Azure · AlexanderSehr · Feb 17, 2023 · Feb 10, 2023 · Feb 10, 2023 · Feb 10, 2023
@@ -583,18 +583,18 @@ Test file (`deploy.test.bicep`) guidelines:
 - It is recommended to define all major resource names in the `deploy.test.bicep` file as it makes later maintenance easier. To implement this, make sure to pass all resource names to any referenced module.
 - Further, for any test file (including the `dependencies.bicep` file), the usage of variables should be reduced to the absolute minimum. In other words: You should only use variables if you must use them in more than one place. The idea is to keep the test files as simple as possible
 - References to dependencies should be implemented using resource references in combination with outputs. In other words: You should not hardcode any references into the module template's deployment. Instead use references such as `nestedDependencies.outputs.managedIdentityPrincipalId`
-- If any diagnostic resources (e.g., a Log Analytics workspace) are required for a test scenario, you can reference the centralized `modules/.shared/dependencyConstructs/diagnostic.dependencies.bicep` template. It will also provide you with all outputs you'd need.
+- If any diagnostic resources (e.g., a Log Analytics workspace) are required for a test scenario, you can reference the centralized `modules/.shared/.templates/diagnostic.dependencies.bicep` template. It will also provide you with all outputs you'd need.
 
 > :scroll: [Example of test file](https://github.com/Azure/ResourceModules/blob/main/modules/Microsoft.AnalysisServices/servers/.test/common/deploy.test.bicep)
 
-
 Dependency file (`dependencies.bicep`) guidelines:
 
 - The `dependencies.bicep` should optionally be used if any additional dependencies must be deployed into a nested scope (e.g. into a deployed Resource Group).
 - Note that you can reuse many of the assets implemented in other modules. For example, there are many recurring implementations for Managed Identities, Key Vaults, Virtual Network deployments, etc.
   - A special case to point out is the implementation of Key Vaults that require purge protection (for example, for Customer Managed Keys). As this implies that we cannot fully clean up a test deployment, it is recommended to generate a new name for this resource upon each pipeline run using the output of the `utcNow()` function at the time.
 
     > :scroll: [Example of test using purge protected Key Vault dependency](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Batch/batchAccounts/.test/encr)
+  - If you need a Deployment Script to set additional non-template resources up (for example certificates/files, etc.), we recommend to store it as a file in the shared `modules/.shared/.scripts` folder and load it using the template function `loadTextContent()` (for example: `scriptContent: loadTextContent('../../../../.shared/.scripts/New-SSHKey.ps1')`). This approach makes it easier to test & validate the logic and further allows reusing the same logic accross multiple test cases.
 
 # Telemetry
 

@@ -1,37 +1,37 @@
 <#
-    .SYNOPSIS
-    Copy a VHD baked from a given image template to a given destination storage account blob container
+.SYNOPSIS
+Copy a VHD baked from a given Image Template to a given destination storage account blob container
 
-    .DESCRIPTION
-    Copy a VHD baked from a given image template to a given destination storage account blob container
+.DESCRIPTION
+Copy a VHD baked from a given Image Template to a given destination storage account blob container
 
-    .PARAMETER ImageTemplateName
-    Mandatory. The name of the image template
+.PARAMETER ImageTemplateName
+Mandatory. The name of the Image Template
 
-    .PARAMETER ImageTemplateResourceGroup
-    Mandatory. The resource group name of the image template
+.PARAMETER ImageTemplateResourceGroup
+Mandatory. The resource group name of the Image Template
 
-    .PARAMETER DestinationStorageAccountName
-    Mandatory. The name of the destination storage account
+.PARAMETER DestinationStorageAccountName
+Mandatory. The name of the destination storage account
 
-    .PARAMETER DestinationContainerName
-    Optional. The name of the existing destination blob container
+.PARAMETER DestinationContainerName
+Optional. The name of the existing destination blob container
 
-    .PARAMETER VhdName
-    Optional. Specify a different name for the destination VHD file
+.PARAMETER VhdName
+Optional. Specify a different name for the destination VHD file
 
-    .PARAMETER WaitForComplete
-    Optional. Run the command synchronously. Wait for the completion of the copy.
+.PARAMETER WaitForComplete
+Optional. Run the command synchronously. Wait for the completion of the copy.
 
-    .EXAMPLE
-    Copy-VhdToStorageAccount -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' -DestinationStorageAccountName 'vhdstorage001'
+.EXAMPLE
+./Copy-VhdToStorageAccount -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' -DestinationStorageAccountName 'vhdstorage001'
 
-    Copy a VHD created by image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' to destination storage account 'vhdstorage001' in blob container named 'vhds'. Save the VHD file as 'vhd-img-template-001-2022-07-29-15-54-01.vhd'.
+Copy a VHD created by Image Template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' to destination storage account 'vhdstorage001' in blob container named 'vhds'. Save the VHD file as 'vhd-img-template-001-2022-07-29-15-54-01.vhd'.
 
-    .EXAMPLE
-    Copy-VhdToStorageAccount -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' -DestinationStorageAccountName 'vhdstorage001' -VhdName 'vhd-img-template-001' -WaitForComplete
+.EXAMPLE
+./Copy-VhdToStorageAccount -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' -DestinationStorageAccountName 'vhdstorage001' -VhdName 'vhd-img-template-001' -WaitForComplete
 
-    Copy a VHD baked by image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' to destination storage account 'vhdstorage001' in a blob container named 'vhds' and wait for the completion of the copy. Save the VHD file as 'vhd-img-template-001.vhd'.
+Copy a VHD baked by Image Template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' to destination storage account 'vhdstorage001' in a blob container named 'vhds' and wait for the completion of the copy. Save the VHD file as 'vhd-img-template-001.vhd'.
 #>
 
 [CmdletBinding(SupportsShouldProcess)]
@@ -81,7 +81,7 @@ begin {
 process {
     # Retrieving and initializing parameters before the blob copy
     Write-Verbose 'Initializing source storage account parameters before the blob copy' -Verbose
-    Write-Verbose ('Retrieving source storage account from image template [{0}] in resource group [{1}]' -f $imageTemplateName, $imageTemplateResourceGroup) -Verbose
+    Write-Verbose ('Retrieving source storage account from Image Template [{0}] in resource group [{1}]' -f $imageTemplateName, $imageTemplateResourceGroup) -Verbose
     Get-InstalledModule
     $imgtRunOutput = Get-AzImageBuilderTemplateRunOutput -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup | Where-Object ArtifactUri -NE $null
     $sourceUri = $imgtRunOutput.ArtifactUri
@@ -121,4 +121,3 @@ process {
 end {
     Write-Debug ('{0} exited' -f $MyInvocation.MyCommand)
 }
-
@@ -1,5 +1,26 @@
-param(
+<#
+.SYNOPSIS
+Generate a new Public SSH Key or fetch it from an existing Public SSH Key resource.
+
+.DESCRIPTION
+Generate a new Public SSH Key or fetch it from an existing Public SSH Key resource.
+
+.PARAMETER SSHKeyName
+Mandatory. The name of the Public SSH Key Resource as it would be deployed in Azure
+
+.PARAMETER ResourceGroupName
+Mandatory. The resource group name of the Public SSH Key Resource as it would be deployed in Azure
+
+.EXAMPLE
+./New-SSHKey.ps1 -SSHKeyName 'myKeyResource' -ResourceGroupName 'ssh-rg'
+
+Generate a new Public SSH Key or fetch it from an existing Public SSH Key resource 'myKeyResource' in Resource Group 'ssh-rg'
+#>
+param(
+    [Parameter(Mandatory = $true)]
     [string] $SSHKeyName,
+
+    [Parameter(Mandatory = $true)]
     [string] $ResourceGroupName
 )
 

@@ -0,0 +1,46 @@
+<#
+.SYNOPSIS
+Upload a test file to the given Storage Account Container.
+
+.DESCRIPTION
+Upload a test file to the given Storage Account Container.
+
+.PARAMETER StorageAccountName
+Mandatory. The name of the Storage Account to upload the file to
+
+.PARAMETER ResourceGroupName
+Mandatory. The name of the Resource Group containing the Storage Account to upload the file to
+
+.PARAMETER ContainerName
+Mandatory. The name of the Storage Account Container to upload the file to
+
+.PARAMETER FileName
+Mandatory. The name of the file of the file to create in the container
+
+.EXAMPLE
+./Set-BlobContent.ps1 -StorageAccountName 'mystorage' -ResourceGroupName 'storage-rg' -ContainerName 'mycontainer' -FileName 'testCSE.ps1'
+
+Generate a dummy file 'testCSE.ps1' to the Storage Account 'mystorage' Container 'mycontainer' in Resource Group 'storage-rg'
+#>
+param(
+    [Parameter(Mandatory = $true)]
+    [string] $StorageAccountName,
+
+    [Parameter(Mandatory = $true)]
+    [string] $ResourceGroupName,
+
+    [Parameter(Mandatory = $true)]
+    [string] $ContainerName,
+
+    [Parameter(Mandatory = $true)]
+    [string] $FileName
+)
+
+Write-Verbose "Create file [$FileName]" -Verbose
+$file = New-Item -Value "Write-Host 'I am content'" -Path $FileName -Force
+
+Write-Verbose "Getting storage account [$StorageAccountName|$ResourceGroupName] context." -Verbose
+$storageAccount = Get-AzStorageAccount -ResourceGroupName $ResourceGroupName -StorageAccountName $StorageAccountName -ErrorAction 'Stop'
+
+Write-Verbose 'Uploading file [$fileName]' -Verbose
+Set-AzStorageBlobContent -File $file.FullName -Container $ContainerName -Context $storageAccount.Context -Force -ErrorAction 'Stop' | Out-Null
@@ -1,9 +1,30 @@
-param(
+<#
+.SYNOPSIS
+Generate a new Key Vault Certificate or fetch its secret reference if already existing.
+
+.DESCRIPTION
+Generate a new Key Vault Certificate or fetch its secret reference if already existing.
+
+.PARAMETER KeyVaultName
+Mandatory. The name of the Key Vault to add a new certificate to, or fetch the secret reference it from
+
+.PARAMETER CertName
+Mandatory. The name of the certificate to generate or fetch the secret reference from
+
+.EXAMPLE
+./Set-CertificateInKeyVault.ps1 -KeyVaultName 'myVault' -CertName 'myCert'
+
+Generate a new Key Vault Certificate or fetch its secret reference if already existing as 'myCert' in Key Vault 'myVault'
+#>
+param(
+    [Parameter(Mandatory = $true)]
     [string] $KeyVaultName,
+
+    [Parameter(Mandatory = $true)]
     [string] $CertName
 )
 
-$certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -ErrorAction 'Stop'
+$certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -ErrorAction 'SilentlyContinue'
 
 if (-not $certificate) {
     $policyInputObject = @{

@@ -1,7 +1,38 @@
-param(
+<#
+.SYNOPSIS
+Generate a new PFX Certificate and store it alongside its password as Secrets in the given Key Vault.
+
+.DESCRIPTION
+Generate a new PFX Certificate and store it alongside its password as Secrets in the given Key Vault.
+
+.PARAMETER KeyVaultName
+Mandatory. The name of the Key Vault to store the Certificate & Password in
+
+.PARAMETER ResourceGroupName
+Mandatory. The name of the Resource Group containing the Key Vault to store the Certificate & Password in
+
+.PARAMETER CertPWSecretName
+Mandatory. The name of the Secret to store the Certificate's password in
+
+.PARAMETER CertSecretName
+Mandatory. The name of the Secret to store the Secret in
+
+.EXAMPLE
+./Set-PfxCertificateInKeyVault.ps1 -KeyVaultName 'myVault' -ResourceGroupName 'vault-rg' -CertPWSecretName 'pfxCertificatePassword' -CertSecretName 'pfxBase64Certificate'
+
+Generate a Certificate and store it as the Secret 'pfxCertificatePassword' in the Key Vault 'vault-rg' of Resource Group 'storage-rg' alongside its password as the Secret 'pfxCertificatePassword'
+#>
+param(
+    [Parameter(Mandatory = $true)]
     [string] $KeyVaultName,
+
+    [Parameter(Mandatory = $true)]
     [string] $ResourceGroupName,
+
+    [Parameter(Mandatory = $true)]
     [string] $CertPWSecretName,
+
+    [Parameter(Mandatory = $true)]
     [string] $CertSecretName
 )
 

@@ -1,28 +1,28 @@
 <#
-    .SYNOPSIS
-    Create image artifacts from a given image template
+.SYNOPSIS
+Create image artifacts from a given image template
 
-    .DESCRIPTION
-    Create image artifacts from a given image template
+.DESCRIPTION
+Create image artifacts from a given image template
 
-    .PARAMETER ImageTemplateName
-    Mandatory. The name of the image template
+.PARAMETER ImageTemplateName
+Mandatory. The name of the image template
 
-    .PARAMETER ImageTemplateResourceGroup
-    Mandatory. The resource group name of the image template
+.PARAMETER ImageTemplateResourceGroup
+Mandatory. The resource group name of the image template
 
-    .PARAMETER NoWait
-    Optional. Run the command asynchronously
+.PARAMETER NoWait
+Optional. Run the command asynchronously
 
-    .EXAMPLE
-    Start-AzImageBuilderTemplate -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg'
+.EXAMPLE
+./Start-ImageTemplate -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg'
 
-    Create image artifacts from image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' and wait for their completion
+Create image artifacts from image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' and wait for their completion
 
-    .EXAMPLE
-    Start-AzImageBuilderTemplate -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' -NoWait
+.EXAMPLE
+./Start-ImageTemplate -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' -NoWait
 
-    Start the creation of artifacts from image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' and do not wait for their completion
+Start the creation of artifacts from image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' and do not wait for their completion
 #>
 
 [CmdletBinding(SupportsShouldProcess)]
@@ -62,8 +62,8 @@ begin {
 process {
     # Create image artifacts from existing image template
     $resourceActionInputObject = @{
-        ImageTemplateName   = $imageTemplateName
-        ResourceGroupName   = $imageTemplateResourceGroup
+        ImageTemplateName = $imageTemplateName
+        ResourceGroupName = $imageTemplateResourceGroup
     }
     if ($NoWait) {
         $resourceActionInputObject['NoWait'] = $true

@@ -84,7 +84,7 @@ resource certDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01'
         azPowerShellVersion: '3.0'
         retentionInterval: 'P1D'
         arguments: ' -KeyVaultName "${keyVault.name}" -ResourceGroupName "${resourceGroup().name}" -CertPWSecretName "${certPWSecretName}" -CertSecretName "${certSecretName}"'
-        scriptContent: loadTextContent('../.scripts/New-Certificate.ps1')
+        scriptContent: loadTextContent('../../../../.shared/.scripts/Set-PfxCertificateInKeyVault.ps1')
     }
 }
 

@@ -41,7 +41,7 @@ module nestedDependencies 'dependencies.bicep' = {
 
 // Diagnostics
 // ===========
-module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = {
   scope: resourceGroup
   name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
   params: {

@@ -38,7 +38,7 @@ module nestedDependencies 'dependencies.bicep' = {
 
 // Diagnostics
 // ===========
-module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = {
   scope: resourceGroup
   name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
   params: {

@@ -38,7 +38,7 @@ module nestedDependencies 'dependencies.bicep' = {
 
 // Diagnostics
 // ===========
-module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = {
   scope: resourceGroup
   name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
   params: {

@@ -39,7 +39,7 @@ module nestedDependencies 'dependencies.bicep' = {
 
 // Diagnostics
 // ===========
-module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = {
   scope: resourceGroup
   name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
   params: {

@@ -38,7 +38,7 @@ module nestedDependencies 'dependencies.bicep' = {
 
 // Diagnostics
 // ===========
-module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = {
   scope: resourceGroup
   name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
   params: {

@@ -40,7 +40,7 @@ module nestedDependencies 'dependencies.bicep' = {
 
 // Diagnostics
 // ===========
-module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = {
   scope: resourceGroup
   name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
   params: {

@@ -40,7 +40,7 @@ module nestedDependencies 'dependencies.bicep' = {
 
 // Diagnostics
 // ===========
-module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = {
   scope: resourceGroup
   name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
   params: {

@@ -38,7 +38,7 @@ module nestedDependencies 'dependencies.bicep' = {
 
 // Diagnostics
 // ===========
-module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = {
   scope: resourceGroup
   name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
   params: {

@@ -39,7 +39,7 @@ module nestedDependencies 'dependencies.bicep' = {
 
 // Diagnostics
 // ===========
-module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = {
   scope: resourceGroup
   name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
   params: {