26294 - Feature - Accelerator Pipeline Adjustments (#483)

* Added initial accelerator pipelines and scripts * Removed unused params from scripts * Trim trailing whitespace * Removed unused param * Removed release fetcher script as another one is going to be used * Added ALZ prefix to files * Switched ALZ prefix location for all scripts * Changed policy assignment to alzdefault * Switched subscription placement to orchestration module * Change default tags to Live and clean up formatting of same param files * Diable role assignments deployment for accelerator until user is ready to enable * Fixed path to template and incorrect deployment name * Adjusted parameter path trigger for policy deployment workflow * Adjusted new line formatting for linter --------- Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>
2023-03-28 03:27:09 -05:00 · 2023-03-28 03:27:09 -05:00 · ef1466e175
--- a/accelerator/.github/workflows/alz-bicep-2.yml
+++ b/accelerator/.github/workflows/alz-bicep-2.yml
@ -5,8 +5,7 @@ on:
    branches:
      - "main"
    paths:
-      - "config/custom-parameters/roleAssignmentManagementGroupMany.servicePrincipal.parameters.all.json"
-      - "config/custom-parameters/policyAssignmentManagementGroup.dine.parameters.all.json"
+      - "config/custom-parameters/alzDefaultPolicyAssignments.parameters.all.json"
  workflow_dispatch:

 permissions:
@ -36,12 +35,13 @@ jobs:
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
          enable-AzPSSession: true

-      - name: "Role Assignments Deployment"
-        uses: azure/powershell@v1
-        with:
-          inlineScript: |
-            .\pipeline-scripts\Deploy-ALZRoleAssignments.ps1
-          azPSVersion: "latest"
+      # Example: Modify Deploy-ALZRoleAssignments.ps1 with applicable pararameter file and uncomment lines below to enable Role Assignments Deployment.
+      # - name: "Role Assignments Deployment"
+      #   uses: azure/powershell@v1
+      #   with:
+      #     inlineScript: |
+      #       .\pipeline-scripts\Deploy-ALZRoleAssignments.ps1
+      #     azPSVersion: "latest"

      - name: "Built-in and Custom Policy Assignments Deployment"
        uses: azure/powershell@v1
--- a/accelerator/pipeline-scripts/Deploy-ALZPolicyAssignments.ps1
+++ b/accelerator/pipeline-scripts/Deploy-ALZPolicyAssignments.ps1
@ -6,15 +6,15 @@ param (
  [String]$TopLevelMGPrefix = "$($env:TOP_LEVEL_MG_PREFIX)",

  [Parameter()]
-  [String]$TemplateFile = "upstream-releases\$($env:UPSTREAM_RELEASE_VERSION)\infra-as-code\bicep\modules\policy\assignments\policyAssignmentManagementGroup.bicep",
+  [String]$TemplateFile = "upstream-releases\$($env:UPSTREAM_RELEASE_VERSION)\infra-as-code\bicep\modules\policy\assignments\alzDefaults\alzDefaultPolicyAssignments.bicep",

  [Parameter()]
-  [String]$TemplateParameterFile = "config\custom-parameters\policyAssignmentManagementGroup.dine.parameters.all.json"
+  [String]$TemplateParameterFile = "config\custom-parameters\alzDefaultPolicyAssignments.parameters.all.json"
 )

 # Parameters necessary for deployment
 $inputObject = @{
-  DeploymentName        = 'alz-RoleAssignmentsDeployment-{0}' -f ( -join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63])
+  DeploymentName        = 'alz-PolicyAssignmentsDeployment-{0}' -f ( -join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63])
  Location              = $Location
  ManagementGroupId     = $TopLevelMGPrefix
  TemplateFile          = $TemplateFile
--- a/accelerator/pipeline-scripts/Deploy-ALZSubscriptionPlacement.ps1
+++ b/accelerator/pipeline-scripts/Deploy-ALZSubscriptionPlacement.ps1
@ -6,10 +6,10 @@ param (
  [String]$TopLevelMGPrefix = "$($env:TOP_LEVEL_MG_PREFIX)",

  [Parameter()]
-  [String]$TemplateFile = "upstream-releases\$($env:UPSTREAM_RELEASE_VERSION)\infra-as-code\bicep\modules\subscriptionPlacement\subscriptionPlacement.bicep",
+  [String]$TemplateFile = "upstream-releases\$($env:UPSTREAM_RELEASE_VERSION)\infra-as-code\bicep\orchestration\subPlacementAll\subPlacementAll.bicep",

  [Parameter()]
-  [String]$TemplateParameterFile = "config\custom-parameters\subscriptionPlacement.parameters.all.json"
+  [String]$TemplateParameterFile = "config\custom-parameters\subPlacementAll.parameters.all.json"
 )

 # Parameters necessary for deployment
--- a/infra-as-code/bicep/CRML/containerRegistry/parameters/containerRegistry.parameters.all.json
+++ b/infra-as-code/bicep/CRML/containerRegistry/parameters/containerRegistry.parameters.all.json
@ -8,10 +8,10 @@
    "parAcrSku": {
      "value": "Basic"
    },
-    "parTags":{
-      "value":{
-        "Environment": "POC"
+    "parTags": {
+      "value": {
+        "Environment": "Live"
      }
    }
  }
-}
+}
--- a/infra-as-code/bicep/CRML/subscriptionAlias/parameters/subscriptionAlias.parameters.all.json
+++ b/infra-as-code/bicep/CRML/subscriptionAlias/parameters/subscriptionAlias.parameters.all.json
@ -10,7 +10,7 @@
    },
    "parTags": {
      "value": {
-        "Environment": "POC"
+        "Environment": "Live"
      }
    },
    "parManagementGroupId": {
@ -26,4 +26,4 @@
      "value": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"
    }
  }
-}
+}
--- a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json
+++ b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json
@ -200,14 +200,17 @@
    },
    "parTags": {
      "value": {
-        "Environment": "POC"
+        "Environment": "Live"
      }
    },
    "parTelemetryOptOut": {
      "value": false
    },
    "parBastionOutboundSshRdpPorts": {
-      "value": ["22","3389"]
+      "value": [
+        "22",
+        "3389"
+      ]
    }
  }
 }
--- a/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json
+++ b/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json
@ -162,14 +162,17 @@
    },
    "parTags": {
      "value": {
-        "Environment": "POC"
+        "Environment": "Live"
      }
    },
    "parTelemetryOptOut": {
      "value": false
    },
    "parBastionOutboundSshRdpPorts": {
-      "value": ["22","3389"]
+      "value": [
+        "22",
+        "3389"
+      ]
    }
  }
 }
--- a/infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json
+++ b/infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json
@ -40,7 +40,7 @@
    },
    "parTags": {
      "value": {
-        "Environment": "POC"
+        "Environment": "Live"
      }
    },
    "parTelemetryOptOut": {
--- a/infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json
+++ b/infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json
@ -40,7 +40,7 @@
    },
    "parTags": {
      "value": {
-        "Environment": "POC"
+        "Environment": "Live"
      }
    },
    "parTelemetryOptOut": {
--- a/infra-as-code/bicep/modules/privateDnsZones/parameters/privateDnsZones.parameters.all.json
+++ b/infra-as-code/bicep/modules/privateDnsZones/parameters/privateDnsZones.parameters.all.json
@ -78,7 +78,7 @@
    },
    "parTags": {
      "value": {
-        "Environment": "POC"
+        "Environment": "Live"
      }
    },
    "parVirtualNetworkIdToLink": {
--- a/infra-as-code/bicep/modules/publicIp/parameters/publicIp.parameters.all.json
+++ b/infra-as-code/bicep/modules/publicIp/parameters/publicIp.parameters.all.json
@ -1,37 +1,37 @@
 {
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "parLocation": {
-            "value": "eastus"
-        },
-        "parPublicIpName": {
-            "value": "alz"
-        },
-        "parPublicIpSku": {
-            "value": {
-                "name": "Standard",
-                "tier": "Regional"
-            }
-        },
-        "parPublicIpProperties": {
-            "value": {
-                "publicIpAddressVersion": "IPv4",
-                "publicIpAllocationMethod": "Dynamic",
-                "deleteOption": "Delete",
-                "idleTimeoutInMinutes": 4
-            }
-        },
-        "parAvailabilityZones": {
-            "value": []
-        },
-        "parTags": {
-            "value": {
-                "Environment": "POC"
-            }
-        },
-        "parTelemetryOptOut": {
-            "value": false
-        }
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "parLocation": {
+      "value": "eastus"
+    },
+    "parPublicIpName": {
+      "value": "alz"
+    },
+    "parPublicIpSku": {
+      "value": {
+        "name": "Standard",
+        "tier": "Regional"
+      }
+    },
+    "parPublicIpProperties": {
+      "value": {
+        "publicIpAddressVersion": "IPv4",
+        "publicIpAllocationMethod": "Dynamic",
+        "deleteOption": "Delete",
+        "idleTimeoutInMinutes": 4
+      }
+    },
+    "parAvailabilityZones": {
+      "value": []
+    },
+    "parTags": {
+      "value": {
+        "Environment": "Live"
+      }
+    },
+    "parTelemetryOptOut": {
+      "value": false
    }
-}
+  }
+}
--- a/infra-as-code/bicep/modules/resourceGroup/parameters/resourceGroup.parameters.all.json
+++ b/infra-as-code/bicep/modules/resourceGroup/parameters/resourceGroup.parameters.all.json
@ -1,20 +1,20 @@
 {
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "parLocation": {
-            "value": "eastus"
-        },
-        "parResourceGroupName": {
-            "value": "alz-rg"
-        },
-        "parTags": {
-            "value": {
-              "Environment": "POC"
-            }
-        },
-        "parTelemetryOptOut": {
-            "value": false
-        }
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "parLocation": {
+      "value": "eastus"
+    },
+    "parResourceGroupName": {
+      "value": "alz-rg"
+    },
+    "parTags": {
+      "value": {
+        "Environment": "Live"
+      }
+    },
+    "parTelemetryOptOut": {
+      "value": false
    }
-}
+  }
+}
--- a/infra-as-code/bicep/modules/spokeNetworking/parameters/spokeNetworking.parameters.all.json
+++ b/infra-as-code/bicep/modules/spokeNetworking/parameters/spokeNetworking.parameters.all.json
@ -1,38 +1,38 @@
 {
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "parLocation": {
-            "value": "eastus"
-        },
-        "parDisableBgpRoutePropagation": {
-            "value": false
-        },
-        "parDdosProtectionPlanId": {
-            "value": ""
-        },
-        "parSpokeNetworkAddressPrefix": {
-            "value": "10.11.0.0/16"
-        },
-        "parSpokeNetworkName": {
-            "value": "vnet-spoke"
-        },
-        "parDnsServerIps": {
-            "value": []
-        },
-        "parNextHopIpAddress": {
-            "value": ""
-        },
-        "parSpokeToHubRouteTableName": {
-            "value": "rtb-spoke-to-hub"
-        },
-        "parTags": {
-            "value": {
-              "Environment": "POC"
-            }
-        },
-        "parTelemetryOptOut": {
-            "value": false
-        }
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "parLocation": {
+      "value": "eastus"
+    },
+    "parDisableBgpRoutePropagation": {
+      "value": false
+    },
+    "parDdosProtectionPlanId": {
+      "value": ""
+    },
+    "parSpokeNetworkAddressPrefix": {
+      "value": "10.11.0.0/16"
+    },
+    "parSpokeNetworkName": {
+      "value": "vnet-spoke"
+    },
+    "parDnsServerIps": {
+      "value": []
+    },
+    "parNextHopIpAddress": {
+      "value": ""
+    },
+    "parSpokeToHubRouteTableName": {
+      "value": "rtb-spoke-to-hub"
+    },
+    "parTags": {
+      "value": {
+        "Environment": "Live"
+      }
+    },
+    "parTelemetryOptOut": {
+      "value": false
    }
-}
+  }
+}
--- a/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json
+++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json
@ -50,7 +50,7 @@
          "parVirtualRouterAutoScaleConfiguration": 2
        }
      ]
-  },
+    },
    "parVpnGatewayScaleUnit": {
      "value": 1
    },
@ -104,7 +104,7 @@
    },
    "parTags": {
      "value": {
-        "Environment": "POC"
+        "Environment": "Live"
      }
    },
    "parTelemetryOptOut": {
--- a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json
+++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json
@ -50,7 +50,7 @@
          "parVirtualRouterAutoScaleConfiguration": 2
        }
      ]
-  },
+    },
    "parVpnGatewayScaleUnit": {
      "value": 1
    },
@ -142,7 +142,7 @@
    },
    "parTags": {
      "value": {
-        "Environment": "POC"
+        "Environment": "Live"
      }
    },
    "parTelemetryOptOut": {
--- a/infra-as-code/bicep/orchestration/hubPeeredSpoke/parameters/hubPeeredSpoke.parameters.all.json
+++ b/infra-as-code/bicep/orchestration/hubPeeredSpoke/parameters/hubPeeredSpoke.parameters.all.json
@ -49,7 +49,7 @@
    },
    "parTags": {
      "value": {
-        "Environment": "POC"
+        "Environment": "Live"
      }
    },
    "parTelemetryOptOut": {
--- a/infra-as-code/bicep/orchestration/hubPeeredSpoke/parameters/hubPeeredSpoke.vwan.parameters.all.json
+++ b/infra-as-code/bicep/orchestration/hubPeeredSpoke/parameters/hubPeeredSpoke.vwan.parameters.all.json
@ -49,7 +49,7 @@
    },
    "parTags": {
      "value": {
-        "Environment": "POC"
+        "Environment": "Live"
      }
    },
    "parTelemetryOptOut": {