From b023c51ba30c03f2ab372f09dd16aebe747d560b Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 3 Dec 2021 11:30:32 +0100 Subject: [PATCH 1/8] add assignment dep --- .github/workflows/platform.dependencies.yml | 27 +++++++++++++++++++ .../.parameters/min.parameters.json | 4 +-- .../.parameters/parameters.json | 8 +++--- .../parameters/parameters.json | 15 +++++++++++ 4 files changed, 48 insertions(+), 6 deletions(-) create mode 100644 utilities/pipelines/dependencies/Microsoft.Authorization/policyAssignments/parameters/parameters.json diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index 837aaf1322..542414ded8 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -83,6 +83,33 @@ jobs: managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' removeDeployment: '${{ env.removeDeployment }}' + job_deploy_pa: + runs-on: ubuntu-20.04 + name: 'Deploy policy assignment' + env: + namespace: 'Microsoft.Authorization\policyAssignments' + needs: + - job_deploy_rg + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + job_deploy_privateBicepRegistry: runs-on: ubuntu-20.04 name: 'Deploy private bicep registry' diff --git a/arm/Microsoft.Authorization/policyAssignments/.parameters/min.parameters.json b/arm/Microsoft.Authorization/policyAssignments/.parameters/min.parameters.json index 6ca4a30c9e..fc31894a9d 100644 --- a/arm/Microsoft.Authorization/policyAssignments/.parameters/min.parameters.json +++ b/arm/Microsoft.Authorization/policyAssignments/.parameters/min.parameters.json @@ -3,10 +3,10 @@ "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "Resource location policy" + "value": "sxx-assignment-vm-disk" }, "policyDefinitionID": { - "value": "/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a" + "value": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d" }, "subscriptionId": { "value": "<>" diff --git a/arm/Microsoft.Authorization/policyAssignments/.parameters/parameters.json b/arm/Microsoft.Authorization/policyAssignments/.parameters/parameters.json index d370342ffc..034e78d231 100644 --- a/arm/Microsoft.Authorization/policyAssignments/.parameters/parameters.json +++ b/arm/Microsoft.Authorization/policyAssignments/.parameters/parameters.json @@ -3,13 +3,13 @@ "contentVersion": "1.0.0.0", "parameters": { "name": { + "value": "sxx-assignment-tag" + }, + "displayName": { "value": "Add a tag to resources" }, "description": { - "value": "Policy Assignment Description" - }, - "displayName": { - "value": "Policy Assignment Display Name" + "value": "Adds the specified tag and value when any resource missing this tag is created or updated. Existing resources can be remediated by triggering a remediation task. If the tag exists with a different value it will not be changed. Does not modify tags on resource groups." }, "policyDefinitionId": { "value": "/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26" diff --git a/utilities/pipelines/dependencies/Microsoft.Authorization/policyAssignments/parameters/parameters.json b/utilities/pipelines/dependencies/Microsoft.Authorization/policyAssignments/parameters/parameters.json new file mode 100644 index 0000000000..a421671909 --- /dev/null +++ b/utilities/pipelines/dependencies/Microsoft.Authorization/policyAssignments/parameters/parameters.json @@ -0,0 +1,15 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "sxx-assignment-loc-rg" + }, + "policyDefinitionID": { + "value": "/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a" + }, + "subscriptionId": { + "value": "<>" + } + } +} From d0b36cbe1e6c3472452a3d9a017f0f3c08a0d04a Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 3 Dec 2021 11:32:27 +0100 Subject: [PATCH 2/8] exempt update --- .../policyExemptions/.parameters/min.parameters.json | 4 ++-- .../policyExemptions/.parameters/parameters.json | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/arm/Microsoft.Authorization/policyExemptions/.parameters/min.parameters.json b/arm/Microsoft.Authorization/policyExemptions/.parameters/min.parameters.json index 8af2d2441d..50dc214626 100644 --- a/arm/Microsoft.Authorization/policyExemptions/.parameters/min.parameters.json +++ b/arm/Microsoft.Authorization/policyExemptions/.parameters/min.parameters.json @@ -3,10 +3,10 @@ "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "test-policy-exempt-min" + "value": "sxx-exempt-loc-rg-min" }, "policyAssignmentId": { - "value": "/subscriptions/<>/providers/Microsoft.Authorization/policyAssignments/Add-a-tag-to-resources" + "value": "/subscriptions/<>/providers/Microsoft.Authorization/policyAssignments/sxx-assignment-loc-rg" }, "subscriptionId": { "value": "<>" diff --git a/arm/Microsoft.Authorization/policyExemptions/.parameters/parameters.json b/arm/Microsoft.Authorization/policyExemptions/.parameters/parameters.json index d0459b4848..8d0437e4d0 100644 --- a/arm/Microsoft.Authorization/policyExemptions/.parameters/parameters.json +++ b/arm/Microsoft.Authorization/policyExemptions/.parameters/parameters.json @@ -3,13 +3,13 @@ "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "test-policy-exempt" + "value": "sxx-exempt-loc-rg" }, "displayName": { "value": "[Test] policy exempt" }, "policyAssignmentId": { - "value": "/subscriptions/<>/providers/Microsoft.Authorization/policyAssignments/Add-a-tag-to-resources" + "value": "/subscriptions/<>/providers/Microsoft.Authorization/policyAssignments/sxx-assignment-loc-rg" }, "exemptionCategory": { "value": "Waiver" From db034a87d3fc4138f2615d81b614d365099665d0 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 3 Dec 2021 11:47:14 +0100 Subject: [PATCH 3/8] assignment dep scope --- .github/workflows/platform.dependencies.yml | 1664 +++++++++---------- 1 file changed, 832 insertions(+), 832 deletions(-) diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index 542414ded8..99e15e367d 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -30,58 +30,58 @@ env: DEPLOYMENT_SP_ID: '${{ secrets.DEPLOYMENT_SP_ID }}' jobs: - job_deploy_rg: - runs-on: ubuntu-20.04 - name: 'Deploy resource group' - env: - namespace: 'Microsoft.Resources\resourceGroups' - strategy: - fail-fast: false - matrix: - parameterFilePaths: - ['artifacts.parameters.json', 'validation.parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - - job_deploy_msi: - runs-on: ubuntu-20.04 - name: 'Deploy user assigned identity' - env: - namespace: 'Microsoft.ManagedIdentity\userAssignedIdentities' - needs: - - job_deploy_rg - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' + # job_deploy_rg: + # runs-on: ubuntu-20.04 + # name: 'Deploy resource group' + # env: + # namespace: 'Microsoft.Resources\resourceGroups' + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: + # ['artifacts.parameters.json', 'validation.parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/deployModule + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + + # job_deploy_msi: + # runs-on: ubuntu-20.04 + # name: 'Deploy user assigned identity' + # env: + # namespace: 'Microsoft.ManagedIdentity\userAssignedIdentities' + # needs: + # - job_deploy_rg + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/deployModule + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' job_deploy_pa: runs-on: ubuntu-20.04 @@ -102,265 +102,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/deployModule with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - - job_deploy_privateBicepRegistry: - runs-on: ubuntu-20.04 - name: 'Deploy private bicep registry' - env: - namespace: 'Microsoft.ContainerRegistry\registries' - needs: - - job_deploy_rg - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupNameArtifacts }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - - job_deploy_evh: - runs-on: ubuntu-20.04 - name: 'Deploy eventhub' - env: - namespace: 'Microsoft.EventHub\namespaces' - needs: - - job_deploy_rg - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - - job_deploy_law: - runs-on: ubuntu-20.04 - name: 'Deploy log analytics workspace' - env: - namespace: 'Microsoft.OperationalInsights\workspaces' - needs: - - job_deploy_rg - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['appi.parameters.json', 'parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - - job_deploy_sa: - runs-on: ubuntu-20.04 - name: 'Deploy storage account' - env: - namespace: 'Microsoft.Storage\storageAccounts' - needs: - - job_deploy_rg - strategy: - fail-fast: false - matrix: - parameterFilePaths: - ['fa.parameters.json', 'law.parameters.json', 'parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - - job_upload_storage_files: - runs-on: ubuntu-20.04 - name: 'Upload files to storage account' - needs: - - job_deploy_sa - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Azure Login - uses: azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - enable-AzPSSession: true - - name: Run PowerShell - uses: azure/powershell@v1 - with: - inlineScript: | - # Load used functions - . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Export-ContentToBlob.ps1') - - # Get storage account name - $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' 'Microsoft.Storage/storageAccounts' 'parameters' 'parameters.json' - $storageAccountParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters - - # Upload files to storage account - $functionInput = @{ - ResourceGroupName = '${{ env.resourceGroupName }}' - StorageAccountName = $storageAccountParameters.name.value - contentDirectories = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' 'Microsoft.Storage/storageAccounts' 'uploads' - targetContainer = $storageAccountParameters.blobServices.value.containers[0].name - } - - Write-Verbose "Invoke task with" -Verbose - Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose - - Export-ContentToBlob @functionInput -Verbose - azPSVersion: 'latest' - - job_deploy_sig: - runs-on: ubuntu-20.04 - name: 'Deploy shared image gallery and definition' - env: - namespace: 'Microsoft.Compute\galleries' - needs: - - job_deploy_rg - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - - job_deploy_ag: - runs-on: ubuntu-20.04 - name: 'Deploy action groups' - env: - namespace: 'Microsoft.Insights\actionGroups' - needs: - - job_deploy_rg - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - - job_deploy_asg: - runs-on: ubuntu-20.04 - name: 'Deploy application security groups' - env: - namespace: 'Microsoft.Network\applicationSecurityGroups' - needs: - - job_deploy_rg - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - - job_deploy_sqlmi_udr: - runs-on: ubuntu-20.04 - name: 'Deploy sqlmi route tables' - if: github.event.inputs.deploySqlMiDependencies == 'true' - env: - namespace: 'Microsoft.Network\routeTables' - needs: - - job_deploy_rg - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/.bicep/nested_policyAssignments_sub.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.defaultLocation }}' resourceGroupName: '${{ env.resourceGroupName }}' @@ -368,524 +110,782 @@ jobs: managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' removeDeployment: '${{ env.removeDeployment }}' - job_deploy_nsg: - runs-on: ubuntu-20.04 - name: 'Deploy network security groups' - env: - namespace: 'Microsoft.Network\networkSecurityGroups' - needs: - - job_deploy_sa - - job_deploy_evh - - job_deploy_law - strategy: - fail-fast: false - matrix: - parameterFilePaths: - [ - 'apgw.parameters.json', - 'ase.parameters.json', - 'bastion.parameters.json', - 'parameters.json', - ] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - - job_deploy_sqlmi_nsg: - runs-on: ubuntu-20.04 - name: 'Deploy sqlmi network security group' - if: github.event.inputs.deploySqlMiDependencies == 'true' - env: - namespace: 'Microsoft.Network\networkSecurityGroups' - needs: - - job_deploy_sa - - job_deploy_evh - - job_deploy_law - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['sqlmi.parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - - job_deploy_pip: - runs-on: ubuntu-20.04 - name: 'Deploy public IP addresses' - env: - namespace: 'Microsoft.Network\publicIPAddresses' - needs: - - job_deploy_sa - - job_deploy_evh - - job_deploy_law - strategy: - fail-fast: false - matrix: - parameterFilePaths: - ['apgw.parameters.json', 'bas.parameters.json', 'lb.parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - - job_deploy_appi: - runs-on: ubuntu-20.04 - name: 'Deploy application insight' - env: - namespace: 'Microsoft.Insights\components' - needs: - - job_deploy_sa - - job_deploy_evh - - job_deploy_law - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - - job_deploy_aut: - runs-on: ubuntu-20.04 - name: 'Deploy automation account' - env: - namespace: 'Microsoft.Automation\automationAccounts' - needs: - - job_deploy_sa - - job_deploy_evh - - job_deploy_law - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - - job_deploy_avdhp: - runs-on: ubuntu-20.04 - name: 'Deploy AVD host pool' - env: - namespace: 'Microsoft.DesktopVirtualization\hostpools' - needs: - - job_deploy_sa - - job_deploy_evh - - job_deploy_law - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - - job_deploy_rsv: - runs-on: ubuntu-20.04 - name: 'Deploy recovery services vault' - env: - namespace: 'Microsoft.RecoveryServices\vaults' - needs: - - job_deploy_sa - - job_deploy_evh - - job_deploy_law - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - - job_deploy_kv: - runs-on: ubuntu-20.04 - name: 'Deploy key vaults' - env: - namespace: 'Microsoft.KeyVault\vaults' - needs: - - job_deploy_sa - - job_deploy_evh - - job_deploy_law - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json', 'pe.parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - - job_deploy_kv_secrets: - runs-on: ubuntu-20.04 - name: 'Set key vault secrets keys and certificates' - needs: - - job_deploy_kv - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Azure Login - uses: azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - enable-AzPSSession: true - - name: Run PowerShell - uses: azure/powershell@v1 - with: - inlineScript: | - $usernameString = (-join ((65..90) + (97..122) | Get-Random -Count 9 -SetSeed 1 | % {[char]$_ + "$_"})).substring(0,19) # max length - $passwordString = (New-Guid).Guid.SubString(0,19) - $vpnSharedKeyString = (New-Guid).Guid.SubString(0,32) - $keyVaultName = 'adp-sxx-az-kv-x-001' - $userName = ConvertTo-SecureString -String $usernameString -AsPlainText -Force - $password = ConvertTo-SecureString -String $passwordString -AsPlainText -Force - $vpnSharedKey = ConvertTo-SecureString -String $vpnSharedKeyString -AsPlainText -Force - # VirtualMachines and VMSS - Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'adminUsername' -SecretValue $username - Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'adminPassword' -SecretValue $password - # Azure SQLServer - Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'administratorLogin' -SecretValue $username - Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'administratorLoginPassword' -SecretValue $password - # VirtualNetworkGateway - Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'vpnSharedKey' -SecretValue $vpnSharedKey - # DiskEncryptionSet, VirtualMachines and VMSS - az keyvault key create --vault-name $keyVaultName --name 'keyEncryptionKey' - # ApplicationGateway - $apgwCertPolicy = New-AzKeyVaultCertificatePolicy -SecretContentType 'application/x-pkcs12' -SubjectName 'CN=fabrikam.com' -IssuerName 'Self' -ValidityInMonths 12 -ReuseKeyOnRenewal - Add-AzKeyVaultCertificate -VaultName $keyVaultName -Name 'applicationGatewaySslCertificate' -CertificatePolicy $apgwCertPolicy - # API management - Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'apimclientid' -SecretValue $username - Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'apimclientsecret' -SecretValue $password - azPSVersion: 'latest' - - job_deploy_sqlmi_kv: - runs-on: ubuntu-20.04 - name: 'Deploy sqlmi key vault' - if: github.event.inputs.deploySqlMiDependencies == 'true' - env: - namespace: 'Microsoft.KeyVault\vaults' - needs: - - job_deploy_sa - - job_deploy_evh - - job_deploy_law - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['sqlmi.parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - - job_deploy_sqlmi_kv_secrets: - runs-on: ubuntu-20.04 - name: 'Set sqlmi key vault secrets and keys' - if: github.event.inputs.deploySqlMiDependencies == 'true' - needs: - - job_deploy_sqlmi_kv - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Azure Login - uses: azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - enable-AzPSSession: true - - name: Run PowerShell - uses: azure/powershell@v1 - with: - inlineScript: | - $usernameString = (-join ((65..90) + (97..122) | Get-Random -Count 9 -SetSeed 1 | % {[char]$_ + "$_"})).substring(0,19) # max length - $passwordString = (New-Guid).Guid.SubString(0,19) - $vpnSharedKeyString = (New-Guid).Guid.SubString(0,32) - $keyVaultName = 'adp-sxx-az-kv-x-sqlmi' - $userName = ConvertTo-SecureString -String $usernameString -AsPlainText -Force - $password = ConvertTo-SecureString -String $passwordString -AsPlainText -Force - $vpnSharedKey = ConvertTo-SecureString -String $vpnSharedKeyString -AsPlainText -Force - # SQLManagedInstances secrets - Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'administratorLogin' -SecretValue $username - Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'administratorLoginPassword' -SecretValue $password - # SQLManagedInstances Keys - az keyvault key create --vault-name $keyVaultName --name 'keyEncryptionKeySqlMi' - azPSVersion: 'latest' - - job_deploy_avdag: - runs-on: ubuntu-20.04 - name: 'Deploy AVD application group' - env: - namespace: 'Microsoft.DesktopVirtualization\applicationgroups' - needs: - - job_deploy_avdhp - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - - job_deploy_rolea: - runs-on: ubuntu-20.04 - name: 'Deploy role assignments' - env: - namespace: 'Microsoft.Authorization\roleAssignments' - needs: - - job_deploy_msi - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - templateFilePath: 'arm/${{ env.namespace }}/.bicep/nested_rbac_sub.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - - job_deploy_vnet: - runs-on: ubuntu-20.04 - name: 'Deploy virtual networks' - env: - namespace: 'Microsoft.Network\virtualNetworks' - needs: - - job_deploy_nsg - strategy: - fail-fast: false - matrix: - parameterFilePaths: - [ - '1.bastion.parameters.json', - '2.vnetpeer01.parameters.json', - '3.vnetpeer02.parameters.json', - '4.azfw.parameters.json', - '5.aks.parameters.json', - 'parameters.json', - ] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - - job_deploy_sqlmi_vnet: - runs-on: ubuntu-20.04 - name: 'Deploy sqlmi virtual network' - if: github.event.inputs.deploySqlMiDependencies == 'true' - env: - namespace: 'Microsoft.Network\virtualNetworks' - needs: - - job_deploy_sqlmi_udr - - job_deploy_sqlmi_nsg - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['6.sqlmi.parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - - job_deploy_dnszone: - runs-on: ubuntu-20.04 - name: 'Deploy private DNS zones' - env: - namespace: 'Microsoft.Network\privateDnsZones' - needs: - - job_deploy_vnet - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - - job_deploy_vm: - runs-on: ubuntu-20.04 - name: 'Deploy virtual machines' - env: - namespace: 'Microsoft.Compute\virtualMachines' - needs: - - job_deploy_kv_secrets - - job_deploy_vnet - - job_deploy_rsv - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' + # job_deploy_privateBicepRegistry: + # runs-on: ubuntu-20.04 + # name: 'Deploy private bicep registry' + # env: + # namespace: 'Microsoft.ContainerRegistry\registries' + # needs: + # - job_deploy_rg + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/deployModule + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.resourceGroupNameArtifacts }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + + # job_deploy_evh: + # runs-on: ubuntu-20.04 + # name: 'Deploy eventhub' + # env: + # namespace: 'Microsoft.EventHub\namespaces' + # needs: + # - job_deploy_rg + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/deployModule + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + + # job_deploy_law: + # runs-on: ubuntu-20.04 + # name: 'Deploy log analytics workspace' + # env: + # namespace: 'Microsoft.OperationalInsights\workspaces' + # needs: + # - job_deploy_rg + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['appi.parameters.json', 'parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/deployModule + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + + # job_deploy_sa: + # runs-on: ubuntu-20.04 + # name: 'Deploy storage account' + # env: + # namespace: 'Microsoft.Storage\storageAccounts' + # needs: + # - job_deploy_rg + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: + # ['fa.parameters.json', 'law.parameters.json', 'parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/deployModule + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + + # job_upload_storage_files: + # runs-on: ubuntu-20.04 + # name: 'Upload files to storage account' + # needs: + # - job_deploy_sa + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Azure Login + # uses: azure/login@v1 + # with: + # creds: ${{ secrets.AZURE_CREDENTIALS }} + # enable-AzPSSession: true + # - name: Run PowerShell + # uses: azure/powershell@v1 + # with: + # inlineScript: | + # # Load used functions + # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Export-ContentToBlob.ps1') + + # # Get storage account name + # $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' 'Microsoft.Storage/storageAccounts' 'parameters' 'parameters.json' + # $storageAccountParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters + + # # Upload files to storage account + # $functionInput = @{ + # ResourceGroupName = '${{ env.resourceGroupName }}' + # StorageAccountName = $storageAccountParameters.name.value + # contentDirectories = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' 'Microsoft.Storage/storageAccounts' 'uploads' + # targetContainer = $storageAccountParameters.blobServices.value.containers[0].name + # } + + # Write-Verbose "Invoke task with" -Verbose + # Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose + + # Export-ContentToBlob @functionInput -Verbose + # azPSVersion: 'latest' + + # job_deploy_sig: + # runs-on: ubuntu-20.04 + # name: 'Deploy shared image gallery and definition' + # env: + # namespace: 'Microsoft.Compute\galleries' + # needs: + # - job_deploy_rg + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/deployModule + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + + # job_deploy_ag: + # runs-on: ubuntu-20.04 + # name: 'Deploy action groups' + # env: + # namespace: 'Microsoft.Insights\actionGroups' + # needs: + # - job_deploy_rg + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/deployModule + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + + # job_deploy_asg: + # runs-on: ubuntu-20.04 + # name: 'Deploy application security groups' + # env: + # namespace: 'Microsoft.Network\applicationSecurityGroups' + # needs: + # - job_deploy_rg + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/deployModule + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + + # job_deploy_sqlmi_udr: + # runs-on: ubuntu-20.04 + # name: 'Deploy sqlmi route tables' + # if: github.event.inputs.deploySqlMiDependencies == 'true' + # env: + # namespace: 'Microsoft.Network\routeTables' + # needs: + # - job_deploy_rg + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/deployModule + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + + # job_deploy_nsg: + # runs-on: ubuntu-20.04 + # name: 'Deploy network security groups' + # env: + # namespace: 'Microsoft.Network\networkSecurityGroups' + # needs: + # - job_deploy_sa + # - job_deploy_evh + # - job_deploy_law + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: + # [ + # 'apgw.parameters.json', + # 'ase.parameters.json', + # 'bastion.parameters.json', + # 'parameters.json', + # ] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/deployModule + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + + # job_deploy_sqlmi_nsg: + # runs-on: ubuntu-20.04 + # name: 'Deploy sqlmi network security group' + # if: github.event.inputs.deploySqlMiDependencies == 'true' + # env: + # namespace: 'Microsoft.Network\networkSecurityGroups' + # needs: + # - job_deploy_sa + # - job_deploy_evh + # - job_deploy_law + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['sqlmi.parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/deployModule + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + + # job_deploy_pip: + # runs-on: ubuntu-20.04 + # name: 'Deploy public IP addresses' + # env: + # namespace: 'Microsoft.Network\publicIPAddresses' + # needs: + # - job_deploy_sa + # - job_deploy_evh + # - job_deploy_law + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: + # ['apgw.parameters.json', 'bas.parameters.json', 'lb.parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/deployModule + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + + # job_deploy_appi: + # runs-on: ubuntu-20.04 + # name: 'Deploy application insight' + # env: + # namespace: 'Microsoft.Insights\components' + # needs: + # - job_deploy_sa + # - job_deploy_evh + # - job_deploy_law + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/deployModule + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + + # job_deploy_aut: + # runs-on: ubuntu-20.04 + # name: 'Deploy automation account' + # env: + # namespace: 'Microsoft.Automation\automationAccounts' + # needs: + # - job_deploy_sa + # - job_deploy_evh + # - job_deploy_law + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/deployModule + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + + # job_deploy_avdhp: + # runs-on: ubuntu-20.04 + # name: 'Deploy AVD host pool' + # env: + # namespace: 'Microsoft.DesktopVirtualization\hostpools' + # needs: + # - job_deploy_sa + # - job_deploy_evh + # - job_deploy_law + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/deployModule + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + + # job_deploy_rsv: + # runs-on: ubuntu-20.04 + # name: 'Deploy recovery services vault' + # env: + # namespace: 'Microsoft.RecoveryServices\vaults' + # needs: + # - job_deploy_sa + # - job_deploy_evh + # - job_deploy_law + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/deployModule + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + + # job_deploy_kv: + # runs-on: ubuntu-20.04 + # name: 'Deploy key vaults' + # env: + # namespace: 'Microsoft.KeyVault\vaults' + # needs: + # - job_deploy_sa + # - job_deploy_evh + # - job_deploy_law + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json', 'pe.parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/deployModule + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + + # job_deploy_kv_secrets: + # runs-on: ubuntu-20.04 + # name: 'Set key vault secrets keys and certificates' + # needs: + # - job_deploy_kv + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Azure Login + # uses: azure/login@v1 + # with: + # creds: ${{ secrets.AZURE_CREDENTIALS }} + # enable-AzPSSession: true + # - name: Run PowerShell + # uses: azure/powershell@v1 + # with: + # inlineScript: | + # $usernameString = (-join ((65..90) + (97..122) | Get-Random -Count 9 -SetSeed 1 | % {[char]$_ + "$_"})).substring(0,19) # max length + # $passwordString = (New-Guid).Guid.SubString(0,19) + # $vpnSharedKeyString = (New-Guid).Guid.SubString(0,32) + # $keyVaultName = 'adp-sxx-az-kv-x-001' + # $userName = ConvertTo-SecureString -String $usernameString -AsPlainText -Force + # $password = ConvertTo-SecureString -String $passwordString -AsPlainText -Force + # $vpnSharedKey = ConvertTo-SecureString -String $vpnSharedKeyString -AsPlainText -Force + # # VirtualMachines and VMSS + # Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'adminUsername' -SecretValue $username + # Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'adminPassword' -SecretValue $password + # # Azure SQLServer + # Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'administratorLogin' -SecretValue $username + # Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'administratorLoginPassword' -SecretValue $password + # # VirtualNetworkGateway + # Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'vpnSharedKey' -SecretValue $vpnSharedKey + # # DiskEncryptionSet, VirtualMachines and VMSS + # az keyvault key create --vault-name $keyVaultName --name 'keyEncryptionKey' + # # ApplicationGateway + # $apgwCertPolicy = New-AzKeyVaultCertificatePolicy -SecretContentType 'application/x-pkcs12' -SubjectName 'CN=fabrikam.com' -IssuerName 'Self' -ValidityInMonths 12 -ReuseKeyOnRenewal + # Add-AzKeyVaultCertificate -VaultName $keyVaultName -Name 'applicationGatewaySslCertificate' -CertificatePolicy $apgwCertPolicy + # # API management + # Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'apimclientid' -SecretValue $username + # Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'apimclientsecret' -SecretValue $password + # azPSVersion: 'latest' + + # job_deploy_sqlmi_kv: + # runs-on: ubuntu-20.04 + # name: 'Deploy sqlmi key vault' + # if: github.event.inputs.deploySqlMiDependencies == 'true' + # env: + # namespace: 'Microsoft.KeyVault\vaults' + # needs: + # - job_deploy_sa + # - job_deploy_evh + # - job_deploy_law + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['sqlmi.parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/deployModule + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + + # job_deploy_sqlmi_kv_secrets: + # runs-on: ubuntu-20.04 + # name: 'Set sqlmi key vault secrets and keys' + # if: github.event.inputs.deploySqlMiDependencies == 'true' + # needs: + # - job_deploy_sqlmi_kv + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Azure Login + # uses: azure/login@v1 + # with: + # creds: ${{ secrets.AZURE_CREDENTIALS }} + # enable-AzPSSession: true + # - name: Run PowerShell + # uses: azure/powershell@v1 + # with: + # inlineScript: | + # $usernameString = (-join ((65..90) + (97..122) | Get-Random -Count 9 -SetSeed 1 | % {[char]$_ + "$_"})).substring(0,19) # max length + # $passwordString = (New-Guid).Guid.SubString(0,19) + # $vpnSharedKeyString = (New-Guid).Guid.SubString(0,32) + # $keyVaultName = 'adp-sxx-az-kv-x-sqlmi' + # $userName = ConvertTo-SecureString -String $usernameString -AsPlainText -Force + # $password = ConvertTo-SecureString -String $passwordString -AsPlainText -Force + # $vpnSharedKey = ConvertTo-SecureString -String $vpnSharedKeyString -AsPlainText -Force + # # SQLManagedInstances secrets + # Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'administratorLogin' -SecretValue $username + # Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'administratorLoginPassword' -SecretValue $password + # # SQLManagedInstances Keys + # az keyvault key create --vault-name $keyVaultName --name 'keyEncryptionKeySqlMi' + # azPSVersion: 'latest' + + # job_deploy_avdag: + # runs-on: ubuntu-20.04 + # name: 'Deploy AVD application group' + # env: + # namespace: 'Microsoft.DesktopVirtualization\applicationgroups' + # needs: + # - job_deploy_avdhp + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/deployModule + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + + # job_deploy_rolea: + # runs-on: ubuntu-20.04 + # name: 'Deploy role assignments' + # env: + # namespace: 'Microsoft.Authorization\roleAssignments' + # needs: + # - job_deploy_msi + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/deployModule + # with: + # templateFilePath: 'arm/${{ env.namespace }}/.bicep/nested_rbac_sub.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + + # job_deploy_vnet: + # runs-on: ubuntu-20.04 + # name: 'Deploy virtual networks' + # env: + # namespace: 'Microsoft.Network\virtualNetworks' + # needs: + # - job_deploy_nsg + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: + # [ + # '1.bastion.parameters.json', + # '2.vnetpeer01.parameters.json', + # '3.vnetpeer02.parameters.json', + # '4.azfw.parameters.json', + # '5.aks.parameters.json', + # 'parameters.json', + # ] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/deployModule + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + + # job_deploy_sqlmi_vnet: + # runs-on: ubuntu-20.04 + # name: 'Deploy sqlmi virtual network' + # if: github.event.inputs.deploySqlMiDependencies == 'true' + # env: + # namespace: 'Microsoft.Network\virtualNetworks' + # needs: + # - job_deploy_sqlmi_udr + # - job_deploy_sqlmi_nsg + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['6.sqlmi.parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/deployModule + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + + # job_deploy_dnszone: + # runs-on: ubuntu-20.04 + # name: 'Deploy private DNS zones' + # env: + # namespace: 'Microsoft.Network\privateDnsZones' + # needs: + # - job_deploy_vnet + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/deployModule + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + + # job_deploy_vm: + # runs-on: ubuntu-20.04 + # name: 'Deploy virtual machines' + # env: + # namespace: 'Microsoft.Compute\virtualMachines' + # needs: + # - job_deploy_kv_secrets + # - job_deploy_vnet + # - job_deploy_rsv + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/deployModule + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' From b9dbdd073752714d217e7619f99ba41d513c2483 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 3 Dec 2021 11:49:22 +0100 Subject: [PATCH 4/8] comment rg dep --- .github/workflows/platform.dependencies.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index 99e15e367d..1907b26a61 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -88,8 +88,8 @@ jobs: name: 'Deploy policy assignment' env: namespace: 'Microsoft.Authorization\policyAssignments' - needs: - - job_deploy_rg + # needs: + # - job_deploy_rg strategy: fail-fast: false matrix: From d6d80b3284a3de4878828acc5cdd97c91086051d Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 3 Dec 2021 11:59:36 +0100 Subject: [PATCH 5/8] update assignment param --- .../policyAssignments/parameters/parameters.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/utilities/pipelines/dependencies/Microsoft.Authorization/policyAssignments/parameters/parameters.json b/utilities/pipelines/dependencies/Microsoft.Authorization/policyAssignments/parameters/parameters.json index a421671909..276698d1b4 100644 --- a/utilities/pipelines/dependencies/Microsoft.Authorization/policyAssignments/parameters/parameters.json +++ b/utilities/pipelines/dependencies/Microsoft.Authorization/policyAssignments/parameters/parameters.json @@ -5,6 +5,9 @@ "name": { "value": "sxx-assignment-loc-rg" }, + "displayName": { + "value": "Audit resource location matches resource group location" + }, "policyDefinitionID": { "value": "/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a" }, From 20b7eb155e6791e2b6b9ef56dca78fa94c5518be Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 3 Dec 2021 12:14:25 +0100 Subject: [PATCH 6/8] update wiki --- docs/wiki/TestingDesign.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/wiki/TestingDesign.md b/docs/wiki/TestingDesign.md index 5d8b294ff5..dea558d6e0 100644 --- a/docs/wiki/TestingDesign.md +++ b/docs/wiki/TestingDesign.md @@ -114,6 +114,7 @@ Since also dependency resources are in turn subject to dependencies with each ot **Second level resources**: This group of resources has a dependency only on the resource group which will host them. Resources in this group can be deployed in parallel. 1. User assigned identity: This resource is leveraged as a test identity by all resources supporting RBAC. + 1. Policy assignment: This resource is leveraged by the [policy exemption] resource. 1. Log analytics workspace: This resource is leveraged by all resources supporting diagnostic settings on LAW. 1. Storage account: This resource is leveraged by all resources supporting diagnostic settings on a storage account. >**Note**: This resource has a global scope name. From a1134725c470280bd650a7c6856b56b4617d0d16 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 3 Dec 2021 12:15:40 +0100 Subject: [PATCH 7/8] uncomment dependencies --- .github/workflows/platform.dependencies.yml | 1666 +++++++++---------- 1 file changed, 833 insertions(+), 833 deletions(-) diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index 1907b26a61..5c26a100c8 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -30,66 +30,66 @@ env: DEPLOYMENT_SP_ID: '${{ secrets.DEPLOYMENT_SP_ID }}' jobs: - # job_deploy_rg: - # runs-on: ubuntu-20.04 - # name: 'Deploy resource group' - # env: - # namespace: 'Microsoft.Resources\resourceGroups' - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: - # ['artifacts.parameters.json', 'validation.parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/deployModule - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_msi: - # runs-on: ubuntu-20.04 - # name: 'Deploy user assigned identity' - # env: - # namespace: 'Microsoft.ManagedIdentity\userAssignedIdentities' - # needs: - # - job_deploy_rg - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/deployModule - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' + job_deploy_rg: + runs-on: ubuntu-20.04 + name: 'Deploy resource group' + env: + namespace: 'Microsoft.Resources\resourceGroups' + strategy: + fail-fast: false + matrix: + parameterFilePaths: + ['artifacts.parameters.json', 'validation.parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_msi: + runs-on: ubuntu-20.04 + name: 'Deploy user assigned identity' + env: + namespace: 'Microsoft.ManagedIdentity\userAssignedIdentities' + needs: + - job_deploy_rg + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' job_deploy_pa: runs-on: ubuntu-20.04 name: 'Deploy policy assignment' env: namespace: 'Microsoft.Authorization\policyAssignments' - # needs: - # - job_deploy_rg + needs: + - job_deploy_rg strategy: fail-fast: false matrix: @@ -110,782 +110,782 @@ jobs: managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' removeDeployment: '${{ env.removeDeployment }}' - # job_deploy_privateBicepRegistry: - # runs-on: ubuntu-20.04 - # name: 'Deploy private bicep registry' - # env: - # namespace: 'Microsoft.ContainerRegistry\registries' - # needs: - # - job_deploy_rg - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/deployModule - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.resourceGroupNameArtifacts }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_evh: - # runs-on: ubuntu-20.04 - # name: 'Deploy eventhub' - # env: - # namespace: 'Microsoft.EventHub\namespaces' - # needs: - # - job_deploy_rg - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/deployModule - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_law: - # runs-on: ubuntu-20.04 - # name: 'Deploy log analytics workspace' - # env: - # namespace: 'Microsoft.OperationalInsights\workspaces' - # needs: - # - job_deploy_rg - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['appi.parameters.json', 'parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/deployModule - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_sa: - # runs-on: ubuntu-20.04 - # name: 'Deploy storage account' - # env: - # namespace: 'Microsoft.Storage\storageAccounts' - # needs: - # - job_deploy_rg - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: - # ['fa.parameters.json', 'law.parameters.json', 'parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/deployModule - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_upload_storage_files: - # runs-on: ubuntu-20.04 - # name: 'Upload files to storage account' - # needs: - # - job_deploy_sa - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: Azure Login - # uses: azure/login@v1 - # with: - # creds: ${{ secrets.AZURE_CREDENTIALS }} - # enable-AzPSSession: true - # - name: Run PowerShell - # uses: azure/powershell@v1 - # with: - # inlineScript: | - # # Load used functions - # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Export-ContentToBlob.ps1') - - # # Get storage account name - # $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' 'Microsoft.Storage/storageAccounts' 'parameters' 'parameters.json' - # $storageAccountParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters - - # # Upload files to storage account - # $functionInput = @{ - # ResourceGroupName = '${{ env.resourceGroupName }}' - # StorageAccountName = $storageAccountParameters.name.value - # contentDirectories = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' 'Microsoft.Storage/storageAccounts' 'uploads' - # targetContainer = $storageAccountParameters.blobServices.value.containers[0].name - # } - - # Write-Verbose "Invoke task with" -Verbose - # Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose - - # Export-ContentToBlob @functionInput -Verbose - # azPSVersion: 'latest' - - # job_deploy_sig: - # runs-on: ubuntu-20.04 - # name: 'Deploy shared image gallery and definition' - # env: - # namespace: 'Microsoft.Compute\galleries' - # needs: - # - job_deploy_rg - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/deployModule - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_ag: - # runs-on: ubuntu-20.04 - # name: 'Deploy action groups' - # env: - # namespace: 'Microsoft.Insights\actionGroups' - # needs: - # - job_deploy_rg - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/deployModule - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_asg: - # runs-on: ubuntu-20.04 - # name: 'Deploy application security groups' - # env: - # namespace: 'Microsoft.Network\applicationSecurityGroups' - # needs: - # - job_deploy_rg - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/deployModule - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_sqlmi_udr: - # runs-on: ubuntu-20.04 - # name: 'Deploy sqlmi route tables' - # if: github.event.inputs.deploySqlMiDependencies == 'true' - # env: - # namespace: 'Microsoft.Network\routeTables' - # needs: - # - job_deploy_rg - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/deployModule - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_nsg: - # runs-on: ubuntu-20.04 - # name: 'Deploy network security groups' - # env: - # namespace: 'Microsoft.Network\networkSecurityGroups' - # needs: - # - job_deploy_sa - # - job_deploy_evh - # - job_deploy_law - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: - # [ - # 'apgw.parameters.json', - # 'ase.parameters.json', - # 'bastion.parameters.json', - # 'parameters.json', - # ] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/deployModule - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_sqlmi_nsg: - # runs-on: ubuntu-20.04 - # name: 'Deploy sqlmi network security group' - # if: github.event.inputs.deploySqlMiDependencies == 'true' - # env: - # namespace: 'Microsoft.Network\networkSecurityGroups' - # needs: - # - job_deploy_sa - # - job_deploy_evh - # - job_deploy_law - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['sqlmi.parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/deployModule - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_pip: - # runs-on: ubuntu-20.04 - # name: 'Deploy public IP addresses' - # env: - # namespace: 'Microsoft.Network\publicIPAddresses' - # needs: - # - job_deploy_sa - # - job_deploy_evh - # - job_deploy_law - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: - # ['apgw.parameters.json', 'bas.parameters.json', 'lb.parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/deployModule - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_appi: - # runs-on: ubuntu-20.04 - # name: 'Deploy application insight' - # env: - # namespace: 'Microsoft.Insights\components' - # needs: - # - job_deploy_sa - # - job_deploy_evh - # - job_deploy_law - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/deployModule - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_aut: - # runs-on: ubuntu-20.04 - # name: 'Deploy automation account' - # env: - # namespace: 'Microsoft.Automation\automationAccounts' - # needs: - # - job_deploy_sa - # - job_deploy_evh - # - job_deploy_law - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/deployModule - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_avdhp: - # runs-on: ubuntu-20.04 - # name: 'Deploy AVD host pool' - # env: - # namespace: 'Microsoft.DesktopVirtualization\hostpools' - # needs: - # - job_deploy_sa - # - job_deploy_evh - # - job_deploy_law - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/deployModule - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_rsv: - # runs-on: ubuntu-20.04 - # name: 'Deploy recovery services vault' - # env: - # namespace: 'Microsoft.RecoveryServices\vaults' - # needs: - # - job_deploy_sa - # - job_deploy_evh - # - job_deploy_law - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/deployModule - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_kv: - # runs-on: ubuntu-20.04 - # name: 'Deploy key vaults' - # env: - # namespace: 'Microsoft.KeyVault\vaults' - # needs: - # - job_deploy_sa - # - job_deploy_evh - # - job_deploy_law - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json', 'pe.parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/deployModule - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_kv_secrets: - # runs-on: ubuntu-20.04 - # name: 'Set key vault secrets keys and certificates' - # needs: - # - job_deploy_kv - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: Azure Login - # uses: azure/login@v1 - # with: - # creds: ${{ secrets.AZURE_CREDENTIALS }} - # enable-AzPSSession: true - # - name: Run PowerShell - # uses: azure/powershell@v1 - # with: - # inlineScript: | - # $usernameString = (-join ((65..90) + (97..122) | Get-Random -Count 9 -SetSeed 1 | % {[char]$_ + "$_"})).substring(0,19) # max length - # $passwordString = (New-Guid).Guid.SubString(0,19) - # $vpnSharedKeyString = (New-Guid).Guid.SubString(0,32) - # $keyVaultName = 'adp-sxx-az-kv-x-001' - # $userName = ConvertTo-SecureString -String $usernameString -AsPlainText -Force - # $password = ConvertTo-SecureString -String $passwordString -AsPlainText -Force - # $vpnSharedKey = ConvertTo-SecureString -String $vpnSharedKeyString -AsPlainText -Force - # # VirtualMachines and VMSS - # Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'adminUsername' -SecretValue $username - # Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'adminPassword' -SecretValue $password - # # Azure SQLServer - # Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'administratorLogin' -SecretValue $username - # Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'administratorLoginPassword' -SecretValue $password - # # VirtualNetworkGateway - # Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'vpnSharedKey' -SecretValue $vpnSharedKey - # # DiskEncryptionSet, VirtualMachines and VMSS - # az keyvault key create --vault-name $keyVaultName --name 'keyEncryptionKey' - # # ApplicationGateway - # $apgwCertPolicy = New-AzKeyVaultCertificatePolicy -SecretContentType 'application/x-pkcs12' -SubjectName 'CN=fabrikam.com' -IssuerName 'Self' -ValidityInMonths 12 -ReuseKeyOnRenewal - # Add-AzKeyVaultCertificate -VaultName $keyVaultName -Name 'applicationGatewaySslCertificate' -CertificatePolicy $apgwCertPolicy - # # API management - # Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'apimclientid' -SecretValue $username - # Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'apimclientsecret' -SecretValue $password - # azPSVersion: 'latest' - - # job_deploy_sqlmi_kv: - # runs-on: ubuntu-20.04 - # name: 'Deploy sqlmi key vault' - # if: github.event.inputs.deploySqlMiDependencies == 'true' - # env: - # namespace: 'Microsoft.KeyVault\vaults' - # needs: - # - job_deploy_sa - # - job_deploy_evh - # - job_deploy_law - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['sqlmi.parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/deployModule - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_sqlmi_kv_secrets: - # runs-on: ubuntu-20.04 - # name: 'Set sqlmi key vault secrets and keys' - # if: github.event.inputs.deploySqlMiDependencies == 'true' - # needs: - # - job_deploy_sqlmi_kv - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: Azure Login - # uses: azure/login@v1 - # with: - # creds: ${{ secrets.AZURE_CREDENTIALS }} - # enable-AzPSSession: true - # - name: Run PowerShell - # uses: azure/powershell@v1 - # with: - # inlineScript: | - # $usernameString = (-join ((65..90) + (97..122) | Get-Random -Count 9 -SetSeed 1 | % {[char]$_ + "$_"})).substring(0,19) # max length - # $passwordString = (New-Guid).Guid.SubString(0,19) - # $vpnSharedKeyString = (New-Guid).Guid.SubString(0,32) - # $keyVaultName = 'adp-sxx-az-kv-x-sqlmi' - # $userName = ConvertTo-SecureString -String $usernameString -AsPlainText -Force - # $password = ConvertTo-SecureString -String $passwordString -AsPlainText -Force - # $vpnSharedKey = ConvertTo-SecureString -String $vpnSharedKeyString -AsPlainText -Force - # # SQLManagedInstances secrets - # Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'administratorLogin' -SecretValue $username - # Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'administratorLoginPassword' -SecretValue $password - # # SQLManagedInstances Keys - # az keyvault key create --vault-name $keyVaultName --name 'keyEncryptionKeySqlMi' - # azPSVersion: 'latest' - - # job_deploy_avdag: - # runs-on: ubuntu-20.04 - # name: 'Deploy AVD application group' - # env: - # namespace: 'Microsoft.DesktopVirtualization\applicationgroups' - # needs: - # - job_deploy_avdhp - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/deployModule - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_rolea: - # runs-on: ubuntu-20.04 - # name: 'Deploy role assignments' - # env: - # namespace: 'Microsoft.Authorization\roleAssignments' - # needs: - # - job_deploy_msi - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/deployModule - # with: - # templateFilePath: 'arm/${{ env.namespace }}/.bicep/nested_rbac_sub.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_vnet: - # runs-on: ubuntu-20.04 - # name: 'Deploy virtual networks' - # env: - # namespace: 'Microsoft.Network\virtualNetworks' - # needs: - # - job_deploy_nsg - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: - # [ - # '1.bastion.parameters.json', - # '2.vnetpeer01.parameters.json', - # '3.vnetpeer02.parameters.json', - # '4.azfw.parameters.json', - # '5.aks.parameters.json', - # 'parameters.json', - # ] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/deployModule - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_sqlmi_vnet: - # runs-on: ubuntu-20.04 - # name: 'Deploy sqlmi virtual network' - # if: github.event.inputs.deploySqlMiDependencies == 'true' - # env: - # namespace: 'Microsoft.Network\virtualNetworks' - # needs: - # - job_deploy_sqlmi_udr - # - job_deploy_sqlmi_nsg - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['6.sqlmi.parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/deployModule - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_dnszone: - # runs-on: ubuntu-20.04 - # name: 'Deploy private DNS zones' - # env: - # namespace: 'Microsoft.Network\privateDnsZones' - # needs: - # - job_deploy_vnet - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/deployModule - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_vm: - # runs-on: ubuntu-20.04 - # name: 'Deploy virtual machines' - # env: - # namespace: 'Microsoft.Compute\virtualMachines' - # needs: - # - job_deploy_kv_secrets - # - job_deploy_vnet - # - job_deploy_rsv - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/deployModule - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' + job_deploy_privateBicepRegistry: + runs-on: ubuntu-20.04 + name: 'Deploy private bicep registry' + env: + namespace: 'Microsoft.ContainerRegistry\registries' + needs: + - job_deploy_rg + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupNameArtifacts }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_evh: + runs-on: ubuntu-20.04 + name: 'Deploy eventhub' + env: + namespace: 'Microsoft.EventHub\namespaces' + needs: + - job_deploy_rg + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_law: + runs-on: ubuntu-20.04 + name: 'Deploy log analytics workspace' + env: + namespace: 'Microsoft.OperationalInsights\workspaces' + needs: + - job_deploy_rg + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['appi.parameters.json', 'parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_sa: + runs-on: ubuntu-20.04 + name: 'Deploy storage account' + env: + namespace: 'Microsoft.Storage\storageAccounts' + needs: + - job_deploy_rg + strategy: + fail-fast: false + matrix: + parameterFilePaths: + ['fa.parameters.json', 'law.parameters.json', 'parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_upload_storage_files: + runs-on: ubuntu-20.04 + name: 'Upload files to storage account' + needs: + - job_deploy_sa + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Azure Login + uses: azure/login@v1 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + enable-AzPSSession: true + - name: Run PowerShell + uses: azure/powershell@v1 + with: + inlineScript: | + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Export-ContentToBlob.ps1') + + # Get storage account name + $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' 'Microsoft.Storage/storageAccounts' 'parameters' 'parameters.json' + $storageAccountParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters + + # Upload files to storage account + $functionInput = @{ + ResourceGroupName = '${{ env.resourceGroupName }}' + StorageAccountName = $storageAccountParameters.name.value + contentDirectories = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' 'Microsoft.Storage/storageAccounts' 'uploads' + targetContainer = $storageAccountParameters.blobServices.value.containers[0].name + } + + Write-Verbose "Invoke task with" -Verbose + Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose + + Export-ContentToBlob @functionInput -Verbose + azPSVersion: 'latest' + + job_deploy_sig: + runs-on: ubuntu-20.04 + name: 'Deploy shared image gallery and definition' + env: + namespace: 'Microsoft.Compute\galleries' + needs: + - job_deploy_rg + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_ag: + runs-on: ubuntu-20.04 + name: 'Deploy action groups' + env: + namespace: 'Microsoft.Insights\actionGroups' + needs: + - job_deploy_rg + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_asg: + runs-on: ubuntu-20.04 + name: 'Deploy application security groups' + env: + namespace: 'Microsoft.Network\applicationSecurityGroups' + needs: + - job_deploy_rg + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_sqlmi_udr: + runs-on: ubuntu-20.04 + name: 'Deploy sqlmi route tables' + if: github.event.inputs.deploySqlMiDependencies == 'true' + env: + namespace: 'Microsoft.Network\routeTables' + needs: + - job_deploy_rg + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_nsg: + runs-on: ubuntu-20.04 + name: 'Deploy network security groups' + env: + namespace: 'Microsoft.Network\networkSecurityGroups' + needs: + - job_deploy_sa + - job_deploy_evh + - job_deploy_law + strategy: + fail-fast: false + matrix: + parameterFilePaths: + [ + 'apgw.parameters.json', + 'ase.parameters.json', + 'bastion.parameters.json', + 'parameters.json', + ] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_sqlmi_nsg: + runs-on: ubuntu-20.04 + name: 'Deploy sqlmi network security group' + if: github.event.inputs.deploySqlMiDependencies == 'true' + env: + namespace: 'Microsoft.Network\networkSecurityGroups' + needs: + - job_deploy_sa + - job_deploy_evh + - job_deploy_law + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['sqlmi.parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_pip: + runs-on: ubuntu-20.04 + name: 'Deploy public IP addresses' + env: + namespace: 'Microsoft.Network\publicIPAddresses' + needs: + - job_deploy_sa + - job_deploy_evh + - job_deploy_law + strategy: + fail-fast: false + matrix: + parameterFilePaths: + ['apgw.parameters.json', 'bas.parameters.json', 'lb.parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_appi: + runs-on: ubuntu-20.04 + name: 'Deploy application insight' + env: + namespace: 'Microsoft.Insights\components' + needs: + - job_deploy_sa + - job_deploy_evh + - job_deploy_law + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_aut: + runs-on: ubuntu-20.04 + name: 'Deploy automation account' + env: + namespace: 'Microsoft.Automation\automationAccounts' + needs: + - job_deploy_sa + - job_deploy_evh + - job_deploy_law + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_avdhp: + runs-on: ubuntu-20.04 + name: 'Deploy AVD host pool' + env: + namespace: 'Microsoft.DesktopVirtualization\hostpools' + needs: + - job_deploy_sa + - job_deploy_evh + - job_deploy_law + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_rsv: + runs-on: ubuntu-20.04 + name: 'Deploy recovery services vault' + env: + namespace: 'Microsoft.RecoveryServices\vaults' + needs: + - job_deploy_sa + - job_deploy_evh + - job_deploy_law + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_kv: + runs-on: ubuntu-20.04 + name: 'Deploy key vaults' + env: + namespace: 'Microsoft.KeyVault\vaults' + needs: + - job_deploy_sa + - job_deploy_evh + - job_deploy_law + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json', 'pe.parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_kv_secrets: + runs-on: ubuntu-20.04 + name: 'Set key vault secrets keys and certificates' + needs: + - job_deploy_kv + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Azure Login + uses: azure/login@v1 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + enable-AzPSSession: true + - name: Run PowerShell + uses: azure/powershell@v1 + with: + inlineScript: | + $usernameString = (-join ((65..90) + (97..122) | Get-Random -Count 9 -SetSeed 1 | % {[char]$_ + "$_"})).substring(0,19) # max length + $passwordString = (New-Guid).Guid.SubString(0,19) + $vpnSharedKeyString = (New-Guid).Guid.SubString(0,32) + $keyVaultName = 'adp-sxx-az-kv-x-001' + $userName = ConvertTo-SecureString -String $usernameString -AsPlainText -Force + $password = ConvertTo-SecureString -String $passwordString -AsPlainText -Force + $vpnSharedKey = ConvertTo-SecureString -String $vpnSharedKeyString -AsPlainText -Force + # VirtualMachines and VMSS + Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'adminUsername' -SecretValue $username + Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'adminPassword' -SecretValue $password + # Azure SQLServer + Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'administratorLogin' -SecretValue $username + Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'administratorLoginPassword' -SecretValue $password + # VirtualNetworkGateway + Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'vpnSharedKey' -SecretValue $vpnSharedKey + # DiskEncryptionSet, VirtualMachines and VMSS + az keyvault key create --vault-name $keyVaultName --name 'keyEncryptionKey' + # ApplicationGateway + $apgwCertPolicy = New-AzKeyVaultCertificatePolicy -SecretContentType 'application/x-pkcs12' -SubjectName 'CN=fabrikam.com' -IssuerName 'Self' -ValidityInMonths 12 -ReuseKeyOnRenewal + Add-AzKeyVaultCertificate -VaultName $keyVaultName -Name 'applicationGatewaySslCertificate' -CertificatePolicy $apgwCertPolicy + # API management + Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'apimclientid' -SecretValue $username + Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'apimclientsecret' -SecretValue $password + azPSVersion: 'latest' + + job_deploy_sqlmi_kv: + runs-on: ubuntu-20.04 + name: 'Deploy sqlmi key vault' + if: github.event.inputs.deploySqlMiDependencies == 'true' + env: + namespace: 'Microsoft.KeyVault\vaults' + needs: + - job_deploy_sa + - job_deploy_evh + - job_deploy_law + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['sqlmi.parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_sqlmi_kv_secrets: + runs-on: ubuntu-20.04 + name: 'Set sqlmi key vault secrets and keys' + if: github.event.inputs.deploySqlMiDependencies == 'true' + needs: + - job_deploy_sqlmi_kv + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Azure Login + uses: azure/login@v1 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + enable-AzPSSession: true + - name: Run PowerShell + uses: azure/powershell@v1 + with: + inlineScript: | + $usernameString = (-join ((65..90) + (97..122) | Get-Random -Count 9 -SetSeed 1 | % {[char]$_ + "$_"})).substring(0,19) # max length + $passwordString = (New-Guid).Guid.SubString(0,19) + $vpnSharedKeyString = (New-Guid).Guid.SubString(0,32) + $keyVaultName = 'adp-sxx-az-kv-x-sqlmi' + $userName = ConvertTo-SecureString -String $usernameString -AsPlainText -Force + $password = ConvertTo-SecureString -String $passwordString -AsPlainText -Force + $vpnSharedKey = ConvertTo-SecureString -String $vpnSharedKeyString -AsPlainText -Force + # SQLManagedInstances secrets + Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'administratorLogin' -SecretValue $username + Set-AzKeyVaultSecret -VaultName $keyVaultName -Name 'administratorLoginPassword' -SecretValue $password + # SQLManagedInstances Keys + az keyvault key create --vault-name $keyVaultName --name 'keyEncryptionKeySqlMi' + azPSVersion: 'latest' + + job_deploy_avdag: + runs-on: ubuntu-20.04 + name: 'Deploy AVD application group' + env: + namespace: 'Microsoft.DesktopVirtualization\applicationgroups' + needs: + - job_deploy_avdhp + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_rolea: + runs-on: ubuntu-20.04 + name: 'Deploy role assignments' + env: + namespace: 'Microsoft.Authorization\roleAssignments' + needs: + - job_deploy_msi + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/.bicep/nested_rbac_sub.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_vnet: + runs-on: ubuntu-20.04 + name: 'Deploy virtual networks' + env: + namespace: 'Microsoft.Network\virtualNetworks' + needs: + - job_deploy_nsg + strategy: + fail-fast: false + matrix: + parameterFilePaths: + [ + '1.bastion.parameters.json', + '2.vnetpeer01.parameters.json', + '3.vnetpeer02.parameters.json', + '4.azfw.parameters.json', + '5.aks.parameters.json', + 'parameters.json', + ] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_sqlmi_vnet: + runs-on: ubuntu-20.04 + name: 'Deploy sqlmi virtual network' + if: github.event.inputs.deploySqlMiDependencies == 'true' + env: + namespace: 'Microsoft.Network\virtualNetworks' + needs: + - job_deploy_sqlmi_udr + - job_deploy_sqlmi_nsg + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['6.sqlmi.parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_dnszone: + runs-on: ubuntu-20.04 + name: 'Deploy private DNS zones' + env: + namespace: 'Microsoft.Network\privateDnsZones' + needs: + - job_deploy_vnet + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_vm: + runs-on: ubuntu-20.04 + name: 'Deploy virtual machines' + env: + namespace: 'Microsoft.Compute\virtualMachines' + needs: + - job_deploy_kv_secrets + - job_deploy_vnet + - job_deploy_rsv + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' From 547f383e3aa70d89c3a7899a377443c2e6e439cf Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 3 Dec 2021 15:40:57 +0100 Subject: [PATCH 8/8] rename policy name values --- .../policyAssignments/.parameters/min.parameters.json | 2 +- .../policyAssignments/.parameters/parameters.json | 2 +- .../policyExemptions/.parameters/min.parameters.json | 4 ++-- .../policyExemptions/.parameters/parameters.json | 4 ++-- .../policyAssignments/parameters/parameters.json | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/arm/Microsoft.Authorization/policyAssignments/.parameters/min.parameters.json b/arm/Microsoft.Authorization/policyAssignments/.parameters/min.parameters.json index fc31894a9d..8d1d18c9bb 100644 --- a/arm/Microsoft.Authorization/policyAssignments/.parameters/min.parameters.json +++ b/arm/Microsoft.Authorization/policyAssignments/.parameters/min.parameters.json @@ -3,7 +3,7 @@ "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "sxx-assignment-vm-disk" + "value": "sxx-pass-vm-disk" }, "policyDefinitionID": { "value": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d" diff --git a/arm/Microsoft.Authorization/policyAssignments/.parameters/parameters.json b/arm/Microsoft.Authorization/policyAssignments/.parameters/parameters.json index 034e78d231..1e0c09edd7 100644 --- a/arm/Microsoft.Authorization/policyAssignments/.parameters/parameters.json +++ b/arm/Microsoft.Authorization/policyAssignments/.parameters/parameters.json @@ -3,7 +3,7 @@ "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "sxx-assignment-tag" + "value": "sxx-pass-tag" }, "displayName": { "value": "Add a tag to resources" diff --git a/arm/Microsoft.Authorization/policyExemptions/.parameters/min.parameters.json b/arm/Microsoft.Authorization/policyExemptions/.parameters/min.parameters.json index 50dc214626..b93da1628c 100644 --- a/arm/Microsoft.Authorization/policyExemptions/.parameters/min.parameters.json +++ b/arm/Microsoft.Authorization/policyExemptions/.parameters/min.parameters.json @@ -3,10 +3,10 @@ "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "sxx-exempt-loc-rg-min" + "value": "sxx-pexe-loc-rg-min" }, "policyAssignmentId": { - "value": "/subscriptions/<>/providers/Microsoft.Authorization/policyAssignments/sxx-assignment-loc-rg" + "value": "/subscriptions/<>/providers/Microsoft.Authorization/policyAssignments/adp-sxx-pass-loc-rg" }, "subscriptionId": { "value": "<>" diff --git a/arm/Microsoft.Authorization/policyExemptions/.parameters/parameters.json b/arm/Microsoft.Authorization/policyExemptions/.parameters/parameters.json index 8d0437e4d0..240fc99101 100644 --- a/arm/Microsoft.Authorization/policyExemptions/.parameters/parameters.json +++ b/arm/Microsoft.Authorization/policyExemptions/.parameters/parameters.json @@ -3,13 +3,13 @@ "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "sxx-exempt-loc-rg" + "value": "sxx-pexe-loc-rg" }, "displayName": { "value": "[Test] policy exempt" }, "policyAssignmentId": { - "value": "/subscriptions/<>/providers/Microsoft.Authorization/policyAssignments/sxx-assignment-loc-rg" + "value": "/subscriptions/<>/providers/Microsoft.Authorization/policyAssignments/adp-sxx-pass-loc-rg" }, "exemptionCategory": { "value": "Waiver" diff --git a/utilities/pipelines/dependencies/Microsoft.Authorization/policyAssignments/parameters/parameters.json b/utilities/pipelines/dependencies/Microsoft.Authorization/policyAssignments/parameters/parameters.json index 276698d1b4..786e69ed5e 100644 --- a/utilities/pipelines/dependencies/Microsoft.Authorization/policyAssignments/parameters/parameters.json +++ b/utilities/pipelines/dependencies/Microsoft.Authorization/policyAssignments/parameters/parameters.json @@ -3,7 +3,7 @@ "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "sxx-assignment-loc-rg" + "value": "adp-sxx-pass-loc-rg" }, "displayName": { "value": "Audit resource location matches resource group location"