зеркало из https://github.com/Azure/ALZ-Bicep.git
229 строки
14 KiB
YAML
229 строки
14 KiB
YAML
name: "ALZ-Bicep - Unit Tests - Validate All Modules in mooncake"
|
|
|
|
trigger: none
|
|
|
|
variables:
|
|
- group: csu-bicep-environment-mc
|
|
- name: ResourceGroupName
|
|
value: "rsg-github-pr-$(System.PullRequest.PullRequestNumber)"
|
|
- name: ManagementGroupPrefix
|
|
value: "PR-$(System.PullRequest.PullRequestNumber)"
|
|
- name: TopLevelManagementGroupDisplayName
|
|
value: "PR $(System.PullRequest.PullRequestNumber) Azure Landing Zones"
|
|
|
|
jobs:
|
|
- job: bicep_validate
|
|
displayName: Validate Bicep Files for PR
|
|
pool:
|
|
vmImage: ubuntu-latest
|
|
steps:
|
|
- task: AzureCLI@2
|
|
displayName: 'Azure CLI Get Federated Token'
|
|
inputs:
|
|
azureSubscription: mcserviceconnection
|
|
addSpnToEnvironment: true
|
|
scriptType: bash
|
|
scriptLocation: inlineScript
|
|
inlineScript: |
|
|
echo "##vso[task.setvariable variable=ARM_CLIENT_ID]$servicePrincipalId"
|
|
echo "##vso[task.setvariable variable=ARM_ID_TOKEN]$idToken"
|
|
echo "##vso[task.setvariable variable=ARM_TENANT_ID]$tenantId"
|
|
|
|
- task: Bash@3
|
|
displayName: Login to Azure for Subsequent Tasks
|
|
name: git_azlogin
|
|
inputs:
|
|
targetType: "inline"
|
|
script: |
|
|
az cloud set --name AzureChinaCloud
|
|
az login --service-principal -u $(ARM_CLIENT_ID) --tenant $(ARM_TENANT_ID) --allow-no-subscriptions --federated-token $(ARM_ID_TOKEN)
|
|
|
|
- task: Bash@3
|
|
displayName: Az CLI Create Resource Group for PR
|
|
name: create_rsg
|
|
inputs:
|
|
targetType: "inline"
|
|
script: |
|
|
az account set --subscription $(subscriptionId)
|
|
#if [ $(az group exists --name $(ResourceGroupName) ) == false ]; then
|
|
# sleep 300
|
|
#fi
|
|
az deployment sub create --name "deploy-$(ResourceGroupName)" --template-file infra-as-code/bicep/modules/resourceGroup/resourceGroup.bicep --location $(Location) --parameters parLocation=$(Location) parResourceGroupName=$(ResourceGroupName)
|
|
|
|
- task: Bash@3
|
|
displayName: Az CLI Register Resource Providers for PR
|
|
name: register_providers
|
|
inputs:
|
|
targetType: "inline"
|
|
script: |
|
|
az account set --subscription $(subscriptionId)
|
|
az provider register -n 'Microsoft.Insights'
|
|
|
|
- task: Bash@3
|
|
displayName: Az CLI Deploy Management Groups for PR
|
|
name: create_mgs
|
|
inputs:
|
|
targetType: "inline"
|
|
script: |
|
|
az deployment tenant create --template-file infra-as-code/bicep/modules/managementGroups/managementGroups.bicep --parameters @infra-as-code/bicep/modules/managementGroups/parameters/managementGroups.parameters.all.json parTopLevelManagementGroupPrefix=$(ManagementGroupPrefix) --location $(Location) --name $(ManagementGroupPrefix)
|
|
|
|
- task: Bash@3
|
|
displayName: Az CLI Validate Custom Role Definitions for PR
|
|
name: validate_rbac_roles
|
|
inputs:
|
|
targetType: "inline"
|
|
script: |
|
|
az deployment mg validate --template-file infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep --parameters @infra-as-code/bicep/modules/customRoleDefinitions/parameters/customRoleDefinitions.parameters.all.json parAssignableScopeManagementGroupId=$(ManagementGroupPrefix) --location $(Location) --management-group-id $(ManagementGroupPrefix) --name $(ManagementGroupPrefix)
|
|
|
|
- task: Bash@3
|
|
displayName: Az CLI Validate Custom Policy Definitions for PR
|
|
name: validate_policy_defs
|
|
inputs:
|
|
targetType: "inline"
|
|
script: |
|
|
az deployment mg validate --template-file infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep --parameters @infra-as-code/bicep/modules/policy/definitions/parameters/customPolicyDefinitions.parameters.all.json parTargetManagementGroupId=$(ManagementGroupPrefix) --location $(Location) --management-group-id $(ManagementGroupPrefix) --name $(ManagementGroupPrefix)
|
|
|
|
- task: Bash@3
|
|
displayName: Az CLI Create Logging for PR
|
|
name: create_logging
|
|
inputs:
|
|
targetType: "inline"
|
|
script: |
|
|
az deployment group create --resource-group $(ResourceGroupName) --template-file infra-as-code/bicep/modules/logging/logging.bicep --parameters @infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json --name $(ManagementGroupPrefix)
|
|
|
|
- task: Bash@3
|
|
displayName: Az CLI Validate mgDiagSettingsAll for PR
|
|
name: create_mgDiagSettingsAll
|
|
inputs:
|
|
targetType: "inline"
|
|
script: |
|
|
az deployment mg validate --template-file infra-as-code/bicep/orchestration/mgDiagSettingsAll/mgDiagSettingsAll.bicep --parameters @infra-as-code/bicep/orchestration/mgDiagSettingsAll/parameters/mgDiagSettingsAll.parameters.min.json parTopLevelManagementGroupPrefix="$(ManagementGroupPrefix)" parLogAnalyticsWorkspaceResourceId="/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.OperationalInsights/workspaces/alz-log-analytics" --location $(Location) --management-group-id $(ManagementGroupPrefix) --name $(ManagementGroupPrefix)
|
|
|
|
- task: Bash@3
|
|
displayName: Az CLI Validate Subscription Placement for PR
|
|
name: move_sub
|
|
inputs:
|
|
targetType: "inline"
|
|
script: |
|
|
az deployment mg validate --template-file infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep --parameters @infra-as-code/bicep/modules/subscriptionPlacement/parameters/subscriptionPlacement.parameters.all.json parTargetManagementGroupId=$(ManagementGroupPrefix)-platform-connectivity parSubscriptionIds='["$(subscriptionId)"]' --location $(Location) --management-group-id $(ManagementGroupPrefix) --name $(ManagementGroupPrefix)
|
|
|
|
- task: Bash@3
|
|
displayName: Az CLI Validate Alz Default policy assignments
|
|
name: validate_alz_default_policy_assign
|
|
inputs:
|
|
targetType: "inline"
|
|
script: |
|
|
az deployment mg validate --template-file infra-as-code/bicep/modules/policy/assignments/alzDefaults/mc-alzDefaultPolicyAssignments.bicep --parameters @infra-as-code/bicep/modules/policy/assignments/alzDefaults/parameters/alzDefaultPolicyAssignments.parameters.all.json parTopLevelManagementGroupPrefix=$(ManagementGroupPrefix) --location $(Location) --management-group-id $(ManagementGroupPrefix) --name $(ManagementGroupPrefix)
|
|
|
|
- task: Bash@3
|
|
displayName: Az CLI Validate Hub Networking for PR
|
|
name: validate_hub_network
|
|
inputs:
|
|
targetType: "inline"
|
|
script: |
|
|
az deployment group validate --resource-group $(ResourceGroupName) --template-file infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep --parameters @infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json --name $(ManagementGroupPrefix)
|
|
|
|
- task: Bash@3
|
|
displayName: Az CLI Validate vWan Networking for PR
|
|
name: validate_vwan_network
|
|
inputs:
|
|
targetType: "inline"
|
|
script: |
|
|
az deployment group validate --resource-group $(ResourceGroupName) --template-file infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep --parameters @infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json --name $(ManagementGroupPrefix)
|
|
|
|
- task: Bash@3
|
|
displayName: Az CLI Validate Spoke Networking for PR
|
|
name: validate_spoke_network
|
|
inputs:
|
|
targetType: "inline"
|
|
script: |
|
|
az deployment group validate --resource-group $(ResourceGroupName) --template-file infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep --name $(ManagementGroupPrefix)
|
|
|
|
- task: Bash@3
|
|
displayName: Az CLI Validate vWan Network connection for PR
|
|
name: validate_vwan_network_connection
|
|
inputs:
|
|
targetType: "inline"
|
|
script: |
|
|
az deployment sub validate --location $(Location) --template-file infra-as-code/bicep/modules/vnetPeeringVwan/vnetPeeringVwan.bicep --parameters @infra-as-code/bicep/modules/vnetPeeringVwan/parameters/vnetPeeringVwan.parameters.all.json parVirtualWanHubResourceId="/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.Network/virtualHubs/alz-vhub-$(Location)" parRemoteVirtualNetworkResourceId="/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.Network/virtualNetworks/vnet-spoke" --name $(ManagementGroupPrefix)
|
|
|
|
- task: Bash@3
|
|
displayName: Az CLI Validate vNet Peer for PR
|
|
name: validate_vnet_peer_spoke_2_hub
|
|
inputs:
|
|
targetType: "inline"
|
|
script: |
|
|
az deployment group validate --resource-group $(ResourceGroupName) --template-file infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep --parameters parDestinationVirtualNetworkId="/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.Network/virtualNetworks/alz-hub-eastus" parSourceVirtualNetworkName="vnet-spoke" parDestinationVirtualNetworkName="alz-hub-eastus" --name $(ManagementGroupPrefix)
|
|
|
|
- task: Bash@3
|
|
displayName: Az CLI Validate Public IP
|
|
name: validate_public_ip
|
|
inputs:
|
|
targetType: "inline"
|
|
script: |
|
|
az deployment group validate --resource-group $(ResourceGroupName) --template-file infra-as-code/bicep/modules/publicIp/publicIp.bicep --parameters @infra-as-code/bicep/modules/publicIp/parameters/publicIp.parameters.min.json --name $(ManagementGroupPrefix)
|
|
|
|
- task: Bash@3
|
|
displayName: Az CLI Validate Role Assignment to single Management Group
|
|
name: validate_role_assign_single_mg
|
|
inputs:
|
|
targetType: "inline"
|
|
script: |
|
|
az deployment mg validate --template-file infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep --parameters @infra-as-code/bicep/modules/roleAssignments/parameters/roleAssignmentManagementGroup.managedIdentity.parameters.all.json --location $(Location) --management-group-id $(ManagementGroupPrefix) --name $(ManagementGroupPrefix)
|
|
|
|
- task: Bash@3
|
|
displayName: Az CLI Validate Role Assignment to multiple Management Groups
|
|
name: validate_role_assign_multiple_mg
|
|
inputs:
|
|
targetType: "inline"
|
|
script: |
|
|
az deployment mg validate --template-file infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroupMany.bicep --parameters @infra-as-code/bicep/modules/roleAssignments/parameters/roleAssignmentManagementGroupMany.managedIdentity.parameters.all.json parManagementGroupIds='("$(ManagementGroupPrefix)-landingzones", "$(ManagementGroupPrefix)-platform")' --location $(Location) --management-group-id $(ManagementGroupPrefix) --name $(ManagementGroupPrefix)
|
|
|
|
- task: Bash@3
|
|
displayName: Az CLI Validate Role Assignment to single subscription
|
|
name: validate_role_assign_single_subscription
|
|
inputs:
|
|
targetType: "inline"
|
|
script: |
|
|
az deployment sub validate --template-file infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscription.bicep --parameters @infra-as-code/bicep/modules/roleAssignments/parameters/roleAssignmentSubscription.managedIdentity.parameters.all.json --location $(Location) --name $(ManagementGroupPrefix)
|
|
|
|
- task: Bash@3
|
|
displayName: Az CLI Validate Role Assignment to multiple subscriptions
|
|
name: validate_role_assign_multiple_subscription
|
|
inputs:
|
|
targetType: "inline"
|
|
script: |
|
|
az deployment mg validate --template-file infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscriptionMany.bicep --parameters @infra-as-code/bicep/modules/roleAssignments/parameters/roleAssignmentSubscriptionMany.managedIdentity.parameters.all.json parSubscriptionIds='("$(subscriptionId)","$(azvalidatesubscription)")' --location $(Location) --management-group-id $(ManagementGroupPrefix) --name $(ManagementGroupPrefix)
|
|
|
|
- task: Bash@3
|
|
displayName: Az CLI Validate hub peered spoke orchestration module
|
|
name: validate_hub_peer_spoke
|
|
inputs:
|
|
targetType: "inline"
|
|
script: |
|
|
az deployment mg validate --template-file infra-as-code/bicep/orchestration/hubPeeredSpoke/hubPeeredSpoke.bicep --parameters @infra-as-code/bicep/orchestration/hubPeeredSpoke/parameters/hubPeeredSpoke.parameters.all.json parPeeredVnetSubscriptionId="$(subscriptionId)" parHubVirtualNetworkId="/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.Network/virtualNetworks/alz-hub-eastus" parTopLevelManagementGroupPrefix="$(ManagementGroupPrefix)" parLocation=$(Location) --location $(Location) --management-group-id $(ManagementGroupPrefix) --name $(ManagementGroupPrefix)
|
|
|
|
- task: Bash@3
|
|
displayName: Az CLI Validate subPlacementAll orchestration module
|
|
name: validate_sub_placement_all
|
|
inputs:
|
|
targetType: "inline"
|
|
script: |
|
|
az deployment mg validate --template-file infra-as-code/bicep/orchestration/subPlacementAll/subPlacementAll.bicep --parameters @infra-as-code/bicep/orchestration/subPlacementAll/parameters/subPlacementAll.parameters.all.json parTopLevelManagementGroupPrefix="$(ManagementGroupPrefix)" parPlatformConnectivityMgSubs='["$(subscriptionId)"]' --location $(Location) --management-group-id $(ManagementGroupPrefix) --name "$(ManagementGroupPrefix)-subPlacement"
|
|
|
|
- job: bicep_cleanup
|
|
dependsOn: bicep_validate
|
|
displayName: Cleanup Bicep Validate Deployment for PR
|
|
pool:
|
|
vmImage: ubuntu-latest
|
|
steps:
|
|
- task: AzurePowerShell@5
|
|
displayName: Az PowerShell Remove/Cleanup Deployment
|
|
inputs:
|
|
azureSubscription: "mcserviceconnection"
|
|
ScriptType: "FilePath"
|
|
ScriptPath: ".github/scripts/mc-Wipe-AlzTenant.ps1"
|
|
ScriptArguments: '-tenantRootGroupID $(azclitenant) -intermediateRootGroupID "$(ManagementGroupPrefix)" -subscriptionName "$(subscriptionName)"'
|
|
azurePowerShellVersion: "LatestVersion"
|
|
pwsh: true
|