Azure
/
ARO-RP
зеркало из https://github.com/Azure/ARO-RP.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

add fullDeploy condition to all production template resources except VMSS 

Co-Authored-By: Mangirdas Judeikis <Mangirdas@Judeikis.LT>
This commit is contained in:
Jim Minter 2020-05-11 09:57:18 -05:00 коммит произвёл Mangirdas Judeikis
Родитель 25e43e01b1
Коммит 990c87446b
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: AA071F630E926BBD
15 изменённых файлов: 204 добавлений и 34 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

7
deploy/rp-production-global-subscription.json
Просмотреть файл

@ -1,6 +1,12 @@
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"fullDeploy": {
"type": "bool",
"defaultValue": false
}
},
"resources": [
{
"name": "48983534-3d06-4dcb-a566-08a694eb1279",
@ -23,6 +29,7 @@
"[subscription().id]"
]
},
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2018-01-01-preview"
}
]

7
deploy/rp-production-global.json
Просмотреть файл

@ -8,6 +8,10 @@
"fpServicePrincipalId": {
"type": "string"
},
"fullDeploy": {
"type": "bool",
"defaultValue": false
},
"location": {
"type": "string"
},
@ -20,6 +24,7 @@
"name": "[concat(substring(parameters('acrResourceId'), add(lastIndexOf(parameters('acrResourceId'), '/'), 1)), '/', parameters('location'))]",
"type": "Microsoft.ContainerRegistry/registries/replications",
"location": "[parameters('location')]",
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2019-05-01"
},
{
@ -31,6 +36,7 @@
"principalId": "[parameters('rpServicePrincipalId')]",
"principalType": "ServicePrincipal"
},
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2018-09-01-preview"
},
{
@ -42,6 +48,7 @@
"principalId": "[parameters('fpServicePrincipalId')]",
"principalType": "ServicePrincipal"
},
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2018-09-01-preview"
}
]

7
deploy/rp-production-managed-identity.json
Просмотреть файл

@ -1,11 +1,18 @@
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"fullDeploy": {
"type": "bool",
"defaultValue": false
}
},
"resources": [
{
"type": "Microsoft.ManagedIdentity/userAssignedIdentities",
"name": "[concat('aro-rp-', resourceGroup().location)]",
"location": "[resourceGroup().location]",
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2018-11-30"
}
]

3
deploy/rp-production-parameters.json
Просмотреть файл

@ -23,6 +23,9 @@
"fpServicePrincipalId": {
"value": ""
},
"fullDeploy": {
"value": false
},
"mdmFrontendUrl": {
"value": ""
},

3
deploy/rp-production-predeploy-parameters.json
Просмотреть файл

@ -14,6 +14,9 @@
"fpServicePrincipalId": {
"value": ""
},
"fullDeploy": {
"value": false
},
"keyvaultPrefix": {
"value": ""
},

6
deploy/rp-production-predeploy.json
Просмотреть файл

@ -45,6 +45,10 @@
"fpServicePrincipalId": {
"type": "string"
},
"fullDeploy": {
"type": "bool",
"defaultValue": false
},
"keyvaultPrefix": {
"type": "string",
"maxLength": 20
@ -119,6 +123,7 @@
"tags": {
"vault": "clusters"
},
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2016-10-01"
},
{
@ -137,6 +142,7 @@
"tags": {
"vault": "service"
},
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2016-10-01"
}
]

7
deploy/rp-production-subscription.json
Просмотреть файл

@ -1,6 +1,12 @@
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"fullDeploy": {
"type": "bool",
"defaultValue": false
}
},
"resources": [
{
"properties": {
@ -10,6 +16,7 @@
"name": "rp-health-ag",
"type": "Microsoft.Insights/actionGroups",
"location": "Global",
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2018-03-01"
}
]

25
deploy/rp-production.json
Просмотреть файл

@ -24,6 +24,10 @@
"fpServicePrincipalId": {
"type": "string"
},
"fullDeploy": {
"type": "bool",
"defaultValue": false
},
"mdmFrontendUrl": {
"type": "string"
},
@ -64,6 +68,7 @@
"name": "rp-pip",
"type": "Microsoft.Network/publicIPAddresses",
"location": "[resourceGroup().location]",
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2019-07-01"
},
{
@ -122,6 +127,7 @@
"name": "rp-lb",
"type": "Microsoft.Network/loadBalancers",
"location": "[resourceGroup().location]",
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2019-07-01",
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses', 'rp-pip')]"
@ -272,6 +278,7 @@
"name": "rp-availability-alert",
"type": "Microsoft.Insights/metricAlerts",
"location": "global",
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2018-03-01",
"dependsOn": [
"[resourceId('Microsoft.Network/loadBalancers', 'rp-lb')]"
@ -314,6 +321,7 @@
"name": "rp-degraded-alert",
"type": "Microsoft.Insights/metricAlerts",
"location": "global",
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2018-03-01",
"dependsOn": [
"[resourceId('Microsoft.Network/loadBalancers', 'rp-lb')]"
@ -356,6 +364,7 @@
"name": "rp-vnet-alert",
"type": "Microsoft.Insights/metricAlerts",
"location": "global",
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2018-03-01",
"dependsOn": [
"[resourceId('Microsoft.Network/loadBalancers', 'rp-lb')]"
@ -366,6 +375,7 @@
"name": "[parameters('domainName')]",
"type": "Microsoft.Network/dnsZones",
"location": "global",
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2018-05-01"
},
{
@ -405,6 +415,7 @@
"name": "rp-vnet",
"type": "Microsoft.Network/virtualNetworks",
"location": "[resourceGroup().location]",
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2019-07-01"
},
{
@ -431,6 +442,7 @@
"name": "rp-pe-vnet-001",
"type": "Microsoft.Network/virtualNetworks",
"location": "[resourceGroup().location]",
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2019-07-01"
},
{
@ -445,6 +457,7 @@
},
"name": "rp-vnet/peering-rp-pe-vnet-001",
"type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2019-07-01",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-vnet')]",
@ -464,6 +477,7 @@
},
"name": "rp-pe-vnet-001/peering-rp-vnet",
"type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2019-07-01",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-pe-vnet-001')]",
@ -498,6 +512,7 @@
"tags": {
"defaultExperience": "Core (SQL)"
},
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2019-08-01",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-vnet')]"
@ -515,6 +530,7 @@
"name": "[concat(parameters('databaseAccountName'), '/', 'ARO')]",
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases",
"location": "[resourceGroup().location]",
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2019-08-01",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]"
@ -537,6 +553,7 @@
"name": "[concat(parameters('databaseAccountName'), '/', 'ARO', '/AsyncOperations')]",
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
"location": "[resourceGroup().location]",
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2019-08-01",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccountName'), 'ARO')]",
@ -559,6 +576,7 @@
"name": "[concat(parameters('databaseAccountName'), '/', 'ARO', '/Billing')]",
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
"location": "[resourceGroup().location]",
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2019-08-01",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccountName'), 'ARO')]",
@ -582,6 +600,7 @@
"name": "[concat(parameters('databaseAccountName'), '/', 'ARO', '/Monitors')]",
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
"location": "[resourceGroup().location]",
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2019-08-01",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccountName'), 'ARO')]",
@ -623,6 +642,7 @@
"name": "[concat(parameters('databaseAccountName'), '/', 'ARO', '/OpenShiftClusters')]",
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
"location": "[resourceGroup().location]",
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2019-08-01",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccountName'), 'ARO')]",
@ -645,6 +665,7 @@
"name": "[concat(parameters('databaseAccountName'), '/', 'ARO', '/Subscriptions')]",
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
"location": "[resourceGroup().location]",
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2019-08-01",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccountName'), 'ARO')]",
@ -660,6 +681,7 @@
"principalId": "[parameters('rpServicePrincipalId')]",
"principalType": "ServicePrincipal"
},
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2018-09-01-preview"
},
{
@ -671,6 +693,7 @@
"principalId": "[parameters('fpServicePrincipalId')]",
"principalType": "ServicePrincipal"
},
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2018-09-01-preview"
},
{
@ -682,6 +705,7 @@
"principalId": "[parameters('rpServicePrincipalId')]",
"principalType": "ServicePrincipal"
},
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2018-09-01-preview",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]"
@ -696,6 +720,7 @@
"principalId": "[parameters('fpServicePrincipalId')]",
"principalType": "ServicePrincipal"
},
"condition": "[parameters('fullDeploy')]",
"apiVersion": "2018-09-01-preview",
"dependsOn": [
"[resourceId('Microsoft.Network/dnsZones', parameters('domainName'))]"

16
pkg/deploy/bindata.go
Просмотреть файл

Различия файлов скрыты, потому что одна или несколько строк слишком длинны

2
pkg/deploy/config_test.go
Просмотреть файл

@ -40,7 +40,7 @@ func TestConfigurationFieldParity(t *testing.T) {
// check each parameter exists as a field in Configuration
for name := range params.Parameters {
switch name {
case "deployNSGs", "domainName", "rpImage", "rpServicePrincipalId", "vmssName":
case "deployNSGs", "domainName", "fullDeploy", "rpImage", "rpServicePrincipalId", "vmssName":
default:
if _, found := m[name]; !found {
t.Errorf("field %s not found in config.Configuration but exists in templates", name)

11
pkg/deploy/deploy.go
Просмотреть файл

@ -7,6 +7,7 @@ import (
"context"
"encoding/base64"
"encoding/json"
"os"
"reflect"
"strings"
@ -43,7 +44,7 @@ type deployer struct {
deployments features.DeploymentsClient
groups features.ResourceGroupsClient
userassignedidentities msi.UserAssignedIdentitiesClient
publicips network.PublicIPAddressesClient
publicipaddresses network.PublicIPAddressesClient
vmss compute.VirtualMachineScaleSetsClient
vmssvms compute.VirtualMachineScaleSetVMsClient
zones dns.ZonesClient
@ -73,7 +74,7 @@ func New(ctx context.Context, log *logrus.Entry, config *RPConfig, version strin
deployments: features.NewDeploymentsClient(config.SubscriptionID, authorizer),
groups: features.NewResourceGroupsClient(config.SubscriptionID, authorizer),
userassignedidentities: msi.NewUserAssignedIdentitiesClient(config.SubscriptionID, authorizer),
publicips: network.NewPublicIPAddressesClient(config.SubscriptionID, authorizer),
publicipaddresses: network.NewPublicIPAddressesClient(config.SubscriptionID, authorizer),
vmss: compute.NewVirtualMachineScaleSetsClient(config.SubscriptionID, authorizer),
vmssvms: compute.NewVirtualMachineScaleSetVMsClient(config.SubscriptionID, authorizer),
zones: dns.NewZonesClient(config.SubscriptionID, authorizer),
@ -139,7 +140,7 @@ func (d *deployer) Deploy(ctx context.Context) error {
}
func (d *deployer) configureDNS(ctx context.Context) error {
rpPip, err := d.publicips.Get(ctx, d.config.ResourceGroupName, "rp-pip", "")
rpPip, err := d.publicipaddresses.Get(ctx, d.config.ResourceGroupName, "rp-pip", "")
if err != nil {
return err
}
@ -200,5 +201,9 @@ func (d *deployer) getParameters(ps map[string]interface{}) *arm.Parameters {
}
}
parameters.Parameters["fullDeploy"] = &arm.ParametersParameter{
Value: os.Getenv("FULL_DEPLOY") != "",
}
return parameters
}

12
pkg/deploy/deploy_test.go
Просмотреть файл

@ -20,7 +20,11 @@ func TestGetParameters(t *testing.T) {
{
name: "no parameters",
want: arm.Parameters{
Parameters: map[string]*arm.ParametersParameter{},
Parameters: map[string]*arm.ParametersParameter{
"fullDeploy": &arm.ParametersParameter{
Value: false,
},
},
},
},
{
@ -45,6 +49,9 @@ func TestGetParameters(t *testing.T) {
"extraClusterKeyvaultAccessPolicies": {
Value: []interface{}{"a", 1},
},
"fullDeploy": &arm.ParametersParameter{
Value: false,
},
},
},
},
@ -59,6 +66,9 @@ func TestGetParameters(t *testing.T) {
"extraClusterKeyvaultAccessPolicies": {
Value: []interface{}(nil),
},
"fullDeploy": &arm.ParametersParameter{
Value: false,
},
},
},
},

40
pkg/deploy/generator/resources.go
Просмотреть файл

@ -39,16 +39,12 @@ func (g *generator) managedIdentity() *arm.Resource {
Name: to.StringPtr("[concat('aro-rp-', resourceGroup().location)]"),
Location: to.StringPtr("[resourceGroup().location]"),
},
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.ManagedIdentity"],
}
}
func (g *generator) securityGroupRP() *arm.Resource {
var condition interface{}
if g.production {
condition = "[parameters('deployNSGs')]"
}
nsg := &mgmtnetwork.SecurityGroup{
SecurityGroupPropertiesFormat: &mgmtnetwork.SecurityGroupPropertiesFormat{
SecurityRules: &[]mgmtnetwork.SecurityRule{
@ -107,17 +103,12 @@ func (g *generator) securityGroupRP() *arm.Resource {
return &arm.Resource{
Resource: nsg,
Condition: condition,
Condition: g.conditionStanza("deployNSGs"),
APIVersion: azureclient.APIVersions["Microsoft.Network"],
}
}
func (g *generator) securityGroupPE() *arm.Resource {
var condition interface{}
if g.production {
condition = "[parameters('deployNSGs')]"
}
return &arm.Resource{
Resource: &mgmtnetwork.SecurityGroup{
SecurityGroupPropertiesFormat: &mgmtnetwork.SecurityGroupPropertiesFormat{},
@ -125,7 +116,7 @@ func (g *generator) securityGroupPE() *arm.Resource {
Type: to.StringPtr("Microsoft.Network/networkSecurityGroups"),
Location: to.StringPtr("[resourceGroup().location]"),
},
Condition: condition,
Condition: g.conditionStanza("deployNSGs"),
APIVersion: azureclient.APIVersions["Microsoft.Network"],
}
}
@ -411,6 +402,7 @@ func (g *generator) halfPeering(vnetA string, vnetB string) *arm.Resource {
},
Name: to.StringPtr(fmt.Sprintf("%s/peering-%s", vnetA, vnetB)),
},
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.Network"],
DependsOn: []string{
fmt.Sprintf("[resourceId('Microsoft.Network/virtualNetworks', '%s')]", vnetA),
@ -461,6 +453,7 @@ func (g *generator) rpvnet() *arm.Resource {
Type: to.StringPtr("Microsoft.Network/virtualNetworks"),
Location: to.StringPtr("[resourceGroup().location]"),
},
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.Network"],
}
}
@ -491,6 +484,7 @@ func (g *generator) pevnet() *arm.Resource {
Type: to.StringPtr("Microsoft.Network/virtualNetworks"),
Location: to.StringPtr("[resourceGroup().location]"),
},
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.Network"],
}
}
@ -508,6 +502,7 @@ func (g *generator) pip() *arm.Resource {
Type: to.StringPtr("Microsoft.Network/publicIPAddresses"),
Location: to.StringPtr("[resourceGroup().location]"),
},
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.Network"],
}
}
@ -570,6 +565,7 @@ func (g *generator) lb() *arm.Resource {
Type: to.StringPtr("Microsoft.Network/loadBalancers"),
Location: to.StringPtr("[resourceGroup().location]"),
},
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.Network"],
DependsOn: []string{
"[resourceId('Microsoft.Network/publicIPAddresses', 'rp-pip')]",
@ -588,6 +584,7 @@ func (g *generator) actionGroup(name string, shortName string) *arm.Resource {
Type: to.StringPtr("Microsoft.Insights/actionGroups"),
Location: to.StringPtr("Global"),
},
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.Insights"],
}
}
@ -630,6 +627,7 @@ func (g *generator) lbAlert(threshold float64, severity int32, name string, eval
Type: to.StringPtr("Microsoft.Insights/metricAlerts"),
Location: to.StringPtr("global"),
},
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.Insights"],
DependsOn: []string{
"[resourceId('Microsoft.Network/loadBalancers', 'rp-lb')]",
@ -1085,6 +1083,7 @@ func (g *generator) zone() *arm.Resource {
Type: to.StringPtr("Microsoft.Network/dnsZones"),
Location: to.StringPtr("global"),
},
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.Network/dnsZones"],
}
}
@ -1157,6 +1156,7 @@ func (g *generator) clustersKeyvault() *arm.Resource {
return &arm.Resource{
Resource: vault,
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.KeyVault"],
}
}
@ -1203,6 +1203,7 @@ func (g *generator) serviceKeyvault() *arm.Resource {
return &arm.Resource{
Resource: vault,
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.KeyVault"],
}
}
@ -1231,6 +1232,7 @@ func (g *generator) cosmosdb() []*arm.Resource {
r := &arm.Resource{
Resource: cosmosdb,
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.DocumentDB"],
}
@ -1274,6 +1276,7 @@ func (g *generator) database(databaseName string, addDependsOn bool) []*arm.Reso
Type: to.StringPtr("Microsoft.DocumentDB/databaseAccounts/sqlDatabases"),
Location: to.StringPtr("[resourceGroup().location]"),
},
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.DocumentDB"],
},
{
@ -1295,6 +1298,7 @@ func (g *generator) database(databaseName string, addDependsOn bool) []*arm.Reso
Type: to.StringPtr("Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers"),
Location: to.StringPtr("[resourceGroup().location]"),
},
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.DocumentDB"],
DependsOn: []string{
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccountName'), " + databaseName + ")]",
@ -1318,6 +1322,7 @@ func (g *generator) database(databaseName string, addDependsOn bool) []*arm.Reso
Type: to.StringPtr("Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers"),
Location: to.StringPtr("[resourceGroup().location]"),
},
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.DocumentDB"],
DependsOn: []string{
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccountName'), " + databaseName + ")]",
@ -1342,6 +1347,7 @@ func (g *generator) database(databaseName string, addDependsOn bool) []*arm.Reso
Type: to.StringPtr("Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers"),
Location: to.StringPtr("[resourceGroup().location]"),
},
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.DocumentDB"],
DependsOn: []string{
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccountName'), " + databaseName + ")]",
@ -1384,6 +1390,7 @@ func (g *generator) database(databaseName string, addDependsOn bool) []*arm.Reso
Type: to.StringPtr("Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers"),
Location: to.StringPtr("[resourceGroup().location]"),
},
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.DocumentDB"],
DependsOn: []string{
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccountName'), " + databaseName + ")]",
@ -1407,6 +1414,7 @@ func (g *generator) database(databaseName string, addDependsOn bool) []*arm.Reso
Type: to.StringPtr("Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers"),
Location: to.StringPtr("[resourceGroup().location]"),
},
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.DocumentDB"],
DependsOn: []string{
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccountName'), " + databaseName + ")]",
@ -1447,6 +1455,7 @@ func (g *generator) roleDefinitionTokenContributor() *arm.Resource {
},
},
},
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.Authorization/roleDefinitions"],
}
}
@ -1464,6 +1473,7 @@ func (g *generator) rbac() []*arm.Resource {
PrincipalType: mgmtauthorization.ServicePrincipal,
},
},
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.Authorization"],
},
{
@ -1477,6 +1487,7 @@ func (g *generator) rbac() []*arm.Resource {
PrincipalType: mgmtauthorization.ServicePrincipal,
},
},
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.Authorization"],
},
{
@ -1490,6 +1501,7 @@ func (g *generator) rbac() []*arm.Resource {
PrincipalType: mgmtauthorization.ServicePrincipal,
},
},
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.Authorization"],
DependsOn: []string{
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]",
@ -1506,6 +1518,7 @@ func (g *generator) rbac() []*arm.Resource {
PrincipalType: mgmtauthorization.ServicePrincipal,
},
},
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.Authorization"],
DependsOn: []string{
"[resourceId('Microsoft.Network/dnsZones', parameters('domainName'))]",
@ -1521,6 +1534,7 @@ func (g *generator) acrReplica() *arm.Resource {
Type: to.StringPtr("Microsoft.ContainerRegistry/registries/replications"),
Location: to.StringPtr("[parameters('location')]"),
},
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.ContainerRegistry"],
}
}
@ -1538,6 +1552,7 @@ func (g *generator) acrRbac() []*arm.Resource {
PrincipalType: mgmtauthorization.ServicePrincipal,
},
},
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.Authorization"],
},
{
@ -1551,6 +1566,7 @@ func (g *generator) acrRbac() []*arm.Resource {
PrincipalType: mgmtauthorization.ServicePrincipal,
},
},
Condition: g.conditionStanza("fullDeploy"),
APIVersion: azureclient.APIVersions["Microsoft.Authorization"],
},
}

71
pkg/deploy/generator/templates.go
Просмотреть файл

@ -13,6 +13,20 @@ import (
func (g *generator) managedIdentityTemplate() *arm.Template {
t := templateStanza()
params := []string{
"fullDeploy",
}
for _, param := range params {
p := &arm.TemplateParameter{Type: "string"}
switch param {
case "fullDeploy":
p.Type = "bool"
p.DefaultValue = false
}
t.Parameters[param] = p
}
t.Resources = append(t.Resources,
g.managedIdentity(),
)
@ -31,17 +45,18 @@ func (g *generator) rpTemplate() *arm.Template {
}
if g.production {
params = append(params,
"acrResourceId",
"adminApiCaBundle",
"adminApiClientCertCommonName",
"extraCosmosDBIPs",
"fullDeploy",
"mdmFrontendUrl",
"mdsdConfigVersion",
"mdsdEnvironment",
"acrResourceId",
"rpImage",
"rpMode",
"subscriptionResourceGroupName",
"sshPublicKey",
"subscriptionResourceGroupName",
"vmssName",
)
}
@ -51,6 +66,9 @@ func (g *generator) rpTemplate() *arm.Template {
switch param {
case "extraCosmosDBIPs", "rpMode":
p.DefaultValue = ""
case "fullDeploy":
p.Type = "bool"
p.DefaultValue = false
}
t.Parameters[param] = p
}
@ -79,12 +97,19 @@ func (g *generator) rpGlobalTemplate() *arm.Template {
params := []string{
"acrResourceId",
"fpServicePrincipalId",
"fullDeploy",
"location",
"rpServicePrincipalId",
}
for _, param := range params {
t.Parameters[param] = &arm.TemplateParameter{Type: "string"}
p := &arm.TemplateParameter{Type: "string"}
switch param {
case "fullDeploy":
p.Type = "bool"
p.DefaultValue = false
}
t.Parameters[param] = p
}
t.Resources = append(t.Resources,
@ -101,6 +126,20 @@ func (g *generator) rpGlobalTemplate() *arm.Template {
func (g *generator) rpGlobalSubscriptionTemplate() *arm.Template {
t := templateStanza()
params := []string{
"fullDeploy",
}
for _, param := range params {
p := &arm.TemplateParameter{Type: "string"}
switch param {
case "fullDeploy":
p.Type = "bool"
p.DefaultValue = false
}
t.Parameters[param] = p
}
t.Resources = append(t.Resources,
g.roleDefinitionTokenContributor(),
)
@ -111,6 +150,20 @@ func (g *generator) rpGlobalSubscriptionTemplate() *arm.Template {
func (g *generator) rpSubscriptionTemplate() *arm.Template {
t := templateStanza()
params := []string{
"fullDeploy",
}
for _, param := range params {
p := &arm.TemplateParameter{Type: "string"}
switch param {
case "fullDeploy":
p.Type = "bool"
p.DefaultValue = false
}
t.Parameters[param] = p
}
t.Resources = append(t.Resources, g.actionGroup("rp-health-ag", "rphealth"))
return t
@ -170,6 +223,7 @@ func (g *generator) preDeployTemplate() *arm.Template {
"deployNSGs",
"extraClusterKeyvaultAccessPolicies",
"extraServiceKeyvaultAccessPolicies",
"fullDeploy",
"rpNsgSourceAddressPrefixes",
)
} else {
@ -187,6 +241,9 @@ func (g *generator) preDeployTemplate() *arm.Template {
case "extraClusterKeyvaultAccessPolicies", "extraServiceKeyvaultAccessPolicies":
p.Type = "array"
p.DefaultValue = []interface{}{}
case "fullDeploy":
p.Type = "bool"
p.DefaultValue = false
case "rpNsgSourceAddressPrefixes":
p.Type = "array"
p.DefaultValue = []string{}
@ -287,6 +344,14 @@ func (g *generator) templateFixup(t *arm.Template) ([]byte, error) {
return append(b, byte('\n')), nil
}
func (g *generator) conditionStanza(parameterName string) interface{} {
if g.production {
return "[parameters('" + parameterName + "')]"
}
return nil
}
func templateStanza() *arm.Template {
return &arm.Template{
Schema: "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",

21
pkg/deploy/predeploy.go
Просмотреть файл

@ -118,11 +118,14 @@ func (d *deployer) deployGlobalSubscription(ctx context.Context) error {
return err
}
parameters := d.getParameters(template["parameters"].(map[string]interface{}))
d.log.Infof("deploying %s", deploymentName)
return d.globaldeployments.CreateOrUpdateAtSubscriptionScopeAndWait(ctx, deploymentName, mgmtfeatures.Deployment{
Properties: &mgmtfeatures.DeploymentProperties{
Template: template,
Mode: mgmtfeatures.Incremental,
Template: template,
Mode: mgmtfeatures.Incremental,
Parameters: parameters.Parameters,
},
Location: to.StringPtr("centralus"),
})
@ -142,11 +145,14 @@ func (d *deployer) deploySubscription(ctx context.Context) error {
return err
}
parameters := d.getParameters(template["parameters"].(map[string]interface{}))
d.log.Infof("deploying %s", deploymentName)
return d.deployments.CreateOrUpdateAndWait(ctx, d.config.Configuration.SubscriptionResourceGroupName, deploymentName, mgmtfeatures.Deployment{
Properties: &mgmtfeatures.DeploymentProperties{
Template: template,
Mode: mgmtfeatures.Incremental,
Template: template,
Mode: mgmtfeatures.Incremental,
Parameters: parameters.Parameters,
},
})
}
@ -165,11 +171,14 @@ func (d *deployer) deployManageIdentity(ctx context.Context) error {
return err
}
parameters := d.getParameters(template["parameters"].(map[string]interface{}))
d.log.Infof("deploying %s", deploymentName)
return d.deployments.CreateOrUpdateAndWait(ctx, d.config.ResourceGroupName, deploymentName, mgmtfeatures.Deployment{
Properties: &mgmtfeatures.DeploymentProperties{
Template: template,
Mode: mgmtfeatures.Incremental,
Template: template,
Mode: mgmtfeatures.Incremental,
Parameters: parameters.Parameters,
},
})
}