OperationalInsights/workspaces/deploy.bicep | 2 +- settings.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/arm/Microsoft.Automation/automationAccounts/deploy.bicep b/arm/Microsoft.Automation/automationAccounts/deploy.bicep index ac0f58bac8..dff2be6052 100644 --- a/arm/Microsoft.Automation/automationAccounts/deploy.bicep +++ b/arm/Microsoft.Automation/automationAccounts/deploy.bicep @@ -277,7 +277,7 @@ module automationAccount_solutions '../../Microsoft.OperationsManagement/solutio logAnalyticsWorkspaceName: last(split(linkedWorkspaceResourceId, '/')) product: contains(gallerySolution, 'product') ? gallerySolution.product : 'OMSGallery' publisher: contains(gallerySolution, 'publisher') ? gallerySolution.publisher : 'Microsoft' - enableDefaultTelemetry: enableDefaultTelemetry + enableDefaultTelemetry: enableChildTelemetry } // This is to support solution to law in different subscription and resource group than the automation account. // The current scope is used by default if no linked service is intended to be created. diff --git a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep index 3777f50cfb..42b8ba6cc1 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep +++ b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep @@ -243,7 +243,7 @@ module logAnalyticsWorkspace_solutions '../../Microsoft.OperationsManagement/sol logAnalyticsWorkspaceName: logAnalyticsWorkspace.name product: contains(gallerySolution, 'product') ? gallerySolution.product : 'OMSGallery' publisher: contains(gallerySolution, 'publisher') ? gallerySolution.publisher : 'Microsoft' - enableDefaultTelemetry: enableDefaultTelemetry + enableDefaultTelemetry: enableChildTelemetry } }] diff --git a/settings.json b/settings.json index 9198a0f7d0..6146e07c81 100644 --- a/settings.json +++ b/settings.json @@ -5,7 +5,7 @@ "localTokens": [ { "name": "namePrefix", - "value": "carml", + "value": "rke", "metadata": { "description": "A 3-5 character length string, included in the resources names" } From 20760e1b3f7f93599fa1fc85baddb3e146fa369b Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 15:22:50 +0200 Subject: [PATCH 16/52] gallery param --- .../automationAccounts/.parameters/parameters.json | 6 +++++- .../automationAccounts/readme.md | 12 ++++++++++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/arm/Microsoft.Automation/automationAccounts/.parameters/parameters.json b/arm/Microsoft.Automation/automationAccounts/.parameters/parameters.json index 7cd7405fd4..4b1dc95b56 100644 --- a/arm/Microsoft.Automation/automationAccounts/.parameters/parameters.json +++ b/arm/Microsoft.Automation/automationAccounts/.parameters/parameters.json @@ -84,7 +84,11 @@ }, "gallerySolutions": { "value": [ - "Updates" + { + "name": "Updates", + "product": "OMSGallery", + "publisher": "Microsoft" + } ] }, "softwareUpdateConfigurations": { diff --git a/arm/Microsoft.Automation/automationAccounts/readme.md b/arm/Microsoft.Automation/automationAccounts/readme.md index d5afbe6103..dedda461e6 100644 --- a/arm/Microsoft.Automation/automationAccounts/readme.md +++ b/arm/Microsoft.Automation/automationAccounts/readme.md @@ -538,7 +538,11 @@ module automationAccounts './Microsoft.Automation/automationAccounts/deploy.bice }, "gallerySolutions": { "value": [ - "Updates" + { + "name": "Updates", + "product": "OMSGallery", + "publisher": "Microsoft" + } ] }, "softwareUpdateConfigurations": { @@ -725,7 +729,11 @@ module automationAccounts './Microsoft.Automation/automationAccounts/deploy.bice ] linkedWorkspaceResourceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-aut-001' gallerySolutions: [ - 'Updates' + { + name: 'Updates' + product: 'OMSGallery' + publisher: 'Microsoft' + } ] softwareUpdateConfigurations: [ { From 17b13cb399ea135c772486650ecd1e9ab29282ff Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 15:34:02 +0200 Subject: [PATCH 17/52] telemetry --- arm/Microsoft.Automation/automationAccounts/deploy.bicep | 4 ++-- settings.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/arm/Microsoft.Automation/automationAccounts/deploy.bicep b/arm/Microsoft.Automation/automationAccounts/deploy.bicep index dff2be6052..a41e5c6888 100644 --- a/arm/Microsoft.Automation/automationAccounts/deploy.bicep +++ b/arm/Microsoft.Automation/automationAccounts/deploy.bicep @@ -260,7 +260,7 @@ module automationAccount_linkedService '../../Microsoft.OperationalInsights/work params: { name: 'automation' logAnalyticsWorkspaceName: last(split(linkedWorkspaceResourceId, '/')) - enableDefaultTelemetry: enableDefaultTelemetry + enableDefaultTelemetry: enableChildTelemetry resourceId: automationAccount.id tags: tags } @@ -365,7 +365,7 @@ module automationAccount_privateEndpoints '../../Microsoft.Network/privateEndpoi name: contains(privateEndpoint, 'name') ? privateEndpoint.name : 'pe-${last(split(automationAccount.id, '/'))}-${privateEndpoint.service}-${index}' serviceResourceId: automationAccount.id subnetResourceId: privateEndpoint.subnetResourceId - enableDefaultTelemetry: enableDefaultTelemetry + enableDefaultTelemetry: enableChildTelemetry location: reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : lock privateDnsZoneGroups: contains(privateEndpoint, 'privateDnsZoneGroups') ? privateEndpoint.privateDnsZoneGroups : [] diff --git a/settings.json b/settings.json index 6146e07c81..9198a0f7d0 100644 --- a/settings.json +++ b/settings.json @@ -5,7 +5,7 @@ "localTokens": [ { "name": "namePrefix", - "value": "rke", + "value": "carml", "metadata": { "description": "A 3-5 character length string, included in the resources names" } From 664742350cefd358c207e37279e67965dd7e73cf Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 15:50:31 +0200 Subject: [PATCH 18/52] readme note --- arm/Microsoft.OperationalInsights/workspaces/readme.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arm/Microsoft.OperationalInsights/workspaces/readme.md b/arm/Microsoft.OperationalInsights/workspaces/readme.md index 7fa1ff3952..c87fd0c3ff 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/readme.md +++ b/arm/Microsoft.OperationalInsights/workspaces/readme.md @@ -61,6 +61,12 @@ This template deploys a log analytics workspace. ### Parameter Usage: `gallerySolutions` +For Microsoft published gallery solutions: +- The `name` should be in the format of `solutionType(workspaceName)` +- The `product` should be in the format of `OMSGallery/{solutionType}`. + +This is handed over to the cross referenced `solution` module logic which will build the target name and product in the right format. +

Parameter JSON format From b2f5b57b3199bee8d34c8962732e619847058f10 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 20:06:06 +0200 Subject: [PATCH 19/52] enableReferencedModulesTelemetry --- arm/Microsoft.Automation/automationAccounts/deploy.bicep | 2 +- arm/Microsoft.OperationalInsights/workspaces/deploy.bicep | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arm/Microsoft.Automation/automationAccounts/deploy.bicep b/arm/Microsoft.Automation/automationAccounts/deploy.bicep index 445fc28208..e9f0e43f90 100644 --- a/arm/Microsoft.Automation/automationAccounts/deploy.bicep +++ b/arm/Microsoft.Automation/automationAccounts/deploy.bicep @@ -277,7 +277,7 @@ module automationAccount_solutions '../../Microsoft.OperationsManagement/solutio logAnalyticsWorkspaceName: last(split(linkedWorkspaceResourceId, '/')) product: contains(gallerySolution, 'product') ? gallerySolution.product : 'OMSGallery' publisher: contains(gallerySolution, 'publisher') ? gallerySolution.publisher : 'Microsoft' - enableDefaultTelemetry: enableChildTelemetry + enableDefaultTelemetry: enableReferencedModulesTelemetry } // This is to support solution to law in different subscription and resource group than the automation account. // The current scope is used by default if no linked service is intended to be created. diff --git a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep index e0073a66e6..6c4f19a79d 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep +++ b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep @@ -243,7 +243,7 @@ module logAnalyticsWorkspace_solutions '../../Microsoft.OperationsManagement/sol logAnalyticsWorkspaceName: logAnalyticsWorkspace.name product: contains(gallerySolution, 'product') ? gallerySolution.product : 'OMSGallery' publisher: contains(gallerySolution, 'publisher') ? gallerySolution.publisher : 'Microsoft' - enableDefaultTelemetry: enableChildTelemetry + enableDefaultTelemetry: enableReferencedModulesTelemetry } }] From d80e5fb76b39a9a3bbe17564fa2170de16b96a6e Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 20:08:06 +0200 Subject: [PATCH 20/52] ado pipeline trigger --- .../modulePipelines/ms.operationsmanagement.solutions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml b/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml index 2a57dac61d..834ade46f9 100644 --- a/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml +++ b/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml @@ -20,7 +20,7 @@ trigger: paths: include: - '/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml' - - '/.azuredevops/pipelineTemplates/module.*.yml' + - '/.azuredevops/pipelineTemplates/*.yml' - '/arm/Microsoft.OperationsManagement/solutions/*' - '/arm/.global/global.module.tests.ps1' exclude: From 097577e5cea8b2c5c69b39c464ba4addc48998ea Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 20:47:41 +0200 Subject: [PATCH 21/52] ado pipeline min par --- .../modulePipelines/ms.operationsmanagement.solutions.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml b/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml index 834ade46f9..fe230cfca9 100644 --- a/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml +++ b/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml @@ -45,6 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: + - path: $(modulePath)/.parameters/min.parameters.json - path: $(modulePath)/.parameters/parameters.json - stage: Publishing From e4b85e3767907611f42ea94520016a345bc9698f Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 20:53:59 +0200 Subject: [PATCH 22/52] third party --- arm/Microsoft.OperationsManagement/solutions/deploy.bicep | 6 ++++-- settings.json | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/arm/Microsoft.OperationsManagement/solutions/deploy.bicep b/arm/Microsoft.OperationsManagement/solutions/deploy.bicep index 6a810b2fb2..69ac620137 100644 --- a/arm/Microsoft.OperationsManagement/solutions/deploy.bicep +++ b/arm/Microsoft.OperationsManagement/solutions/deploy.bicep @@ -32,7 +32,9 @@ resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2020-08 name: logAnalyticsWorkspaceName } -var solutionName = '${name}(${logAnalyticsWorkspace.name})' +var solutionName = publisher == 'Microsoft' ? '${name}(${logAnalyticsWorkspace.name})' : name + +var solutionProduct = publisher == 'Microsoft' ? 'OMSGallery/${name}' : product resource solution 'Microsoft.OperationsManagement/solutions@2015-11-01-preview' = { name: solutionName @@ -43,7 +45,7 @@ resource solution 'Microsoft.OperationsManagement/solutions@2015-11-01-preview' plan: { name: solutionName promotionCode: '' - product: '${product}/${name}' + product: solutionProduct publisher: publisher } } diff --git a/settings.json b/settings.json index 9198a0f7d0..6146e07c81 100644 --- a/settings.json +++ b/settings.json @@ -5,7 +5,7 @@ "localTokens": [ { "name": "namePrefix", - "value": "carml", + "value": "rke", "metadata": { "description": "A 3-5 character length string, included in the resources names" } From cf2a042be8bf13d477ded02bb98a5a0ce3002406 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 20:55:02 +0200 Subject: [PATCH 23/52] third party param --- .../solutions/.parameters/test.parameters.json | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 arm/Microsoft.OperationsManagement/solutions/.parameters/test.parameters.json diff --git a/arm/Microsoft.OperationsManagement/solutions/.parameters/test.parameters.json b/arm/Microsoft.OperationsManagement/solutions/.parameters/test.parameters.json new file mode 100644 index 0000000000..05ebfd457b --- /dev/null +++ b/arm/Microsoft.OperationsManagement/solutions/.parameters/test.parameters.json @@ -0,0 +1,18 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "Test" + }, + "logAnalyticsWorkspaceName": { + "value": "adp-<>-az-law-sol-001" + }, + "product": { + "value": "testProduct" + }, + "publisher": { + "value": "testPublisher" + } + } +} From 676fe523f822269300176d4ade96f462f390772b Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 20:57:38 +0200 Subject: [PATCH 24/52] disable test --- .github/workflows/ms.operationsmanagement.solutions.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ms.operationsmanagement.solutions.yml b/.github/workflows/ms.operationsmanagement.solutions.yml index db74fec086..be58dc9621 100644 --- a/.github/workflows/ms.operationsmanagement.solutions.yml +++ b/.github/workflows/ms.operationsmanagement.solutions.yml @@ -72,10 +72,10 @@ jobs: uses: actions/checkout@v2 with: fetch-depth: 0 - - name: 'Run tests' - uses: ./.github/actions/templates/validateModulePester - with: - modulePath: '${{ env.modulePath }}' + # - name: 'Run tests' + # uses: ./.github/actions/templates/validateModulePester + # with: + # modulePath: '${{ env.modulePath }}' ############################# # Deployment validation # From 0dd6f95b66028c3b4bd0567f4894eec33c3b0d70 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 21:18:27 +0200 Subject: [PATCH 25/52] test third party --- .../ms.operationsmanagement.solutions.yml | 1 + .../ms.operationsmanagement.solutions.yml | 8 +-- ....parameters.json => nonms.parameters.json} | 6 +-- .../solutions/deploy.bicep | 6 +-- .../solutions/readme.md | 54 +++++++++++++++++-- 5 files changed, 62 insertions(+), 13 deletions(-) rename arm/Microsoft.OperationsManagement/solutions/.parameters/{test.parameters.json => nonms.parameters.json} (72%) diff --git a/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml b/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml index fe230cfca9..5dc2588d47 100644 --- a/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml +++ b/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml @@ -46,6 +46,7 @@ stages: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/nonms.parameters.json - path: $(modulePath)/.parameters/parameters.json - stage: Publishing diff --git a/.github/workflows/ms.operationsmanagement.solutions.yml b/.github/workflows/ms.operationsmanagement.solutions.yml index be58dc9621..db74fec086 100644 --- a/.github/workflows/ms.operationsmanagement.solutions.yml +++ b/.github/workflows/ms.operationsmanagement.solutions.yml @@ -72,10 +72,10 @@ jobs: uses: actions/checkout@v2 with: fetch-depth: 0 - # - name: 'Run tests' - # uses: ./.github/actions/templates/validateModulePester - # with: - # modulePath: '${{ env.modulePath }}' + - name: 'Run tests' + uses: ./.github/actions/templates/validateModulePester + with: + modulePath: '${{ env.modulePath }}' ############################# # Deployment validation # diff --git a/arm/Microsoft.OperationsManagement/solutions/.parameters/test.parameters.json b/arm/Microsoft.OperationsManagement/solutions/.parameters/nonms.parameters.json similarity index 72% rename from arm/Microsoft.OperationsManagement/solutions/.parameters/test.parameters.json rename to arm/Microsoft.OperationsManagement/solutions/.parameters/nonms.parameters.json index 05ebfd457b..a040bf8d2f 100644 --- a/arm/Microsoft.OperationsManagement/solutions/.parameters/test.parameters.json +++ b/arm/Microsoft.OperationsManagement/solutions/.parameters/nonms.parameters.json @@ -3,16 +3,16 @@ "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "Test" + "value": "nonmsTestSolution" }, "logAnalyticsWorkspaceName": { "value": "adp-<>-az-law-sol-001" }, "product": { - "value": "testProduct" + "value": "nonmsTestSolutionProduct" }, "publisher": { - "value": "testPublisher" + "value": "nonmsTestSolutionPublisher" } } } diff --git a/arm/Microsoft.OperationsManagement/solutions/deploy.bicep b/arm/Microsoft.OperationsManagement/solutions/deploy.bicep index 69ac620137..3438041ddd 100644 --- a/arm/Microsoft.OperationsManagement/solutions/deploy.bicep +++ b/arm/Microsoft.OperationsManagement/solutions/deploy.bicep @@ -1,4 +1,4 @@ -@description('Required. Name of the solution.') +@description('Required. Name of the solution. For Microsoft published gallery solution the target solution resource name will be composed as `{name}({logAnalyticsWorkspaceName})`.') param name string @description('Required. Name of the Log Analytics workspace where the solution will be deployed/enabled.') @@ -7,10 +7,10 @@ param logAnalyticsWorkspaceName string @description('Optional. Location for all resources.') param location string = resourceGroup().location -@description('Optional. The product of the deployed solution. For Microsoft published gallery solution it should be OMSGallery. This is case sensitive.') +@description('Optional. The product of the deployed solution. For Microsoft published gallery solution it should be `OMSGallery` and the target solution resource product will be composed as `OMSGallery/{name}`. For third party solution, it can be anything. This is case sensitive.') param product string = 'OMSGallery' -@description('Optional. The publisher name of the deployed solution. For gallery solution, it is Microsoft.') +@description('Optional. The publisher name of the deployed solution. For Microsoft published gallery solution, it is `Microsoft`.') param publisher string = 'Microsoft' @description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') diff --git a/arm/Microsoft.OperationsManagement/solutions/readme.md b/arm/Microsoft.OperationsManagement/solutions/readme.md index e811889681..9ab3a6f332 100644 --- a/arm/Microsoft.OperationsManagement/solutions/readme.md +++ b/arm/Microsoft.OperationsManagement/solutions/readme.md @@ -21,15 +21,15 @@ This module deploys OperationsManagement Solutions. | Parameter Name | Type | Description | | :-- | :-- | :-- | | `logAnalyticsWorkspaceName` | string | Name of the Log Analytics workspace where the solution will be deployed/enabled. | -| `name` | string | Name of the solution. | +| `name` | string | Name of the solution. For Microsoft published gallery solution the target solution resource name will be composed as `{name}({logAnalyticsWorkspaceName})`. | **Optional parameters** | Parameter Name | Type | Default Value | Description | | :-- | :-- | :-- | :-- | | `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | | `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `product` | string | `'OMSGallery'` | The product of the deployed solution. For Microsoft published gallery solution it should be OMSGallery. This is case sensitive. | -| `publisher` | string | `'Microsoft'` | The publisher name of the deployed solution. For gallery solution, it is Microsoft. | +| `product` | string | `'OMSGallery'` | The product of the deployed solution. For Microsoft published gallery solution it should be `OMSGallery` and the target solution resource product will be composed as `OMSGallery/{name}`. For third party solution, it can be anything. This is case sensitive. | +| `publisher` | string | `'Microsoft'` | The publisher name of the deployed solution. For Microsoft published gallery solution, it is `Microsoft`. | ## Outputs @@ -89,6 +89,54 @@ module solutions './Microsoft.OperationsManagement/solutions/deploy.bicep' = { via JSON Parameter file +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "nonmsTestSolution" + }, + "logAnalyticsWorkspaceName": { + "value": "adp-<>-az-law-sol-001" + }, + "product": { + "value": "nonmsTestSolutionProduct" + }, + "publisher": { + "value": "nonmsTestSolutionPublisher" + } + } +} + +``` + +
+ +
+ +via Bicep module + +```bicep +module solutions './Microsoft.OperationsManagement/solutions/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-solutions' + params: { + name: 'nonmsTestSolution' + logAnalyticsWorkspaceName: 'adp-<>-az-law-sol-001' + product: 'nonmsTestSolutionProduct' + publisher: 'nonmsTestSolutionPublisher' + } +``` + +
+

+ +

Example 3

+ +
+ +via JSON Parameter file + ```json { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", From d13455134cc5d48328a8fcd1af2b1601b082e011 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 21:23:49 +0200 Subject: [PATCH 26/52] workspace readme --- arm/Microsoft.OperationalInsights/workspaces/readme.md | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/arm/Microsoft.OperationalInsights/workspaces/readme.md b/arm/Microsoft.OperationalInsights/workspaces/readme.md index c87fd0c3ff..ca794e10bd 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/readme.md +++ b/arm/Microsoft.OperationalInsights/workspaces/readme.md @@ -61,11 +61,7 @@ This template deploys a log analytics workspace. ### Parameter Usage: `gallerySolutions` -For Microsoft published gallery solutions: -- The `name` should be in the format of `solutionType(workspaceName)` -- The `product` should be in the format of `OMSGallery/{solutionType}`. - -This is handed over to the cross referenced `solution` module logic which will build the target name and product in the right format. +Ref cross-referenced _[solutions](../../Microsoft.OperationsManagement/solutions/readme.md)_
From bec0582f43902ee19634abc23578b87922d1a8c7 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 8 Jun 2022 21:25:36 +0200 Subject: [PATCH 27/52] carml --- settings.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/settings.json b/settings.json index 6146e07c81..9198a0f7d0 100644 --- a/settings.json +++ b/settings.json @@ -5,7 +5,7 @@ "localTokens": [ { "name": "namePrefix", - "value": "rke", + "value": "carml", "metadata": { "description": "A 3-5 character length string, included in the resources names" } From c2526cbb56202b43e867d2a44361968393d3c9f7 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 10 Jun 2022 09:50:03 +0200 Subject: [PATCH 28/52] rke --- .../modulePipelines/ms.operationsmanagement.solutions.yml | 2 +- .../.parameters/{parameters.json => ms.parameters.json} | 0 settings.json | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) rename arm/Microsoft.OperationsManagement/solutions/.parameters/{parameters.json => ms.parameters.json} (100%) diff --git a/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml b/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml index 5dc2588d47..483f0184d5 100644 --- a/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml +++ b/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml @@ -47,7 +47,7 @@ stages: deploymentBlocks: - path: $(modulePath)/.parameters/min.parameters.json - path: $(modulePath)/.parameters/nonms.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.parameters/ms.parameters.json - stage: Publishing displayName: Publishing diff --git a/arm/Microsoft.OperationsManagement/solutions/.parameters/parameters.json b/arm/Microsoft.OperationsManagement/solutions/.parameters/ms.parameters.json similarity index 100% rename from arm/Microsoft.OperationsManagement/solutions/.parameters/parameters.json rename to arm/Microsoft.OperationsManagement/solutions/.parameters/ms.parameters.json diff --git a/settings.json b/settings.json index 9198a0f7d0..6146e07c81 100644 --- a/settings.json +++ b/settings.json @@ -5,7 +5,7 @@ "localTokens": [ { "name": "namePrefix", - "value": "carml", + "value": "rke", "metadata": { "description": "A 3-5 character length string, included in the resources names" } From fe38662c2eace2d586d73fedcc691967edd6ded2 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 10 Jun 2022 09:56:10 +0200 Subject: [PATCH 29/52] acr --- global.variables.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/global.variables.yml b/global.variables.yml index 7fed8d13f9..2897f2078e 100644 --- a/global.variables.yml +++ b/global.variables.yml @@ -24,7 +24,7 @@ variables: ###################################### bicepRegistryDoPublish: true # Set to true, if you would like to publish module templates to a bicep registry - bicepRegistryName: adpsxxazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. + bicepRegistryName: adprkeazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. bicepRegistryRGName: 'artifacts-rg' # The resource group that hosts the private bicep registry (ACR) bicepRegistryRgLocation: 'West Europe' # The location of the resource group to publish to From 2ba6715efdd93a8d3761fa32296d6e705e014885 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 10 Jun 2022 10:17:17 +0200 Subject: [PATCH 30/52] readme --- .../solutions/readme.md | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/arm/Microsoft.OperationsManagement/solutions/readme.md b/arm/Microsoft.OperationsManagement/solutions/readme.md index 9ab3a6f332..421b0fcfc8 100644 --- a/arm/Microsoft.OperationsManagement/solutions/readme.md +++ b/arm/Microsoft.OperationsManagement/solutions/readme.md @@ -95,16 +95,16 @@ module solutions './Microsoft.OperationsManagement/solutions/deploy.bicep' = { "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "nonmsTestSolution" + "value": "AzureAutomation" }, "logAnalyticsWorkspaceName": { "value": "adp-<>-az-law-sol-001" }, "product": { - "value": "nonmsTestSolutionProduct" + "value": "OMSGallery" }, "publisher": { - "value": "nonmsTestSolutionPublisher" + "value": "Microsoft" } } } @@ -121,10 +121,10 @@ module solutions './Microsoft.OperationsManagement/solutions/deploy.bicep' = { module solutions './Microsoft.OperationsManagement/solutions/deploy.bicep' = { name: '${uniqueString(deployment().name)}-solutions' params: { - name: 'nonmsTestSolution' + name: 'AzureAutomation' logAnalyticsWorkspaceName: 'adp-<>-az-law-sol-001' - product: 'nonmsTestSolutionProduct' - publisher: 'nonmsTestSolutionPublisher' + product: 'OMSGallery' + publisher: 'Microsoft' } ``` @@ -143,16 +143,16 @@ module solutions './Microsoft.OperationsManagement/solutions/deploy.bicep' = { "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "AzureAutomation" + "value": "nonmsTestSolution" }, "logAnalyticsWorkspaceName": { "value": "adp-<>-az-law-sol-001" }, "product": { - "value": "OMSGallery" + "value": "nonmsTestSolutionProduct" }, "publisher": { - "value": "Microsoft" + "value": "nonmsTestSolutionPublisher" } } } @@ -169,10 +169,10 @@ module solutions './Microsoft.OperationsManagement/solutions/deploy.bicep' = { module solutions './Microsoft.OperationsManagement/solutions/deploy.bicep' = { name: '${uniqueString(deployment().name)}-solutions' params: { - name: 'AzureAutomation' + name: 'nonmsTestSolution' logAnalyticsWorkspaceName: 'adp-<>-az-law-sol-001' - product: 'OMSGallery' - publisher: 'Microsoft' + product: 'nonmsTestSolutionProduct' + publisher: 'nonmsTestSolutionPublisher' } ``` From 55dd628932fd77dd15f99abbba455a207f14224d Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 10 Jun 2022 11:01:57 +0200 Subject: [PATCH 31/52] carml --- global.variables.yml | 2 +- settings.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/global.variables.yml b/global.variables.yml index 2897f2078e..7fed8d13f9 100644 --- a/global.variables.yml +++ b/global.variables.yml @@ -24,7 +24,7 @@ variables: ###################################### bicepRegistryDoPublish: true # Set to true, if you would like to publish module templates to a bicep registry - bicepRegistryName: adprkeazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. + bicepRegistryName: adpsxxazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. bicepRegistryRGName: 'artifacts-rg' # The resource group that hosts the private bicep registry (ACR) bicepRegistryRgLocation: 'West Europe' # The location of the resource group to publish to diff --git a/settings.json b/settings.json index 6146e07c81..9198a0f7d0 100644 --- a/settings.json +++ b/settings.json @@ -5,7 +5,7 @@ "localTokens": [ { "name": "namePrefix", - "value": "rke", + "value": "carml", "metadata": { "description": "A 3-5 character length string, included in the resources names" } From ea2541328b737db5c7da06b3103f903fb799dbc3 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 16 Jun 2022 19:31:49 +0200 Subject: [PATCH 32/52] lock 0.1 --- .github/workflows/ms.authorization.locks.yml | 145 ++++++++++++++++++ .../locks/.parameters/parameters.json | 9 ++ .../locks/deploy.bicep | 48 ++++++ arm/Microsoft.Authorization/locks/readme.md | 80 ++++++++++ .../locks/resourceGroup/deploy.bicep | 41 +++++ .../locks/resourceGroup/readme.md | 0 .../locks/resourceGroup/version.json | 4 + .../locks/version.json | 4 + 8 files changed, 331 insertions(+) create mode 100644 .github/workflows/ms.authorization.locks.yml create mode 100644 arm/Microsoft.Authorization/locks/.parameters/parameters.json create mode 100644 arm/Microsoft.Authorization/locks/deploy.bicep create mode 100644 arm/Microsoft.Authorization/locks/readme.md create mode 100644 arm/Microsoft.Authorization/locks/resourceGroup/deploy.bicep create mode 100644 arm/Microsoft.Authorization/locks/resourceGroup/readme.md create mode 100644 arm/Microsoft.Authorization/locks/resourceGroup/version.json create mode 100644 arm/Microsoft.Authorization/locks/version.json diff --git a/.github/workflows/ms.authorization.locks.yml b/.github/workflows/ms.authorization.locks.yml new file mode 100644 index 0000000000..49c6070b64 --- /dev/null +++ b/.github/workflows/ms.authorization.locks.yml @@ -0,0 +1,145 @@ +name: 'Authorization: Locks' + +on: + workflow_dispatch: + inputs: + removeDeployment: + type: boolean + description: 'Remove deployed module' + required: false + default: true + prerelease: + type: boolean + description: 'Publish prerelease module' + required: false + default: false + push: + branches: + - main + paths: + - '.github/actions/templates/**' + - '.github/workflows/ms.authorization.locks.yml' + - 'arm/Microsoft.Authorization/locks/**' + - 'arm/.global/global.module.tests.ps1' + - '!*/**/readme.md' + - 'utilities/pipelines/**' + - '!utilities/pipelines/dependencies/**' + +env: + variablesPath: 'global.variables.yml' + modulePath: 'arm/Microsoft.Authorization/locks' + workflowPath: '.github/workflows/ms.authorization.locks.yml' + AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} + ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + ARM_MGMTGROUP_ID: '${{ secrets.ARM_MGMTGROUP_ID }}' + ARM_TENANT_ID: '${{ secrets.ARM_TENANT_ID }}' + DEPLOYMENT_SP_ID: '${{ secrets.DEPLOYMENT_SP_ID }}' + +jobs: + ########################### + # Initialize pipeline # + ########################### + job_initialize_pipeline: + runs-on: ubuntu-20.04 + name: 'Initialize pipeline' + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Set input parameters to output variables' + id: get-workflow-param + uses: ./.github/actions/templates/getWorkflowInput + with: + workflowPath: '${{ env.workflowPath}}' + - name: 'Get parameter file paths' + id: get-parameter-file-paths + uses: ./.github/actions/templates/getParameterFiles + with: + modulePath: '${{ env.modulePath }}' + outputs: + removeDeployment: ${{ steps.get-workflow-param.outputs.removeDeployment }} + parameterFilePaths: ${{ steps.get-parameter-file-paths.outputs.parameterFilePaths }} + + ######################### + # Static validation # + ######################### + job_module_pester_validation: + runs-on: ubuntu-20.04 + name: 'Static validation' + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Run tests' + uses: ./.github/actions/templates/validateModulePester + with: + modulePath: '${{ env.modulePath }}' + + ############################# + # Deployment validation # + ############################# + job_module_deploy_validation: + runs-on: ubuntu-20.04 + name: 'Deployment validation' + needs: + - job_initialize_pipeline + - job_module_pester_validation + strategy: + fail-fast: false + matrix: + parameterFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.parameterFilePaths) }} + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + # ------------------- # + ## Deploy & Remove ## + # ------------------- # + - name: 'Using parameter file [${{ matrix.parameterFilePaths }}]' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: '${{ env.modulePath }}/deploy.bicep' + parameterFilePath: '${{ env.modulePath }}/${{ matrix.parameterFilePaths }}' + location: '${{ env.location }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' + + ################## + # Publishing # + ################## + job_publish_module: + name: 'Publishing' + if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' + runs-on: ubuntu-20.04 + needs: + - job_module_deploy_validation + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Publishing' + uses: ./.github/actions/templates/publishModule + with: + templateFilePath: '${{ env.modulePath }}/deploy.bicep' + templateSpecsRGName: '${{ env.templateSpecsRGName }}' + templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + templateSpecsDescription: '${{ env.templateSpecsDescription }}' + templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + bicepRegistryName: '${{ env.bicepRegistryName }}' + bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' diff --git a/arm/Microsoft.Authorization/locks/.parameters/parameters.json b/arm/Microsoft.Authorization/locks/.parameters/parameters.json new file mode 100644 index 0000000000..978c6963b7 --- /dev/null +++ b/arm/Microsoft.Authorization/locks/.parameters/parameters.json @@ -0,0 +1,9 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "level": { + "value": "CanNotDelete" + } + } +} diff --git a/arm/Microsoft.Authorization/locks/deploy.bicep b/arm/Microsoft.Authorization/locks/deploy.bicep new file mode 100644 index 0000000000..a6becf200f --- /dev/null +++ b/arm/Microsoft.Authorization/locks/deploy.bicep @@ -0,0 +1,48 @@ +@allowed([ + 'CanNotDelete' + 'ReadOnly' +]) +@description('Required. Set lock level.') +param level string + +@description('Optional. The decription attached to the lock.') +param notes string = level == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + +@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +@sys.description('Optional. Name of the Resource Group to assign the lock to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided lock to the resource group.') +param resourceGroupName string = '' + +@sys.description('Optional. Subscription ID of the subscription to assign the lock to.') +param subscriptionId string = '' + +var enableReferencedModulesTelemetry = false + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +module lock_rg 'resourceGroup/deploy.bicep' = if (!empty(resourceGroupName) && !empty(subscriptionId)) { + name: '${uniqueString(deployment().name)}-Lock-RG-Module' + scope: resourceGroup(subscriptionId, resourceGroupName) + params: { + level: level + notes: notes + enableDefaultTelemetry: enableReferencedModulesTelemetry + } +} + +@sys.description('The GUID of the Role Assignment.') +output name string = lock_rg.outputs.name + +@sys.description('The resource ID of the Role Assignment.') +output resourceId string = lock_rg.outputs.resourceId diff --git a/arm/Microsoft.Authorization/locks/readme.md b/arm/Microsoft.Authorization/locks/readme.md new file mode 100644 index 0000000000..3ebf52e174 --- /dev/null +++ b/arm/Microsoft.Authorization/locks/readme.md @@ -0,0 +1,80 @@ +# Authorization Locks `[Microsoft.Authorization/locks]` + +This module deploys Authorization Locks. +// TODO: Replace Resource and fill in description + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Deployment examples](#Deployment-examples) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | + +## Parameters + +**Required parameters** +| Parameter Name | Type | Allowed Values | Description | +| :-- | :-- | :-- | :-- | +| `level` | string | `[CanNotDelete, ReadOnly]` | Set lock level. | + +**Optional parameters** +| Parameter Name | Type | Default Value | Description | +| :-- | :-- | :-- | :-- | +| `name` | string | `[format('{0}-lock', parameters('level'))]` | The name of the lock. | +| `notes` | string | `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` | The decription attached to the lock. | + + +### Parameter Usage: `` + +// TODO: Fill in Parameter usage + +## Outputs + +| Output Name | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the lock. | +| `resourceId` | string | The resource ID of the lock. | + +## Deployment examples + +

Example 1

+ +
+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "level": { + "value": "CanNotDelete" + } + } +} + +``` + +
+ +
+ +via Bicep module + +```bicep +module locks './Microsoft.Authorization/locks/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-locks' + params: { + level: 'CanNotDelete' + } +``` + +
+

diff --git a/arm/Microsoft.Authorization/locks/resourceGroup/deploy.bicep b/arm/Microsoft.Authorization/locks/resourceGroup/deploy.bicep new file mode 100644 index 0000000000..11385357d3 --- /dev/null +++ b/arm/Microsoft.Authorization/locks/resourceGroup/deploy.bicep @@ -0,0 +1,41 @@ +@description('Optional. The name of the lock.') +param name string = '${level}-lock' + +@allowed([ + 'CanNotDelete' + 'ReadOnly' +]) +@description('Required. Set lock level.') +param level string + +@description('Optional. The decription attached to the lock.') +param notes string = level == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + +@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +resource lock 'Microsoft.Authorization/locks@2017-04-01' = { + name: name + properties: { + level: level + notes: notes + } +} + +@description('The resource ID of the lock.') +output resourceId string = lock.id + +@description('The name of the lock.') +output name string = lock.name diff --git a/arm/Microsoft.Authorization/locks/resourceGroup/readme.md b/arm/Microsoft.Authorization/locks/resourceGroup/readme.md new file mode 100644 index 0000000000..e69de29bb2 diff --git a/arm/Microsoft.Authorization/locks/resourceGroup/version.json b/arm/Microsoft.Authorization/locks/resourceGroup/version.json new file mode 100644 index 0000000000..56f8d9ca40 --- /dev/null +++ b/arm/Microsoft.Authorization/locks/resourceGroup/version.json @@ -0,0 +1,4 @@ +{ + "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", + "version": "0.4" +} diff --git a/arm/Microsoft.Authorization/locks/version.json b/arm/Microsoft.Authorization/locks/version.json new file mode 100644 index 0000000000..41f66cc990 --- /dev/null +++ b/arm/Microsoft.Authorization/locks/version.json @@ -0,0 +1,4 @@ +{ + "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", + "version": "0.1" +} From ca0fdad19e98832a080c809262c9dcf817c05354 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 16 Jun 2022 19:41:13 +0200 Subject: [PATCH 33/52] rke --- .../.parameters/{parameters.json => rg.parameters.json} | 6 ++++++ settings.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) rename arm/Microsoft.Authorization/locks/.parameters/{parameters.json => rg.parameters.json} (59%) diff --git a/arm/Microsoft.Authorization/locks/.parameters/parameters.json b/arm/Microsoft.Authorization/locks/.parameters/rg.parameters.json similarity index 59% rename from arm/Microsoft.Authorization/locks/.parameters/parameters.json rename to arm/Microsoft.Authorization/locks/.parameters/rg.parameters.json index 978c6963b7..f5705f1801 100644 --- a/arm/Microsoft.Authorization/locks/.parameters/parameters.json +++ b/arm/Microsoft.Authorization/locks/.parameters/rg.parameters.json @@ -4,6 +4,12 @@ "parameters": { "level": { "value": "CanNotDelete" + }, + "resourceGroupName": { + "value": "testrg03" + }, + "subscriptionId": { + "value": "<>" } } } diff --git a/settings.json b/settings.json index 9198a0f7d0..6146e07c81 100644 --- a/settings.json +++ b/settings.json @@ -5,7 +5,7 @@ "localTokens": [ { "name": "namePrefix", - "value": "carml", + "value": "rke", "metadata": { "description": "A 3-5 character length string, included in the resources names" } From aea153f62ae95e09255fb25326ac3dc870b9b4de Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 16 Jun 2022 19:45:08 +0200 Subject: [PATCH 34/52] skip pester --- .github/workflows/ms.authorization.locks.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ms.authorization.locks.yml b/.github/workflows/ms.authorization.locks.yml index 49c6070b64..08cf3a5abe 100644 --- a/.github/workflows/ms.authorization.locks.yml +++ b/.github/workflows/ms.authorization.locks.yml @@ -72,10 +72,10 @@ jobs: uses: actions/checkout@v2 with: fetch-depth: 0 - - name: 'Run tests' - uses: ./.github/actions/templates/validateModulePester - with: - modulePath: '${{ env.modulePath }}' + # - name: 'Run tests' + # uses: ./.github/actions/templates/validateModulePester + # with: + # modulePath: '${{ env.modulePath }}' ############################# # Deployment validation # From 24dad16dd3569f613c03fb3e9626c4c05bebf5d5 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Jun 2022 12:22:37 +0200 Subject: [PATCH 35/52] testrg02 --- .../locks/.parameters/rg.parameters.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Authorization/locks/.parameters/rg.parameters.json b/arm/Microsoft.Authorization/locks/.parameters/rg.parameters.json index f5705f1801..68eeef21ee 100644 --- a/arm/Microsoft.Authorization/locks/.parameters/rg.parameters.json +++ b/arm/Microsoft.Authorization/locks/.parameters/rg.parameters.json @@ -6,7 +6,7 @@ "value": "CanNotDelete" }, "resourceGroupName": { - "value": "testrg03" + "value": "testrg02" }, "subscriptionId": { "value": "<>" From 30dc763607b36cb395faf5933b01662574d3af33 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Jun 2022 12:31:01 +0200 Subject: [PATCH 36/52] test from rg module --- arm/Microsoft.Resources/resourceGroups/deploy.bicep | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arm/Microsoft.Resources/resourceGroups/deploy.bicep b/arm/Microsoft.Resources/resourceGroups/deploy.bicep index d833f6e1cc..e32c1d3529 100644 --- a/arm/Microsoft.Resources/resourceGroups/deploy.bicep +++ b/arm/Microsoft.Resources/resourceGroups/deploy.bicep @@ -43,7 +43,8 @@ resource resourceGroup 'Microsoft.Resources/resourceGroups@2019-05-01' = { properties: {} } -module resourceGroup_lock '.bicep/nested_lock.bicep' = if (!empty(lock)) { +// module resourceGroup_lock '.bicep/nested_lock.bicep' = if (!empty(lock)) { +module resourceGroup_lock '../../Microsoft.Authorization/locks/resourceGroup/deploy.bicep' = if (!empty(lock)) { name: '${uniqueString(deployment().name, location)}-${lock}-Lock' params: { level: any(lock) From 664dd38f1994732fa081c115c6032e4492d45d91 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Jun 2022 13:12:36 +0200 Subject: [PATCH 37/52] publish --- .../locks/.parameters/rg.parameters.json | 2 +- arm/Microsoft.Authorization/locks/deploy.bicep | 10 +++++----- .../locks/resourceGroup/deploy.bicep | 9 ++++++--- global.variables.yml | 2 +- 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/arm/Microsoft.Authorization/locks/.parameters/rg.parameters.json b/arm/Microsoft.Authorization/locks/.parameters/rg.parameters.json index 68eeef21ee..5c8156186b 100644 --- a/arm/Microsoft.Authorization/locks/.parameters/rg.parameters.json +++ b/arm/Microsoft.Authorization/locks/.parameters/rg.parameters.json @@ -6,7 +6,7 @@ "value": "CanNotDelete" }, "resourceGroupName": { - "value": "testrg02" + "value": "validation-rg" }, "subscriptionId": { "value": "<>" diff --git a/arm/Microsoft.Authorization/locks/deploy.bicep b/arm/Microsoft.Authorization/locks/deploy.bicep index a6becf200f..847b1e24a9 100644 --- a/arm/Microsoft.Authorization/locks/deploy.bicep +++ b/arm/Microsoft.Authorization/locks/deploy.bicep @@ -8,13 +8,13 @@ param level string @description('Optional. The decription attached to the lock.') param notes string = level == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' -@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') param enableDefaultTelemetry bool = true -@sys.description('Optional. Name of the Resource Group to assign the lock to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided lock to the resource group.') +@description('Optional. Name of the Resource Group to assign the lock to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided lock to the resource group.') param resourceGroupName string = '' -@sys.description('Optional. Subscription ID of the subscription to assign the lock to.') +@description('Optional. Subscription ID of the subscription to assign the lock to.') param subscriptionId string = '' var enableReferencedModulesTelemetry = false @@ -41,8 +41,8 @@ module lock_rg 'resourceGroup/deploy.bicep' = if (!empty(resourceGroupName) && ! } } -@sys.description('The GUID of the Role Assignment.') +@description('The name of the lock.') output name string = lock_rg.outputs.name -@sys.description('The resource ID of the Role Assignment.') +@description('The resource ID of the lock.') output resourceId string = lock_rg.outputs.resourceId diff --git a/arm/Microsoft.Authorization/locks/resourceGroup/deploy.bicep b/arm/Microsoft.Authorization/locks/resourceGroup/deploy.bicep index 11385357d3..a5a8a23866 100644 --- a/arm/Microsoft.Authorization/locks/resourceGroup/deploy.bicep +++ b/arm/Microsoft.Authorization/locks/resourceGroup/deploy.bicep @@ -11,7 +11,7 @@ param level string @description('Optional. The decription attached to the lock.') param notes string = level == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' -@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') param enableDefaultTelemetry bool = true resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { @@ -34,8 +34,11 @@ resource lock 'Microsoft.Authorization/locks@2017-04-01' = { } } +@description('The name of the lock.') +output name string = lock.name + @description('The resource ID of the lock.') output resourceId string = lock.id -@description('The name of the lock.') -output name string = lock.name +@description('The name of the resource group the lock was applied to.') +output resourceGroupName string = resourceGroup().name diff --git a/global.variables.yml b/global.variables.yml index 7fed8d13f9..2897f2078e 100644 --- a/global.variables.yml +++ b/global.variables.yml @@ -24,7 +24,7 @@ variables: ###################################### bicepRegistryDoPublish: true # Set to true, if you would like to publish module templates to a bicep registry - bicepRegistryName: adpsxxazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. + bicepRegistryName: adprkeazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. bicepRegistryRGName: 'artifacts-rg' # The resource group that hosts the private bicep registry (ACR) bicepRegistryRgLocation: 'West Europe' # The location of the resource group to publish to From 0c2c36c7563d73448cb8b8d334996d3eea9205df Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Jun 2022 13:15:59 +0200 Subject: [PATCH 38/52] validation --- .github/workflows/ms.authorization.locks.yml | 8 ++-- arm/Microsoft.Authorization/locks/readme.md | 18 +++++---- .../locks/resourceGroup/readme.md | 37 +++++++++++++++++++ 3 files changed, 52 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ms.authorization.locks.yml b/.github/workflows/ms.authorization.locks.yml index 08cf3a5abe..49c6070b64 100644 --- a/.github/workflows/ms.authorization.locks.yml +++ b/.github/workflows/ms.authorization.locks.yml @@ -72,10 +72,10 @@ jobs: uses: actions/checkout@v2 with: fetch-depth: 0 - # - name: 'Run tests' - # uses: ./.github/actions/templates/validateModulePester - # with: - # modulePath: '${{ env.modulePath }}' + - name: 'Run tests' + uses: ./.github/actions/templates/validateModulePester + with: + modulePath: '${{ env.modulePath }}' ############################# # Deployment validation # diff --git a/arm/Microsoft.Authorization/locks/readme.md b/arm/Microsoft.Authorization/locks/readme.md index 3ebf52e174..82d9b0c864 100644 --- a/arm/Microsoft.Authorization/locks/readme.md +++ b/arm/Microsoft.Authorization/locks/readme.md @@ -1,7 +1,6 @@ # Authorization Locks `[Microsoft.Authorization/locks]` This module deploys Authorization Locks. -// TODO: Replace Resource and fill in description ## Navigation @@ -26,13 +25,10 @@ This module deploys Authorization Locks. **Optional parameters** | Parameter Name | Type | Default Value | Description | | :-- | :-- | :-- | :-- | -| `name` | string | `[format('{0}-lock', parameters('level'))]` | The name of the lock. | +| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | | `notes` | string | `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` | The decription attached to the lock. | - - -### Parameter Usage: `` - -// TODO: Fill in Parameter usage +| `resourceGroupName` | string | `''` | Name of the Resource Group to assign the lock to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided lock to the resource group. | +| `subscriptionId` | string | `''` | Subscription ID of the subscription to assign the lock to. | ## Outputs @@ -56,6 +52,12 @@ This module deploys Authorization Locks. "parameters": { "level": { "value": "CanNotDelete" + }, + "resourceGroupName": { + "value": "validation-rg" + }, + "subscriptionId": { + "value": "<>" } } } @@ -73,6 +75,8 @@ module locks './Microsoft.Authorization/locks/deploy.bicep' = { name: '${uniqueString(deployment().name)}-locks' params: { level: 'CanNotDelete' + resourceGroupName: 'validation-rg' + subscriptionId: '<>' } ``` diff --git a/arm/Microsoft.Authorization/locks/resourceGroup/readme.md b/arm/Microsoft.Authorization/locks/resourceGroup/readme.md index e69de29bb2..b0c71484a8 100644 --- a/arm/Microsoft.Authorization/locks/resourceGroup/readme.md +++ b/arm/Microsoft.Authorization/locks/resourceGroup/readme.md @@ -0,0 +1,37 @@ +# Authorization Locks on Resource Group level `[Microsoft.Authorization/locks/resourceGroup]` + +This module deploys Authorization Locks on Resource Group level. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | + +## Parameters + +**Required parameters** +| Parameter Name | Type | Allowed Values | Description | +| :-- | :-- | :-- | :-- | +| `level` | string | `[CanNotDelete, ReadOnly]` | Set lock level. | + +**Optional parameters** +| Parameter Name | Type | Default Value | Description | +| :-- | :-- | :-- | :-- | +| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| `name` | string | `[format('{0}-lock', parameters('level'))]` | The name of the lock. | +| `notes` | string | `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` | The decription attached to the lock. | + +## Outputs + +| Output Name | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the lock. | +| `resourceGroupName` | string | The name of the resource group the lock was applied to. | +| `resourceId` | string | The resource ID of the lock. | From 2ca53d678dea53132bf7d2df04bf5b2234eab295 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Jun 2022 13:21:00 +0200 Subject: [PATCH 39/52] validation new line --- arm/Microsoft.Authorization/locks/readme.md | 1 + arm/Microsoft.Authorization/locks/resourceGroup/readme.md | 1 + 2 files changed, 2 insertions(+) diff --git a/arm/Microsoft.Authorization/locks/readme.md b/arm/Microsoft.Authorization/locks/readme.md index 82d9b0c864..3afed3df7b 100644 --- a/arm/Microsoft.Authorization/locks/readme.md +++ b/arm/Microsoft.Authorization/locks/readme.md @@ -30,6 +30,7 @@ This module deploys Authorization Locks. | `resourceGroupName` | string | `''` | Name of the Resource Group to assign the lock to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided lock to the resource group. | | `subscriptionId` | string | `''` | Subscription ID of the subscription to assign the lock to. | + ## Outputs | Output Name | Type | Description | diff --git a/arm/Microsoft.Authorization/locks/resourceGroup/readme.md b/arm/Microsoft.Authorization/locks/resourceGroup/readme.md index b0c71484a8..c1e4e67f62 100644 --- a/arm/Microsoft.Authorization/locks/resourceGroup/readme.md +++ b/arm/Microsoft.Authorization/locks/resourceGroup/readme.md @@ -28,6 +28,7 @@ This module deploys Authorization Locks on Resource Group level. | `name` | string | `[format('{0}-lock', parameters('level'))]` | The name of the lock. | | `notes` | string | `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` | The decription attached to the lock. | + ## Outputs | Output Name | Type | Description | From 67154362bf1adaf6680f1f796d027e7fbffb53bd Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Jun 2022 13:26:13 +0200 Subject: [PATCH 40/52] ado --- .../ms.authorization.locks.yml | 55 +++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 .azuredevops/modulePipelines/ms.authorization.locks.yml diff --git a/.azuredevops/modulePipelines/ms.authorization.locks.yml b/.azuredevops/modulePipelines/ms.authorization.locks.yml new file mode 100644 index 0000000000..796262ea91 --- /dev/null +++ b/.azuredevops/modulePipelines/ms.authorization.locks.yml @@ -0,0 +1,55 @@ +name: 'Authorization - Locks' + +parameters: + - name: removeDeployment + displayName: Remove deployed module + type: boolean + default: true + - name: prerelease + displayName: Publish prerelease module + type: boolean + default: false + +pr: none + +trigger: + batch: true + branches: + include: + - main + paths: + include: + - '/.azuredevops/modulePipelines/ms.authorization.locks.yml' + - '/.azuredevops/pipelineTemplates/*.yml' + - '/arm/Microsoft.Authorization/locks/*' + - '/arm/.global/global.module.tests.ps1' + exclude: + - '/**/*.md' + +variables: + - template: '../../global.variables.yml' + - group: 'PLATFORM_VARIABLES' + - name: modulePath + value: '/arm/Microsoft.Authorization/locks' + +stages: + - stage: Validation + displayName: Static validation + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModulePester.yml + + - stage: Deployment + displayName: Deployment validation + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + removeDeployment: '${{ parameters.removeDeployment }}' + deploymentBlocks: + - path: $(modulePath)/.parameters/rg.parameters.json + templateFilePath: $(modulePath)/deploy.bicep + + - stage: Publishing + displayName: Publishing + condition: and(succeeded(), or(eq(variables['Build.SourceBranch'], 'refs/heads/main'), eq(variables['Build.SourceBranch'], 'refs/heads/master'), eq('${{ parameters.prerelease }}', 'true'))) + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.publishModule.yml From 424c684ae3308b58f72604d0f88a9bc2feded1a5 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Jun 2022 13:30:05 +0200 Subject: [PATCH 41/52] scope --- arm/Microsoft.Authorization/locks/deploy.bicep | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arm/Microsoft.Authorization/locks/deploy.bicep b/arm/Microsoft.Authorization/locks/deploy.bicep index 847b1e24a9..cdbc8c0edf 100644 --- a/arm/Microsoft.Authorization/locks/deploy.bicep +++ b/arm/Microsoft.Authorization/locks/deploy.bicep @@ -1,3 +1,5 @@ +targetScope = 'subscription' + @allowed([ 'CanNotDelete' 'ReadOnly' From 7d504f341c4989a889b82cbd3eeccd040819a7d5 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Jun 2022 14:47:20 +0200 Subject: [PATCH 42/52] location --- arm/Microsoft.Authorization/locks/deploy.bicep | 8 ++++++-- arm/Microsoft.Authorization/locks/readme.md | 1 + 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/arm/Microsoft.Authorization/locks/deploy.bicep b/arm/Microsoft.Authorization/locks/deploy.bicep index cdbc8c0edf..7f0014306d 100644 --- a/arm/Microsoft.Authorization/locks/deploy.bicep +++ b/arm/Microsoft.Authorization/locks/deploy.bicep @@ -19,10 +19,14 @@ param resourceGroupName string = '' @description('Optional. Subscription ID of the subscription to assign the lock to.') param subscriptionId string = '' +@sys.description('Optional. Location for all resources.') +param location string = deployment().location + var enableReferencedModulesTelemetry = false resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' + location: location properties: { mode: 'Incremental' template: { @@ -34,7 +38,7 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } module lock_rg 'resourceGroup/deploy.bicep' = if (!empty(resourceGroupName) && !empty(subscriptionId)) { - name: '${uniqueString(deployment().name)}-Lock-RG-Module' + name: '${uniqueString(deployment().name, location)}-Lock-RG-Module' scope: resourceGroup(subscriptionId, resourceGroupName) params: { level: level diff --git a/arm/Microsoft.Authorization/locks/readme.md b/arm/Microsoft.Authorization/locks/readme.md index 3afed3df7b..db45879b04 100644 --- a/arm/Microsoft.Authorization/locks/readme.md +++ b/arm/Microsoft.Authorization/locks/readme.md @@ -26,6 +26,7 @@ This module deploys Authorization Locks. | Parameter Name | Type | Default Value | Description | | :-- | :-- | :-- | :-- | | `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| `location` | string | `[deployment().location]` | Location for all resources. | | `notes` | string | `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` | The decription attached to the lock. | | `resourceGroupName` | string | `''` | Name of the Resource Group to assign the lock to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided lock to the resource group. | | `subscriptionId` | string | `''` | Subscription ID of the subscription to assign the lock to. | From f6aca2a3c76bcfb283a832e37c6b7984a66f60a7 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Jun 2022 17:05:33 +0200 Subject: [PATCH 43/52] update lock name --- .../locks/deploy.bicep | 1 + .../locks/resourceGroup/version.json | 2 +- .../resourceGroups/.bicep/nested_lock.bicep | 26 ------------------- .../resourceGroups/deploy.bicep | 1 - 4 files changed, 2 insertions(+), 28 deletions(-) delete mode 100644 arm/Microsoft.Resources/resourceGroups/.bicep/nested_lock.bicep diff --git a/arm/Microsoft.Authorization/locks/deploy.bicep b/arm/Microsoft.Authorization/locks/deploy.bicep index 7f0014306d..b6a096aa7b 100644 --- a/arm/Microsoft.Authorization/locks/deploy.bicep +++ b/arm/Microsoft.Authorization/locks/deploy.bicep @@ -41,6 +41,7 @@ module lock_rg 'resourceGroup/deploy.bicep' = if (!empty(resourceGroupName) && ! name: '${uniqueString(deployment().name, location)}-Lock-RG-Module' scope: resourceGroup(subscriptionId, resourceGroupName) params: { + name: '${resourceGroupName}-${level}-lock' level: level notes: notes enableDefaultTelemetry: enableReferencedModulesTelemetry diff --git a/arm/Microsoft.Authorization/locks/resourceGroup/version.json b/arm/Microsoft.Authorization/locks/resourceGroup/version.json index 56f8d9ca40..41f66cc990 100644 --- a/arm/Microsoft.Authorization/locks/resourceGroup/version.json +++ b/arm/Microsoft.Authorization/locks/resourceGroup/version.json @@ -1,4 +1,4 @@ { "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" + "version": "0.1" } diff --git a/arm/Microsoft.Resources/resourceGroups/.bicep/nested_lock.bicep b/arm/Microsoft.Resources/resourceGroups/.bicep/nested_lock.bicep deleted file mode 100644 index 96d0f4c23b..0000000000 --- a/arm/Microsoft.Resources/resourceGroups/.bicep/nested_lock.bicep +++ /dev/null @@ -1,26 +0,0 @@ -@description('Optional. The name of the lock.') -param name string = '${level}-lock' - -@allowed([ - 'CanNotDelete' - 'ReadOnly' -]) -@description('Required. Set lock level.') -param level string - -@description('Optional. The decription attached to the lock.') -param notes string = level == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - -resource lock 'Microsoft.Authorization/locks@2017-04-01' = { - name: name - properties: { - level: level - notes: notes - } -} - -@description('The resource ID of the lock.') -output resourceId string = lock.id - -@description('The name of the lock.') -output name string = lock.name diff --git a/arm/Microsoft.Resources/resourceGroups/deploy.bicep b/arm/Microsoft.Resources/resourceGroups/deploy.bicep index e32c1d3529..e5f23ab7e8 100644 --- a/arm/Microsoft.Resources/resourceGroups/deploy.bicep +++ b/arm/Microsoft.Resources/resourceGroups/deploy.bicep @@ -43,7 +43,6 @@ resource resourceGroup 'Microsoft.Resources/resourceGroups@2019-05-01' = { properties: {} } -// module resourceGroup_lock '.bicep/nested_lock.bicep' = if (!empty(lock)) { module resourceGroup_lock '../../Microsoft.Authorization/locks/resourceGroup/deploy.bicep' = if (!empty(lock)) { name: '${uniqueString(deployment().name, location)}-${lock}-Lock' params: { From 41ce2e09e8d75c661550830d5620b541072a4ffe Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Jun 2022 17:51:08 +0200 Subject: [PATCH 44/52] carml --- global.variables.yml | 2 +- settings.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/global.variables.yml b/global.variables.yml index 2897f2078e..7fed8d13f9 100644 --- a/global.variables.yml +++ b/global.variables.yml @@ -24,7 +24,7 @@ variables: ###################################### bicepRegistryDoPublish: true # Set to true, if you would like to publish module templates to a bicep registry - bicepRegistryName: adprkeazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. + bicepRegistryName: adpsxxazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. bicepRegistryRGName: 'artifacts-rg' # The resource group that hosts the private bicep registry (ACR) bicepRegistryRgLocation: 'West Europe' # The location of the resource group to publish to diff --git a/settings.json b/settings.json index 6146e07c81..9198a0f7d0 100644 --- a/settings.json +++ b/settings.json @@ -5,7 +5,7 @@ "localTokens": [ { "name": "namePrefix", - "value": "rke", + "value": "carml", "metadata": { "description": "A 3-5 character length string, included in the resources names" } From 8ddab8a8a80caa4e3622fc8d6a478513852b1d19 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Jun 2022 19:35:35 +0200 Subject: [PATCH 45/52] lock rg dependencies --- .azuredevops/platformPipelines/platform.dependencies.yml | 3 +++ .github/workflows/platform.dependencies.yml | 1 - .../locks/.parameters/rg.parameters.json | 2 +- global.variables.yml | 2 +- settings.json | 2 +- .../resourceGroups/parameters/locks.parameters.json | 9 +++++++++ 6 files changed, 15 insertions(+), 4 deletions(-) create mode 100644 utilities/pipelines/dependencies/Microsoft.Resources/resourceGroups/parameters/locks.parameters.json diff --git a/.azuredevops/platformPipelines/platform.dependencies.yml b/.azuredevops/platformPipelines/platform.dependencies.yml index 2d7edbd607..33013e95ea 100644 --- a/.azuredevops/platformPipelines/platform.dependencies.yml +++ b/.azuredevops/platformPipelines/platform.dependencies.yml @@ -47,6 +47,9 @@ stages: - path: $(dependencyPath)/$(resourceType)/parameters/validation.parameters.json templateFilePath: $(templateFilePath) displayName: Validation Resource Group + - path: $(dependencyPath)/$(resourceType)/parameters/locks.parameters.json + templateFilePath: $(templateFilePath) + displayName: Locks Resource Group - stage: deploy_ppg displayName: Deploy proximity placement group diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index 400fc2281e..c8c08453ad 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -49,7 +49,6 @@ jobs: uses: actions/checkout@v2 with: fetch-depth: 0 - - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: diff --git a/arm/Microsoft.Authorization/locks/.parameters/rg.parameters.json b/arm/Microsoft.Authorization/locks/.parameters/rg.parameters.json index 5c8156186b..dc4870ce99 100644 --- a/arm/Microsoft.Authorization/locks/.parameters/rg.parameters.json +++ b/arm/Microsoft.Authorization/locks/.parameters/rg.parameters.json @@ -6,7 +6,7 @@ "value": "CanNotDelete" }, "resourceGroupName": { - "value": "validation-rg" + "value": "adp-<>-az-locks-rg-001" }, "subscriptionId": { "value": "<>" diff --git a/global.variables.yml b/global.variables.yml index 7fed8d13f9..2897f2078e 100644 --- a/global.variables.yml +++ b/global.variables.yml @@ -24,7 +24,7 @@ variables: ###################################### bicepRegistryDoPublish: true # Set to true, if you would like to publish module templates to a bicep registry - bicepRegistryName: adpsxxazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. + bicepRegistryName: adprkeazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. bicepRegistryRGName: 'artifacts-rg' # The resource group that hosts the private bicep registry (ACR) bicepRegistryRgLocation: 'West Europe' # The location of the resource group to publish to diff --git a/settings.json b/settings.json index 9198a0f7d0..6146e07c81 100644 --- a/settings.json +++ b/settings.json @@ -5,7 +5,7 @@ "localTokens": [ { "name": "namePrefix", - "value": "carml", + "value": "rke", "metadata": { "description": "A 3-5 character length string, included in the resources names" } diff --git a/utilities/pipelines/dependencies/Microsoft.Resources/resourceGroups/parameters/locks.parameters.json b/utilities/pipelines/dependencies/Microsoft.Resources/resourceGroups/parameters/locks.parameters.json new file mode 100644 index 0000000000..6d067839b3 --- /dev/null +++ b/utilities/pipelines/dependencies/Microsoft.Resources/resourceGroups/parameters/locks.parameters.json @@ -0,0 +1,9 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "adp-<>-az-locks-rg-001" + } + } +} From b928ec3fa0e74177e9cac1cd69e4b4fdd542d38e Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Jun 2022 19:41:28 +0200 Subject: [PATCH 46/52] lock rg dependencies in pipeline --- .github/workflows/platform.dependencies.yml | 2 +- arm/Microsoft.Authorization/locks/readme.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index c8c08453ad..1754c3c32c 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -43,7 +43,7 @@ jobs: strategy: fail-fast: false matrix: - parameterFilePaths: ['validation.parameters.json'] + parameterFilePaths: ['validation.parameters.json', 'locks.parameters.json'] steps: - name: 'Checkout' uses: actions/checkout@v2 diff --git a/arm/Microsoft.Authorization/locks/readme.md b/arm/Microsoft.Authorization/locks/readme.md index db45879b04..9154cfc788 100644 --- a/arm/Microsoft.Authorization/locks/readme.md +++ b/arm/Microsoft.Authorization/locks/readme.md @@ -56,7 +56,7 @@ This module deploys Authorization Locks. "value": "CanNotDelete" }, "resourceGroupName": { - "value": "validation-rg" + "value": "adp-<>-az-locks-rg-001" }, "subscriptionId": { "value": "<>" @@ -77,7 +77,7 @@ module locks './Microsoft.Authorization/locks/deploy.bicep' = { name: '${uniqueString(deployment().name)}-locks' params: { level: 'CanNotDelete' - resourceGroupName: 'validation-rg' + resourceGroupName: 'adp-<>-az-locks-rg-001' subscriptionId: '<>' } ``` From f90c407d6c3522e2abec4c5c4691c9b21e9e55e1 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Jun 2022 20:11:12 +0200 Subject: [PATCH 47/52] carml --- global.variables.yml | 2 +- settings.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/global.variables.yml b/global.variables.yml index 2897f2078e..7fed8d13f9 100644 --- a/global.variables.yml +++ b/global.variables.yml @@ -24,7 +24,7 @@ variables: ###################################### bicepRegistryDoPublish: true # Set to true, if you would like to publish module templates to a bicep registry - bicepRegistryName: adprkeazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. + bicepRegistryName: adpsxxazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. bicepRegistryRGName: 'artifacts-rg' # The resource group that hosts the private bicep registry (ACR) bicepRegistryRgLocation: 'West Europe' # The location of the resource group to publish to diff --git a/settings.json b/settings.json index 6146e07c81..9198a0f7d0 100644 --- a/settings.json +++ b/settings.json @@ -5,7 +5,7 @@ "localTokens": [ { "name": "namePrefix", - "value": "rke", + "value": "carml", "metadata": { "description": "A 3-5 character length string, included in the resources names" } From 1c7e30858862a41eff6fb1754d6cd47c61b00a0f Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 20 Jun 2022 13:01:21 +0200 Subject: [PATCH 48/52] subscription lock --- .../locks/resourceGroup/deploy.bicep | 2 + .../locks/subscription/deploy.bicep | 43 +++++++++++++++++++ .../locks/subscription/readme.md | 37 ++++++++++++++++ .../locks/subscription/version.json | 4 ++ global.variables.yml | 2 +- settings.json | 2 +- 6 files changed, 88 insertions(+), 2 deletions(-) create mode 100644 arm/Microsoft.Authorization/locks/subscription/deploy.bicep create mode 100644 arm/Microsoft.Authorization/locks/subscription/readme.md create mode 100644 arm/Microsoft.Authorization/locks/subscription/version.json diff --git a/arm/Microsoft.Authorization/locks/resourceGroup/deploy.bicep b/arm/Microsoft.Authorization/locks/resourceGroup/deploy.bicep index a5a8a23866..00c3566ce0 100644 --- a/arm/Microsoft.Authorization/locks/resourceGroup/deploy.bicep +++ b/arm/Microsoft.Authorization/locks/resourceGroup/deploy.bicep @@ -1,3 +1,5 @@ +targetScope = 'resourceGroup' + @description('Optional. The name of the lock.') param name string = '${level}-lock' diff --git a/arm/Microsoft.Authorization/locks/subscription/deploy.bicep b/arm/Microsoft.Authorization/locks/subscription/deploy.bicep new file mode 100644 index 0000000000..18e74635be --- /dev/null +++ b/arm/Microsoft.Authorization/locks/subscription/deploy.bicep @@ -0,0 +1,43 @@ +targetScope = 'subscription' + +@description('Optional. The name of the lock.') +param name string = '${level}-lock' + +@allowed([ + 'CanNotDelete' + 'ReadOnly' +]) +@description('Required. Set lock level.') +param level string + +@description('Optional. The decription attached to the lock.') +param notes string = level == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + +@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +resource lock 'Microsoft.Authorization/locks@2017-04-01' = { + name: name + properties: { + level: level + notes: notes + } +} + +@description('The name of the lock.') +output name string = lock.name + +@description('The resource ID of the lock.') +output resourceId string = lock.id diff --git a/arm/Microsoft.Authorization/locks/subscription/readme.md b/arm/Microsoft.Authorization/locks/subscription/readme.md new file mode 100644 index 0000000000..bcc9ea3664 --- /dev/null +++ b/arm/Microsoft.Authorization/locks/subscription/readme.md @@ -0,0 +1,37 @@ +# Authorization Locks on Subscription level `[Microsoft.Authorization/locks/subscription]` + +This module deploys Authorization Locks on Subscription level. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | + +## Parameters + +**Required parameters** +| Parameter Name | Type | Allowed Values | Description | +| :-- | :-- | :-- | :-- | +| `level` | string | `[CanNotDelete, ReadOnly]` | Set lock level. | + +**Optional parameters** +| Parameter Name | Type | Default Value | Description | +| :-- | :-- | :-- | :-- | +| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| `name` | string | `[format('{0}-lock', parameters('level'))]` | The name of the lock. | +| `notes` | string | `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` | The decription attached to the lock. | + + +## Outputs + +| Output Name | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the lock. | +| `resourceId` | string | The resource ID of the lock. | diff --git a/arm/Microsoft.Authorization/locks/subscription/version.json b/arm/Microsoft.Authorization/locks/subscription/version.json new file mode 100644 index 0000000000..41f66cc990 --- /dev/null +++ b/arm/Microsoft.Authorization/locks/subscription/version.json @@ -0,0 +1,4 @@ +{ + "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", + "version": "0.1" +} diff --git a/global.variables.yml b/global.variables.yml index 7fed8d13f9..2897f2078e 100644 --- a/global.variables.yml +++ b/global.variables.yml @@ -24,7 +24,7 @@ variables: ###################################### bicepRegistryDoPublish: true # Set to true, if you would like to publish module templates to a bicep registry - bicepRegistryName: adpsxxazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. + bicepRegistryName: adprkeazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. bicepRegistryRGName: 'artifacts-rg' # The resource group that hosts the private bicep registry (ACR) bicepRegistryRgLocation: 'West Europe' # The location of the resource group to publish to diff --git a/settings.json b/settings.json index 9198a0f7d0..6146e07c81 100644 --- a/settings.json +++ b/settings.json @@ -5,7 +5,7 @@ "localTokens": [ { "name": "namePrefix", - "value": "carml", + "value": "rke", "metadata": { "description": "A 3-5 character length string, included in the resources names" } From 6de4305fee5d936627ce4cdde598db9752a39242 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 20 Jun 2022 13:42:18 +0200 Subject: [PATCH 49/52] sub locks --- .../locks/.parameters/sub.parameters.json | 12 +++++ .../locks/deploy.bicep | 29 +++++++++--- arm/Microsoft.Authorization/locks/readme.md | 44 ++++++++++++++++++- global.variables.yml | 2 +- settings.json | 2 +- 5 files changed, 80 insertions(+), 9 deletions(-) create mode 100644 arm/Microsoft.Authorization/locks/.parameters/sub.parameters.json diff --git a/arm/Microsoft.Authorization/locks/.parameters/sub.parameters.json b/arm/Microsoft.Authorization/locks/.parameters/sub.parameters.json new file mode 100644 index 0000000000..e7cb931bd8 --- /dev/null +++ b/arm/Microsoft.Authorization/locks/.parameters/sub.parameters.json @@ -0,0 +1,12 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "level": { + "value": "CanNotDelete" + }, + "subscriptionId": { + "value": "<>" + } + } +} diff --git a/arm/Microsoft.Authorization/locks/deploy.bicep b/arm/Microsoft.Authorization/locks/deploy.bicep index b6a096aa7b..49b2c708b6 100644 --- a/arm/Microsoft.Authorization/locks/deploy.bicep +++ b/arm/Microsoft.Authorization/locks/deploy.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +@description('Optional. The name of the lock.') +param name string = '${level}-lock' + @allowed([ 'CanNotDelete' 'ReadOnly' @@ -16,8 +19,8 @@ param enableDefaultTelemetry bool = true @description('Optional. Name of the Resource Group to assign the lock to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided lock to the resource group.') param resourceGroupName string = '' -@description('Optional. Subscription ID of the subscription to assign the lock to.') -param subscriptionId string = '' +@description('Optional. Subscription ID of the subscription to assign the lock to. If not provided, will use the current scope for deployment. If no resource group name is provided, the module deploys at subscription level, therefore assigns the provided locks to the subscription.') +param subscriptionId string = subscription().id @sys.description('Optional. Location for all resources.') param location string = deployment().location @@ -37,11 +40,22 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } -module lock_rg 'resourceGroup/deploy.bicep' = if (!empty(resourceGroupName) && !empty(subscriptionId)) { +module lock_sub 'subscription/deploy.bicep' = if (!empty(subscriptionId) && empty(resourceGroupName)) { + name: '${uniqueString(deployment().name, location)}-Lock-Sub-Module' + scope: subscription(subscriptionId) + params: { + name: name + level: level + notes: notes + enableDefaultTelemetry: enableReferencedModulesTelemetry + } +} + +module lock_rg 'resourceGroup/deploy.bicep' = if (!empty(subscriptionId) && !empty(resourceGroupName)) { name: '${uniqueString(deployment().name, location)}-Lock-RG-Module' scope: resourceGroup(subscriptionId, resourceGroupName) params: { - name: '${resourceGroupName}-${level}-lock' + name: name level: level notes: notes enableDefaultTelemetry: enableReferencedModulesTelemetry @@ -49,7 +63,10 @@ module lock_rg 'resourceGroup/deploy.bicep' = if (!empty(resourceGroupName) && ! } @description('The name of the lock.') -output name string = lock_rg.outputs.name +output name string = empty(resourceGroupName) ? lock_sub.outputs.name : lock_rg.outputs.name @description('The resource ID of the lock.') -output resourceId string = lock_rg.outputs.resourceId +output resourceId string = empty(resourceGroupName) ? lock_sub.outputs.resourceId : lock_rg.outputs.resourceId + +@sys.description('The scope this lock applies to.') +output scope string = empty(resourceGroupName) ? subscription().id : any(resourceGroup(resourceGroupName)) diff --git a/arm/Microsoft.Authorization/locks/readme.md b/arm/Microsoft.Authorization/locks/readme.md index 9154cfc788..a69fe1ae21 100644 --- a/arm/Microsoft.Authorization/locks/readme.md +++ b/arm/Microsoft.Authorization/locks/readme.md @@ -27,9 +27,10 @@ This module deploys Authorization Locks. | :-- | :-- | :-- | :-- | | `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | | `location` | string | `[deployment().location]` | Location for all resources. | +| `name` | string | `[format('{0}-lock', parameters('level'))]` | The name of the lock. | | `notes` | string | `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` | The decription attached to the lock. | | `resourceGroupName` | string | `''` | Name of the Resource Group to assign the lock to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided lock to the resource group. | -| `subscriptionId` | string | `''` | Subscription ID of the subscription to assign the lock to. | +| `subscriptionId` | string | `[subscription().id]` | Subscription ID of the subscription to assign the lock to. If not provided, will use the current scope for deployment. If no resource group name is provided, the module deploys at subscription level, therefore assigns the provided locks to the subscription. | ## Outputs @@ -38,6 +39,7 @@ This module deploys Authorization Locks. | :-- | :-- | :-- | | `name` | string | The name of the lock. | | `resourceId` | string | The resource ID of the lock. | +| `scope` | string | The scope this lock applies to. | ## Deployment examples @@ -84,3 +86,43 @@ module locks './Microsoft.Authorization/locks/deploy.bicep' = {

+ +

Example 2

+ +
+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "level": { + "value": "CanNotDelete" + }, + "subscriptionId": { + "value": "<>" + } + } +} + +``` + +
+ +
+ +via Bicep module + +```bicep +module locks './Microsoft.Authorization/locks/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-locks' + params: { + level: 'CanNotDelete' + subscriptionId: '<>' + } +``` + +
+

diff --git a/global.variables.yml b/global.variables.yml index 2897f2078e..7fed8d13f9 100644 --- a/global.variables.yml +++ b/global.variables.yml @@ -24,7 +24,7 @@ variables: ###################################### bicepRegistryDoPublish: true # Set to true, if you would like to publish module templates to a bicep registry - bicepRegistryName: adprkeazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. + bicepRegistryName: adpsxxazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. bicepRegistryRGName: 'artifacts-rg' # The resource group that hosts the private bicep registry (ACR) bicepRegistryRgLocation: 'West Europe' # The location of the resource group to publish to diff --git a/settings.json b/settings.json index 6146e07c81..9198a0f7d0 100644 --- a/settings.json +++ b/settings.json @@ -5,7 +5,7 @@ "localTokens": [ { "name": "namePrefix", - "value": "rke", + "value": "carml", "metadata": { "description": "A 3-5 character length string, included in the resources names" } From 808f5940fa04b325b490855ad76188750013ee8d Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 20 Jun 2022 14:14:58 +0200 Subject: [PATCH 50/52] no name --- arm/Microsoft.Authorization/locks/deploy.bicep | 7 ++----- arm/Microsoft.Authorization/locks/readme.md | 1 - .../locks/subscription/deploy.bicep | 3 +++ arm/Microsoft.Authorization/locks/subscription/readme.md | 1 + 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/arm/Microsoft.Authorization/locks/deploy.bicep b/arm/Microsoft.Authorization/locks/deploy.bicep index 49b2c708b6..d716d9b106 100644 --- a/arm/Microsoft.Authorization/locks/deploy.bicep +++ b/arm/Microsoft.Authorization/locks/deploy.bicep @@ -1,8 +1,5 @@ targetScope = 'subscription' -@description('Optional. The name of the lock.') -param name string = '${level}-lock' - @allowed([ 'CanNotDelete' 'ReadOnly' @@ -44,7 +41,7 @@ module lock_sub 'subscription/deploy.bicep' = if (!empty(subscriptionId) && empt name: '${uniqueString(deployment().name, location)}-Lock-Sub-Module' scope: subscription(subscriptionId) params: { - name: name + name: '${subscription().displayName}-${level}-lock' level: level notes: notes enableDefaultTelemetry: enableReferencedModulesTelemetry @@ -55,7 +52,7 @@ module lock_rg 'resourceGroup/deploy.bicep' = if (!empty(subscriptionId) && !emp name: '${uniqueString(deployment().name, location)}-Lock-RG-Module' scope: resourceGroup(subscriptionId, resourceGroupName) params: { - name: name + name: '${resourceGroupName}-${level}-lock' level: level notes: notes enableDefaultTelemetry: enableReferencedModulesTelemetry diff --git a/arm/Microsoft.Authorization/locks/readme.md b/arm/Microsoft.Authorization/locks/readme.md index a69fe1ae21..ce2cf878fd 100644 --- a/arm/Microsoft.Authorization/locks/readme.md +++ b/arm/Microsoft.Authorization/locks/readme.md @@ -27,7 +27,6 @@ This module deploys Authorization Locks. | :-- | :-- | :-- | :-- | | `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | | `location` | string | `[deployment().location]` | Location for all resources. | -| `name` | string | `[format('{0}-lock', parameters('level'))]` | The name of the lock. | | `notes` | string | `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` | The decription attached to the lock. | | `resourceGroupName` | string | `''` | Name of the Resource Group to assign the lock to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided lock to the resource group. | | `subscriptionId` | string | `[subscription().id]` | Subscription ID of the subscription to assign the lock to. If not provided, will use the current scope for deployment. If no resource group name is provided, the module deploys at subscription level, therefore assigns the provided locks to the subscription. | diff --git a/arm/Microsoft.Authorization/locks/subscription/deploy.bicep b/arm/Microsoft.Authorization/locks/subscription/deploy.bicep index 18e74635be..f184869649 100644 --- a/arm/Microsoft.Authorization/locks/subscription/deploy.bicep +++ b/arm/Microsoft.Authorization/locks/subscription/deploy.bicep @@ -41,3 +41,6 @@ output name string = lock.name @description('The resource ID of the lock.') output resourceId string = lock.id + +@description('The subscription the lock was deployed into.') +output subscriptionName string = subscription().displayName diff --git a/arm/Microsoft.Authorization/locks/subscription/readme.md b/arm/Microsoft.Authorization/locks/subscription/readme.md index bcc9ea3664..cf74d949f1 100644 --- a/arm/Microsoft.Authorization/locks/subscription/readme.md +++ b/arm/Microsoft.Authorization/locks/subscription/readme.md @@ -35,3 +35,4 @@ This module deploys Authorization Locks on Subscription level. | :-- | :-- | :-- | | `name` | string | The name of the lock. | | `resourceId` | string | The resource ID of the lock. | +| `subscriptionName` | string | The subscription the lock was deployed into. | From 1b407aaaad53f8724c45f3fc5e1bfaf5d83a3baf Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 20 Jun 2022 14:43:56 +0200 Subject: [PATCH 51/52] disable sub level lock deployment --- .../locks/.parameters/sub.parameters.json | 12 ------ .../locks/deploy.bicep | 29 ++++++++------ arm/Microsoft.Authorization/locks/readme.md | 40 ------------------- 3 files changed, 16 insertions(+), 65 deletions(-) delete mode 100644 arm/Microsoft.Authorization/locks/.parameters/sub.parameters.json diff --git a/arm/Microsoft.Authorization/locks/.parameters/sub.parameters.json b/arm/Microsoft.Authorization/locks/.parameters/sub.parameters.json deleted file mode 100644 index e7cb931bd8..0000000000 --- a/arm/Microsoft.Authorization/locks/.parameters/sub.parameters.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "level": { - "value": "CanNotDelete" - }, - "subscriptionId": { - "value": "<>" - } - } -} diff --git a/arm/Microsoft.Authorization/locks/deploy.bicep b/arm/Microsoft.Authorization/locks/deploy.bicep index d716d9b106..5404c1224a 100644 --- a/arm/Microsoft.Authorization/locks/deploy.bicep +++ b/arm/Microsoft.Authorization/locks/deploy.bicep @@ -37,16 +37,16 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } -module lock_sub 'subscription/deploy.bicep' = if (!empty(subscriptionId) && empty(resourceGroupName)) { - name: '${uniqueString(deployment().name, location)}-Lock-Sub-Module' - scope: subscription(subscriptionId) - params: { - name: '${subscription().displayName}-${level}-lock' - level: level - notes: notes - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -} +// module lock_sub 'subscription/deploy.bicep' = if (!empty(subscriptionId) && empty(resourceGroupName)) { +// name: '${uniqueString(deployment().name, location)}-Lock-Sub-Module' +// scope: subscription(subscriptionId) +// params: { +// name: '${subscription().displayName}-${level}-lock' +// level: level +// notes: notes +// enableDefaultTelemetry: enableReferencedModulesTelemetry +// } +// } module lock_rg 'resourceGroup/deploy.bicep' = if (!empty(subscriptionId) && !empty(resourceGroupName)) { name: '${uniqueString(deployment().name, location)}-Lock-RG-Module' @@ -60,10 +60,13 @@ module lock_rg 'resourceGroup/deploy.bicep' = if (!empty(subscriptionId) && !emp } @description('The name of the lock.') -output name string = empty(resourceGroupName) ? lock_sub.outputs.name : lock_rg.outputs.name +// output name string = empty(resourceGroupName) ? lock_sub.outputs.name : lock_rg.outputs.name +output name string = lock_rg.outputs.name @description('The resource ID of the lock.') -output resourceId string = empty(resourceGroupName) ? lock_sub.outputs.resourceId : lock_rg.outputs.resourceId +// output resourceId string = empty(resourceGroupName) ? lock_sub.outputs.resourceId : lock_rg.outputs.resourceId +output resourceId string = lock_rg.outputs.resourceId @sys.description('The scope this lock applies to.') -output scope string = empty(resourceGroupName) ? subscription().id : any(resourceGroup(resourceGroupName)) +// output scope string = empty(resourceGroupName) ? subscription().id : any(resourceGroup(resourceGroupName)) +output scope string = any(resourceGroup(resourceGroupName)) diff --git a/arm/Microsoft.Authorization/locks/readme.md b/arm/Microsoft.Authorization/locks/readme.md index ce2cf878fd..fe2172de6b 100644 --- a/arm/Microsoft.Authorization/locks/readme.md +++ b/arm/Microsoft.Authorization/locks/readme.md @@ -85,43 +85,3 @@ module locks './Microsoft.Authorization/locks/deploy.bicep' = {

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "level": { - "value": "CanNotDelete" - }, - "subscriptionId": { - "value": "<>" - } - } -} - -``` - -
- -
- -via Bicep module - -```bicep -module locks './Microsoft.Authorization/locks/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-locks' - params: { - level: 'CanNotDelete' - subscriptionId: '<>' - } -``` - -
-

From 6ce1398c2791d9a88aa70079c3db0d4acf5e3267 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 20 Jun 2022 16:08:11 +0200 Subject: [PATCH 52/52] enable sub level lock deployment --- .../locks/deploy.bicep | 29 +++++++++---------- 1 file changed, 13 insertions(+), 16 deletions(-) diff --git a/arm/Microsoft.Authorization/locks/deploy.bicep b/arm/Microsoft.Authorization/locks/deploy.bicep index 5404c1224a..d716d9b106 100644 --- a/arm/Microsoft.Authorization/locks/deploy.bicep +++ b/arm/Microsoft.Authorization/locks/deploy.bicep @@ -37,16 +37,16 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } -// module lock_sub 'subscription/deploy.bicep' = if (!empty(subscriptionId) && empty(resourceGroupName)) { -// name: '${uniqueString(deployment().name, location)}-Lock-Sub-Module' -// scope: subscription(subscriptionId) -// params: { -// name: '${subscription().displayName}-${level}-lock' -// level: level -// notes: notes -// enableDefaultTelemetry: enableReferencedModulesTelemetry -// } -// } +module lock_sub 'subscription/deploy.bicep' = if (!empty(subscriptionId) && empty(resourceGroupName)) { + name: '${uniqueString(deployment().name, location)}-Lock-Sub-Module' + scope: subscription(subscriptionId) + params: { + name: '${subscription().displayName}-${level}-lock' + level: level + notes: notes + enableDefaultTelemetry: enableReferencedModulesTelemetry + } +} module lock_rg 'resourceGroup/deploy.bicep' = if (!empty(subscriptionId) && !empty(resourceGroupName)) { name: '${uniqueString(deployment().name, location)}-Lock-RG-Module' @@ -60,13 +60,10 @@ module lock_rg 'resourceGroup/deploy.bicep' = if (!empty(subscriptionId) && !emp } @description('The name of the lock.') -// output name string = empty(resourceGroupName) ? lock_sub.outputs.name : lock_rg.outputs.name -output name string = lock_rg.outputs.name +output name string = empty(resourceGroupName) ? lock_sub.outputs.name : lock_rg.outputs.name @description('The resource ID of the lock.') -// output resourceId string = empty(resourceGroupName) ? lock_sub.outputs.resourceId : lock_rg.outputs.resourceId -output resourceId string = lock_rg.outputs.resourceId +output resourceId string = empty(resourceGroupName) ? lock_sub.outputs.resourceId : lock_rg.outputs.resourceId @sys.description('The scope this lock applies to.') -// output scope string = empty(resourceGroupName) ? subscription().id : any(resourceGroup(resourceGroupName)) -output scope string = any(resourceGroup(resourceGroupName)) +output scope string = empty(resourceGroupName) ? subscription().id : any(resourceGroup(resourceGroupName))