Added SHIR Deployment via Custom Data (#214)

* Added SHIR Deployment via Custom Data

* linting

* Updated deployment parameter

* updated docs

* small bugfixes

.ado/workflows/dataLandingZoneDeployment.yml

@@ -76,7 +76,6 @@ stages:
               deploymentMode: "Validation"
               overrideParameters: >
                 -administratorPassword "$(password)"
-                -deploySelfHostedIntegrationRuntimes false
 
           # Deploy Data Landing Zone - what-if
           - task: AzureCLI@2
@@ -97,7 +96,7 @@ stages:
                   --subscription ${{ variables.AZURE_SUBSCRIPTION_ID }} `
                   --exclude-change-types Ignore NoChange Unsupported `
                   --template-file "$(System.DefaultWorkingDirectory)/infra/main.json" `
-                  --parameters "$(System.DefaultWorkingDirectory)/infra/params.dev.json" administratorPassword="$(password)" deploySelfHostedIntegrationRuntimes=false `
+                  --parameters "$(System.DefaultWorkingDirectory)/infra/params.dev.json" administratorPassword="$(password)" `
                   --result-format "FullResourcePayloads"
                 
               powerShellErrorActionPreference: "stop"
@@ -142,10 +141,10 @@ stages:
               ignoreLASTEXITCODE: false
               pwsh: true
 
-          # Deploy Data Landing Zone - w/o SHIR
+          # Deploy Data Landing Zone
           - task: AzureResourceManagerTemplateDeployment@3
             name: data_landing_zone_deployment_001
-            displayName: Data Landing Zone - w/o SHIR
+            displayName: Data Landing Zone
             enabled: true
             continueOnError: false
             inputs:
@@ -160,47 +159,6 @@ stages:
               deploymentMode: "Incremental"
               overrideParameters: >
                 -administratorPassword "$(password)"
-                -deploySelfHostedIntegrationRuntimes false
-          
-          # Upload File to Artifact Storage Account
-          - task: AzurePowerShell@4
-            name: upload_file_001
-            displayName: Upload File to Artifact Storage Account
-            enabled: true
-            continueOnError: false
-            inputs:
-              azureSubscription: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
-              scriptType: 'filePath'
-              scriptPath: '$(System.DefaultWorkingDirectory)/code/UploadBlob.ps1'
-              scriptArguments:
-                -ResourceGroupName $(dataLandingZoneDetails01.artifactstorage001ResourceGroupName.value)
-                -StorageAccountName $(dataLandingZoneDetails01.artifactstorage001Name.value)
-                -StorageAccountContainerName $(dataLandingZoneDetails01.artifactstorage001ContainerName.value)
-                -File "$(System.DefaultWorkingDirectory)/code/installSHIRGateway.ps1"
-                -Blob "installSHIRGateway.ps1"
-              errorActionPreference: 'stop'
-              failOnStandardError: false
-              azurePowerShellVersion: 'latestVersion'
-          
-          # Deploy Data Landing Zone - w/ SHIR
-          - task: AzureResourceManagerTemplateDeployment@3
-            name: data_landing_zone_deployment_002
-            displayName: Data Landing Zone - w/ SHIR
-            enabled: true
-            continueOnError: false
-            inputs:
-              deploymentScope: "Subscription"
-              azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
-              subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
-              location: ${{ variables.AZURE_LOCATION }}
-              templateLocation: "Linked artifact"
-              csmFile: "$(System.DefaultWorkingDirectory)/infra/main.json"
-              csmParametersFile: "$(System.DefaultWorkingDirectory)/infra/params.dev.json"
-              deploymentOutputs: 'dataLandingZoneDetails01'
-              deploymentMode: "Incremental"
-              overrideParameters: >
-                -administratorPassword "$(password)"
-                -deploySelfHostedIntegrationRuntimes true
           
           # Restart MySQL Server 001
           - task: AzurePowerShell@4

.github/linters/.arm-ttk.psd1

@@ -9,5 +9,6 @@
         'DependsOn Best Practices',
         'Outputs Must Not Contain Secrets',
         'IDs Should Be Derived From ResourceIDs'
+        'apiVersions Should Be Recent'
     )
 }

.github/linters/.powershell-psscriptanalyzer.psd1

@@ -9,10 +9,10 @@
     #IncludeDefaultRules=${true}
     ExcludeRules = @(
        'PSUseShouldProcessForStateChangingFunctions',
-       'PSReviewUnusedParameter'
-       'PSAvoidGlobalVars'
-       'PSAvoidUsingPlainTextForPassword'
-       'PSAvoidUsingConvertToSecureStringWithPlainText'
+       'PSReviewUnusedParameter',
+       'PSAvoidGlobalVars',
+       'PSAvoidUsingPlainTextForPassword',
+       'PSAvoidUsingConvertToSecureStringWithPlainText',
        'PSPossibleIncorrectUsageOfAssignmentOperator'
     )
     #IncludeRules = @( )

.github/workflows/dataLandingZoneDeployment.yml

@@ -53,7 +53,7 @@ jobs:
           subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
           region: ${{ env.AZURE_LOCATION }}
           template: ${{ github.workspace }}/infra/main.json
-          parameters: ${{ github.workspace }}/infra/params.dev.json administratorPassword="${{ steps.generate_password_001.outputs.password }}" deploySelfHostedIntegrationRuntimes=false
+          parameters: ${{ github.workspace }}/infra/params.dev.json administratorPassword="${{ steps.generate_password_001.outputs.password }}"
           deploymentMode: Validate
           failOnStdErr: false
 
@@ -72,7 +72,7 @@ jobs:
               --subscription ${{ env.AZURE_SUBSCRIPTION_ID }} \
               --exclude-change-types Ignore NoChange Unsupported \
               --template-file "${GITHUB_WORKSPACE}/infra/main.json" \
-              --parameters "${GITHUB_WORKSPACE}/infra/params.dev.json" administratorPassword="${{ steps.generate_password_001.outputs.password }}" deploySelfHostedIntegrationRuntimes=false \
+              --parameters "${GITHUB_WORKSPACE}/infra/params.dev.json" administratorPassword="${{ steps.generate_password_001.outputs.password }}" \
               --result-format "FullResourcePayloads"
 
       # Log out from Azure
@@ -112,8 +112,8 @@ jobs:
           echo "Generating Password"
           pwsh "${GITHUB_WORKSPACE}/code/GeneratePassword.ps1" -GitHub
 
-      # Deploy Data Landing Zone - w/o SHIR
-      - name: Deploy Data Landing Zone - w/o SHIR
+      # Deploy Data Landing Zone
+      - name: Deploy Data Landing Zone
         id: data_landing_zone_deployment001
         uses: azure/arm-deploy@v1
         with:
@@ -121,34 +121,7 @@ jobs:
           subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
           region: ${{ env.AZURE_LOCATION }}
           template: ${{ github.workspace }}/infra/main.json
-          parameters: ${{ github.workspace }}/infra/params.dev.json administratorPassword="${{ steps.generate_password_001.outputs.password }}" deploySelfHostedIntegrationRuntimes=false
-          deploymentMode: Incremental
-          failOnStdErr: false
-
-      # Upload file to Storage Account 001
-      - name: Upload file to Storage Account 001
-        id: upload_file_001
-        uses: azure/powershell@v1
-        with:
-          azPSVersion: latest
-          inlineScript: |
-            & "${{ github.workspace }}/code/UploadBlob.ps1" `
-              -ResourceGroupName "${{ steps.data_landing_zone_deployment001.outputs.artifactstorage001ResourceGroupName }}" `
-              -StorageAccountName "${{ steps.data_landing_zone_deployment001.outputs.artifactstorage001Name }}" `
-              -StorageAccountContainerName "${{ steps.data_landing_zone_deployment001.outputs.artifactstorage001ContainerName }}" `
-              -File "${{ github.workspace }}/code/installSHIRGateway.ps1" `
-              -Blob "installSHIRGateway.ps1"
-
-      # Deploy Data Landing Zone - w/ SHIR
-      - name: Deploy Data Landing Zone - w/ SHIR
-        id: data_landing_zone_deployment002
-        uses: azure/arm-deploy@v1
-        with:
-          scope: subscription
-          subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
-          region: ${{ env.AZURE_LOCATION }}
-          template: ${{ github.workspace }}/infra/main.json
-          parameters: ${{ github.workspace }}/infra/params.dev.json administratorPassword="${{ steps.generate_password_001.outputs.password }}" deploySelfHostedIntegrationRuntimes=true
+          parameters: ${{ github.workspace }}/infra/params.dev.json administratorPassword="${{ steps.generate_password_001.outputs.password }}"
           deploymentMode: Incremental
           failOnStdErr: false
 

docs/EnterpriseScaleAnalytics-AzureDevOpsDeployment.md

@@ -26,7 +26,7 @@ First, you need to create an Azure Resource Manager service connection. To do so
 1. On the next page select **Service principal (manual)**.
 1. Select the appropriate environment to which you would like to deploy the templates. Only the default option **Azure Cloud** is currently supported.
 1. For the **Scope Level**, select **Subscription** and enter your `subscription Id` and `name`.
-1. Enter the details of the service principal that we have generated in step 3. (**Service Principal Id** = **clientId**, **Service Principal Key** = **clientSecret**, **Tenant ID** = **tenantId**) and click on **Verify** to make sure that the connection works.
+1. Enter the details of the service principal that we have generated in step 3. (**Service Principal ID** = **clientId**, **Service Principal Key** = **clientSecret**, **Tenant ID** = **tenantId**) and click on **Verify** to make sure that the connection works.
 1. Enter a user-friendly **Connection name** to use when referring to this service connection. Take note of the name because this will be required in the parameter update process.
 1. Optionally, enter a **Description**.
 1. Click on **Verify and save**.
@@ -83,7 +83,7 @@ To begin, please open the [infra/params.dev.json](/infra/params.dev.json). In th
 | `dataIntegration002SubnetAddressPrefix` | Specifies the address space of the subnet that is used for data integration 002. | `10.1.7.0/24` |
 | `dataProduct001SubnetAddressPrefix` | Specifies the address space of the subnet that is used for data product 001. | `10.1.8.0/24` |
 | `dataProduct002SubnetAddressPrefix` | Specifies the address space of the subnet that is used for data product 002. | `10.1.9.0/24` |
-| `dataManagementZoneVnetId` | Specifies the Resource Id of the VNET in the data management zone. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/virtualNetworks/{vnet-name}` |
+| `dataManagementZoneVnetId` | Specifies the Resource ID of the VNet in the data management zone. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/virtualNetworks/{vnet-name}` |
 | `firewallPrivateIp` | Specifies the private IP address of the central firewall. | `10.0.0.4` |
 | `dnsServerAdresses` | Specifies the private IP addresses of the DNS servers. | `[ 10.0.0.4 ]` |
 | `administratorPassword` | Specifies the administrator password of the sql servers. Will be automatically set in the workflow. **Leave this value as is.** | `<your-secure-password>` |
@@ -141,7 +141,7 @@ As a last step, you need to create an Azure DevOps pipeline in your project base
 
 1. Click on **Continue** and then on **Run**.
 
-## Merge these changes back to the `main` branch of your repo
+## Merge these changes back to the `main` branch of your repository
 
 After following the instructions and updating the parameters and variables in your repository in a separate branch and opening the pull request, you can merge the pull request back into the `main` branch of your repository by clicking on **Merge pull request**. Finally, you can click on **Delete branch** to clean up your repository. By doing this, you trigger the deployment workflow.
 

docs/EnterpriseScaleAnalytics-GitHubActionsDeployment.md

@@ -75,7 +75,7 @@ To begin, please open the [infra/params.dev.json](/infra/params.dev.json). In th
 | `dataIntegration002SubnetAddressPrefix` | Specifies the address space of the subnet that is used for Data Integration 002. | `10.1.7.0/24` |
 | `dataProduct001SubnetAddressPrefix` | Specifies the address space of the subnet that is used for Data Product 001. | `10.1.8.0/24` |
 | `dataProduct002SubnetAddressPrefix` | Specifies the address space of the subnet that is used for Data Product 002. | `10.1.9.0/24` |
-| `dataManagementZoneVnetId` | Specifies the resource Id of the vnet in the Data Management Zone. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/virtualNetworks/{vnet-name}` |
+| `dataManagementZoneVnetId` | Specifies the Resource ID of the VNet in the Data Management Zone. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/virtualNetworks/{vnet-name}` |
 | `firewallPrivateIp` | Specifies the private IP address of the central firewall. | `10.0.0.4` |
 | `dnsServerAdresses` | Specifies the private IP addresses of the DNS Servers. | `[ 10.0.0.4 ]` |
 | `administratorPassword` | Specifies the administrator password of the SQL Servers. Will be automatically set in the workflow. **Leave this value as is.** | `<your-secure-password>` |
@@ -84,7 +84,6 @@ To begin, please open the [infra/params.dev.json](/infra/params.dev.json). In th
 | `purviewManagedEventHubId` | Specifies the Resource ID of the managed event hub of the central purview instance. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.EventHub/namespaces/{eventhub-namespace-name}` |
 | `purviewSelfHostedIntegrationRuntimeAuthKey` | Specifies the Auth Key for the Self-hosted integration runtime of Purview. | `<your-purview-shir-auth-key>` |
 | `deploySelfHostedIntegrationRuntimes` | Specifies whether the self-hosted integration runtimes should be deployed. This only works, if the pwsh script was uploded and is available. | `true` or `false` |
-| `portalDeployment` | Specifies whether the deployment was submitted through the Azure Portal. | `true` or `false` |
 | `privateDnsZoneIdKeyVault` | Specifies the Resource ID of the private DNS zone for KeyVault. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net` |
 | `privateDnsZoneIdDataFactory` | Specifies the Resource ID of the private DNS zone for Data Factory. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net` |
 | `privateDnsZoneIdDataFactoryPortal` | Specifies the Resource ID of the private DNS zone for Data Factory Portal. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com` |
@@ -96,7 +95,7 @@ To begin, please open the [infra/params.dev.json](/infra/params.dev.json). In th
 | `privateDnsZoneIdSynapseDev` | Specifies the Resource ID of the private DNS zone for Synapse Dev. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.dev.azuresynapse.net` |
 | `privateDnsZoneIdSynapseSql` | Specifies the Resource ID of the private DNS zone for Synapse Sql. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.sql.azuresynapse.net` |
 
-## Merge these changes back to the `main` branch of your repo
+## Merge these changes back to the `main` branch of your repository
 
 After following the instructions and updating the parameters and variables in your repository in a separate branch and opening the pull request, you can merge the pull request back into the `main` branch of your repository by clicking on **Merge pull request**. Finally, you can click on **Delete branch** to clean up your repository. By doing this, you trigger the deployment workflow.
 

docs/reference/portal.dataLandingZone.json

@@ -1401,7 +1401,6 @@
                 "firewallPrivateIp": "[if(equals(steps('connectivitySettings').sharedNetworkInfrastructureConfiguration.existingFirewallType, 'azureFirewall'), first(map(steps('connectivitySettings').sharedNetworkInfrastructureConfiguration.azureFirewallPrivateIpApi.properties.ipConfigurations, (item) => item.properties.privateIPAddress)), steps('connectivitySettings').sharedNetworkInfrastructureConfiguration.firewallPrivateIp)]",
                 "dnsServerAdresses": "[if(equals(steps('connectivitySettings').sharedNetworkInfrastructureConfiguration.existingFirewallType, 'azureFirewall'), map(steps('connectivitySettings').sharedNetworkInfrastructureConfiguration.azureFirewallPrivateIpApi.properties.ipConfigurations, (item) => item.properties.privateIPAddress), split(steps('connectivitySettings').sharedNetworkInfrastructureConfiguration.dnsServerAdresses, ','))]",
                 "administratorPassword": "[if(empty(steps('generalSettings').servicesSettings.administratorPassword.password), '', steps('generalSettings').servicesSettings.administratorPassword.password)]",
-                "portalDeployment": true,
                 "deploySelfHostedIntegrationRuntimes": "[if(equals(steps('generalSettings').selfhostedIntegrationRuntimeSettings.deploySelfHostedIntegrationRuntimes, 'Yes'), true, false)]",
                 "purviewSelfHostedIntegrationRuntimeAuthKey": "[if(empty(steps('generalSettings').selfhostedIntegrationRuntimeSettings.purviewSelfHostedIntegrationRuntimeAuthKey), '', steps('generalSettings').selfhostedIntegrationRuntimeSettings.purviewSelfHostedIntegrationRuntimeAuthKey)]",
                 "purviewId": "[if(empty(steps('generalSettings').dataGovernanceSettings.purviewId.id), '', steps('generalSettings').dataGovernanceSettings.purviewId.id)]",

infra/main.bicep

@@ -65,10 +65,8 @@ param purviewManagedEventHubId string = ''
 @secure()
 @description('Specifies the Auth Key for the Self-hosted integration runtime of Purview.')
 param purviewSelfHostedIntegrationRuntimeAuthKey string = ''
-@description('Specifies whether the self-hosted integration runtimes should be deployed. This only works, if the pwsh script was uploded and is available.')
+@description('Specifies whether the self-hosted integration runtimes should be deployed.')
 param deploySelfHostedIntegrationRuntimes bool = false
-@description('Specifies whether the deployment was submitted through the Azure Portal.')
-param portalDeployment bool = false
 
 // Private DNS Zone parameters
 @description('Specifies the resource ID of the private DNS zone for Key Vault.')
@@ -190,7 +188,6 @@ module runtimeServices 'modules/runtimes.bicep' = {
     datafactoryIds: [
       sharedIntegrationServices.outputs.datafactoryIntegration001Id
     ]
-    portalDeployment: portalDeployment
   }
 }
 
@@ -363,9 +360,6 @@ resource dataProduct002ResourceGroup 'Microsoft.Resources/resourceGroups@2021-01
 output vnetId string = networkServices.outputs.vnetId
 output nsgId string = networkServices.outputs.nsgId
 output routeTableId string = networkServices.outputs.routeTableId
-output artifactstorage001ResourceGroupName string = split(runtimeServices.outputs.artifactstorage001Id, '/')[4]
-output artifactstorage001Name string = last(split(runtimeServices.outputs.artifactstorage001Id, '/'))
-output artifactstorage001ContainerName string = runtimeServices.outputs.artifactstorage001ContainerName
 output mySqlServer001SubscriptionId string = split(metadataServices.outputs.mySqlServer001Id, '/')[2]
 output mySqlServer001ResourceGroupName string = split(metadataServices.outputs.mySqlServer001Id, '/')[4]
 output mySqlServer001Name string = last(split(metadataServices.outputs.mySqlServer001Id, '/'))

infra/modules/runtimes.bicep

@@ -19,25 +19,13 @@ param purviewId string = ''
 param purviewSelfHostedIntegrationRuntimeAuthKey string = ''
 param deploySelfHostedIntegrationRuntimes bool = false
 param datafactoryIds array
-param portalDeployment bool = false
 
 // Variables
-var artifactstorage001Name = '${prefix}-artfct001'
 var datafactoryRuntimes001Name = '${prefix}-runtime-datafactory001'
 var shir001Name = '${prefix}-shir001'
 var shir002Name = '${prefix}-shir002'
 
 // Resources
-module artifactstorage001 'services/artifactstorage.bicep' = {
-  name: 'artifactstorage001'
-  scope: resourceGroup()
-  params: {
-    location: location
-    tags: tags
-    artifactstorageName: artifactstorage001Name
-  }
-}
-
 module datafactoryRuntimes001 'services/datafactoryruntime.bicep' = {
   name: 'datafactoryRuntimes001'
   scope: resourceGroup()
@@ -76,13 +64,10 @@ module datafactoryRuntimes001SelfHostedIntegrationRuntime001 'services/selfHoste
     administratorUsername: administratorUsername
     administratorPassword: administratorPassword
     datafactoryIntegrationRuntimeAuthKey: listAuthKeys(datafactoryRuntimes001IntegrationRuntime001.id, datafactoryRuntimes001IntegrationRuntime001.apiVersion).authKey1
-    storageAccountContainerName: artifactstorage001.outputs.storageAccountContainerName
-    storageAccountId: artifactstorage001.outputs.storageAccountId
     vmssName: shir001Name
     vmssSkuCapacity: 1
     vmssSkuName: 'Standard_DS2_v2'
     vmssSkuTier: 'Standard'
-    portalDeployment: portalDeployment
   }
 }
 
@@ -109,16 +94,11 @@ module purviewSelfHostedIntegrationRuntime001 'services/selfHostedIntegrationRun
     administratorUsername: administratorUsername
     administratorPassword: administratorPassword
     datafactoryIntegrationRuntimeAuthKey: purviewSelfHostedIntegrationRuntimeAuthKey
-    storageAccountContainerName: artifactstorage001.outputs.storageAccountContainerName
-    storageAccountId: artifactstorage001.outputs.storageAccountId
     vmssName: shir002Name
     vmssSkuCapacity: 1
     vmssSkuName: 'Standard_DS2_v2'
     vmssSkuTier: 'Standard'
-    portalDeployment: portalDeployment
   }
 }
 
 // Outputs
-output artifactstorage001Id string = artifactstorage001.outputs.storageAccountId
-output artifactstorage001ContainerName string = artifactstorage001.outputs.storageAccountContainerName

infra/modules/services/artifactstorage.bicep

@@ -1,90 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-
-// This template is used to create a public storage account.
-targetScope = 'resourceGroup'
-
-// Parameters
-param location string
-param tags object
-param artifactstorageName string
-
-// Variables
-var artifactstorageNameCleaned = replace(artifactstorageName, '-', '')
-
-// Resources
-resource artifactstorage 'Microsoft.Storage/storageAccounts@2021-02-01' = {
-  name: artifactstorageNameCleaned
-  location: location
-  tags: tags
-  identity: {
-    type: 'SystemAssigned'
-  }
-  sku: {
-    name: 'Standard_LRS'
-    tier: 'Standard'
-  }
-  kind: 'StorageV2'
-  properties: {
-    accessTier: 'Hot'
-    allowBlobPublicAccess: false
-    allowSharedKeyAccess: true
-    encryption: {
-      keySource: 'Microsoft.Storage'
-      requireInfrastructureEncryption: false
-      services: {
-        blob: {
-          enabled: true
-          keyType: 'Account'
-        }
-        file: {
-          enabled: true
-          keyType: 'Account'
-        }
-        queue: {
-          enabled: true
-          keyType: 'Service'
-        }
-        table: {
-          enabled: true
-          keyType: 'Service'
-        }
-      }
-    }
-    isHnsEnabled: false
-    isNfsV3Enabled: false
-    largeFileSharesState: 'Disabled'
-    minimumTlsVersion: 'TLS1_2'
-    networkAcls: {
-      bypass: 'AzureServices'
-      defaultAction: 'Allow'
-      ipRules: []
-      virtualNetworkRules: []
-      resourceAccessRules: []
-    }
-    routingPreference: {
-      routingChoice: 'MicrosoftRouting'
-      publishInternetEndpoints: false
-      publishMicrosoftEndpoints: false
-    }
-    supportsHttpsTrafficOnly: true
-  }
-}
-
-resource artifactStorageBlobServices 'Microsoft.Storage/storageAccounts/blobServices@2021-04-01' existing = {
-  parent: artifactstorage
-  name: 'default'
-}
-
-resource artifactstorageScriptsContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-02-01' = {
-  parent: artifactStorageBlobServices
-  name: 'scripts'
-  properties: {
-    publicAccess: 'None'
-    metadata: {}
-  }
-}
-
-// Outputs
-output storageAccountId string = artifactstorage.id
-output storageAccountContainerName string = artifactstorageScriptsContainer.name

infra/modules/services/selfHostedIntegrationRuntime.bicep

@@ -12,22 +12,17 @@ param vmssName string
 param vmssSkuName string = 'Standard_DS2_v2'
 param vmssSkuTier string = 'Standard'
 param vmssSkuCapacity int = 1
-param storageAccountId string
-param storageAccountContainerName string
 param administratorUsername string = 'VmssMainUser'
 @secure()
 param administratorPassword string
 @secure()
 param datafactoryIntegrationRuntimeAuthKey string
-param portalDeployment bool = false
 
 // Variables
-var storageAccountName = length(split(storageAccountId, '/')) >= 9 ? last(split(storageAccountId, '/')) : 'incorrectSegmentLength'
 var loadbalancerName = '${vmssName}-lb'
-var fileUri = 'https://raw.githubusercontent.com/Azure/data-landing-zone/main/code/installSHIRGateway.ps1'
 
 // Resources
-resource loadbalancer001 'Microsoft.Network/loadBalancers@2020-11-01' = {
+resource loadbalancer001 'Microsoft.Network/loadBalancers@2021-03-01' = {
   name: loadbalancerName
   location: location
   tags: tags
@@ -102,7 +97,7 @@ resource loadbalancer001 'Microsoft.Network/loadBalancers@2020-11-01' = {
   }
 }
 
-resource vmss001 'Microsoft.Compute/virtualMachineScaleSets@2020-12-01' = {
+resource vmss001 'Microsoft.Compute/virtualMachineScaleSets@2021-07-01' = {
   name: vmssName
   location: location
   tags: tags
@@ -135,6 +130,7 @@ resource vmss001 'Microsoft.Compute/virtualMachineScaleSets@2020-12-01' = {
         adminUsername: administratorUsername
         adminPassword: administratorPassword
         computerNamePrefix: take(vmssName, 9)
+        customData: loadFileAsBase64('../../../code/installSHIRGateway.ps1')
       }
       networkProfile: {
         networkInterfaceConfigurations: [
@@ -176,7 +172,7 @@ resource vmss001 'Microsoft.Compute/virtualMachineScaleSets@2020-12-01' = {
         imageReference: {
           offer: 'WindowsServer'
           publisher: 'MicrosoftWindowsServer'
-          sku: '2019-Datacenter'
+          sku: '2022-datacenter-azure-edition'
           version: 'latest'
         }
         osDisk: {
@@ -194,14 +190,10 @@ resource vmss001 'Microsoft.Compute/virtualMachineScaleSets@2020-12-01' = {
               typeHandlerVersion: '1.10'
               autoUpgradeMinorVersion: true
               settings: {
-                fileUris: [
-                  portalDeployment ? fileUri : 'https://${storageAccountName}.blob.${environment().suffixes.storage}/${storageAccountContainerName}/installSHIRGateway.ps1'
-                ]
+                fileUris: []
               }
               protectedSettings: {
-                commandToExecute: 'powershell.exe -ExecutionPolicy Unrestricted -File installSHIRGateway.ps1 -gatewayKey "${datafactoryIntegrationRuntimeAuthKey}"'
-                storageAccountName: storageAccountName
-                storageAccountKey: listkeys(storageAccountId, '2021-02-01').keys[0].value
+                commandToExecute: 'powershell.exe -ExecutionPolicy Unrestricted -NoProfile -NonInteractive -command "cp c:/azuredata/customdata.bin c:/azuredata/installSHIRGateway.ps1; c:/azuredata/installSHIRGateway.ps1 -gatewayKey "${datafactoryIntegrationRuntimeAuthKey}"'
               }
             }
           }

infra/params.dev.json

@@ -73,11 +73,8 @@
         "purviewSelfHostedIntegrationRuntimeAuthKey": {
             "value": ""
         },
-        "portalDeployment": {
-            "value": false
-        },
         "deploySelfHostedIntegrationRuntimes": {
-            "value": false
+            "value": true
         },
         "privateDnsZoneIdKeyVault": {
             "value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"

infra/params.prod.json

@@ -74,10 +74,7 @@
             "value": ""
         },
         "deploySelfHostedIntegrationRuntimes": {
-            "value": false
-        },
-        "portalDeployment": {
-            "value": false
+            "value": true
         },
         "privateDnsZoneIdKeyVault": {
             "value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-prd-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"

infra/params.test.json

@@ -74,10 +74,7 @@
             "value": ""
         },
         "deploySelfHostedIntegrationRuntimes": {
-            "value": false
-        },
-        "portalDeployment": {
-            "value": false
+            "value": true
         },
         "privateDnsZoneIdKeyVault": {
             "value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-tst-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"