From e0d94bf170bd0570a9293af6b30b95278ae426d9 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 25 Nov 2022 10:00:32 +0100 Subject: [PATCH 01/10] Updated to new secret location & updated docs --- ...rio 2 Onboard module library and CI environment.md | 11 ++++++++--- .../sites/.test/FunctionAppCommon/deploy.test.bicep | 2 +- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/docs/wiki/Getting started - Scenario 2 Onboard module library and CI environment.md b/docs/wiki/Getting started - Scenario 2 Onboard module library and CI environment.md index 86839899e2..f9d5fedc11 100644 --- a/docs/wiki/Getting started - Scenario 2 Onboard module library and CI environment.md +++ b/docs/wiki/Getting started - Scenario 2 Onboard module library and CI environment.md @@ -383,6 +383,14 @@ In special cases, manual actions may be required to provision certain resources To successfully deploy the sites module using the `fa.parameters.json` parameter file, you need to create an Azure Active Directory App with its API endpoint enabled (e.g., `api://`) and add a secret. The secret value needs then to be stored in a Key Vault secret. +Finally, the elements described above must further be configured in the following files: + +| File | Parameter | Notes | +| - | - | - | +| `modules\Microsoft.Web\sites\.test\common\deploy.bicep` | `appSettingsKeyValuePairs.EASYAUTH_SECRET` | Key Vault secret URI without version (e.g., 'aBcDeFghIjK69Ln') | +| `modules\Microsoft.Web\sites\.test\common\deploy.bicep` | `authSettingV2Configuration.identityProviders.azureActiveDirectory.registration.clientId` | App ID from the Azure Active Directory App (e.g., '11111111-1111-1111-1111-11111111111') | +| `modules\Microsoft.Web\sites\.test\common\deploy.bicep` | `authSettingV2Configuration.identityProviders.azureActiveDirectory.validation.allowedAudiences` | API endpoint from the Azure Active Directory app (e.g., 'api://11111111-1111-1111-1111-11111111111') | + # 5. Update module test files Once the required dependencies are deployed, there is one more step left to get as many module pipelines running as possible. @@ -400,9 +408,6 @@ For this reason, make sure to update the references in the following modules onc | `modules\Microsoft.Compute\virtualMachineScaleSets\.test\windows.parameters.json` | `extensionDiskEncryptionConfig.value.settings.KeyEncryptionKeyURL` | | | `modules\Microsoft.Sql\managedInstances\.test\parameters.json` | `keys.value.uri` | | | `modules\Microsoft.Network\applicationGateways\.test\parameters.json` | `sslCertificates.value.properties.keyVaultSecretId` | | -| `modules\Microsoft.Web\sites\.test\fa.parameters.json` | `appSettingsKeyValuePairs.value.EASYAUTH_SECRET` | Key Vault secret URI without version | -| `modules\Microsoft.Web\sites\.test\fa.parameters.json` | `authSettingV2Configuration.value.identityProviders.azureActiveDirectory.registration.clientId` | App ID from the Azure Active Directory App | -| `modules\Microsoft.Web\sites\.test\fa.parameters.json` | `authSettingV2Configuration.value.identityProviders.azureActiveDirectory.validation.allowedAudiences` | API endpoint from the Azure Active Directory app | diff --git a/modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bicep b/modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bicep index 8e3d4bec39..3186d575d0 100644 --- a/modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bicep +++ b/modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bicep @@ -64,7 +64,7 @@ module testDeployment '../../deploy.bicep' = { appInsightId: resourceGroupResources.outputs.applicationInsightsResourceId appSettingsKeyValuePairs: { AzureFunctionsJobHost__logging__logLevel__default: 'Trace' - EASYAUTH_SECRET: 'https://adp-<>-az-kv-x-001.${environment().suffixes.keyvaultDns}/secrets/Modules-Test-SP-Password' + EASYAUTH_SECRET: 'https://<>-KeyVault.${environment().suffixes.keyvaultDns}/secrets/Modules-Test-SP-Password' FUNCTIONS_EXTENSION_VERSION: '~4' FUNCTIONS_WORKER_RUNTIME: 'dotnet' } From 1664a676577e19a89eb127ad0204b3e23d25342d Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 25 Nov 2022 10:05:51 +0100 Subject: [PATCH 02/10] Update to latest --- .../sites/.test/FunctionAppCommon/deploy.test.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bicep b/modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bicep index 3186d575d0..8fafbd57a6 100644 --- a/modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bicep +++ b/modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bicep @@ -53,7 +53,7 @@ module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnost // ============== // // Test Execution // // ============== // - +// For the below test case, please consider the guidelines described here: https://github.com/Azure/ResourceModules/wiki/Getting%20started%20-%20Scenario%202%20Onboard%20module%20library%20and%20CI%20environment#microsoftwebsites module testDeployment '../../deploy.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name)}-test-${serviceShort}' From 5d88b699cb1d4e180f4eed753e46f3e671ad959d Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 25 Nov 2022 10:13:01 +0100 Subject: [PATCH 03/10] Update to latest --- .../sites/.test/FunctionAppCommon/deploy.test.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bicep b/modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bicep index 8fafbd57a6..cc47d7f699 100644 --- a/modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bicep +++ b/modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bicep @@ -53,7 +53,7 @@ module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnost // ============== // // Test Execution // // ============== // -// For the below test case, please consider the guidelines described here: https://github.com/Azure/ResourceModules/wiki/Getting%20started%20-%20Scenario%202%20Onboard%20module%20library%20and%20CI%20environment#microsoftwebsites +// For the below test case, please consider the guidelines described here https://github.com/Azure/ResourceModules/wiki/Getting%20started%20-%20Scenario%202%20Onboard%20module%20library%20and%20CI%20environment#microsoftwebsites module testDeployment '../../deploy.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name)}-test-${serviceShort}' From fe8998347c6bd41164a6202ec57f13aa40b8df3e Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 25 Nov 2022 10:13:09 +0100 Subject: [PATCH 04/10] Update to latest --- .../sites/.test/FunctionAppCommon/deploy.test.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bicep b/modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bicep index cc47d7f699..8fafbd57a6 100644 --- a/modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bicep +++ b/modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bicep @@ -53,7 +53,7 @@ module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnost // ============== // // Test Execution // // ============== // -// For the below test case, please consider the guidelines described here https://github.com/Azure/ResourceModules/wiki/Getting%20started%20-%20Scenario%202%20Onboard%20module%20library%20and%20CI%20environment#microsoftwebsites +// For the below test case, please consider the guidelines described here: https://github.com/Azure/ResourceModules/wiki/Getting%20started%20-%20Scenario%202%20Onboard%20module%20library%20and%20CI%20environment#microsoftwebsites module testDeployment '../../deploy.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name)}-test-${serviceShort}' From 6234b84dcdb2ee47ed0eed136f88b3079b9e72ae Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Fri, 25 Nov 2022 18:03:25 +0100 Subject: [PATCH 05/10] Update docs/wiki/Getting started - Scenario 2 Onboard module library and CI environment.md Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- ...ed - Scenario 2 Onboard module library and CI environment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/wiki/Getting started - Scenario 2 Onboard module library and CI environment.md b/docs/wiki/Getting started - Scenario 2 Onboard module library and CI environment.md index f9d5fedc11..73b9664853 100644 --- a/docs/wiki/Getting started - Scenario 2 Onboard module library and CI environment.md +++ b/docs/wiki/Getting started - Scenario 2 Onboard module library and CI environment.md @@ -387,7 +387,7 @@ Finally, the elements described above must further be configured in the followin | File | Parameter | Notes | | - | - | - | -| `modules\Microsoft.Web\sites\.test\common\deploy.bicep` | `appSettingsKeyValuePairs.EASYAUTH_SECRET` | Key Vault secret URI without version (e.g., 'aBcDeFghIjK69Ln') | +| `modules\Microsoft.Web\sites\.test\common\deploy.bicep` | `appSettingsKeyValuePairs.EASYAUTH_SECRET` | Key Vault secret URI without version (e.g., 'https://Test-KeyVault.vault.azure.net/secrets/aBcDeFghIjK69Ln') | | `modules\Microsoft.Web\sites\.test\common\deploy.bicep` | `authSettingV2Configuration.identityProviders.azureActiveDirectory.registration.clientId` | App ID from the Azure Active Directory App (e.g., '11111111-1111-1111-1111-11111111111') | | `modules\Microsoft.Web\sites\.test\common\deploy.bicep` | `authSettingV2Configuration.identityProviders.azureActiveDirectory.validation.allowedAudiences` | API endpoint from the Azure Active Directory app (e.g., 'api://11111111-1111-1111-1111-11111111111') | From 2340be437cf906b83b775094b846c3ca9abd220f Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Fri, 25 Nov 2022 18:04:15 +0100 Subject: [PATCH 06/10] Update modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bicep Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- .../sites/.test/FunctionAppCommon/deploy.test.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bicep b/modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bicep index 8fafbd57a6..05c7a931c4 100644 --- a/modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bicep +++ b/modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bicep @@ -64,7 +64,7 @@ module testDeployment '../../deploy.bicep' = { appInsightId: resourceGroupResources.outputs.applicationInsightsResourceId appSettingsKeyValuePairs: { AzureFunctionsJobHost__logging__logLevel__default: 'Trace' - EASYAUTH_SECRET: 'https://<>-KeyVault.${environment().suffixes.keyvaultDns}/secrets/Modules-Test-SP-Password' + EASYAUTH_SECRET: 'https://<>-KeyVault${environment().suffixes.keyvaultDns}/secrets/Modules-Test-SP-Password' FUNCTIONS_EXTENSION_VERSION: '~4' FUNCTIONS_WORKER_RUNTIME: 'dotnet' } From b56ae7cbc3861dd2fa64dd2143e4be213a8f97da Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 25 Nov 2022 18:19:09 +0100 Subject: [PATCH 07/10] Update to latest --- .../servers/elasticPools/deploy.bicep | 103 ++++++++++++++++++ ...dependencies.bicep => dependencies.bbicep} | 0 2 files changed, 103 insertions(+) create mode 100644 modules/Microsoft.Sql/servers/elasticPools/deploy.bicep rename modules/Microsoft.Web/sites/.test/FunctionAppCommon/{dependencies.bicep => dependencies.bbicep} (100%) diff --git a/modules/Microsoft.Sql/servers/elasticPools/deploy.bicep b/modules/Microsoft.Sql/servers/elasticPools/deploy.bicep new file mode 100644 index 0000000000..af6a534d70 --- /dev/null +++ b/modules/Microsoft.Sql/servers/elasticPools/deploy.bicep @@ -0,0 +1,103 @@ +@description('Required. The name of the Elastic Pool.') +param name string + +@description('Conditional. The name of the parent SQL Server. Required if the template is used in a standalone deployment.') +param serverName string + +@description('Optional. Tags of the resource.') +param tags object = {} + +@description('Optional. Location for all resources.') +param location string = resourceGroup().location + +@description('Optional. Capacity of the particular SKU.') +param skuCapacity int = 2 + +@description('Optional. The name of the SKU, typically, a letter + Number code, e.g. P3.') +param skuName string = 'GP_Gen5' + +@description('Optional. The tier or edition of the particular SKU, e.g. Basic, Premium.') +param skuTier string = 'GeneralPurpose' + +@description('Optional. The number of secondary replicas associated with the elastic pool that are used to provide high availability. Applicable only to Hyperscale elastic pools.') +param highAvailabilityReplicaCount int = -1 + +@description('Optional. The license type to apply for this elastic pool.') +@allowed([ + 'BasePrice' + 'LicenseIncluded' +]) +param licenseType string = 'LicenseIncluded' + +@description('Optional. Maintenance configuration resource ID assigned to the elastic pool. This configuration defines the period when the maintenance updates will will occur.') +param maintenanceConfigurationId string = '' + +@description('Optional. The storage limit for the database elastic pool in bytes.') +param maxSizeBytes int = 34359738368 + +@description('Optional. Minimal capacity that serverless pool will not shrink below, if not paused') +param minCapacity int = 2 + +@description('Optional. The maximum capacity any one database can consume.') +param databaseMaxCapacity int = 2 + +@description('Optional. The minimum capacity all databases are guaranteed.') +param databaseMinCapacity int = 0 + +@description('Optional. Whether or not this elastic pool is zone redundant, which means the replicas of this elastic pool will be spread across multiple availability zones.') +param zoneRedundant bool = false + +@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +resource server 'Microsoft.Sql/servers@2021-11-01' existing = { + name: serverName +} + +resource elasticPool 'Microsoft.Sql/servers/elasticPools@2022-02-01-preview' = { + name: name + location: location + parent: server + tags: tags + sku: { + capacity: skuCapacity + name: skuName + tier: skuTier + } + properties: { + highAvailabilityReplicaCount: highAvailabilityReplicaCount > -1 ? highAvailabilityReplicaCount : null + licenseType: licenseType + maintenanceConfigurationId: maintenanceConfigurationId + maxSizeBytes: maxSizeBytes + minCapacity: minCapacity + perDatabaseSettings: { + minCapacity: databaseMinCapacity + maxCapacity: databaseMaxCapacity + } + zoneRedundant: zoneRedundant + } +} + +@description('The name of the deployed Elastic Pool.') +output name string = elasticPool.name + +@description('The resource ID of the deployed Elastic Pool.') +output resourceId string = elasticPool.id + +@description('The resource group of the deployed Elastic Pool.') +output resourceGroupName string = resourceGroup().name + +@description('The location the resource was deployed into.') +output location string = elasticPool.location diff --git a/modules/Microsoft.Web/sites/.test/FunctionAppCommon/dependencies.bicep b/modules/Microsoft.Web/sites/.test/FunctionAppCommon/dependencies.bbicep similarity index 100% rename from modules/Microsoft.Web/sites/.test/FunctionAppCommon/dependencies.bicep rename to modules/Microsoft.Web/sites/.test/FunctionAppCommon/dependencies.bbicep From 8641b20162d3cd159a9286af955b01ebddc4c70d Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 25 Nov 2022 18:19:19 +0100 Subject: [PATCH 08/10] Update to latest --- .../FunctionAppCommon/{deploy.test.bicep => deploy.test.bbicep} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename modules/Microsoft.Web/sites/.test/FunctionAppCommon/{deploy.test.bicep => deploy.test.bbicep} (100%) diff --git a/modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bicep b/modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bbicep similarity index 100% rename from modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bicep rename to modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bbicep From ab7ada4cd27e6923b9eb644acb2dff51f36e96bb Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 25 Nov 2022 18:26:49 +0100 Subject: [PATCH 09/10] Update to latest --- .../dependencies.bbicep => functionAppCommon/dependencies.bicep} | 0 .../deploy.test.bbicep => functionAppCommon/deploy.test.bicep} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename modules/Microsoft.Web/sites/.test/{FunctionAppCommon/dependencies.bbicep => functionAppCommon/dependencies.bicep} (100%) rename modules/Microsoft.Web/sites/.test/{FunctionAppCommon/deploy.test.bbicep => functionAppCommon/deploy.test.bicep} (100%) diff --git a/modules/Microsoft.Web/sites/.test/FunctionAppCommon/dependencies.bbicep b/modules/Microsoft.Web/sites/.test/functionAppCommon/dependencies.bicep similarity index 100% rename from modules/Microsoft.Web/sites/.test/FunctionAppCommon/dependencies.bbicep rename to modules/Microsoft.Web/sites/.test/functionAppCommon/dependencies.bicep diff --git a/modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bbicep b/modules/Microsoft.Web/sites/.test/functionAppCommon/deploy.test.bicep similarity index 100% rename from modules/Microsoft.Web/sites/.test/FunctionAppCommon/deploy.test.bbicep rename to modules/Microsoft.Web/sites/.test/functionAppCommon/deploy.test.bicep From db563978095b9279e139044137fd1f9a97da74ec Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 25 Nov 2022 18:46:53 +0100 Subject: [PATCH 10/10] Cleanup --- .../servers/elasticPools/deploy.bicep | 103 ------------------ 1 file changed, 103 deletions(-) delete mode 100644 modules/Microsoft.Sql/servers/elasticPools/deploy.bicep diff --git a/modules/Microsoft.Sql/servers/elasticPools/deploy.bicep b/modules/Microsoft.Sql/servers/elasticPools/deploy.bicep deleted file mode 100644 index af6a534d70..0000000000 --- a/modules/Microsoft.Sql/servers/elasticPools/deploy.bicep +++ /dev/null @@ -1,103 +0,0 @@ -@description('Required. The name of the Elastic Pool.') -param name string - -@description('Conditional. The name of the parent SQL Server. Required if the template is used in a standalone deployment.') -param serverName string - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Capacity of the particular SKU.') -param skuCapacity int = 2 - -@description('Optional. The name of the SKU, typically, a letter + Number code, e.g. P3.') -param skuName string = 'GP_Gen5' - -@description('Optional. The tier or edition of the particular SKU, e.g. Basic, Premium.') -param skuTier string = 'GeneralPurpose' - -@description('Optional. The number of secondary replicas associated with the elastic pool that are used to provide high availability. Applicable only to Hyperscale elastic pools.') -param highAvailabilityReplicaCount int = -1 - -@description('Optional. The license type to apply for this elastic pool.') -@allowed([ - 'BasePrice' - 'LicenseIncluded' -]) -param licenseType string = 'LicenseIncluded' - -@description('Optional. Maintenance configuration resource ID assigned to the elastic pool. This configuration defines the period when the maintenance updates will will occur.') -param maintenanceConfigurationId string = '' - -@description('Optional. The storage limit for the database elastic pool in bytes.') -param maxSizeBytes int = 34359738368 - -@description('Optional. Minimal capacity that serverless pool will not shrink below, if not paused') -param minCapacity int = 2 - -@description('Optional. The maximum capacity any one database can consume.') -param databaseMaxCapacity int = 2 - -@description('Optional. The minimum capacity all databases are guaranteed.') -param databaseMinCapacity int = 0 - -@description('Optional. Whether or not this elastic pool is zone redundant, which means the replicas of this elastic pool will be spread across multiple availability zones.') -param zoneRedundant bool = false - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource server 'Microsoft.Sql/servers@2021-11-01' existing = { - name: serverName -} - -resource elasticPool 'Microsoft.Sql/servers/elasticPools@2022-02-01-preview' = { - name: name - location: location - parent: server - tags: tags - sku: { - capacity: skuCapacity - name: skuName - tier: skuTier - } - properties: { - highAvailabilityReplicaCount: highAvailabilityReplicaCount > -1 ? highAvailabilityReplicaCount : null - licenseType: licenseType - maintenanceConfigurationId: maintenanceConfigurationId - maxSizeBytes: maxSizeBytes - minCapacity: minCapacity - perDatabaseSettings: { - minCapacity: databaseMinCapacity - maxCapacity: databaseMaxCapacity - } - zoneRedundant: zoneRedundant - } -} - -@description('The name of the deployed Elastic Pool.') -output name string = elasticPool.name - -@description('The resource ID of the deployed Elastic Pool.') -output resourceId string = elasticPool.id - -@description('The resource group of the deployed Elastic Pool.') -output resourceGroupName string = resourceGroup().name - -@description('The location the resource was deployed into.') -output location string = elasticPool.location