Azure
/
data-management-zone
зеркало из https://github.com/Azure/data-management-zone.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merge pull request #23 from Azure/update_services_and_deployment 

Update services and deployment
This commit is contained in:
Marvin Buss 2021-02-05 13:39:11 +01:00 коммит произвёл GitHub
Родитель b39256bb2b d663621800
Коммит 114b2a4d6c
54 изменённых файлов: 902 добавлений и 6645 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

800
.ado/workflows/dataHubDeployment.yml
Просмотреть файл

@ -6,30 +6,30 @@ trigger:
- main
paths:
include:
- code/GeneratePassword.ps1
- infra/AutomationAccount/*
- infra/ArtifactStorage/*
- infra/ContainerRegistry/*
- infra/DataFactory/*
- infra/IntegrationServiceEnvironment/*
- infra/DnsForwarder/*
- infra/Firewall/*
- infra/FirewallPolicy/*
- infra/KeyVault/*
- infra/LogAnalytics/*
- infra/LogicApp/*
- infra/PowerBi/*
- infra/PrivateDns/*
- infra/Purview/*
- infra/SelfHostedIntegrationRuntime/*
- infra/Storage/*
- infra/SynapsePrivateLinkHub/*
- infra/VirtualNetwork/*
- infra/VirtualNetworkPeering/*
- .ado/workflows/dataHubDeployment.yml
- code/GeneratePassword.ps1
variables:
AZURE_RESOURCE_MANAGER_CONNECTION_NAME: 'Marvins Azure Subscription'
AZURE_RESOURCE_MANAGER_CONNECTION_NAME: 'My Azure Subscription'
AZURE_SUBSCRIPTION_ID: '4060c03e-0d2e-44b7-82a3-da9376fe50b2'
AZURE_RESOURCE_GROUP_NAME_AUTOMATION: dh-automation
AZURE_RESOURCE_GROUP_NAME_MANAGEMENT: dh-mgmt
AZURE_RESOURCE_GROUP_NAME_INTEGRATION: dh-integration
AZURE_RESOURCE_GROUP_NAME_LOGANALYTICS: dh-logging
AZURE_RESOURCE_GROUP_NAME_CONSUMPTION: dh-consumption
AZURE_RESOURCE_GROUP_NAME_CONTAINER: dh-container
AZURE_RESOURCE_GROUP_NAME_GOVERNANCE: dh-governance
AZURE_RESOURCE_GROUP_NAME_NETWORK: 'dh-network'
AZURE_RESOURCE_GROUP_NAME_GLOBAL_DNS: 'dh-global-dns'
AZURE_RESOURCE_GROUP_NAME_AUTOMATION: 'dh-automation'
AZURE_RESOURCE_GROUP_NAME_MANAGEMENT: 'dh-mgmt'
AZURE_RESOURCE_GROUP_NAME_CONSUMPTION: 'dh-consumption'
AZURE_RESOURCE_GROUP_NAME_CONTAINER: 'dh-container'
AZURE_RESOURCE_GROUP_NAME_GOVERNANCE: 'dh-governance'
AZURE_LOCATION: 'North Europe'
stages:
@ -53,48 +53,138 @@ stages:
continueOnError: false
enabled: true
# Deploy Vnet - validation
- task: AzureResourceManagerTemplateDeployment@3
name: vnet_validation
displayName: Deploy Vnet - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_NETWORK)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/VirtualNetwork/deploy.vnet.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/VirtualNetwork/params.vnet001.json'
deploymentMode: 'Validation'
# Deploy Artifact Storage Account 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: artifact_storage_001_validation
displayName: Deploy Artifact Storage Account 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_NETWORK)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/ArtifactStorage/deploy.storage.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/ArtifactStorage/params.storage001.json'
deploymentMode: 'Validation'
# Deploy Firewall Policy 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: firewall_policy_validation
displayName: Deploy Firewall Policy 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_NETWORK)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/FirewallPolicy/deploy.firewallPolicy.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/FirewallPolicy/params.firewallPolicy001.json'
deploymentMode: 'Validation'
# Deploy Firewall 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: firewall_validation
displayName: Deploy Firewall 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_NETWORK)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/Firewall/deploy.firewall.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/Firewall/params.firewall001.json'
deploymentMode: 'Validation'
# Deploy DNS Forwarder - validation
- task: AzureResourceManagerTemplateDeployment@3
name: dns_forwarder_validation
displayName: Deploy DNS Forwarder - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_GLOBAL_DNS)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/DnsForwarder/deploy.dnsForwarder.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/DnsForwarder/params.dnsForwarder001.json'
deploymentMode: 'Validation'
# Deploy Private DNS Zones - validation
- task: AzureResourceManagerTemplateDeployment@3
name: private_dns_zones_validation
displayName: Deploy Private DNS Zones - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_GLOBAL_DNS)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/PrivateDns/deploy.privateDns.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/PrivateDns/params.privateDns001.json'
deploymentMode: 'Validation'
# Deploy Vnet Peering 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: vnet_peering_001_validation
displayName: Deploy Vnet Peering 001 - validation
enabled: true
continueOnError: true
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_NETWORK)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/VirtualNetworkPeering/deploy.vnetPeering.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/VirtualNetworkPeering/params.vnetPeering001.json'
deploymentMode: 'Validation'
# Deploy Key Vault 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: key_vault_001_validation
displayName: Deploy Key Vault 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_MANAGEMENT)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/deploy.keyVault.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/params.keyVault001.json'
deploymentMode: 'Validation'
# Deploy Key Vault 002 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: key_vault_002_validation
displayName: Deploy Key Vault 002 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_LOGANALYTICS)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/deploy.keyVault.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/params.keyVault002.json'
deploymentMode: 'Validation'
# Deploy Key Vault 003 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: key_vault_003_validation
displayName: Deploy Key Vault 003 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
@ -104,61 +194,7 @@ stages:
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/deploy.keyVault.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/params.keyVault003.json'
deploymentMode: 'Validation'
# Deploy Integration Service Environment 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: integration_service_environment_001_validation
displayName: Deploy Integration Service Environment 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_AUTOMATION)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/IntegrationServiceEnvironment/deploy.integrationServiceEnvironment.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/IntegrationServiceEnvironment/params.integrationServiceEnvironment001.json'
deploymentMode: 'Validation'
# Deploy Logic App 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: logic_app_001_validation
displayName: Deploy Logic App 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_AUTOMATION)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/LogicApp/deploy.logicApp.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/LogicApp/params.logicApp001.json'
deploymentMode: 'Validation'
# Deploy Automation Account 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: automation_account_001_validation
displayName: Deploy Automation Account 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_AUTOMATION)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/AutomationAccount/deploy.automationAccount.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/AutomationAccount/params.automationAccount001.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/params.keyVault001.json'
deploymentMode: 'Validation'
# Deploy Purview 001 - validation
@ -179,66 +215,12 @@ stages:
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/Purview/params.purview001.json'
deploymentMode: 'Validation'
# Deploy Log Analytics Workspace 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: log_analytics_001_validation
displayName: Deploy Log Analytics Workspace 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_LOGANALYTICS)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/LogAnalytics/deploy.logAnalytics.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/LogAnalytics/params.logAnalytics001.json'
deploymentMode: 'Validation'
# Deploy Storage Account 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: storage_account_001_validation
displayName: Deploy Storage Account 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_INTEGRATION)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/Storage/deploy.storage.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/Storage/params.storage001.json'
deploymentMode: 'Validation'
# Deploy data factory 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: data_factory_001_validation
displayName: Deploy data factory 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_INTEGRATION)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/DataFactory/deploy.dataFactory.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/DataFactory/params.dataFactory001.json'
deploymentMode: 'Validation'
# Deploy Container Registry 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: container_registry_001_validation
displayName: Deploy Container Registry 001 - validation
enabled: true
continueOnError: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
@ -256,7 +238,7 @@ stages:
name: synapse_private_link_hub_001_validation
displayName: Deploy Synapse Private Link Hub 001 - validation
enabled: true
continueOnError: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
@ -266,77 +248,7 @@ stages:
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/SynapsePrivateLinkHub/deploy.synapsePrivateLinkHub.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/SynapsePrivateLinkHub/params.synapsePrivateLinkHub.json'
deploymentMode: 'Validation'
# Generate Password
- task: PowerShell@2
name: generate_password_001
displayName: Generate Password
enabled: true
continueOnError: false
inputs:
targetType: 'filePath'
filePath: '$(System.DefaultWorkingDirectory)/code/GeneratePassword.ps1'
errorActionPreference: 'stop'
failOnStderr: false
ignoreLASTEXITCODE: false
pwsh: true
# Deploy SHIR 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: shir_001_validation
displayName: Deploy SHIR 001 - validation
enabled: true
continueOnError: true
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_INTEGRATION)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/SelfHostedIntegrationRuntime/deploy.shir.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/SelfHostedIntegrationRuntime/params.shir001.json'
deploymentMode: 'Validation'
overrideParameters: >
-vmssAdminPassword "$(password)"
# Deploy Function 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: function_001_validation
displayName: Deploy Function 001 - validation
enabled: false
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_MANAGEMENT)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/Function/deploy.function.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/Function/params.function001.json'
deploymentMode: 'Validation'
# Deploy Power BI Private Link 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: power_bi_pl_001_validation
displayName: Deploy Power BI Private Link 001 - validation
enabled: false
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_CONSUMPTION)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/PowerBi/deploy.powerBi.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/PowerBi/params.powerBi001.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/SynapsePrivateLinkHub/params.synapsePrivateLinkHub001.json'
deploymentMode: 'Validation'
- stage: Deployment
@ -361,48 +273,173 @@ stages:
continueOnError: false
enabled: true
# Deploy Vnet
- task: AzureResourceManagerTemplateDeployment@3
name: vnet_deployment
displayName: Deploy Vnet
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_NETWORK)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/VirtualNetwork/deploy.vnet.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/VirtualNetwork/params.vnet001.json'
deploymentMode: 'Incremental'
# # Deploy Artifact Storage Account 001
# - task: AzureResourceManagerTemplateDeployment@3
# name: artifact_storage_001_deployment
# displayName: Deploy Artifact Storage Account 001
# enabled: true
# continueOnError: false
# inputs:
# deploymentScope: 'Resource Group'
# azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
# subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
# action: 'Create Or Update Resource Group'
# resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_NETWORK)'
# location: '$(AZURE_LOCATION)'
# templateLocation: 'Linked artifact'
# csmFile: '$(System.DefaultWorkingDirectory)/infra/ArtifactStorage/deploy.storage.json'
# csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/ArtifactStorage/params.storage001.json'
# deploymentMode: 'Incremental'
# deploymentOutputs: 'storageDetails'
# # Generate Pipeline Variables 001
# - task: AzureCLI@2
# name: generate_pipeline_variables_001
# displayName: Generate Pipeline Variables 001
# enabled: true
# continueOnError: false
# inputs:
# azureSubscription: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
# scriptType: pscore
# scriptLocation: 'scriptPath'
# scriptPath: '$(System.DefaultWorkingDirectory)/code/GeneratePipelineVariables.ps1'
# powerShellErrorActionPreference: 'stop'
# addSpnToEnvironment: false
# failOnStandardError: false
# powerShellIgnoreLASTEXITCODE: false
# arguments: >
# -ArmOutputString '$(storageDetails)'
# -MakeOutput
# # Upload File to Storage Account 001
# - task: AzureFileCopy@3
# name: upload_file_001
# displayName: Upload File to Storage Account 001
# enabled: true
# continueOnError: false
# inputs:
# sourcePath: '$(System.DefaultWorkingDirectory)/infra/DnsForwarder/forwarderSetup.sh'
# additionalArgumentsForBlobCopy: |
# '/Y'
# azureSubscription: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
# destination: AzureBlob
# storage: $(storageAccountName)
# containerName: $(storageAccountContainerName)
# # Deploy DNS Forwarder
# - task: AzureResourceManagerTemplateDeployment@3
# name: dns_forwarder_deployment
# displayName: Deploy DNS Forwarder
# enabled: true
# continueOnError: false
# inputs:
# deploymentScope: 'Resource Group'
# azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
# subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
# action: 'Create Or Update Resource Group'
# resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_GLOBAL_DNS)'
# location: '$(AZURE_LOCATION)'
# templateLocation: 'Linked artifact'
# csmFile: '$(System.DefaultWorkingDirectory)/infra/DnsForwarder/deploy.dnsForwarder.json'
# csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/DnsForwarder/params.dnsForwarder001.json'
# deploymentMode: 'Incremental'
# Deploy Firewall Policy 001
- task: AzureResourceManagerTemplateDeployment@3
name: firewall_policy_deployment
displayName: Deploy Firewall Policy 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_NETWORK)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/FirewallPolicy/deploy.firewallPolicy.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/FirewallPolicy/params.firewallPolicy001.json'
deploymentMode: 'Incremental'
# Deploy Firewall 001
- task: AzureResourceManagerTemplateDeployment@3
name: firewall_deployment
displayName: Deploy Firewall 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_NETWORK)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/Firewall/deploy.firewall.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/Firewall/params.firewall001.json'
deploymentMode: 'Incremental'
# Deploy Private DNS Zones
- task: AzureResourceManagerTemplateDeployment@3
name: private_dns_zones_deployment
displayName: Deploy Private DNS Zones
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_GLOBAL_DNS)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/PrivateDns/deploy.privateDns.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/PrivateDns/params.privateDns001.json'
deploymentMode: 'Incremental'
# Deploy Vnet Peering 001
- task: AzureResourceManagerTemplateDeployment@3
name: vnet_peering_001_deployment
displayName: Deploy Vnet Peering 001
enabled: true
continueOnError: true
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_NETWORK)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/VirtualNetworkPeering/deploy.vnetPeering.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/VirtualNetworkPeering/params.vnetPeering001.json'
deploymentMode: 'Incremental'
# Deploy Key Vault 001
- task: AzureResourceManagerTemplateDeployment@3
name: key_vault_001_deployment
displayName: Deploy Key Vault 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_MANAGEMENT)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/deploy.keyVault.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/params.keyVault001.json'
deploymentMode: 'Incremental'
# Deploy Key Vault 002
- task: AzureResourceManagerTemplateDeployment@3
name: key_vault_002_deployment
displayName: Deploy Key Vault 002
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_LOGANALYTICS)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/deploy.keyVault.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/params.keyVault002.json'
deploymentMode: 'Incremental'
# Deploy Key Vault 003
- task: AzureResourceManagerTemplateDeployment@3
name: key_vault_003_deployment
displayName: Deploy Key Vault 003
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
@ -412,61 +449,7 @@ stages:
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/deploy.keyVault.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/params.keyVault003.json'
deploymentMode: 'Incremental'
# # Deploy Integration Service Environment 001
# - task: AzureResourceManagerTemplateDeployment@3
# name: integration_service_environment_001_deployment
# displayName: Deploy Integration Service Environment 001
# enabled: true
# continueOnError: false
# inputs:
# deploymentScope: 'Resource Group'
# azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
# subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
# action: 'Create Or Update Resource Group'
# resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_AUTOMATION)'
# location: '$(AZURE_LOCATION)'
# templateLocation: 'Linked artifact'
# csmFile: '$(System.DefaultWorkingDirectory)/infra/IntegrationServiceEnvironment/deploy.integrationServiceEnvironment.json'
# csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/IntegrationServiceEnvironment/params.integrationServiceEnvironment001.json'
# deploymentMode: 'Incremental'
# Deploy Logic App 001
- task: AzureResourceManagerTemplateDeployment@3
name: logic_app_001_deployment
displayName: Deploy Logic App 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_AUTOMATION)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/LogicApp/deploy.logicApp.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/LogicApp/params.logicApp001.json'
deploymentMode: 'Incremental'
# Deploy Automation Account 001
- task: AzureResourceManagerTemplateDeployment@3
name: automation_account_001_deployment
displayName: Deploy Automation Account 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_AUTOMATION)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/AutomationAccount/deploy.automationAccount.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/AutomationAccount/params.automationAccount001.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/params.keyVault001.json'
deploymentMode: 'Incremental'
# Deploy Purview 001
@ -487,101 +470,12 @@ stages:
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/Purview/params.purview001.json'
deploymentMode: 'Incremental'
# Deploy Log Analytics Workspace 001
- task: AzureResourceManagerTemplateDeployment@3
name: log_analytics_001_deployment
displayName: Deploy Log Analytics Workspace 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_LOGANALYTICS)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/LogAnalytics/deploy.logAnalytics.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/LogAnalytics/params.logAnalytics001.json'
deploymentMode: 'Incremental'
# Deploy Storage Account 001
- task: AzureResourceManagerTemplateDeployment@3
name: storage_account_001_deployment
displayName: Deploy Storage Account 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_INTEGRATION)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/Storage/deploy.storage.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/Storage/params.storage001.json'
deploymentMode: 'Incremental'
deploymentOutputs: 'storageDetails'
# Generate Pipeline Variables 001
- task: AzureCLI@2
name: generate_pipeline_variables_001
displayName: Generate Pipeline Variables 001
enabled: true
continueOnError: false
inputs:
azureSubscription: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
scriptType: pscore
scriptLocation: 'scriptPath'
scriptPath: '$(System.DefaultWorkingDirectory)/code/GeneratePipelineVariables.ps1'
powerShellErrorActionPreference: 'stop'
addSpnToEnvironment: false
failOnStandardError: false
powerShellIgnoreLASTEXITCODE: false
arguments: >
-ArmOutputString '$(storageDetails)'
-MakeOutput
# Upload file to storage account 001
- task: AzureFileCopy@3
name: upload_file_001
displayName: Upload file to storage account 001
enabled: true
continueOnError: false
inputs:
sourcePath: '$(System.DefaultWorkingDirectory)/infra/SelfHostedIntegrationRuntime/gatewayInstall.ps1'
additionalArgumentsForBlobCopy: |
'/Y'
azureSubscription: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
destination: AzureBlob
storage: $(storageAccountName)
containerName: $(storageAccountContainerName)
# Deploy data factory 001
- task: AzureResourceManagerTemplateDeployment@3
name: data_factory_001_deployment
displayName: Deploy data factory 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_INTEGRATION)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/DataFactory/deploy.dataFactory.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/DataFactory/params.dataFactory001.json'
deploymentMode: 'Incremental'
# Deploy Container Registry 001
- task: AzureResourceManagerTemplateDeployment@3
name: container_registry_001_deployment
displayName: Deploy Container Registry 001
enabled: true
continueOnError: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
@ -599,7 +493,7 @@ stages:
name: synapse_private_link_hub_001_deployment
displayName: Deploy Synapse Private Link Hub 001
enabled: true
continueOnError: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
@ -609,75 +503,5 @@ stages:
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/SynapsePrivateLinkHub/deploy.synapsePrivateLinkHub.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/SynapsePrivateLinkHub/params.synapsePrivateLinkHub.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/SynapsePrivateLinkHub/params.synapsePrivateLinkHub001.json'
deploymentMode: 'Incremental'
# Generate Password
- task: PowerShell@2
name: generate_password_001
displayName: Generate Password
enabled: true
continueOnError: false
inputs:
targetType: 'filePath'
filePath: '$(System.DefaultWorkingDirectory)/code/GeneratePassword.ps1'
errorActionPreference: 'stop'
failOnStderr: false
ignoreLASTEXITCODE: false
pwsh: true
# Deploy shir 001
- task: AzureResourceManagerTemplateDeployment@3
name: shir_001_deployment
displayName: Deploy shir 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_MANAGEMENT)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/SelfHostedIntegrationRuntime/deploy.shir.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/SelfHostedIntegrationRuntime/params.shir001.json'
deploymentMode: 'Incremental'
overrideParameters: >
-vmssAdminPassword "$(password)"
# Deploy Function 001
- task: AzureResourceManagerTemplateDeployment@3
name: function_001_deployment
displayName: Deploy Function 001
enabled: false
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_MANAGEMENT)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/Function/deploy.function.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/Function/params.function001.json'
deploymentMode: 'Incremental'
# Deploy Power BI Private Link 001
- task: AzureResourceManagerTemplateDeployment@3
name: power_bi_pl_001_deployment
displayName: Deploy Power BI Private Link 001
enabled: false
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_CONSUMPTION)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/PowerBi/deploy.powerBi.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/PowerBi/params.powerBi001.json'
deploymentMode: 'Validation'

389
.ado/workflows/networkDeployment.yml
Просмотреть файл

@ -1,389 +0,0 @@
name: Network Deployment
trigger:
branches:
include:
- main
paths:
include:
- infra/VirtualNetwork/*
- infra/Firewall/*
- infra/FirewallPolicy/*
- infra/VirtualNetworkPeering/*
- infra/PrivateDns/*
- infra/DnsForwarder/*
- .ado/workflows/networkDeployment.yml
variables:
AZURE_RESOURCE_MANAGER_CONNECTION_NAME: 'Marvins Azure Subscription'
AZURE_SUBSCRIPTION_ID: '4060c03e-0d2e-44b7-82a3-da9376fe50b2'
AZURE_RESOURCE_GROUP_NAME_NETWORK: dh-network
AZURE_RESOURCE_GROUP_NAME_GLOBAL_DNS: dh-global-dns
AZURE_RESOURCE_GROUP_NAME_INTEGRATION: dh-integration
AZURE_LOCATION: 'North Europe'
stages:
- stage: Validation
displayName: 'Validation of ARM templates'
jobs:
- job: Validation
displayName: 'Validation of ARM templates'
continueOnError: false
pool:
vmImage: 'ubuntu-latest'
steps:
# Checkout code
- checkout: self
name: checkout_repository
displayName: 'Checkout repository'
submodules: true
lfs: false
clean: true
continueOnError: false
enabled: true
# Deploy vnet - validation
- task: AzureResourceManagerTemplateDeployment@3
name: vnet_validation
displayName: Deploy vnet - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_NETWORK)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/VirtualNetwork/deploy.vnet.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/VirtualNetwork/params.vnet.json'
deploymentMode: 'Validation'
# Deploy storage account 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: storage_account_001_validation
displayName: Deploy storage account 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_INTEGRATION)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/Storage/deploy.storage.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/Storage/params.storage001.json'
deploymentMode: 'Validation'
# Deploy Firewall Policy 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: firewall_policy_validation
displayName: Deploy Firewall Policy 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_NETWORK)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/FirewallPolicy/deploy.firewallPolicy.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/FirewallPolicy/params.firewallPolicy001.json'
deploymentMode: 'Validation'
# Deploy Firewall 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: firewall_validation
displayName: Deploy Firewall 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_NETWORK)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/Firewall/deploy.firewall.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/Firewall/params.firewall001.json'
deploymentMode: 'Validation'
# Deploy dns forwarder - validation
- task: AzureResourceManagerTemplateDeployment@3
name: dns_forwarder_validation
displayName: Deploy dns forwarder - validation
enabled: false
continueOnError: true
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_GLOBAL_DNS)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/DnsForwarder/deploy.dnsForwarder.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/DnsForwarder/params.dnsForwarder001.json'
deploymentMode: 'Validation'
# Deploy private DNS zones - validation
- task: AzureResourceManagerTemplateDeployment@3
name: private_dns_zones_validation
displayName: Deploy private DNS zones - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_GLOBAL_DNS)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/PrivateDns/deploy.privateDns.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/PrivateDns/params.privateDns001.json'
deploymentMode: 'Validation'
# Deploy vnet peering 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: vnet_peering_001_validation
displayName: Deploy vnet peering 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_NETWORK)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/VirtualNetworkPeering/deploy.vnetPeering.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/VirtualNetworkPeering/params.vnetPeering001.json'
deploymentMode: 'Validation'
# Deploy vnet peering 002 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: vnet_peering_002_validation
displayName: Deploy vnet peering 002 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_NETWORK)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/VirtualNetworkPeering/deploy.vnetPeering.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/VirtualNetworkPeering/params.vnetPeering002.json'
deploymentMode: 'Validation'
- stage: Deployment
displayName: 'Deployment of ARM templates'
dependsOn: Validation
condition: and(succeeded(), in(variables['Build.Reason'], 'IndividualCI', 'BatchedCI'))
jobs:
- job: Deployment
displayName: 'Deployment of ARM templates'
continueOnError: false
pool:
vmImage: 'vs2017-win2016'
steps:
# Checkout repository
- checkout: self
name: checkout_repository
displayName: 'Checkout repository'
submodules: true
lfs: false
clean: true
continueOnError: false
enabled: true
# Deploy vnet
- task: AzureResourceManagerTemplateDeployment@3
name: vnet_deployment
displayName: Deploy vnet
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_NETWORK)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/VirtualNetwork/deploy.vnet.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/VirtualNetwork/params.vnet.json'
deploymentMode: 'Incremental'
# Deploy storage account 001
- task: AzureResourceManagerTemplateDeployment@3
name: storage_account_001_deployment
displayName: Deploy storage account 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_INTEGRATION)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/Storage/deploy.storage.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/Storage/params.storage001.json'
deploymentMode: 'Incremental'
deploymentOutputs: 'storageDetails'
# Generate Pipeline Variables 001
- task: AzureCLI@2
name: generate_pipeline_variables_001
displayName: Generate Pipeline Variables 001
enabled: true
continueOnError: false
inputs:
azureSubscription: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
scriptType: pscore
scriptLocation: 'scriptPath'
scriptPath: '$(System.DefaultWorkingDirectory)/code/GeneratePipelineVariables.ps1'
powerShellErrorActionPreference: 'stop'
addSpnToEnvironment: false
failOnStandardError: false
powerShellIgnoreLASTEXITCODE: false
arguments: >
-ArmOutputString '$(storageDetails)'
-MakeOutput
# Upload file to storage account 001
- task: AzureFileCopy@3
name: upload_file_001
displayName: Upload file to storage account 001
enabled: true
continueOnError: false
inputs:
sourcePath: '$(System.DefaultWorkingDirectory)/infra/DnsForwarder/forwarderSetup.sh'
additionalArgumentsForBlobCopy: |
'/Y'
azureSubscription: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
destination: AzureBlob
storage: $(storageAccountName)
containerName: $(storageAccountContainerName)
# Deploy Firewall Policy 001
- task: AzureResourceManagerTemplateDeployment@3
name: firewall_policy_deployment
displayName: Deploy Firewall Policy 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_NETWORK)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/FirewallPolicy/deploy.firewallPolicy.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/FirewallPolicy/params.firewallPolicy001.json'
deploymentMode: 'Incremental'
# Deploy Firewall 001
- task: AzureResourceManagerTemplateDeployment@3
name: firewall_deployment
displayName: Deploy Firewall 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_NETWORK)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/Firewall/deploy.firewall.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/Firewall/params.firewall001.json'
deploymentMode: 'Incremental'
# Deploy dns forwarder
- task: AzureResourceManagerTemplateDeployment@3
name: dns_forwarder_deployment
displayName: Deploy dns forwarder
enabled: false
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_GLOBAL_DNS)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/DnsForwarder/deploy.dnsForwarder.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/DnsForwarder/params.dnsForwarder001.json'
deploymentMode: 'Incremental'
# Deploy private DNS zones
- task: AzureResourceManagerTemplateDeployment@3
name: private_dns_zones_deployment
displayName: Deploy private DNS zones
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_GLOBAL_DNS)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/PrivateDns/deploy.privateDns.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/PrivateDns/params.privateDns001.json'
deploymentMode: 'Incremental'
# Deploy vnet peering 001
- task: AzureResourceManagerTemplateDeployment@3
name: vnet_peering_001_deployment
displayName: Deploy vnet peering 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_NETWORK)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/VirtualNetworkPeering/deploy.vnetPeering.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/VirtualNetworkPeering/params.vnetPeering001.json'
deploymentMode: 'Incremental'
# Deploy vnet peering 002
- task: AzureResourceManagerTemplateDeployment@3
name: vnet_peering_002_deployment
displayName: Deploy vnet peering 002
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME_NETWORK)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/VirtualNetworkPeering/deploy.vnetPeering.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/VirtualNetworkPeering/params.vnetPeering002.json'
deploymentMode: 'Incremental'

141
.ado/workflows/shareSelfHostedIntegrationRuntimeDeployment.yml
Просмотреть файл

@ -1,141 +0,0 @@
name: Share Self Hosted Integration Runtime
trigger:
branches:
include:
- main
paths:
include:
- infra/ShareSelfHostedIntegrationRuntime/*
- .ado/workflows/shareSelfHostedIntegrationRuntimeDeployment.yml
variables:
AZURE_RESOURCE_MANAGER_CONNECTION_NAME: 'Marvins Azure Subscription'
AZURE_LOCATION: 'North Europe'
stages:
- stage: Validation
displayName: 'Validation of ARM templates'
jobs:
- job: Validation
displayName: 'Validation of ARM templates'
continueOnError: false
pool:
vmImage: 'ubuntu-latest'
steps:
# Checkout code
- checkout: self
name: checkout_repository
displayName: 'Checkout repository'
submodules: true
lfs: false
clean: true
continueOnError: false
enabled: true
# Share Self Hosted Integration Runtime 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: share_self_hosted_integration_runtime_001_validation
displayName: Share Self Hosted Integration Runtime 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/ShareSelfHostedIntegrationRuntime/deploy.shareSelfHostedIntegrationRuntime.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/ShareSelfHostedIntegrationRuntime/params.shareSelfHostedIntegrationRuntime001.json'
deploymentMode: 'Validation'
env:
AZURE_RESOURCE_GROUP: dn001-processing
AZURE_SUBSCRIPTION_ID: 2f68ca09-59d9-4ab5-ad11-c54872bfa28d
# Share Self Hosted Integration Runtime 002 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: share_self_hosted_integration_runtime_002_validation
displayName: Share Self Hosted Integration Runtime 002 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/ShareSelfHostedIntegrationRuntime/deploy.shareSelfHostedIntegrationRuntime.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/ShareSelfHostedIntegrationRuntime/params.shareSelfHostedIntegrationRuntime002.json'
deploymentMode: 'Validation'
env:
AZURE_RESOURCE_GROUP: dn002-processing
AZURE_SUBSCRIPTION_ID: 558bf93d-0c7b-4436-82ab-a7ed6fda34aa
- stage: Deployment
displayName: 'Deployment of ARM templates'
dependsOn: Validation
condition: and(succeeded(), in(variables['Build.Reason'], 'IndividualCI', 'BatchedCI'))
jobs:
- job: Deployment
displayName: 'Deployment of ARM templates'
continueOnError: false
pool:
vmImage: 'ubuntu-latest'
steps:
# Checkout repository
- checkout: self
name: checkout_repository
displayName: 'Checkout repository'
submodules: true
lfs: false
clean: true
continueOnError: false
enabled: true
# Share Self Hosted Integration Runtime 001
- task: AzureResourceManagerTemplateDeployment@3
name: share_self_hosted_integration_runtime_001_deployment
displayName: Share Self Hosted Integration Runtime 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/ShareSelfHostedIntegrationRuntime/deploy.shareSelfHostedIntegrationRuntime.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/ShareSelfHostedIntegrationRuntime/params.shareSelfHostedIntegrationRuntime001.json'
deploymentMode: 'Incremental'
env:
AZURE_RESOURCE_GROUP: dn001-processing
AZURE_SUBSCRIPTION_ID: 2f68ca09-59d9-4ab5-ad11-c54872bfa28d
# Share Self Hosted Integration Runtime 002
- task: AzureResourceManagerTemplateDeployment@3
name: share_self_hosted_integration_runtime_002_deployment
displayName: Share Self Hosted Integration Runtime 002
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(AZURE_RESOURCE_MANAGER_CONNECTION_NAME)'
subscriptionId: '$(AZURE_SUBSCRIPTION_ID)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(AZURE_RESOURCE_GROUP_NAME)'
location: '$(AZURE_LOCATION)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/ShareSelfHostedIntegrationRuntime/deploy.shareSelfHostedIntegrationRuntime.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/ShareSelfHostedIntegrationRuntime/params.shareSelfHostedIntegrationRuntime002.json'
deploymentMode: 'Incremental'
env:
AZURE_RESOURCE_GROUP: dn002-processing
AZURE_SUBSCRIPTION_ID: 558bf93d-0c7b-4436-82ab-a7ed6fda34aa

593
.github/workflows/dataHubDeployment.yml поставляемый
Просмотреть файл

@ -4,30 +4,30 @@ on:
push:
branches: [ main ]
paths:
- 'code/GeneratePassword.ps1'
- 'infra/AutomationAccount/**'
- 'infra/ArtifactStorage/**'
- 'infra/ContainerRegistry/**'
- 'infra/DataFactory/**'
- 'infra/IntegrationServiceEnvironment/**'
- 'infra/DnsForwarder/**'
- 'infra/Firewall/**'
- 'infra/FirewallPolicy/**'
- 'infra/KeyVault/**'
- 'infra/LogAnalytics/**'
- 'infra/LogicApp/**'
- 'infra/PowerBi/**'
- 'infra/PrivateDns/**'
- 'infra/Purview/**'
- 'infra/SelfHostedIntegrationRuntime/**'
- 'infra/Storage/**'
- 'infra/SynapsePrivateLinkHub/**'
- 'infra/VirtualNetwork/**'
- 'infra/VirtualNetworkPeering/**'
- '.github/workflows/dataHubDeployment.yml'
- 'code/GeneratePassword.ps1'
env:
AZURE_SUBSCRIPTION_ID: '4060c03e-0d2e-44b7-82a3-da9376fe50b2'
AZURE_RESOURCE_GROUP_NAME_AUTOMATION: dh-automation
AZURE_RESOURCE_GROUP_NAME_MANAGEMENT: dh-mgmt
AZURE_RESOURCE_GROUP_NAME_INTEGRATION: dh-integration
AZURE_RESOURCE_GROUP_NAME_LOGANALYTICS: dh-logging
AZURE_RESOURCE_GROUP_NAME_CONSUMPTION: dh-consumption
AZURE_RESOURCE_GROUP_NAME_CONTAINER: dh-container
AZURE_RESOURCE_GROUP_NAME_GOVERNANCE: dh-governance
AZURE_LOCATION: northeurope
AZURE_RESOURCE_GROUP_NAME_NETWORK: 'dh-network'
AZURE_RESOURCE_GROUP_NAME_GLOBAL_DNS: 'dh-global-dns'
AZURE_RESOURCE_GROUP_NAME_AUTOMATION: 'dh-automation'
AZURE_RESOURCE_GROUP_NAME_MANAGEMENT: 'dh-mgmt'
AZURE_RESOURCE_GROUP_NAME_CONSUMPTION: 'dh-consumption'
AZURE_RESOURCE_GROUP_NAME_CONTAINER: 'dh-container'
AZURE_RESOURCE_GROUP_NAME_GOVERNANCE: 'dh-governance'
AZURE_LOCATION: 'northeurope'
jobs:
create-resource-group:
@ -41,6 +41,26 @@ jobs:
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Create resource group
- name: Create resource group
id: resource_group_network
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
echo "Creating resource group \"${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}\""
az group create --location ${{ env.AZURE_LOCATION }} --name ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
# Create resource group
- name: Create resource group
id: resource_group_gloabl_dns
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
echo "Creating resource group \"${{ env.AZURE_RESOURCE_GROUP_NAME_GLOBAL_DNS }}\""
az group create --location ${{ env.AZURE_LOCATION }} --name ${{ env.AZURE_RESOURCE_GROUP_NAME_GLOBAL_DNS }}
# Create resource group
- name: Create resource group
id: resource_group_automation
@ -51,16 +71,6 @@ jobs:
echo "Creating resource group \"${{ env.AZURE_RESOURCE_GROUP_NAME_AUTOMATION }}\""
az group create --location ${{ env.AZURE_LOCATION }} --name ${{ env.AZURE_RESOURCE_GROUP_NAME_AUTOMATION }}
# Create resource group
- name: Create resource group
id: resource_group_integration
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
echo "Creating resource group \"${{ env.AZURE_RESOURCE_GROUP_NAME_INTEGRATION }}\""
az group create --location ${{ env.AZURE_LOCATION }} --name ${{ env.AZURE_RESOURCE_GROUP_NAME_INTEGRATION }}
# Create resource group
- name: Create resource group
id: resource_group_management
@ -71,16 +81,6 @@ jobs:
echo "Creating resource group \"${{ env.AZURE_RESOURCE_GROUP_NAME_MANAGEMENT }}\""
az group create --location ${{ env.AZURE_LOCATION }} --name ${{ env.AZURE_RESOURCE_GROUP_NAME_MANAGEMENT }}
# Create resource group
- name: Create resource group
id: resource_group_loganalytics
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
echo "Creating resource group \"${{ env.AZURE_RESOURCE_GROUP_NAME_LOGANALYTICS }}\""
az group create --location ${{ env.AZURE_LOCATION }} --name ${{ env.AZURE_RESOURCE_GROUP_NAME_LOGANALYTICS }}
# Create resource group
- name: Create resource group
id: resource_group_consumption
@ -138,82 +138,109 @@ jobs:
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Deploy Vnet - validation
- name: Deploy Vnet - validation
id: vnet_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/VirtualNetwork/deploy.vnet.json
parameters: ${{ github.workspace }}/infra/VirtualNetwork/params.vnet001.json
deploymentMode: Validate
# Deploy Artifact Storage Account 001 - validation
- name: Deploy Artifact Storage Account 001 - validation
id: artifact_storage_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/ArtifactStorage/deploy.storage.json
parameters: ${{ github.workspace }}/infra/ArtifactStorage/params.storage001.json
deploymentMode: Validate
# Deploy Firewall Policy 001 - validation
- name: Deploy Firewall Policy 001 - validation
id: firewall_policy_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/FirewallPolicy/deploy.firewallPolicy.json
parameters: ${{ github.workspace }}/infra/FirewallPolicy/params.firewallPolicy001.json
deploymentMode: Validate
# Deploy Firewall 001 - validation
- name: Deploy Firewall 001 - validation
id: firewall_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/Firewall/deploy.firewall.json
parameters: ${{ github.workspace }}/infra/Firewall/params.firewall001.json
deploymentMode: Validate
# Deploy DNS Forwarder 001 - validation
- name: Deploy DNS Forwarder 001 - validation
id: dns_forwarder_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/DnsForwarder/deploy.dnsForwarder.json
parameters: ${{ github.workspace }}/infra/DnsForwarder/params.dnsForwarder001.json
deploymentMode: Validate
# Deploy Private DNS Zones - validation
- name: Deploy Private DNS Zones - validation
id: private_dns_zones_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_GLOBAL_DNS }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/PrivateDns/deploy.privateDns.json
parameters: ${{ github.workspace }}/infra/PrivateDns/params.privateDns001.json
deploymentMode: Validate
# Deploy Vnet Peering 001 - validation
- name: Deploy Vnet Peering 001 - validation
id: vnet_peering_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/VirtualNetworkPeering/deploy.vnetPeering.json
parameters: ${{ github.workspace }}/infra/VirtualNetworkPeering/params.vnetPeering001.json
deploymentMode: Validate
continue-on-error: true
# Deploy Key Vault 001 - validation
- name: Deploy Key Vault 001 - validation
id: key_vault_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_MANAGEMENT }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/KeyVault/deploy.keyVault.json
parameters: ${{ github.workspace }}/infra/KeyVault/params.keyVault001.json
deploymentMode: Validate
# Deploy Key Vault 002 - validation
- name: Deploy Key Vault 002 - validation
id: key_vault_002_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_LOGANALYTICS }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/KeyVault/deploy.keyVault.json
parameters: ${{ github.workspace }}/infra/KeyVault/params.keyVault002.json
deploymentMode: Validate
# Deploy Key Vault 003 - validation
- name: Deploy Key Vault 003 - validation
id: key_vault_003_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_GOVERNANCE }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/KeyVault/deploy.keyVault.json
parameters: ${{ github.workspace }}/infra/KeyVault/params.keyVault003.json
deploymentMode: Validate
# Deploy Integration Service Environment 001 - validation
- name: Deploy Integration Service Environment 001 - validation
id: integration_service_environment_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_AUTOMATION }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/IntegrationServiceEnvironment/deploy.integrationServiceEnvironment.json
parameters: ${{ github.workspace }}/infra/IntegrationServiceEnvironment/params.integrationServiceEnvironment001.json
deploymentMode: Validate
# Deploy Logic App 001 - validation
- name: Deploy Logic App 001 - validation
id: logic_app_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_AUTOMATION }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/LogicApp/deploy.logicApp.json
parameters: ${{ github.workspace }}/infra/LogicApp/params.logicApp001.json
deploymentMode: Validate
# Deploy Automation Account 001 - validation
- name: Deploy Automation Account 001 - validation
id: automation_account_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_AUTOMATION }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/AutomationAccount/deploy.automationAccount.json
parameters: ${{ github.workspace }}/infra/AutomationAccount/params.automationAccount001.json
parameters: ${{ github.workspace }}/infra/KeyVault/params.keyVault001.json
deploymentMode: Validate
# Deploy Purview 001 - validation
@ -229,45 +256,6 @@ jobs:
parameters: ${{ github.workspace }}/infra/Purview/params.purview001.json
deploymentMode: Validate
# Deploy Log Analytics Workspace 001 - validation
- name: Deploy Log Analytics Workspace 001 - validation
id: log_analytics_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_LOGANALYTICS }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/LogAnalytics/deploy.logAnalytics.json
parameters: ${{ github.workspace }}/infra/LogAnalytics/params.logAnalytics001.json
deploymentMode: Validate
# Deploy Storage Account 001 - validation
- name: Deploy Storage Account 001 - validation
id: storage_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_INTEGRATION }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/Storage/deploy.storage.json
parameters: ${{ github.workspace }}/infra/Storage/params.storage001.json
deploymentMode: Validate
# Deploy Data Factory 001 - validation
- name: Deploy Data Factory 001 - validation
id: data_factory_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_INTEGRATION }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/DataFactory/deploy.dataFactory.json
parameters: ${{ github.workspace }}/infra/DataFactory/params.dataFactory001.json
deploymentMode: Validate
# Deploy Container Registry 001 - validation
- name: Deploy Container Registry 001 - validation
id: container_registry_001_validation
@ -291,55 +279,9 @@ jobs:
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_CONSUMPTION }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/SynapsePrivateLinkHub/deploy.synapsePrivateLinkHub.json
parameters: ${{ github.workspace }}/infra/SynapsePrivateLinkHub/params.synapsePrivateLinkHub.json
parameters: ${{ github.workspace }}/infra/SynapsePrivateLinkHub/params.synapsePrivateLinkHub001.json
deploymentMode: Validate
# Generate Password
- name: Generate Password
id: generate_password_001
run: |
echo "Generating Password"
pwsh $GITHUB_WORKSPACE/code/GeneratePassword.ps1 -GitHub
# Deploy SHIR 001 - validation
- name: Deploy SHIR 001 - validation
id: shir_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_INTEGRATION }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/SelfHostedIntegrationRuntime/deploy.shir.json
parameters: ${{ github.workspace }}/infra/SelfHostedIntegrationRuntime/params.shir001.json vmssAdminPassword="${{ steps.generate_password_001.outputs.password }}"
deploymentMode: Validate
# # Deploy Function 001 - validation
# - name: Deploy Function 001 - validation
# id: function_001_validation
# uses: azure/arm-deploy@v1
# with:
# scope: resourcegroup
# subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
# resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_MANAGEMENT }}
# region: ${{ env.AZURE_LOCATION }}
# template: ${{ github.workspace }}/infra/Function/deploy.function.json
# parameters: ${{ github.workspace }}/infra/Function/params.function001.json
# deploymentMode: Validate
# # Deploy Power BI Private Link 001 - validation
# - name: Deploy Power BI Private Link 001 - validation
# id: power_bi_pl_001_validation
# uses: azure/arm-deploy@v1
# with:
# scope: resourcegroup
# subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
# resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_CONSUMPTION }}
# region: ${{ env.AZURE_LOCATION }}
# template: ${{ github.workspace }}/infra/PowerBi/deploy.powerBi.json
# parameters: ${{ github.workspace }}/infra/PowerBi/params.powerBi001.json
# deploymentMode: Validate
# Log out from Azure
- name: Log out from Azure
id: azure_logout
@ -353,8 +295,7 @@ jobs:
needs: [ create-resource-group, validation ]
runs-on: ubuntu-latest
if: github.event_name == 'push'
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
@ -369,82 +310,121 @@ jobs:
creds: ${{ secrets.AZURE_CREDENTIALS }}
enable-AzPSSession: true
# Deploy Vnet
- name: Deploy Vnet
id: vnet_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/VirtualNetwork/deploy.vnet.json
parameters: ${{ github.workspace }}/infra/VirtualNetwork/params.vnet001.json
deploymentMode: Incremental
# # Deploy Artifact Storage Account 001
# - name: Deploy Artifact Storage Account 001
# id: artifact_storage_001_deployment
# uses: azure/arm-deploy@v1
# with:
# scope: resourcegroup
# subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
# resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
# region: ${{ env.AZURE_LOCATION }}
# template: ${{ github.workspace }}/infra/ArtifactStorage/deploy.storage.json
# parameters: ${{ github.workspace }}/infra/ArtifactStorage/params.storage001.json
# deploymentMode: Incremental
# # Upload file to Storage Account 001
# - name: Upload file to Storage Account 001
# id: upload_file_001
# uses: azure/powershell@v1
# with:
# azPSVersion: latest
# inlineScript: |
# "Uploading file to Storage Account 001"
# $storageAccount = Get-AzStorageAccount -ResourceGroupName "${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}" -Name "${{ steps.artifact_storage_001_deployment.outputs.storageAccountName }}"
# $ctx = $storageAccount.Context
# Set-AzStorageBlobContent -Context $ctx -Container "${{ steps.artifact_storage_001_deployment.outputs.storageAccountContainerName }}" -File "infra/DnsForwarder/forwarderSetup.sh" -Blob "forwarderSetup.sh" -Force
# # Deploy DNS Forwarder 001
# - name: Deploy DNS Forwarder 001
# id: dns_forwarder_001_deployment
# uses: azure/arm-deploy@v1
# with:
# scope: resourcegroup
# subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
# resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
# region: ${{ env.AZURE_LOCATION }}
# template: ${{ github.workspace }}/infra/DnsForwarder/deploy.dnsForwarder.json
# parameters: ${{ github.workspace }}/infra/DnsForwarder/params.dnsForwarder001.json
# deploymentMode: Incrementals
# Deploy Firewall Policy 001
- name: Deploy Firewall Policy 001
id: firewall_policy_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/FirewallPolicy/deploy.firewallPolicy.json
parameters: ${{ github.workspace }}/infra/FirewallPolicy/params.firewallPolicy001.json
deploymentMode: Incremental
# Deploy Firewall 001
- name: Deploy Firewall 001
id: firewall_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/Firewall/deploy.firewall.json
parameters: ${{ github.workspace }}/infra/Firewall/params.firewall001.json
deploymentMode: Incremental
# Deploy Private DNS Zones
- name: Deploy Private DNS Zones
id: private_dns_zones_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_GLOBAL_DNS }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/PrivateDns/deploy.privateDns.json
parameters: ${{ github.workspace }}/infra/PrivateDns/params.privateDns001.json
deploymentMode: Incremental
# Deploy Vnet Peering 001
- name: Deploy Vnet Peering 001
id: vnet_peering_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/VirtualNetworkPeering/deploy.vnetPeering.json
parameters: ${{ github.workspace }}/infra/VirtualNetworkPeering/params.vnetPeering001.json
deploymentMode: Incremental
continue-on-error: true
# Deploy Key Vault 001
- name: Deploy Key Vault 001
id: key_vault_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_MANAGEMENT }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/KeyVault/deploy.keyVault.json
parameters: ${{ github.workspace }}/infra/KeyVault/params.keyVault001.json
deploymentMode: Incremental
# Deploy Key Vault 002
- name: Deploy Key Vault 002
id: key_vault_002_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_LOGANALYTICS }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/KeyVault/deploy.keyVault.json
parameters: ${{ github.workspace }}/infra/KeyVault/params.keyVault002.json
deploymentMode: Incremental
# Deploy Key Vault 003
- name: Deploy Key Vault 003
id: key_vault_003_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_GOVERNANCE }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/KeyVault/deploy.keyVault.json
parameters: ${{ github.workspace }}/infra/KeyVault/params.keyVault003.json
deploymentMode: Incremental
# # Deploy Integration Service Environment 001
# - name: Deploy Integration Service Environment 001
# id: integration_service_environment_001_deployment
# uses: azure/arm-deploy@v1
# with:
# scope: resourcegroup
# subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
# resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_AUTOMATION }}
# region: ${{ env.AZURE_LOCATION }}
# template: ${{ github.workspace }}/infra/IntegrationServiceEnvironment/deploy.integrationServiceEnvironment.json
# parameters: ${{ github.workspace }}/infra/IntegrationServiceEnvironment/params.integrationServiceEnvironment001.json
# deploymentMode: Incremental
# Deploy Logic App 001
- name: Deploy Logic App 001
id: logic_app_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_AUTOMATION }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/LogicApp/deploy.logicApp.json
parameters: ${{ github.workspace }}/infra/LogicApp/params.logicApp001.json
deploymentMode: Incremental
# Deploy Automation Account 001
- name: Deploy Automation Account 001
id: automation_account_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_AUTOMATION }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/AutomationAccount/deploy.automationAccount.json
parameters: ${{ github.workspace }}/infra/AutomationAccount/params.automationAccount001.json
parameters: ${{ github.workspace }}/infra/KeyVault/params.keyVault001.json
deploymentMode: Incremental
# Deploy Purview 001
@ -460,57 +440,6 @@ jobs:
parameters: ${{ github.workspace }}/infra/Purview/params.purview001.json
deploymentMode: Incremental
# Deploy Log Analytics Workspace 001
- name: Deploy Log Analytics Workspace 001
id: log_analytics_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_LOGANALYTICS }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/LogAnalytics/deploy.logAnalytics.json
parameters: ${{ github.workspace }}/infra/LogAnalytics/params.logAnalytics001.json
deploymentMode: Incremental
# Deploy Storage Account
- name: Deploy Storage Account 001
id: storage_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_INTEGRATION }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/Storage/deploy.storage.json
parameters: ${{ github.workspace }}/infra/Storage/params.storage001.json
deploymentMode: Incremental
# Upload file to Storage Account 001
- name: Upload file to Storage Account 001
id: upload_file_001
uses: azure/powershell@v1
with:
azPSVersion: latest
inlineScript: |
"Uploading file to Storage Account 001"
$storageAccount = Get-AzStorageAccount -ResourceGroupName "${{ env.AZURE_RESOURCE_GROUP_NAME_INTEGRATION }}" -Name "${{ steps.storage_001_deployment.outputs.storageAccountName }}"
$ctx = $storageAccount.Context
Set-AzStorageBlobContent -Context $ctx -Container "${{ steps.storage_001_deployment.outputs.storageAccountContainerName }}" -File "infra/SelfHostedIntegrationRuntime/installSHIRGateway.ps1" -Blob "installSHIRGateway.ps1" -Force
# Deploy Data Factory 001
- name: Deploy Data Factory 001
id: data_factory_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_INTEGRATION }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/DataFactory/deploy.dataFactory.json
parameters: ${{ github.workspace }}/infra/DataFactory/params.dataFactory001.json
deploymentMode: Incremental
# Deploy Container Registry 001
- name: Deploy Container Registry 001
id: container_registry_001_deployment
@ -534,55 +463,9 @@ jobs:
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_CONSUMPTION }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/SynapsePrivateLinkHub/deploy.synapsePrivateLinkHub.json
parameters: ${{ github.workspace }}/infra/SynapsePrivateLinkHub/params.synapsePrivateLinkHub.json
parameters: ${{ github.workspace }}/infra/SynapsePrivateLinkHub/params.synapsePrivateLinkHub001.json
deploymentMode: Incremental
# Generate Password
- name: Generate Password
id: generate_password_001
run: |
echo "Generating Password"
pwsh $GITHUB_WORKSPACE/code/GeneratePassword.ps1 -GitHub
# Deploy SHIR 001
- name: Deploy SHIR 001
id: shir_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_INTEGRATION }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/SelfHostedIntegrationRuntime/deploy.shir.json
parameters: ${{ github.workspace }}/infra/SelfHostedIntegrationRuntime/params.shir001.json vmssAdminPassword="${{ steps.generate_password_001.outputs.password }}"
deploymentMode: Incremental
# # Deploy Function 001
# - name: Deploy Function 001
# id: function_001_deployment
# uses: azure/arm-deploy@v1
# with:
# scope: resourcegroup
# subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
# resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_MANAGEMENT }}
# region: ${{ env.AZURE_LOCATION }}
# template: ${{ github.workspace }}/infra/Function/deploy.function.json
# parameters: ${{ github.workspace }}/infra/Function/params.function001.json
# deploymentMode: Incremental
# # Deploy Power BI Private Link 001
# - name: Deploy Power BI Private Link 001
# id: power_bi_pl_001_deployment
# uses: azure/arm-deploy@v1
# with:
# scope: resourcegroup
# subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
# resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_CONSUMPTION }}
# region: ${{ env.AZURE_LOCATION }}
# template: ${{ github.workspace }}/infra/PowerBi/deploy.powerBi.json
# parameters: ${{ github.workspace }}/infra/PowerBi/params.powerBi001.json
# deploymentMode: Incremental
# Log out from Azure
- name: Log out from Azure
id: azure_logout

346
.github/workflows/networkDeployment.yml поставляемый
Просмотреть файл

@ -1,346 +0,0 @@
name: Network Deployment
on:
push:
branches: [ main ]
paths:
- 'infra/VirtualNetwork/**'
- 'infra/Firewall/**'
- 'infra/FirewallPolicy/**'
- 'infra/VirtualNetworkPeering/**'
- 'infra/PrivateDns/**'
- 'infra/DnsForwarder/**'
- '.github/workflows/networkDeployment.yml'
env:
AZURE_SUBSCRIPTION_ID: '4060c03e-0d2e-44b7-82a3-da9376fe50b2'
AZURE_RESOURCE_GROUP_NAME_NETWORK: dh-network
AZURE_RESOURCE_GROUP_NAME_GLOBAL_DNS: dh-global-dns
AZURE_RESOURCE_GROUP_NAME_INTEGRATION: dh-integration
AZURE_LOCATION: northeurope
jobs:
create-resource-group:
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Login to Azure
- name: Azure Login
id: azure_login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Create resource group
- name: Create resource group
id: resource_group_network
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
echo "Creating resource group \"${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}\""
az group create --location ${{ env.AZURE_LOCATION }} --name ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
# Create resource group
- name: Create resource group
id: resource_group_gloabl_dns
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
echo "Creating resource group \"${{ env.AZURE_RESOURCE_GROUP_NAME_GLOBAL_DNS }}\""
az group create --location ${{ env.AZURE_LOCATION }} --name ${{ env.AZURE_RESOURCE_GROUP_NAME_GLOBAL_DNS }}
# Create resource group
- name: Create resource group
id: resource_group_integration
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
echo "Creating resource group \"${{ env.AZURE_RESOURCE_GROUP_NAME_INTEGRATION }}\""
az group create --location ${{ env.AZURE_LOCATION }} --name ${{ env.AZURE_RESOURCE_GROUP_NAME_INTEGRATION }}
# Log out from Azure
- name: Log out from Azure
id: azure_logout
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
az logout
validation:
needs: [ create-resource-group ]
runs-on: ubuntu-latest
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v2
# Login to Azure
- name: Azure Login
id: azure_login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Deploy Vnet - validation
- name: Deploy Vnet - validation
id: vnet_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/VirtualNetwork/deploy.vnet.json
parameters: ${{ github.workspace }}/infra/VirtualNetwork/params.vnet.json
deploymentMode: Validate
# Deploy Storage Account - validation
- name: Deploy Storage Account 001 - validation
id: storage_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_INTEGRATION }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/Storage/deploy.storage.json
parameters: ${{ github.workspace }}/infra/Storage/params.storage001.json
deploymentMode: Validate
# Deploy Firewall Policy 001 - validation
- name: Deploy Firewall Policy 001 - validation
id: firewall_policy_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/FirewallPolicy/deploy.firewallPolicy.json
parameters: ${{ github.workspace }}/infra/FirewallPolicy/params.firewallPolicy001.json
deploymentMode: Validate
# Deploy Firewall 001 - validation
- name: Deploy Firewall 001 - validation
id: firewall_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/Firewall/deploy.firewall.json
parameters: ${{ github.workspace }}/infra/Firewall/params.firewall001.json
deploymentMode: Validate
# Deploy DNS Forwarder 001 - validation
- name: Deploy DNS Forwarder 001 - validation
id: dns_forwarder_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/DnsForwarder/deploy.dnsForwarder.json
parameters: ${{ github.workspace }}/infra/DnsForwarder/params.dnsForwarder001.json
deploymentMode: Validate
# Deploy Private DNS Zones - validation
- name: Deploy Private DNS Zones - validation
id: private_dns_zones_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_GLOBAL_DNS }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/PrivateDns/deploy.privateDns.json
parameters: ${{ github.workspace }}/infra/PrivateDns/params.privateDns001.json
deploymentMode: Validate
# Deploy Vnet Peering 001 - validation
- name: Deploy Vnet Peering 001 - validation
id: vnet_peering_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/VirtualNetworkPeering/deploy.vnetPeering.json
parameters: ${{ github.workspace }}/infra/VirtualNetworkPeering/params.vnetPeering001.json
deploymentMode: Validate
# Deploy Vnet Peering 002 - validation
- name: Deploy Vnet Peering 002 - validation
id: vnet_peering_002_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/VirtualNetworkPeering/deploy.vnetPeering.json
parameters: ${{ github.workspace }}/infra/VirtualNetworkPeering/params.vnetPeering002.json
deploymentMode: Validate
# Log out from Azure
- name: Log out from Azure
id: azure_logout
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
az logout
deployment:
needs: [ create-resource-group, validation ]
runs-on: ubuntu-latest
if: github.event_name == 'push'
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v2
# Login to Azure
- name: Azure Login
id: azure_login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
enable-AzPSSession: true
# Deploy Vnet
- name: Deploy Vnet
id: vnet_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/VirtualNetwork/deploy.vnet.json
parameters: ${{ github.workspace }}/infra/VirtualNetwork/params.vnet.json
deploymentMode: Incremental
# Deploy Storage Account
- name: Deploy Storage Account 001
id: storage_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_INTEGRATION }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/Storage/deploy.storage.json
parameters: ${{ github.workspace }}/infra/Storage/params.storage001.json
deploymentMode: Incremental
# Upload file to Storage Account 001
- name: Upload file to Storage Account 001
id: upload_file_001
uses: azure/powershell@v1
with:
azPSVersion: latest
inlineScript: |
"Uploading file to Storage Account 001"
$storageAccount = Get-AzStorageAccount -ResourceGroupName "${{ env.AZURE_RESOURCE_GROUP_NAME_INTEGRATION }}" -Name "${{ steps.storage_001_deployment.outputs.storageAccountName }}"
$ctx = $storageAccount.Context
Set-AzStorageBlobContent -Context $ctx -Container "${{ steps.storage_001_deployment.outputs.storageAccountContainerName }}" -File "infra/DnsForwarder/forwarderSetup.sh" -Blob "forwarderSetup.sh" -Force
# Deploy Firewall Policy 001
- name: Deploy Firewall Policy 001
id: firewall_policy_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/FirewallPolicy/deploy.firewallPolicy.json
parameters: ${{ github.workspace }}/infra/FirewallPolicy/params.firewallPolicy001.json
deploymentMode: Incremental
# Deploy Firewall 001
- name: Deploy Firewall 001
id: firewall_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/Firewall/deploy.firewall.json
parameters: ${{ github.workspace }}/infra/Firewall/params.firewall001.json
deploymentMode: Incremental
# # Deploy DNS Forwarder 001
# - name: Deploy DNS Forwarder 001
# id: dns_forwarder_001_deployment
# uses: azure/arm-deploy@v1
# with:
# scope: resourcegroup
# subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
# resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
# region: ${{ env.AZURE_LOCATION }}
# template: ${{ github.workspace }}/infra/DnsForwarder/deploy.dnsForwarder.json
# parameters: ${{ github.workspace }}/infra/DnsForwarder/params.dnsForwarder001.json
# deploymentMode: Incremental
# Deploy Private DNS Zones
- name: Deploy Private DNS Zones
id: private_dns_zones_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_GLOBAL_DNS }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/PrivateDns/deploy.privateDns.json
parameters: ${{ github.workspace }}/infra/PrivateDns/params.privateDns001.json
deploymentMode: Incremental
# Deploy Vnet Peering 001
- name: Deploy Vnet Peering 001
id: vnet_peering_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/VirtualNetworkPeering/deploy.vnetPeering.json
parameters: ${{ github.workspace }}/infra/VirtualNetworkPeering/params.vnetPeering001.json
deploymentMode: Incremental
# Deploy Vnet Peering 002
- name: Deploy Vnet Peering 002
id: vnet_peering_002_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME_NETWORK }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/VirtualNetworkPeering/deploy.vnetPeering.json
parameters: ${{ github.workspace }}/infra/VirtualNetworkPeering/params.vnetPeering002.json
deploymentMode: Incremental
# Log out from Azure
- name: Log out from Azure
id: azure_logout
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
az logout

133
.github/workflows/shareSelfHostedIntegrationRuntimeDeployment.yml поставляемый
Просмотреть файл

@ -1,133 +0,0 @@
name: Share Self Hosted Integration Runtime
on:
push:
branches: [ main ]
paths:
- 'infra/ShareSelfHostedIntegrationRuntime/**'
- '.github/workflows/shareSelfHostedIntegrationRuntimeDeployment.yml'
env:
AZURE_SUBSCRIPTION_ID: ''
AZURE_LOCATION: northeurope
jobs:
validation:
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v2
# Login to Azure
- name: Azure Login
id: azure_login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Share Self Hosted Integration Runtime 001 - validation
- name: Share Self Hosted Integration Runtime 001 - validation
id: share_self_hosted_integration_runtime_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/ShareSelfHostedIntegrationRuntime/deploy.shareSelfHostedIntegrationRuntime.json
parameters: ${{ github.workspace }}/infra/ShareSelfHostedIntegrationRuntime/params.shareSelfHostedIntegrationRuntime001.json
deploymentMode: Validate
env:
AZURE_RESOURCE_GROUP: dn001-processing-domain
AZURE_SUBSCRIPTION_ID: 2f68ca09-59d9-4ab5-ad11-c54872bfa28d
# Share Self Hosted Integration Runtime 002 - validation
- name: Share Self Hosted Integration Runtime 002 - validation
id: share_self_hosted_integration_runtime_002_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/ShareSelfHostedIntegrationRuntime/deploy.shareSelfHostedIntegrationRuntime.json
parameters: ${{ github.workspace }}/infra/ShareSelfHostedIntegrationRuntime/params.shareSelfHostedIntegrationRuntime002.json
deploymentMode: Validate
env:
AZURE_RESOURCE_GROUP: dn002-processing-domain
AZURE_SUBSCRIPTION_ID: 558bf93d-0c7b-4436-82ab-a7ed6fda34aa
# Log out from Azure
- name: Log out from Azure
id: azure_logout
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
az logout
deployment:
needs: [ validation ]
runs-on: ubuntu-latest
if: github.event_name == 'push'
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v2
# Login to Azure
- name: Azure Login
id: azure_login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Share Self Hosted Integration Runtime 001
- name: Share Self Hosted Integration Runtime 001
id: share_self_hosted_integration_runtime_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/ShareSelfHostedIntegrationRuntime/deploy.shareSelfHostedIntegrationRuntime.json
parameters: ${{ github.workspace }}/infra/ShareSelfHostedIntegrationRuntime/params.shareSelfHostedIntegrationRuntime001.json
deploymentMode: Incremental
env:
AZURE_RESOURCE_GROUP: dn001-processing-domain
AZURE_SUBSCRIPTION_ID: 2f68ca09-59d9-4ab5-ad11-c54872bfa28d
# Share Self Hosted Integration Runtime 002
- name: Share Self Hosted Integration Runtime 002
id: share_self_hosted_integration_runtime_002_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/ShareSelfHostedIntegrationRuntime/deploy.shareSelfHostedIntegrationRuntime.json
parameters: ${{ github.workspace }}/infra/ShareSelfHostedIntegrationRuntime/params.shareSelfHostedIntegrationRuntime002.json
deploymentMode: Incremental
env:
AZURE_RESOURCE_GROUP: dn002-processing-domain
AZURE_SUBSCRIPTION_ID: 558bf93d-0c7b-4436-82ab-a7ed6fda34aa
# Log out from Azure
- name: Log out from Azure
id: azure_logout
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
az logout

62
.github/workflows/updateParameters.yml поставляемый Normal file
Просмотреть файл

@ -0,0 +1,62 @@
name: Update Parameter Files
on:
push:
branches: [main]
paths:
- 'configs/**'
- '.github/workflows/updateParameters.yml'
env:
MANAGEMENT_SUBSCRIPTION_ID: '<my-management-subscription-id>'
GLOBAL_DNS_RG_NAME: '<my-global-dns-resource-group-name>'
DATA_HUB_SUBSCRIPTION_ID: '<my-data-hub-subscription-id>'
DATA_HUB_NAME: '<my-data-hub-name>'
LOCATION: '<my-region>'
SYNAPSE_STORAGE_ACCOUNT_NAME: '<my-synapse-storage-account-name>'
SYNAPSE_STORAGE_ACCOUNT_FILE_SYSTEM_NAME: '<my-synapse-storage-account-file-system-name>'
AZURE_RESOURCE_MANAGER_CONNECTION_NAME: '<my-resource-manager-connection-name>'
NODE_VNET_ID: '<my-hub-vnet-id>'
jobs:
renaming:
runs-on: ubuntu-latest
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v2
# Install Required Packages
- name: Install Required Modules
id: install_modules
run: |
echo "Install Modules"
pwsh -Command "Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted"
pwsh -Command "Install-Module -Name powershell-yaml"
# Update Parameters
- name: Update Parameters
id: update_parameters
run: |
echo "Updating Parameters"
pwsh $GITHUB_WORKSPACE/configs/UpdateParameters.ps1 \
-ConfigurationFilePath 'configs/config.json' \
-ManagementSubscriptionId '${{ env.MANAGEMENT_SUBSCRIPTION_ID }}' \
-GlobalDnsRgName '${{ env.GLOBAL_DNS_RG_NAME }}' \
-DataLandingZoneSubscriptionId '${{ env.DATA_LANDING_ZONE_SUBSCRIPTION_ID }}' \
-DataLandingZoneName '${{ env.DATA_LANDING_ZONE_NAME }}' \
-Location '${{ env.LOCATION }}' \
-SynapseStorageAccountName '${{ env.SYNAPSE_STORAGE_ACCOUNT_NAME }}' \
-SynapseStorageAccountFileSystemName '${{ env.SYNAPSE_STORAGE_ACCOUNT_FILE_SYSTEM_NAME }}'
# Create Pull Request
- name: Create Pull Request
id: create_pull_request
uses: peter-evans/create-pull-request@v3
with:
commit-message: 'Updated Parameters'
branch: 'parameter_update_${{ github.run_id }}'
title: 'Updated Parameters with GitHub Workflow Run ID ${{ github.run_id }}'
body: 'One last step to complete. Please Update the GitHub Workflow environment variables in <a href="/.github/workflows/dataNodeDeployment.yml">`/.github/workflows/dataNodeDeployment.yml`</a> (AZURE_SUBSCRIPTION_ID, AZURE_RESOURCE_GROUP_NAME, AZURE_LOCATION, etc.) as described [here]().'

163
code/runbooks/New-DataLandingZoneAadSetup.ps1
Просмотреть файл

@ -1,163 +0,0 @@
Param(
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string]
$EnterpriseScalePrefix,
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string]
$DataLandingZoneName,
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string]
$DataLandingZoneType,
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string]
$DataLandingZoneSubscriptionId,
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string]
$DataLandingZoneLocation,
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string[]]
$DataLandingZoneSubnetIds,
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string]
$DataLandingZoneOwnerObjectId,
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string]
$DataLandingZoneCostCode
)
# Get automation connection
Write-Host "Getting Automation Connection"
$connection = Get-AutomationConnection `
-Name "AzureRunAsConnection"
# Connect to Azure AD
Write-Host "Connecting to Azure AD"
Connect-AzureAD `
-Tenant $connection.TenantID `
-ApplicationId $connection.ApplicationID `
-CertificateThumbprint $connection.CertificateThumbprint
# Create Azure AD Security Group
Write-Host "Creating Azure AD Security Group"
$securityGroup = New-AzureADGroup `
-DisplayName "dd-${DataLandingZoneName}" `
-Description "Security Group of ${DataLandingZoneType} ${DataLandingZoneName}" `
-MailEnabled $false `
-MailNickName "NotSet" `
-SecurityEnabled $true
# Create Application
$application = New-AzureADApplication `
-DisplayName "${DataLandingZoneName}-Application" `
-IdentifierUris "https://${DataLandingZoneName}.${EnterpriseScalePrefix}.com"
# Create Service Principal
Write-Host "Creating Service Principle"
$servicePrincipal = New-AzureADServicePrincipal `
-AccountEnabled $true `
-AppId $application.AppId `
-AppRoleAssignmentRequired $true `
-DisplayName $application.DisplayName `
-Tags { WindowsAzureActiveDirectoryIntegratedApp }
# Create Service Principla Password Credential
Write-Host "Creating Service Principla Password Credential"
$password = ([System.Web.Security.Membership]::GeneratePassword(16, 5))
$startDate = [DateTime]::UtcNow
$endDate = [DateTime]::UtcNow.AddYears(100)
$servicePrincipalPasswordCredential = New-AzureADServicePrincipalPasswordCredential `
-ObjectId $servicePrincipal.ObjectId `
-Value $password `
-StartDate $startDate
#-EndDate [DateTime]::UtcNow.AddYears(100)
# Add Service Principle as Security Group Member
Write-Host "Adding Service Principle as Member to Security Group"
Add-AzureADGroupMember `
-ObjectId $securityGroup.ObjectId `
-RefObjectId $servicePrincipal.ObjectId
# Add Data Landing Zone Owner as Service Principle Owner
Write-Host "Adding Data Landing Zone Owner as Owner to Service Principle"
Add-AzureADServicePrincipalOwner `
-ObjectId $servicePrincipal.ObjectId `
-RefObjectId $DataLandingZoneOwnerObjectId
# Add Data Landing Zone Owner as Application Owner
Write-Host "Adding Data Landing Zone Owner as Application Owner"
Add-AzureADApplicationOwner `
-ObjectId $application.ObjectId `
-RefObjectId $DataLandingZoneOwnerObjectId
# Add Data Landing Zone Owner as Security Group Owner
Write-Host "Adding Data Landing Zone Owner as Security Group Owner"
Add-AzureADGroupOwner `
-ObjectId $securityGroup.ObjectId `
-RefObjectId $DataLandingZoneOwnerObjectId
# Get Az Connection
Write-Host "Getting Az Connection"
Connect-AzAccount `
-Tenant $connection.TenantID `
-ApplicationId $connection.ApplicationID `
-CertificateThumbprint $connection.CertificateThumbprint
# Set Az Context
Write-Host "Setting Az Context"
Set-AzContext `
-Subscription $DataLandingZoneSubscriptionId
# Create Resource Group
Write-Host "Creating Resource Group"
$dataLandingZoneResourceGroupName = "${DataLandingZoneName}-rg"
New-AzResourceGroup `
-Name $dataLandingZoneResourceGroupName `
-Location $DataLandingZoneLocation `
-Tag @{CostCode = "${DataLandingZoneCostCode}"; Owner = "${DataLandingZoneOwnerObjectId}" }
# Create Role Assignment to Resource Group
New-AzRoleAssignment `
-ObjectId $securityGroup.ObjectId `
-RoleDefinitionName "Contributor" `
-ResourceGroupName $dataLandingZoneResourceGroupName
foreach ($dataLandingZoneSubnetId in $DataLandingZoneSubnetIds) {
$dataLandingZoneSubnetIdObject = $dataLandingZoneSubnetId -split "/"
$resourceGroupName = $dataLandingZoneSubnetIdObject[4]
$virtualNetworkName = $dataLandingZoneSubnetIdObject[8]
$subnetName = $dataLandingZoneSubnetIdObject[10]
# Create Role Assignment to Subnet
Write-Host "Creating Role Assignment to Subnet"
New-AzRoleAssignment `
-ObjectId $securityGroup.ObjectId `
-RoleDefinitionName "Network Contributor" `
-ResourceName $subnetName `
-ResourceType Microsoft.Network/virtualNetworks/subnets `
-ParentResource "virtualNetworks/${virtualNetworkName}" `
-ResourceGroupName $resourceGroupName
}
# Create Output
Write-Host "Creating Output"
$output = @{
"SecurityGroupObjectId" = $securityGroup.ObjectId
"ServicePrincipalObjectId" = $servicePrincipal.ObjectId
"Password" = $password
}
Write-Output ( $output | ConvertTo-Json)

356
code/runbooks/New-DataLandingZoneDevOpsSetup.ps1
Просмотреть файл

@ -1,356 +0,0 @@
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[String]
$OrgName,
[Parameter(Mandatory = $true)]
[String]
$SourceProjectName,
[Parameter(Mandatory = $true)]
[String]
$SourceRepositoryName,
[Parameter(Mandatory = $true)]
[String]
$DestinationProjectName,
[Parameter(Mandatory = $true)]
[String]
$DestinationRepositoryName,
[Parameter(Mandatory = $true)]
[String]
$PatToken,
[Parameter(Position = 1, ValueFromRemainingArguments)]
$Remaining
)
function Invoke-DevOpsApiRequest {
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[String]
$PatToken,
[Parameter(Mandatory = $true)]
[String]
$RestMethod,
[Parameter(Mandatory = $true)]
[String]
$UriExtension,
[Parameter(Mandatory = $true)]
[String]
$Body,
[Parameter(Mandatory = $true)]
[String]
$ApiVersion
)
# Define Endpoint Uri
Write-Host "Defining Endpoint Uri"
$devOpsApiUri = "https://dev.azure.com/${UriExtension}?api-version=${ApiVersion}"
Write-Verbose "Endpoint URI: ${devOpsApiUri}"
# Define Header for REST call
Write-Verbose "Defining Header for REST call"
$base64PatToken = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$($PatToken)"))
$headers = @{
'Content-Type' = 'application/json'
'Authorization' = "Basic ${base64PatToken}"
}
Write-Verbose $headers.values
# Define parameters for REST method
Write-Verbose "Defining parameters for pscore method"
$parameters = @{
'Uri' = $devOpsApiUri
'Method' = $RestMethod
'Headers' = $headers
'Body' = $Body
'ContentType' = 'application/json'
}
# Invoke REST API
Write-Verbose "Invoking REST API"
try {
$response = Invoke-RestMethod @parameters
Write-Verbose "Response: ${response}"
}
catch {
Write-Host -ForegroundColor:Red $_
Write-Host -ForegroundColor:Red "StatusCode:" $_.Exception.Response.StatusCode.value__
Write-Host -ForegroundColor:Red "StatusDescription:" $_.Exception.Response.StatusDescription
Write-Host -ForegroundColor:Red $_.Exception.Message
throw "REST API call failed"
}
return $result
}
function Get-ProjectId {
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[String]
$ProjectName,
[Parameter(Mandatory = $true)]
[String]
$PatToken,
[Parameter(Mandatory = $true)]
[String]
$OrgName
)
# Define URI Extension
Write-Verbose "Defining URI Extension"
$uriExtension = "${OrgName}/_apis/projects"
# Define Body
Write-Verbose "Defining Body"
$body = @{} | ConvertTo-Json -Depth 5
# Call REST API
Write-Verbose "Calling REST API"
$result = Invoke-DevOpsApiRequest -PatToken $PatToken -RestMethod Get -UriExtension $uriExtension -Body $body -ApiVersion "6.0"
# Iterate through Projects and return ID
Write-Verbose "Iterating through Projects and returning ID"
foreach ($project in $result.value) {
if ($project.name -eq $ProjectName) {
return $project.id
}
}
return $null
}
function Get-RepositoryId {
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[String]
$RepositoryName,
[Parameter(Mandatory = $true)]
[String]
$ProjectId,
[Parameter(Mandatory = $true)]
[String]
$PatToken,
[Parameter(Mandatory = $true)]
[String]
$OrgName
)
# Define URI Extension
Write-Verbose "Defining URI Extension"
$uriExtension = "${OrgName}/${ProjectId}/_apis/git/repositories"
# Define Body
Write-Verbose "Defining Body"
$body = @{} | ConvertTo-Json -Depth 5
# Call REST API
Write-Verbose "Calling REST API"
$result = Invoke-DevOpsApiRequest -PatToken $PatToken -RestMethod Get -UriExtension $uriExtension -Body $body -ApiVersion "6.0"
# Iterate through Repositories and return ID
Write-Verbose "Iterating through Repositories and return ID"
foreach ($repository in $result.value) {
if ($repository.name -eq $RepositoryName) {
return $repository.id
}
}
}
function Add-Fork {
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[String]
$SourceRepositoryId,
[Parameter(Mandatory = $true)]
[String]
$SourceProjectId,
[Parameter(Mandatory = $true)]
[String]
$DestinationRepositoryName,
[Parameter(Mandatory = $true)]
[String]
$DestinationProjectId,
[Parameter(Mandatory = $true)]
[String]
$PatToken,
[Parameter(Mandatory = $true)]
[String]
$OrgName
)
# Define URI Extension
Write-Verbose "Defining URI Extension"
$uriExtension = "${OrgName}/_apis/git/repositories"
# Define Body
Write-Verbose "Defining Body"
$body = @{
"name" = $DestinationRepositoryName
"project" = @{
"id" = $DestinationProjectId
}
"parentRepository" = @{
"id" = $SourceRepositoryId
"project" = @{
"id" = $SourceProjectId
}
}
} | ConvertTo-Json -Depth 5
# Call REST API
Write-Verbose "Calling REST API"
$result = Invoke-DevOpsApiRequest -PatToken $PatToken -RestMethod Post -UriExtension $uriExtension -Body $body -ApiVersion "6.0"
return $result
}
function Add-Pipeline {
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[String]
$DestinationProjectId,
[Parameter(Mandatory = $true)]
[String]
$DestinationRepositoryId,
[Parameter(Mandatory = $true)]
[String]
$DestinationRepositoryName,
[Parameter(Mandatory = $true)]
[String]
$PatToken,
[Parameter(Mandatory = $true)]
[String]
$OrgName
)
# Define URI Extension
Write-Verbose "Defining URI Extension"
$uriExtension = "${OrgName}/${DestinationProjectId}/_apis/pipelines"
# Define Body
Write-Verbose "Defining Body"
$triggers = New-Object System.Collections.ArrayList
$triggers.Add(@{"settingsSourceType" = 2; "triggerType" = 2;})
$body = @{
"name" = "${DestinationRepositoryName}-NodeDeployment"
"folder" = "\\"
"configuration" = @{
"path" = ".ado/workflows/dataDomainDeployment.yml"
"repository" = @{
"id" = $DestinationRepositoryId
"name" = $DestinationRepositoryName
"type" = "azureReposGit"
"branch" = "main"
}
"type" = "yaml"
"triggers" = $triggers
}
} | ConvertTo-Json -Depth 5
# Call REST API
Write-Verbose "Calling REST API"
$result = Invoke-DevOpsApiRequest -PatToken $PatToken -RestMethod Post -UriExtension $uriExtension -Body $body -ApiVersion "6.0-preview"
return $result
}
function Add-PipelineRun {
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[String]
$DestinationProjectId,
[Parameter(Mandatory = $true)]
[String]
$PipelineId,
[Parameter(Mandatory = $true)]
[String]
$PatToken,
[Parameter(Mandatory = $true)]
[String]
$OrgName
)
# Define URI Extension
Write-Verbose "Defining URI Extension"
$uriExtension = "${OrgName}/${DestinationProjectId}/_apis/pipelines/${PipelineId}/runs"
# Define Body
Write-Verbose "Defining Body"
$body = @{
"previewRun" = $false
} | ConvertTo-Json -Depth 5
# Call REST API
Write-Verbose "Calling REST API"
$result = Invoke-DevOpsApiRequest -PatToken $PatToken -RestMethod Post -UriExtension $uriExtension -Body $body -ApiVersion "6.0-preview.1"
return $result
}
function Update-Repository {
[CmdletBinding()]
param (
)
# git clone ""
}
# Get Project IDs and Repository IDs
Write-Host "Getting Project IDs and Repository IDs"
$sourceProjectId = Get-ProjectId -ProjectName $SourceProjectName -PatToken $PatToken -OrgName $OrgName
$destinationProjectId = Get-ProjectId -ProjectName $DestinationProjectName -PatToken $PatToken -OrgName $OrgName
$sourceRepositoryId = Get-RepositoryId -RepositoryName $SourceRepositoryName -ProjectId $sourceProjectId -PatToken $PatToken -OrgName $OrgName
# Fork Repository
Write-Host "Fork Repository"
$result = Add-Fork -SourceRepositoryId $sourceRepositoryId -SourceProjectId $sourceProjectId -DestinationProjectId $destinationProjectId -DestinationRepositoryName $DestinationRepositoryName -PatToken $PatToken -OrgName $OrgName
Write-Verbose "Result from Forking the Repository: ${result}"
# Sleep for X Seconds to give the DevOps Backend Process some time to Finish
$seconds = 5
Write-Host "Sleeping for ${seconds} Seconds to give the DevOps Backend Process some time to Finish"
Start-Sleep -Seconds $seconds
# Get Repository ID of Fork
Write-Host "Getting Repository ID of Fork"
$destinationRepositoryId = Get-RepositoryId -RepositoryName $DestinationRepositoryName -ProjectId $destinationProjectId -PatToken $PatToken -OrgName $OrgName
# TODO: Update Parameter values (JSON and YAML)
# Create Pipeline in Fork
Write-Host "Creating Pipeline in Fork"
$result = Add-Pipeline -DestinationProjectId $destinationProjectId -DestinationRepositoryId $destinationRepositoryId -DestinationRepositoryName $DestinationRepositoryName -OrgName $OrgName -PatToken $PatToken
$pipelineId = $result.id
# # Trigger pipeline
# Write-Host "Triggering Pipeline"
# $result = Add-PipelineRun -DestinationProjectId $destinationProjectId -PipelineId $pipelineId -OrgName $OrgName -PatToken $PatToken
# Write-Verbose $result

110
code/runbooks/New-DataLandingZoneSubnet.ps1
Просмотреть файл

@ -1,110 +0,0 @@
Param(
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string]
$VirtualNetworkId,
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string]
$NetworkSecurityGroupId,
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string]
$RouteTableId,
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string]
$SubnetName,
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string]
$SubnetCidrRange,
[Parameter(Mandatory=$false)]
[Switch]
$PrivateLink
)
# Get Names for Setup
Write-Host "Getting Names for Setup"
$virtualNetworkObject = $VirtualNetworkId -split "/"
$subscriptionId = $virtualNetworkObject[2]
$resourceGroupName = $virtualNetworkObject[4]
$virtualNetworkName = $virtualNetworkObject[8]
$networkSecurityGroupIdObject = $NetworkSecurityGroupId -split "/"
$networkSecurityGroupName = $networkSecurityGroupIdObject[8]
$routeTableIdObject = $RouteTableId -split "/"
$routeTableName = $routeTableIdObject[8]
# Get automation connection
Write-Host "Getting Automation Connection"
$connection = Get-AutomationConnection `
-Name "AzureRunAsConnection"
# Get Az Connection
Write-Host "Getting Az Connection"
Connect-AzAccount `
-Tenant $connection.TenantID `
-ApplicationId $connection.ApplicationID `
-CertificateThumbprint $connection.CertificateThumbprint
# Set Az Context
Write-Host "Setting Az Context"
Set-AzContext `
-Subscription $subscriptionId
# Get Virtual Network
Write-Host "Getting Virtual Network"
$virtualNetwork = Get-AzVirtualNetwork `
-Name $virtualNetworkName `
-ResourceGroupName $resourceGroupName `
# Get Route Table
Write-Host "Getting Route Table"
$routeTable = Get-AzRouteTable `
-Name $routeTableName `
-ResourceGroupName $resourceGroupName `
# Get Network Security Group
Write-Host "Getting Network Security Group"
$networkSecurityGroup = Get-AzVirtualNetwork `
-Name $networkSecurityGroupName `
-ResourceGroupName $resourceGroupName `
# Add Subnet to VirtualNetwork
Write-Host "Adding Subnet to VirtualNetwork"
if ($PrivateLink) {
Add-AzVirtualNetworkSubnetConfig `
-Name $SubnetName `
-VirtualNetwork $virtualNetwork `
-AddressPrefix $SubnetCidrRange `
-NetworkSecurityGroup $networkSecurityGroup `
-RouteTable $routeTable `
-PrivateEndpointNetworkPoliciesFlag "Disabled" `
-PrivateLinkServiceNetworkPoliciesFlag "Disabled"
$virtualNetwork | Set-AzVirtualNetwork
}
else {
Add-AzVirtualNetworkSubnetConfig `
-Name $SubnetName `
-VirtualNetwork $virtualNetwork `
-AddressPrefix $SubnetCidrRange `
-NetworkSecurityGroup $networkSecurityGroup `
-RouteTable $routeTable `
-PrivateEndpointNetworkPoliciesFlag "Enabled" `
-PrivateLinkServiceNetworkPoliciesFlag "Enabled"
$virtualNetwork | Set-AzVirtualNetwork
}
# Create Output
Write-Host "Creating Output"
$output = @{
"SubnetId" = "${VirtualNetworkId}/subnets/${SubnetName}"
}
Write-Output ( $output | ConvertTo-Json)

1018
code/runbooks/New-PurviewDataSource.ps1
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

503
code/runbooks/Update-AutomationAzureModulesForAccount.ps1
Просмотреть файл

@ -1,503 +0,0 @@
<#
Copyright (c) Microsoft Corporation. All rights reserved.
Licensed under the MIT License.
Source: https://github.com/Microsoft/AzureAutomation-Account-Modules-Update
#>
<#
.SYNOPSIS
Update Azure PowerShell modules in an Azure Automation account.
.DESCRIPTION
This Azure Automation runbook updates Azure PowerShell modules imported into an
Azure Automation account with the module versions published to the PowerShell Gallery.
Prerequisite: an Azure Automation account with an Azure Run As account credential.
.PARAMETER ResourceGroupName
The Azure resource group name.
.PARAMETER AutomationAccountName
The Azure Automation account name.
.PARAMETER SimultaneousModuleImportJobCount
(Optional) The maximum number of module import jobs allowed to run concurrently.
.PARAMETER AzureModuleClass
(Optional) The class of module that will be updated (AzureRM or Az)
If set to Az, this script will rely on only Az modules to update other modules.
Set this to Az if your runbooks use only Az modules to avoid conflicts.
.PARAMETER AzureEnvironment
(Optional) Azure environment name.
.PARAMETER Login
(Optional) If $false, do not login to Azure.
.PARAMETER ModuleVersionOverrides
(Optional) Module versions to use instead of the latest on the PowerShell Gallery.
If $null, the currently published latest versions will be used.
If not $null, must contain a JSON-serialized dictionary, for example:
'{ "AzureRM.Compute": "5.8.0", "AzureRM.Network": "6.10.0" }'
or
@{ 'AzureRM.Compute'='5.8.0'; 'AzureRM.Network'='6.10.0' } | ConvertTo-Json
.PARAMETER PsGalleryApiUrl
(Optional) PowerShell Gallery API URL.
.LINK
https://docs.microsoft.com/en-us/azure/automation/automation-update-azure-modules
#>
[Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSUseApprovedVerbs", "")]
param(
[Parameter(Mandatory = $true)]
[string] $ResourceGroupName,
[Parameter(Mandatory = $true)]
[string] $AutomationAccountName,
[int] $SimultaneousModuleImportJobCount = 10,
[string] $AzureModuleClass = 'AzureRM',
[string] $AzureEnvironment = 'AzureCloud',
[bool] $Login = $true,
[string] $ModuleVersionOverrides = $null,
[string] $PsGalleryApiUrl = 'https://www.powershellgallery.com/api/v2'
)
$ErrorActionPreference = "Continue"
#region Constants
$script:AzureRMProfileModuleName = "AzureRM.Profile"
$script:AzureRMAutomationModuleName = "AzureRM.Automation"
$script:GetAzureRmAutomationModule = "Get-AzureRmAutomationModule"
$script:NewAzureRmAutomationModule = "New-AzureRmAutomationModule"
$script:AzAccountsModuleName = "Az.Accounts"
$script:AzAutomationModuleName = "Az.Automation"
$script:GetAzAutomationModule = "Get-AzAutomationModule"
$script:NewAzAutomationModule = "New-AzAutomationModule"
$script:AzureSdkOwnerName = "azure-sdk"
#endregion
#region Functions
function ConvertJsonDictTo-HashTable($JsonString) {
try{
$JsonObj = ConvertFrom-Json $JsonString -ErrorAction Stop
} catch [System.ArgumentException] {
throw "Unable to deserialize the JSON string for parameter ModuleVersionOverrides: ", $_
}
$Result = @{}
foreach ($Property in $JsonObj.PSObject.Properties) {
$Result[$Property.Name] = $Property.Value
}
$Result
}
# Use the Run As connection to login to Azure
function Login-AzureAutomation([bool] $AzModuleOnly) {
try {
$RunAsConnection = Get-AutomationConnection -Name "AzureRunAsConnection"
Write-Output "Logging in to Azure ($AzureEnvironment)..."
if (!$RunAsConnection.ApplicationId) {
$ErrorMessage = "Connection 'AzureRunAsConnection' is incompatible type."
throw $ErrorMessage
}
if ($AzModuleOnly) {
Connect-AzAccount `
-ServicePrincipal `
-TenantId $RunAsConnection.TenantId `
-ApplicationId $RunAsConnection.ApplicationId `
-CertificateThumbprint $RunAsConnection.CertificateThumbprint `
-Environment $AzureEnvironment
Select-AzSubscription -SubscriptionId $RunAsConnection.SubscriptionID | Write-Verbose
} else {
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $RunAsConnection.TenantId `
-ApplicationId $RunAsConnection.ApplicationId `
-CertificateThumbprint $RunAsConnection.CertificateThumbprint `
-Environment $AzureEnvironment
Select-AzureRmSubscription -SubscriptionId $RunAsConnection.SubscriptionID | Write-Verbose
}
} catch {
if (!$RunAsConnection) {
$RunAsConnection | fl | Write-Output
Write-Output $_.Exception
$ErrorMessage = "Connection 'AzureRunAsConnection' not found."
throw $ErrorMessage
}
throw $_.Exception
}
}
# Checks the PowerShell Gallery for the latest available version for the module
function Get-ModuleDependencyAndLatestVersion([string] $ModuleName) {
$ModuleUrlFormat = "$PsGalleryApiUrl/Search()?`$filter={1}&searchTerm=%27{0}%27&targetFramework=%27%27&includePrerelease=false&`$skip=0&`$top=40"
$ForcedModuleVersion = $ModuleVersionOverridesHashTable[$ModuleName]
$CurrentModuleUrl =
if ($ForcedModuleVersion) {
$ModuleUrlFormat -f $ModuleName, "Version%20eq%20'$ForcedModuleVersion'"
} else {
$ModuleUrlFormat -f $ModuleName, 'IsLatestVersion'
}
$SearchResult = Invoke-RestMethod -Method Get -Uri $CurrentModuleUrl -UseBasicParsing
if (!$SearchResult) {
Write-Verbose "Could not find module $ModuleName on PowerShell Gallery. This may be a module you imported from a different location. Ignoring this module"
} else {
if ($SearchResult.Length -and $SearchResult.Length -gt 1) {
$SearchResult = $SearchResult | Where-Object { $_.title.InnerText -eq $ModuleName }
}
if (!$SearchResult) {
Write-Verbose "Could not find module $ModuleName on PowerShell Gallery. This may be a module you imported from a different location. Ignoring this module"
} else {
$PackageDetails = Invoke-RestMethod -Method Get -UseBasicParsing -Uri $SearchResult.id
# Ignore the modules that are not published as part of the Azure SDK
if ($PackageDetails.entry.properties.Owners -ne $script:AzureSdkOwnerName) {
Write-Warning "Module : $ModuleName is not part of azure sdk. Ignoring this."
} else {
$ModuleVersion = $PackageDetails.entry.properties.version
$Dependencies = $PackageDetails.entry.properties.dependencies
@($ModuleVersion, $Dependencies)
}
}
}
}
function Get-ModuleContentUrl($ModuleName) {
$ModuleContentUrlFormat = "$PsGalleryApiUrl/package/{0}"
$VersionedModuleContentUrlFormat = "$ModuleContentUrlFormat/{1}"
$ForcedModuleVersion = $ModuleVersionOverridesHashTable[$ModuleName]
if ($ForcedModuleVersion) {
$VersionedModuleContentUrlFormat -f $ModuleName, $ForcedModuleVersion
} else {
$ModuleContentUrlFormat -f $ModuleName
}
}
# Imports the module with given version into Azure Automation
function Import-AutomationModule([string] $ModuleName, [bool] $UseAzModule = $false) {
$NewAutomationModule = $null
$GetAutomationModule = $null
if ($UseAzModule) {
$GetAutomationModule = $script:GetAzAutomationModule
$NewAutomationModule = $script:NewAzAutomationModule
} else {
$GetAutomationModule = $script:GetAzureRmAutomationModule
$NewAutomationModule = $script:NewAzureRmAutomationModule
}
$LatestModuleVersionOnGallery = (Get-ModuleDependencyAndLatestVersion $ModuleName)[0]
$ModuleContentUrl = Get-ModuleContentUrl $ModuleName
# Find the actual blob storage location of the module
do {
$ModuleContentUrl = (Invoke-WebRequest -Uri $ModuleContentUrl -MaximumRedirection 0 -UseBasicParsing -ErrorAction Ignore).Headers.Location
} while (!$ModuleContentUrl.Contains(".nupkg"))
$CurrentModule = & $GetAutomationModule `
-Name $ModuleName `
-ResourceGroupName $ResourceGroupName `
-AutomationAccountName $AutomationAccountName
if ($CurrentModule.Version -eq $LatestModuleVersionOnGallery) {
Write-Output "Module : $ModuleName is already present with version $LatestModuleVersionOnGallery. Skipping Import"
} else {
Write-Output "Importing $ModuleName module of version $LatestModuleVersionOnGallery to Automation"
& $NewAutomationModule `
-ResourceGroupName $ResourceGroupName `
-AutomationAccountName $AutomationAccountName `
-Name $ModuleName `
-ContentLink $ModuleContentUrl > $null
}
}
# Parses the dependency got from PowerShell Gallery and returns name and version
function GetModuleNameAndVersionFromPowershellGalleryDependencyFormat([string] $Dependency) {
if ($null -eq $Dependency) {
throw "Improper dependency format"
}
$Tokens = $Dependency -split":"
if ($Tokens.Count -ne 3) {
throw "Improper dependency format"
}
$ModuleName = $Tokens[0]
$ModuleVersion = $Tokens[1].Trim("[","]")
@($ModuleName, $ModuleVersion)
}
# Validates if the given list of modules has already been added to the module import map
function AreAllModulesAdded([string[]] $ModuleListToAdd) {
$Result = $true
foreach ($ModuleToAdd in $ModuleListToAdd) {
$ModuleAccounted = $false
# $ModuleToAdd is specified in the following format:
# ModuleName:ModuleVersionSpecification:
# where ModuleVersionSpecification follows the specifiation
# at https://docs.microsoft.com/en-us/nuget/reference/package-versioning#version-ranges-and-wildcards
# For example:
# AzureRm.profile:[4.0.0]:
# or
# AzureRm.profile:3.0.0:
# In any case, the dependency version specification is always separated from the module name with
# the ':' character. The explicit intent of this runbook is to always install the latest module versions,
# so we want to completely ignore version specifications here.
$ModuleNameToAdd = $ModuleToAdd -replace '\:.*', ''
foreach($AlreadyIncludedModules in $ModuleImportMapOrder) {
if ($AlreadyIncludedModules -contains $ModuleNameToAdd) {
$ModuleAccounted = $true
break
}
}
if (!$ModuleAccounted) {
$Result = $false
break
}
}
$Result
}
# Creates a module import map. This is a 2D array of strings so that the first
# element in the array consist of modules with no dependencies.
# The second element only depends on the modules in the first element, the
# third element only dependes on modules in the first and second and so on.
function Create-ModuleImportMapOrder([bool] $AzModuleOnly) {
$ModuleImportMapOrder = $null
$ProfileOrAccountsModuleName = $null
$GetAutomationModule = $null
# Use the relevant module class to avoid conflicts
if ($AzModuleOnly) {
$ProfileOrAccountsModuleName = $script:AzAccountsModuleName
$GetAutomationModule = $script:GetAzAutomationModule
} else {
$ProfileOrAccountsModuleName = $script:AzureRmProfileModuleName
$GetAutomationModule = $script:GetAzureRmAutomationModule
}
# Get all the non-conflicting modules in the current automation account
$CurrentAutomationModuleList = & $GetAutomationModule `
-ResourceGroupName $ResourceGroupName `
-AutomationAccountName $AutomationAccountName |
?{
($AzModuleOnly -and ($_.Name -eq 'Az' -or $_.Name -like 'Az.*')) -or
(!$AzModuleOnly -and ($_.Name -eq 'AzureRM' -or $_.Name -like 'AzureRM.*' -or
$_.Name -eq 'Azure' -or $_.Name -like 'Azure.*'))
}
# Get the latest version of the AzureRM.Profile OR Az.Accounts module
$VersionAndDependencies = Get-ModuleDependencyAndLatestVersion $ProfileOrAccountsModuleName
$ModuleEntry = $ProfileOrAccountsModuleName
$ModuleEntryArray = ,$ModuleEntry
$ModuleImportMapOrder += ,$ModuleEntryArray
do {
$NextAutomationModuleList = $null
$CurrentChainVersion = $null
# Add it to the list if the modules are not available in the same list
foreach ($Module in $CurrentAutomationModuleList) {
$Name = $Module.Name
Write-Verbose "Checking dependencies for $Name"
$VersionAndDependencies = Get-ModuleDependencyAndLatestVersion $Module.Name
if ($null -eq $VersionAndDependencies) {
continue
}
$Dependencies = $VersionAndDependencies[1].Split("|")
$AzureModuleEntry = $Module.Name
# If the previous list contains all the dependencies then add it to current list
if ((-not $Dependencies) -or (AreAllModulesAdded $Dependencies)) {
Write-Verbose "Adding module $Name to dependency chain"
$CurrentChainVersion += ,$AzureModuleEntry
} else {
# else add it back to the main loop variable list if not already added
if (!(AreAllModulesAdded $AzureModuleEntry)) {
Write-Verbose "Module $Name does not have all dependencies added as yet. Moving module for later import"
$NextAutomationModuleList += ,$Module
}
}
}
$ModuleImportMapOrder += ,$CurrentChainVersion
$CurrentAutomationModuleList = $NextAutomationModuleList
} while ($null -ne $CurrentAutomationModuleList)
$ModuleImportMapOrder
}
# Wait and confirm that all the modules in the list have been imported successfully in Azure Automation
function Wait-AllModulesImported(
[Collections.Generic.List[string]] $ModuleList,
[int] $Count,
[bool] $UseAzModule = $false) {
$GetAutomationModule = if ($UseAzModule) {
$script:GetAzAutomationModule
} else {
$script:GetAzureRmAutomationModule
}
$i = $Count - $SimultaneousModuleImportJobCount
if ($i -lt 0) { $i = 0 }
for ( ; $i -lt $Count; $i++) {
$Module = $ModuleList[$i]
Write-Output ("Checking import Status for module : {0}" -f $Module)
while ($true) {
$AutomationModule = & $GetAutomationModule `
-Name $Module `
-ResourceGroupName $ResourceGroupName `
-AutomationAccountName $AutomationAccountName
$IsTerminalProvisioningState = ($AutomationModule.ProvisioningState -eq "Succeeded") -or
($AutomationModule.ProvisioningState -eq "Failed")
if ($IsTerminalProvisioningState) {
break
}
Write-Verbose ("Module {0} is getting imported" -f $Module)
Start-Sleep -Seconds 30
}
if ($AutomationModule.ProvisioningState -ne "Succeeded") {
Write-Error ("Failed to import module : {0}. Status : {1}" -f $Module, $AutomationModule.ProvisioningState)
} else {
Write-Output ("Successfully imported module : {0}" -f $Module)
}
}
}
# Uses the module import map created to import modules.
# It will only import modules from an element in the array if all the modules
# from the previous element have been added.
function Import-ModulesInAutomationAccordingToDependency([string[][]] $ModuleImportMapOrder, [bool] $UseAzModule) {
foreach($ModuleList in $ModuleImportMapOrder) {
$i = 0
Write-Output "Importing Array of modules : $ModuleList"
foreach ($Module in $ModuleList) {
Write-Verbose ("Importing module : {0}" -f $Module)
Import-AutomationModule -ModuleName $Module -UseAzModule $UseAzModule
$i++
if ($i % $SimultaneousModuleImportJobCount -eq 0) {
# It takes some time for the modules to start getting imported.
# Sleep for sometime before making a query to see the status
Start-Sleep -Seconds 20
Wait-AllModulesImported -ModuleList $ModuleList -Count $i -UseAzModule $UseAzModule
}
}
if ($i -lt $SimultaneousModuleImportJobCount) {
Start-Sleep -Seconds 20
Wait-AllModulesImported -ModuleList $ModuleList -Count $i -UseAzModule $UseAzModule
}
}
}
function Update-ProfileAndAutomationVersionToLatest([string] $AutomationModuleName) {
# Get the latest azure automation module version
$VersionAndDependencies = Get-ModuleDependencyAndLatestVersion $AutomationModuleName
# Automation only has dependency on profile
$ModuleDependencies = GetModuleNameAndVersionFromPowershellGalleryDependencyFormat $VersionAndDependencies[1]
$ProfileModuleName = $ModuleDependencies[0]
# Create web client object for downloading data
$WebClient = New-Object System.Net.WebClient
# Download AzureRM.Profile to temp location
$ModuleContentUrl = Get-ModuleContentUrl $ProfileModuleName
$ProfileURL = (Invoke-WebRequest -Uri $ModuleContentUrl -MaximumRedirection 0 -UseBasicParsing -ErrorAction Ignore).Headers.Location
$ProfilePath = Join-Path $env:TEMP ($ProfileModuleName + ".zip")
$WebClient.DownloadFile($ProfileURL, $ProfilePath)
# Download AzureRM.Automation to temp location
$ModuleContentUrl = Get-ModuleContentUrl $AutomationModuleName
$AutomationURL = (Invoke-WebRequest -Uri $ModuleContentUrl -MaximumRedirection 0 -UseBasicParsing -ErrorAction Ignore).Headers.Location
$AutomationPath = Join-Path $env:TEMP ($AutomationModuleName + ".zip")
$WebClient.DownloadFile($AutomationURL, $AutomationPath)
# Create folder for unzipping the Module files
$PathFolderName = New-Guid
$PathFolder = Join-Path $env:TEMP $PathFolderName
# Unzip files
$ProfileUnzipPath = Join-Path $PathFolder $ProfileModuleName
Expand-Archive -Path $ProfilePath -DestinationPath $ProfileUnzipPath -Force
$AutomationUnzipPath = Join-Path $PathFolder $AutomationModuleName
Expand-Archive -Path $AutomationPath -DestinationPath $AutomationUnzipPath -Force
# Import modules
Import-Module (Join-Path $ProfileUnzipPath ($ProfileModuleName + ".psd1")) -Force -Verbose
Import-Module (Join-Path $AutomationUnzipPath ($AutomationModuleName + ".psd1")) -Force -Verbose
}
#endregion
#region Main body
if ($ModuleVersionOverrides) {
$ModuleVersionOverridesHashTable = ConvertJsonDictTo-HashTable $ModuleVersionOverrides
} else {
$ModuleVersionOverridesHashTable = @{}
}
$UseAzModule = $null
$AutomationModuleName = $null
# We want to support updating Az modules. This means this runbook should support upgrading using only Az modules
if ($AzureModuleClass -eq "Az") {
$UseAzModule = $true
$AutomationModuleName = $script:AzAutomationModuleName
} elseif ( $AzureModuleClass -eq "AzureRM") {
$UseAzModule = $false
$AutomationModuleName = $script:AzureRMAutomationModuleName
} else {
Write-Error "Invalid AzureModuleClass: '$AzureModuleClass'. Must be either Az or AzureRM" -ErrorAction Stop
}
# Import the latest version of the Az automation and accounts version to the local sandbox
Update-ProfileAndAutomationVersionToLatest $AutomationModuleName
if ($Login) {
Login-AzureAutomation $UseAzModule
}
$ModuleImportMapOrder = Create-ModuleImportMapOrder $UseAzModule
Import-ModulesInAutomationAccordingToDependency $ModuleImportMapOrder $UseAzModule
#endregion

62
code/runbooks/Update-DevOpsFork.ps1 → configs/UpdateParameters.ps1
Просмотреть файл

@ -1,13 +1,24 @@
[CmdletBinding()]
Param(
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string]
$Location,
$ConfigurationFilePath,
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string]
$SubscriptionId,
$ManagementSubscriptionId,
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string]
$GlobalDnsRgName,
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string]
$DataLandingZoneSubscriptionId,
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
@ -17,44 +28,23 @@ Param(
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string]
$SubnetId,
$Location,
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string]
$StorageAccountName,
$SynapseStorageAccountName,
[Parameter(Mandatory=$false)]
[Switch]
$StorageAccountFileSystemName,
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string]
$SynapseStorageAccountFileSystemName,
[Parameter(Mandatory=$false)]
[Switch]
$AzureResourceManagerConnectionName
)
function Clone-DevOpsRepostory {
[CmdletBinding()]
param (
)
# Clone Repository
Write-Host "Cloning Repository"
git clone ""
}
$configs = Get-Content -Path "config.json" -Raw | Out-String | ConvertFrom-Json
$Location = "WestEurope"
$SubscriptionId = "xxxxxx.xxxxxxxxxxxxxxxxx.xxxxxxxxxxx"
$DataLandingZoneName = "MyLandingZone"
$SubnetId = ""
$StorageAccountName = ""
$StorageAccountFileSystemName = ""
$AzureResourceManagerConnectionName = ""
function SetValue($Object, $Key, $Value) {
$p1, $p2 = $Key.Split(".")
if ($p2) {
@ -65,17 +55,9 @@ function SetValue($Object, $Key, $Value) {
}
}
Write-Host "Loading YAML Deployment File"
$parameterFile = Get-Content -Path ".ado/workflows/dataDomainDeployment.yml" -Raw | Out-String | ConvertFrom-Yaml -Ordered
Write-Host $parameterFile.variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME
$key = "variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME"
$value = "testtest"
SetValue -Object $parameterFile -Key $key -Value $value
Write-Host $parameterFile.variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME
# Loading Configuration File for Parameter Updates
Write-Host "Loading Configuration File for Parameter Updates"
$configs = Get-Content -Path $ConfigurationFilePath -Raw | Out-String | ConvertFrom-Json
foreach ($config in $configs) {
# Get Replacement Key-Value Pairs

117
configs/config.json Normal file
Просмотреть файл

@ -0,0 +1,117 @@
[
{
"filePath": "infra/ArtifactStorage/params.storage001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.storageAccountName.value": "${DataLandingZoneName}artifactstorage001"
}
},
{
"filePath": "infra/ContainerRegistry/params.containerRegistry001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.containerRegistryName.value": "${DataLandingZoneName}containerregistry001",
"parameters.subnetId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-network/providers/Microsoft.Network/virtualNetworks/${DataLandingZoneName}-vnet/subnets/${DataLandingZoneName}-privatelink-subnet",
"parameters.privateDnsZoneId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io"
}
},
{
"filePath": "infra/DnsForwarder/params.dnsForwarder001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.vmssName.value": "${DataLandingZoneName}dnsproxy001",
"parameters.storageAccountId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-network/providers/Microsoft.Storage/storageAccounts/${DataLandingZoneName}artifactstorage001",
"parameters.subnetId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-network/providers/Microsoft.Network/virtualNetworks/${DataLandingZoneName}-vnet/subnets/${DataLandingZoneName}-subnet"
}
},
{
"filePath": "infra/Firewall/params.firewall001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.firewallName.value": "${DataLandingZoneName}-firewall",
"parameters.firewallPolicyId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-network/providers/Microsoft.Network/firewallPolicies/${DataLandingZoneName}-firewallpolicy",
"parameters.subnetId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-network/providers/Microsoft.Network/virtualNetworks/${DataLandingZoneName}-vnet/subnets/AzureFirewallSubnet"
}
},
{
"filePath": "infra/FirewallPolicy/params.firewallPolicy001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.firewallPolicyName.value": "${DataLandingZoneName}-firewallpolicy"
}
},
{
"filePath": "infra/KeyVault/params.keyVault001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.keyVaultName.value": "${DataLandingZoneName}-keyvault001",
"parameters.subnetId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-network/providers/Microsoft.Network/virtualNetworks/${DataLandingZoneName}-vnet/subnets/${DataLandingZoneName}-privatelink-subnet",
"parameters.privateDnsZoneId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"
}
},
{
"filePath": "infra/PrivateDns/params.privateDns001.json",
"fileType": "json",
"parameters": {
"parameters.virtualNetworkId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-network/providers/Microsoft.Network/virtualNetworks/${DataLandingZoneName}-vnet"
}
},
{
"filePath": "infra/Purview/params.purview001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.keyVaultName.value": "${DataLandingZoneName}-purview001"
}
},
{
"filePath": "infra/Purview/params.purview001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.synapsePrivateLinkHubName.value": "${DataLandingZoneName}synapseprivatelinkhub001",
"parameters.subnetId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-network/providers/Microsoft.Network/virtualNetworks/${DataLandingZoneName}-vnet/subnets/${DataLandingZoneName}-privatelink-subnet",
"parameters.privateDnsZoneId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azuresynapse.net"
}
},
{
"filePath": "infra/VirtualNetwork/params.vnet.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.vnetName.value": "${DataLandingZoneName}-vnet",
"parameters.dataHubName.value": "${DataLandingZoneName}"
}
},
{
"filePath": "infra/VirtualNetworkPeering/params.vnetPeering001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.sourceVnetId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-network/providers/Microsoft.Network/virtualNetworks/${DataLandingZoneName}-vnet",
"parameters.destinationVnetId.value": "${NodeVnetId}"
}
},
{
"filePath": ".ado/workflows/dataHubDeployment.yml",
"fileType": "yaml",
"parameters": {
"variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME": "${AzureResourceManagerConnectionName}",
"variables.AZURE_SUBSCRIPTION_ID": "${DataLandingZoneSubscriptionId}",
"variables.AZURE_RESOURCE_GROUP_NAME_NETWORK": "${DataLandingZoneName}-network",
"variables.AZURE_RESOURCE_GROUP_NAME_GLOBAL_DNS": "${DataLandingZoneName}-global-dns",
"variables.AZURE_RESOURCE_GROUP_NAME_AUTOMATION": "${DataLandingZoneName}-automation",
"variables.AZURE_RESOURCE_GROUP_NAME_MANAGEMENT": "${DataLandingZoneName}-mgmt",
"variables.AZURE_RESOURCE_GROUP_NAME_CONSUMPTION": "${DataLandingZoneName}-consumption",
"variables.AZURE_RESOURCE_GROUP_NAME_CONTAINER": "${DataLandingZoneName}-container",
"variables.AZURE_RESOURCE_GROUP_NAME_GOVERNANCE": "${DataLandingZoneName}-governance",
"variables.AZURE_LOCATION": "${Location}"
}
}
]

60
docs/reference/deploy.dataHub.json
Просмотреть файл

@ -30,9 +30,35 @@
"description": "Specifies the admin password of the virtual machines."
}
},
"enableAzureFirewall": {
"enableDnsAndFirewall": {
"type": "bool",
"defaultValue": true
"defaultValue": true,
"metadata": {
"description": "Specifies whether Private DNS zones and Azure Firewall should be deployed."
}
},
"dnsServerAdresses": {
"type": "array",
"defaultValue": [
"10.0.0.4"
],
"metadata": {
"description": "Specifies a list of internal IP adresses of your DNS forwarders or internal IP address of your Azure Firewall if you have enabled DNS forwarding."
}
},
"firewallPrivateIp": {
"type": "string",
"defaultValue": "10.0.0.4",
"metadata": {
"description": "Specifies the private IP of your (Azure) Firewall."
}
},
"privateDnsZoneResourceGroupId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the ID of the resource group of the private dns zones, if you already have one that should be used."
}
}
},
"functions": [],
@ -40,10 +66,12 @@
"enterpriseScaleAnalyticsCompanyPrefix": "[parameters('enterpriseScaleAnalyticsCompanyPrefix')]",
"dataHubSubscriptionId": "[parameters('dataHubSubscriptionId')]",
"location": "[parameters('location')]",
"vmAdminPassword": "[parameters('vmAdminPassword')]",
"enableAzureFirewall": "[parameters('enableAzureFirewall')]",
"networkTemplateLink": "https://raw.githubusercontent.com/Azure/data-hub/main/docs/reference/deploy.network.json?token=AIHRGTXMDVLQNB4R5JDMYP3ADMR3U",
"servicesTemplateLink": "https://raw.githubusercontent.com/Azure/data-hub/main/docs/reference/deploy.services.json?token=AIHRGTUGHS4HVTWQKMQOEH3ADMR5A"
"dnsServerAdresses": "[parameters('dnsServerAdresses')]",
"firewallPrivateIp": "[parameters('firewallPrivateIp')]",
"privateDnsZoneResourceGroupId": "[parameters('privateDnsZoneResourceGroupId')]",
"enableDnsAndFirewall": "[parameters('enableDnsAndFirewall')]",
"networkTemplateLink": "https://raw.githubusercontent.com/Azure/data-hub/main/docs/reference/deploy.network.json",
"servicesTemplateLink": "https://raw.githubusercontent.com/Azure/data-hub/main/docs/reference/deploy.services.json"
},
"resources": [
{
@ -64,8 +92,14 @@
"enterpriseScaleAnalyticsCompanyPrefix": {
"value": "[variables('enterpriseScaleAnalyticsCompanyPrefix')]"
},
"enableAzureFirewall": {
"value": "[variables('enableAzureFirewall')]"
"enableDnsAndFirewall": {
"value": "[variables('enableDnsAndFirewall')]"
},
"dnsServerAdresses": {
"value": "[variables('dnsServerAdresses')]"
},
"firewallPrivateIp": {
"value": "[variables('firewallPrivateIp')]"
}
}
},
@ -93,16 +127,10 @@
"value": "[variables('enterpriseScaleAnalyticsCompanyPrefix')]"
},
"subnetId": {
"value": "[reference('networkDeployment').outputs.subnetId.value]"
},
"privateLinkSubnetId": {
"value": "[reference('networkDeployment').outputs.privateLinkSubnetId.value]"
},
"privateDnsZoneResourceGroupId": {
"value": "[reference('networkDeployment').outputs.privateDnsZoneResourceGroupId.value]"
},
"vmAdminPassword": {
"value": "[variables('vmAdminPassword')]"
"value": "[if(variables('enableDnsAndFirewall'), reference('networkDeployment').outputs.privateDnsZoneResourceGroupId.value, variables('privateDnsZoneResourceGroupId'))]"
}
}
},
@ -112,7 +140,7 @@
"outputs": {
"firewallPrivateIp": {
"type": "string",
"value": "[reference('networkDeployment').outputs.firewallName.value]"
"value": "[reference('networkDeployment').outputs.firewallPrivateIp.value]"
},
"privateDnsZoneResourceGroupId": {
"type": "string",

64
docs/reference/deploy.network.json
Просмотреть файл

@ -16,22 +16,43 @@
"description": "Specifies the location for all resources."
}
},
"enableAzureFirewall": {
"enableDnsAndFirewall": {
"type": "bool",
"defaultValue": true
"defaultValue": true,
"metadata": {
"description": "Specifies whether Private DNS zones and Azure Firewall should be deployed."
}
},
"dnsServerAdresses": {
"type": "array",
"defaultValue": [
"10.0.0.4"
],
"metadata": {
"description": "Specifies a list of internal IP adresses of your DNS forwarders or internal IP address of your Azure Firewall if you have enabled DNS forwarding."
}
},
"firewallPrivateIp": {
"type": "string",
"defaultValue": "10.0.0.4",
"metadata": {
"description": "Specifies the private IP of your (Azure) Firewall."
}
}
},
"functions": [],
"variables": {
"enterpriseScaleAnalyticsCompanyPrefix": "[parameters('enterpriseScaleAnalyticsCompanyPrefix')]",
"location": "[parameters('location')]",
"enableAzureFirewall": "[parameters('enableAzureFirewall')]",
"dnsServerAdresses": "[parameters('dnsServerAdresses')]",
"firewallPrivateIp": "[parameters('firewallPrivateIp')]",
"enableDnsAndFirewall": "[parameters('enableDnsAndFirewall')]",
"networkResourceGroupName": "[concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), '-dh-network')]",
"privateDnsZoneResourceGroupName": "[concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), '-dh-global-dns')]",
"vnetTemplateLink": "https://raw.githubusercontent.com/Azure/data-hub/main/infra/VirtualNetwork/deploy.vnet.json?token=AIHRGTW6PTVPD6URG3WF7ODADMRAS",
"privateDnsZoneTemplateLink": "https://raw.githubusercontent.com/Azure/data-hub/main/infra/PrivateDns/deploy.privateDns.json?token=AIHRGTVTXVNXEQSN54GCG7DADMRES",
"firewallPolicyTemplateLink": "https://raw.githubusercontent.com/Azure/data-hub/main/infra/FirewallPolicy/deploy.firewallPolicy.json?token=AIHRGTXVXXPUQP7C6QHCMWTADMRIQ",
"firewallTemplateLink": "https://raw.githubusercontent.com/Azure/data-hub/main/infra/Firewall/deploy.firewall.json?token=AIHRGTTJWKJOXKIL2X4WW6DADMRGQ",
"vnetTemplateLink": "https://raw.githubusercontent.com/Azure/data-hub/main/infra/VirtualNetwork/deploy.vnet.json",
"privateDnsZoneTemplateLink": "https://raw.githubusercontent.com/Azure/data-hub/main/infra/PrivateDns/deploy.privateDns.json",
"firewallPolicyTemplateLink": "https://raw.githubusercontent.com/Azure/data-hub/main/infra/FirewallPolicy/deploy.firewallPolicy.json",
"firewallTemplateLink": "https://raw.githubusercontent.com/Azure/data-hub/main/infra/Firewall/deploy.firewall.json",
"privateDnsZoneNames": [
"privatelink.afs.azure.net",
"privatelink.analysis.windows.net",
@ -88,6 +109,7 @@
"properties": {}
},
{
"condition": "[variables('enableDnsAndFirewall')]",
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2020-06-01",
"name": "[variables('privateDnsZoneResourceGroupName')]",
@ -113,18 +135,28 @@
},
"vnetName": {
"value": "[take(concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), '-dh-vnet'), 64)]"
},
"dataHubName": {
"value": "dh"
},
"dnsServerAdresses": {
"value": "[variables('dnsServerAdresses')]"
},
"firewallPrivateIp": {
"value": "[variables('firewallPrivateIp')]"
}
}
},
"resourceGroup": "[variables('networkResourceGroupName')]"
},
{
"condition": "[variables('enableDnsAndFirewall')]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "privateDnsZoneDeployment",
"name": "privateDnsZone001Deployment",
"dependsOn": [
"vnetDeployment",
"[resourceId('Microsoft.Resources/resourceGroups', variables('networkResourceGroupName'))]"
"[resourceId('Microsoft.Resources/resourceGroups', variables('privateDnsZoneResourceGroupName'))]"
],
"properties": {
"mode": "Incremental",
@ -144,10 +176,10 @@
"resourceGroup": "[variables('privateDnsZoneResourceGroupName')]"
},
{
"condition": "[variables('enableAzureFirewall')]",
"condition": "[variables('enableDnsAndFirewall')]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "firewallPolicyDeployment",
"name": "firewallPolicy001Deployment",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups', variables('networkResourceGroupName'))]"
],
@ -169,13 +201,13 @@
"resourceGroup": "[variables('networkResourceGroupName')]"
},
{
"condition": "[variables('enableAzureFirewall')]",
"condition": "[variables('enableDnsAndFirewall')]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "firewallDeployment",
"name": "firewall001Deployment",
"dependsOn": [
"vnetDeployment",
"firewallPolicyDeployment",
"firewallPolicy001Deployment",
"[resourceId('Microsoft.Resources/resourceGroups', variables('networkResourceGroupName'))]"
],
"properties": {
@ -213,11 +245,11 @@
},
"privateDnsZoneResourceGroupId": {
"type": "string",
"value": "[resourceId('Microsoft.Resources/resourceGroups', variables('privateDnsZoneResourceGroupName'))]"
"value": "[if(variables('enableDnsAndFirewall'), resourceId('Microsoft.Resources/resourceGroups', variables('privateDnsZoneResourceGroupName')), null())]"
},
"firewallPrivateIp": {
"type": "string",
"value": "[if(variables('enableAzureFirewall'), reference('firewallDeployment').outputs.firewallPrivateIp.value, null())]"
"value": "[if(variables('enableDnsAndFirewall'), reference('firewallDeployment').outputs.firewallPrivateIp.value, null())]"
}
}
}

306
docs/reference/deploy.services.json
Просмотреть файл

@ -23,25 +23,12 @@
"description": "Specifies the id of the subnet that should be used for non private link private endpoints."
}
},
"privateLinkSubnetId": {
"type": "string",
"defaultValue": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/<your-rg-name>/providers/Microsoft.Network/virtualNetworks/<your-vnet-name>/subnets/<your-subnet-name>",
"metadata": {
"description": "Specifies the id of the subnet that should be used for private endpoints."
}
},
"privateDnsZoneResourceGroupId": {
"type": "string",
"defaultValue": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/<your-rg-name>",
"metadata": {
"description": "Specifies the ID of the resource group of the private dns zones."
}
},
"vmAdminPassword": {
"type": "securestring",
"metadata": {
"description": "Specifies the admin password of the virtual machines."
}
}
},
"functions": [],
@ -49,27 +36,17 @@
"enterpriseScaleAnalyticsCompanyPrefix": "[parameters('enterpriseScaleAnalyticsCompanyPrefix')]",
"location": "[parameters('location')]",
"subnetId": "[parameters('subnetId')]",
"privateLinkSubnetId": "[parameters('privateLinkSubnetId')]",
"vmAdminPassword": "[parameters('vmAdminPassword')]",
"privateDnsZoneResourceGroupId": "[parameters('privateDnsZoneResourceGroupId')]",
"privateDnsZoneResourceGroupName": "[last(split(variables('privateDnsZoneResourceGroupId'), '/'))]",
"governanceResourceGroupName": "[concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), '-dh-governance')]",
"containerResourceGroupName": "[concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), '-dh-container')]",
"managementResourceGroupName": "[concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), '-dh-mgmt')]",
"integrationResourceGroupName": "[concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), '-dh-integration')]",
"consumptionResourceGroupName": "[concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), '-dh-consumption')]",
"loggingResourceGroupName": "[concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), '-dh-logging')]",
"purviewRegions": ["brazilsouth", "eastus", "eastus2", "southeastasia", "westeurope"],
"containerRegistryTemplateLink": "https://raw.githubusercontent.com/Azure/data-hub/main/infra/ContainerRegistry/deploy.containerRegistry.json?token=AIHRGTVMJI7A6QKV2OJV37LADMRK2",
"keyVaultTemplateLink": "https://raw.githubusercontent.com/Azure/data-hub/main/infra/KeyVault/deploy.keyVault.json?token=AIHRGTW3LXSAVG5ZU52IAH3ADMRMU",
"logAnalyticsTemplateLink": "https://raw.githubusercontent.com/Azure/data-hub/main/infra/LogAnalytics/deploy.logAnalytics.json?token=AIHRGTXTLJZN6E33IE2L3ULADMROK",
"storageTemplateLink": "https://raw.githubusercontent.com/Azure/data-hub/main/infra/Storage/deploy.storage.json?token=AIHRGTSUXZHQF6ZN5H4ZA5DADMRQA",
"dataFactoryTemplateLink": "https://raw.githubusercontent.com/Azure/data-hub/main/infra/DataFactory/deploy.dataFactory.json?token=AIHRGTVALL24L3BDJ5YSNITADMRRS",
"powerBiTemplateLink": "https://raw.githubusercontent.com/Azure/data-hub/main/infra/PowerBi/deploy.powerBi.json?token=AIHRGTTCDEL3BROAOELDETLADMRTG",
"shirTemplateLink": "https://raw.githubusercontent.com/Azure/data-hub/main/docs/reference/deploy.shir.json?token=AIHRGTTYMQ46AUFB2OTZPDLADMRZS",
"purviewTemplateLink": "https://raw.githubusercontent.com/Azure/data-hub/main/infra/Purview/deploy.purview.json?token=AIHRGTSD4TBDYDGHWCKDWETADMRUU",
"synapsePrivateLinkHubTemplateLink": "https://raw.githubusercontent.com/Azure/data-hub/main/infra/SynapsePrivateLinkHub/deploy.synapsePrivateLinkHub.json?token=AIHRGTTZCCF2X2QUQEQRNODADMRWG",
"shirScriptLink": "https://raw.githubusercontent.com/Azure/data-hub/main/infra/SelfHostedIntegrationRuntime/installSHIRGateway.ps1?token=AIHRGTXFTRZAVAKYRQA2BY3ADMRX6"
"containerRegistryTemplateLink": "https://raw.githubusercontent.com/Azure/data-hub/main/infra/ContainerRegistry/deploy.containerRegistry.json",
"keyVaultTemplateLink": "https://raw.githubusercontent.com/Azure/data-hub/main/infra/KeyVault/deploy.keyVault.json",
"purviewTemplateLink": "https://raw.githubusercontent.com/Azure/data-hub/main/infra/Purview/deploy.purview.json",
"synapsePrivateLinkHubTemplateLink": "https://raw.githubusercontent.com/Azure/data-hub/main/infra/SynapsePrivateLinkHub/deploy.synapsePrivateLinkHub.json"
},
"resources": [
{
@ -93,13 +70,6 @@
"location": "[variables('location')]",
"properties": {}
},
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2020-06-01",
"name": "[variables('integrationResourceGroupName')]",
"location": "[variables('location')]",
"properties": {}
},
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2020-06-01",
@ -107,49 +77,12 @@
"location": "[variables('location')]",
"properties": {}
},
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2020-06-01",
"name": "[variables('loggingResourceGroupName')]",
"location": "[variables('location')]",
"properties": {}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "containerRegistry001Deployment",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups', variables('containerResourceGroupName'))]"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('containerRegistryTemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"location": {
"value": "[variables('location')]"
},
"containerRegistryName": {
"value": "[take(concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), 'dhcontainerregistry001', uniqueString(subscription().subscriptionId, resourceGroup().id)), 50)]"
},
"subnetId": {
"value": "[variables('privateLinkSubnetId')]"
},
"privateDnsZoneId": {
"value": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', variables('privateDnsZoneResourceGroupName'), '/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io')]"
}
}
},
"resourceGroup": "[variables('containerResourceGroupName')]"
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "keyVault001Deployment",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups', variables('managementResourceGroupName'))]"
"[resourceId('Microsoft.Resources/resourceGroups', variables('governanceResourceGroupName'))]"
],
"properties": {
"mode": "Incremental",
@ -165,67 +98,7 @@
"value": "[take(concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), '-dh-keyvault001', uniqueString(subscription().subscriptionId, resourceGroup().id)), 24)]"
},
"subnetId": {
"value": "[variables('privateLinkSubnetId')]"
},
"privateDnsZoneId": {
"value": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', variables('privateDnsZoneResourceGroupName'), '/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net')]"
}
}
},
"resourceGroup": "[variables('managementResourceGroupName')]"
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "keyVault002Deployment",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups', variables('loggingResourceGroupName'))]"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('keyVaultTemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"location": {
"value": "[variables('location')]"
},
"keyVaultName": {
"value": "[take(concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), '-dh-keyvault002', uniqueString(subscription().subscriptionId, resourceGroup().id)), 24)]"
},
"subnetId": {
"value": "[variables('privateLinkSubnetId')]"
},
"privateDnsZoneId": {
"value": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', variables('privateDnsZoneResourceGroupName'), '/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net')]"
}
}
},
"resourceGroup": "[variables('loggingResourceGroupName')]"
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "keyVault003Deployment",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups', variables('governanceResourceGroupName'))]"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('keyVaultTemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"location": {
"value": "[variables('location')]"
},
"keyVaultName": {
"value": "[take(concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), '-dh-keyvault003', uniqueString(subscription().subscriptionId, resourceGroup().id)), 24)]"
},
"subnetId": {
"value": "[variables('privateLinkSubnetId')]"
"value": "[variables('subnetId')]"
},
"privateDnsZoneId": {
"value": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', variables('privateDnsZoneResourceGroupName'), '/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net')]"
@ -237,7 +110,7 @@
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "purview003Deployment",
"name": "purview001Deployment",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups', variables('governanceResourceGroupName'))]"
],
@ -261,142 +134,37 @@
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "logAnalytics001Deployment",
"name": "containerRegistry001Deployment",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups', variables('loggingResourceGroupName'))]",
"keyVault002Deployment"
"[resourceId('Microsoft.Resources/resourceGroups', variables('containerResourceGroupName'))]"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('logAnalyticsTemplateLink')]",
"uri": "[variables('containerRegistryTemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"location": {
"value": "[variables('location')]"
},
"logAnalyticsWorkspaceName": {
"value": "[take(concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), '-dh-la001', uniqueString(subscription().subscriptionId, resourceGroup().id)), 63)]"
},
"keyVaultId": {
"value": "[reference('keyVault002Deployment').outputs.keyVaultId.value]"
}
}
},
"resourceGroup": "[variables('loggingResourceGroupName')]"
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "storage001Deployment",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups', variables('integrationResourceGroupName'))]"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('storageTemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"location": {
"value": "[variables('location')]"
},
"storageAccountName": {
"value": "[take(concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), 'datahubstorage001', uniqueString(subscription().subscriptionId, resourceGroup().id)), 24)]"
},
"storageAccountType": {
"value": "Standard_LRS"
}
}
},
"resourceGroup": "[variables('integrationResourceGroupName')]"
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "dataFactory001Deployment",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups', variables('integrationResourceGroupName'))]"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('dataFactoryTemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"location": {
"value": "[variables('location')]"
},
"dataFactoryName": {
"value": "[take(concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), '-dh-datafactory001', uniqueString(subscription().subscriptionId, resourceGroup().id)), 63)]"
},
"subnetId": {
"value": "[variables('privateLinkSubnetId')]"
},
"privateDnsZoneIdDataFactory": {
"value": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', variables('privateDnsZoneResourceGroupName'), '/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net')]"
},
"privateDnsZoneIdPortal": {
"value": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', variables('privateDnsZoneResourceGroupName'), '/providers/Microsoft.Network/privateDnsZones/privatelink.azure.com')]"
}
}
},
"resourceGroup": "[variables('integrationResourceGroupName')]"
},
{
"condition": true,
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "shir001Deployment",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups', variables('integrationResourceGroupName'))]",
"dataFactory001Deployment"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('shirTemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"location": {
"value": "[variables('location')]"
},
"vmssName": {
"value": "[take(concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), 'dhSHIR001'), 64)]"
},
"vmssSkuTier": {
"value": "Standard"
},
"vmssSkuName": {
"value": "Standard_A1_v2"
},
"vmssAdminUsername": {
"value": "VmssMainUser"
},
"vmssAdminPassword": {
"value": "[variables('vmAdminPassword')]"
},
"dataFactoryId": {
"value": "[reference('dataFactory001Deployment').outputs.dataFactoryId.value]"
"containerRegistryName": {
"value": "[take(concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), 'dhcontainerregistry001', uniqueString(subscription().subscriptionId, resourceGroup().id)), 50)]"
},
"subnetId": {
"value": "[variables('subnetId')]"
},
"fileUri": {
"value": "[variables('shirScriptLink')]"
"privateDnsZoneId": {
"value": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', variables('privateDnsZoneResourceGroupName'), '/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io')]"
}
}
},
"resourceGroup": "[variables('integrationResourceGroupName')]"
"resourceGroup": "[variables('containerResourceGroupName')]"
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "synapsePrivateLinkHubDeployment",
"name": "synapsePrivateLinkHub001Deployment",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups', variables('consumptionResourceGroupName'))]"
],
@ -414,53 +182,13 @@
"value": "[take(concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), 'dhsynapseprivatelinkhub'), 45)]"
},
"subnetId": {
"value": "[variables('privateLinkSubnetId')]"
"value": "[variables('subnetId')]"
},
"privateDnsZoneId": {
"value": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', variables('privateDnsZoneResourceGroupName'), '/providers/Microsoft.Network/privateDnsZones/privatelink.azuresynapse.net')]"
}
}
},
"resourceGroup": "[variables('integrationResourceGroupName')]"
},
{
"condition": false,
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "powerBi001Deployment",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups', variables('consumptionResourceGroupName'))]"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('powerBiTemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"location": {
"value": "[variables('location')]"
},
"powerBiName": {
"value": "[concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), '-dh-powerbi001')]"
},
"tenantId": {
"value": "[subscription().tenantId]"
},
"subnetId": {
"value": "[variables('privateLinkSubnetId')]"
},
"privateDnsZoneIdAnalysis": {
"value": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', variables('privateDnsZoneResourceGroupName'), '/providers/Microsoft.Network/privateDnsZones/privatelink.analysis.windows.net')]"
},
"privateDnsZoneIdPbiDedicated": {
"value": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', variables('privateDnsZoneResourceGroupName'), '/providers/Microsoft.Network/privateDnsZones/privatelink.pbidedicated.windows.net')]"
},
"privateDnsZoneIdPowerQuery": {
"value": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', variables('privateDnsZoneResourceGroupName'), '/providers/Microsoft.Network/privateDnsZones/privatelink.tip1.powerquery.microsoft.com')]"
}
}
},
"resourceGroup": "[variables('consumptionResourceGroupName')]"
}
],

41
infra/ApiConnection/deploy.apiConnection.json
Просмотреть файл

@ -1,41 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"apiConnectionName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the api connection."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"apiConnectionName": "[parameters('apiConnectionName')]"
},
"resources": [
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"name": "[variables('apiConnectionName')]",
"location": "[variables('location')]",
"kind": "V1",
"properties": {
"displayName": "[variables('apiConnectionName')]",
"customParameterValues": {},
"api": {
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('location'), '/managedApis/', variables('apiConnectionName'))]"
}
}
}
],
"outputs": {}
}

12
infra/ApiConnection/params.apiConnection001.json
Просмотреть файл

@ -1,12 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"apiConnectionName": {
"value": "arm"
}
}
}

12
infra/ApiConnection/params.apiConnection002.json
Просмотреть файл

@ -1,12 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"apiConnectionName": {
"value": "azuread"
}
}
}

0
infra/Storage/deploy.storage.json → infra/ArtifactStorage/deploy.storage.json
Просмотреть файл

2
infra/Storage/params.storage001.json → infra/ArtifactStorage/params.storage001.json
Просмотреть файл

@ -6,7 +6,7 @@
"value": "northeurope"
},
"storageAccountName": {
"value": "datahubstorage001"
"value": "dhartifactstorage001"
},
"storageAccountType": {
"value": "Standard_LRS"

147
infra/AutomationAccount/deploy.automationAccount.json
Просмотреть файл

@ -1,147 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"automationAccountName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the container registry."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneId": {
"type": "string",
"metadata": {
"description": "Specifies the resource ID of the private dns zone for azure automation."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"automationAccountName": "[parameters('automationAccountName')]",
"subnetId": "[parameters('subnetId')]",
"privateDnsZoneId": "[parameters('privateDnsZoneId')]",
"privateEndpointName": "[concat(variables('automationAccountName'), '-webhook-private-endpoint')]"
},
"resources": [
{
"type": "Microsoft.Automation/automationAccounts",
"apiVersion": "2015-10-31",
"name": "[variables('automationAccountName')]",
"location": "[variables('location')]",
"properties": {
"sku": {
"name": "Basic"
}
},
"resources": [
// {
// "type": "modules",
// "apiVersion": "2015-10-31",
// "name": "Az.Accounts",
// "dependsOn": [
// "[resourceId('Microsoft.Automation/automationAccounts', variables('automationAccountName'))]"
// ],
// "properties": {
// "contentLink": {}
// }
// },
// {
// "type": "modules",
// "apiVersion": "2015-10-31",
// "name": "Az.Resources",
// "dependsOn": [
// "[resourceId('Microsoft.Automation/automationAccounts', variables('automationAccountName'))]"
// ],
// "properties": {
// "contentLink": {}
// }
// },
// {
// "type": "modules",
// "apiVersion": "2015-10-31",
// "name": "AzureAD",
// "dependsOn": [
// "[resourceId('Microsoft.Automation/automationAccounts', variables('automationAccountName'))]"
// ],
// "properties": {
// "contentLink": {}
// }
// },
// {
// "type": "modules",
// "apiVersion": "2015-10-31",
// "name": "DatabricksPS",
// "dependsOn": [
// "[resourceId('Microsoft.Automation/automationAccounts', variables('automationAccountName'))]"
// ],
// "properties": {
// "contentLink": {
// "uri": ""
// }
// }
// }
]
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointName')]",
"dependsOn": [
"[resourceId('Microsoft.Automation/automationAccounts', variables('automationAccountName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Automation/automationAccounts', variables('automationAccountName'))]",
"groupIds": [
"Webhook"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointName'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointName'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneId')]"
}
}
]
}
}
],
"outputs": {}
}

18
infra/AutomationAccount/params.automationAccount001.json
Просмотреть файл

@ -1,18 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"automationAccountName": {
"value": "dh-automationaccount001"
},
"subnetId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-network/providers/Microsoft.Network/virtualNetworks/dh-vnet/subnets/dh-privatelink-subnet"
},
"privateDnsZoneId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-automation.net"
}
}
}

163
infra/DataFactory/deploy.dataFactory.json
Просмотреть файл

@ -1,163 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"dataFactoryName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the data factory."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneIdDataFactory": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone for data factory."
}
},
"privateDnsZoneIdPortal": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone for data factory portal."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"dataFactoryName": "[parameters('dataFactoryName')]",
"subnetId": "[parameters('subnetId')]",
"privateDnsZoneIdDataFactory": "[parameters('privateDnsZoneIdDataFactory')]",
"privateDnsZoneIdPortal": "[parameters('privateDnsZoneIdPortal')]",
"privateEndpointNameDataFactory": "[concat(variables('dataFactoryName'), '-datafactory-private-endpoint')]",
"privateEndpointNamePortal": "[concat(variables('dataFactoryName'), '-portal-private-endpoint')]"
},
"resources": [
{
"type": "Microsoft.DataFactory/factories",
"apiVersion": "2018-06-01",
"name": "[variables('dataFactoryName')]",
"location": "[variables('location')]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"globalParameters": {
},
"publicNetworkAccess": "Disabled"
},
"resources": [
]
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointNameDataFactory')]",
"dependsOn": [
"[resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointNameDataFactory')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName'))]",
"groupIds": [
"dataFactory"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointNameDataFactory'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointNameDataFactory'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointNameDataFactory'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneIdDataFactory')]"
}
}
]
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointNamePortal')]",
"dependsOn": [
"[resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointNamePortal')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName'))]",
"groupIds": [
"portal"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointNamePortal'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointNamePortal'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointNamePortal'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneIdPortal')]"
}
}
]
}
}
],
"outputs": {
"dataFactoryId": {
"type": "string",
"value": "[resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName'))]"
}
}
}

21
infra/DataFactory/params.dataFactory001.json
Просмотреть файл

@ -1,21 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"dataFactoryName": {
"value": "dh-datafactory001"
},
"subnetId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-network/providers/Microsoft.Network/virtualNetworks/dh-vnet/subnets/dh-privatelink-subnet"
},
"privateDnsZoneIdDataFactory": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net"
},
"privateDnsZoneIdPortal": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure.com"
}
}
}

2
infra/DnsForwarder/params.dnsForwarder001.json
Просмотреть файл

@ -18,7 +18,7 @@
"value": "VmssMainUser"
},
"storageAccountId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-integration/providers/Microsoft.Storage/storageAccounts/datahubstorage001"
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-network/providers/Microsoft.Storage/storageAccounts/dhartifactstorage001"
},
"storageAccountContainerName": {
"value": "scripts"

251
infra/Function/deploy.function.json
Просмотреть файл

@ -1,251 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"functionName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the azure function."
}
},
"serverFarmSkuName": {
"type": "string",
"defaultValue": "Y1",
"metadata": {
"description": "Specifies the sku name of the serverfarm of the Azure function."
}
},
"serverFarmSkuTier": {
"type": "string",
"defaultValue": "Dynamic",
"metadata": {
"description": "Specifies the sku tier of the serverfarm of the Azure function."
}
},
"storageAccountId": {
"type": "string",
"metadata": {
"description": "Specifies the resource ID of the storage account that should be used for the Azure function."
}
},
"logAnalyticsWorkspaceId": {
"type": "string",
"metadata": {
"description": "Specifies the resource ID of the log analytics workspace that should be used for the Azure function."
}
},
"integrationSubnetId": {
"type": "string",
"metadata": {
"description": "Specifies the resource ID of the subnet that should be used for the Azure function vnet integration."
}
},
"privateEndpointSubnetId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneId": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"functionName": "[parameters('functionName')]",
"serverFarmName": "[concat(variables('functionName'), '-server-farm')]",
"serverFarmSkuName": "[parameters('serverFarmSkuName')]",
"serverFarmSkuTier": "[parameters('serverFarmSkuTier')]",
"applicationInsightsName": "[concat(variables('functionName'), '-application-insights')]",
"logAnalyticsWorkspaceId": "[parameters('logAnalyticsWorkspaceId')]",
"storageAccountId": "[parameters('storageAccountId')]",
"storageAccountName": "[last(split(variables('storageAccountId'), '/'))]",
"integrationSubnetId": "[parameters('integrationSubnetId')]",
"privateEndpointSubnetId": "[parameters('privateEndpointSubnetId')]",
"privateDnsZoneId": "[parameters('privateDnsZoneId')]",
"privateEndpointName": "[concat(variables('functionName'), '-private-endpoint')]"
},
"resources": [
{
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2020-06-01",
"name": "[variables('serverFarmName')]",
"location": "[variables('location')]",
"kind": "",
"sku": {
"name": "[variables('serverFarmSkuName')]",
"tier": "[variables('serverFarmSkuTier')]",
"capacity": 1
},
"properties": {
"name": "[variables('serverFarmName')]",
"targetWorkerSizeId": 3,
"targetWorkerCount": 1,
"maximumElasticWorkerCount": 20,
"perSiteScaling": false,
"isSpot": false,
"reserved": false,
"hyperV": false
}
},
{
"type": "Microsoft.Insights/components",
"apiVersion": "2020-02-02-preview",
"name": "[variables('applicationInsightsName')]",
"location": "[variables('location')]",
"properties": {
"Application_Type": "web",
"Flow_Type": "Bluefield",
"Request_Source": "rest",
"DisableIpMasking": false,
"WorkspaceResourceId": "[variables('logAnalyticsWorkspaceId')]",
"publicNetworkAccessForIngestion": "Enabled",
"publicNetworkAccessForQuery": "Enabled"
}
},
{
"type": "Microsoft.Web/sites",
"apiVersion": "2020-06-01",
"name": "[variables('functionName')]",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('serverFarmName'))]",
"[resourceId('Microsoft.Insights/components', variables('applicationInsightsName'))]"
],
"location": "[variables('location')]",
"kind": "functionapp",
"properties": {
"name": "[variables('functionName')]",
"serverFarmId": "[resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Web/serverfarms', variables('serverFarmName'))]",
"clientAffinityEnabled": true,
"clientCertEnabled": false,
"httpsOnly": true,
"enabled": true,
"reserved": false,
"hyperV": false,
"isXenon": false,
"redundancyMode": "None",
"hostNamesDisabled": false,
"scmSiteAlsoStopped": false,
"siteConfig": {
"powerShellVersion": "~7",
"minTlsVersion": "1.2",
"http20Enabled": true,
"ftpsState": "Disabled",
"use32BitWorkerProcess": true,
"alwaysOn": false,
"appSettings": [
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~3"
},
{
"name": "FUNCTIONS_WORKER_RUNTIME",
"value": "powershell"
},
{
"name": "APPINSIGHTS_INSTRUMENTATIONKEY",
"value": "[reference(resourceId('Microsoft.Insights/components', variables('applicationInsightsName')), '2020-02-02-preview').InstrumentationKey]"
},
{
"name": "APPLICATIONINSIGHTS_CONNECTION_STRING",
"value": "[reference(resourceId('Microsoft.Insights/components', variables('applicationInsightsName')), '2020-02-02-preview').ConnectionString]"
},
{
"name": "AzureWebJobsStorage",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountId'),'2019-06-01').keys[0].value, ';EndpointSuffix=', 'core.windows.net')]"
},
{
"name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountId'),'2019-06-01').keys[0].value, ';EndpointSuffix=', 'core.windows.net')]" // @Microsoft.KeyVault(SecretUri=https://secure-settings-demo.vault.azure.net/secrets/my-secret/)
},
{
"name": "WEBSITE_CONTENTSHARE",
"value": "[toLower('functionName')]"
},
{
"name": "WEBSITE_VNET_ROUTE_ALL",
"value": "1"
},
{
"name": "WEBSITE_DNS_SERVER",
"value": "168.63.129.16"
}
]
}
},
"resources": [
{
"type": "networkConfig",
"apiVersion": "2020-06-01",
"name": "virtualNetwork",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('functionName'))]"
],
"location": "[variables('location')]",
"properties": {
"subnetResourceid": "[variables('integrationSubnetId')]",
"swiftSupported": true
}
}
]
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointName')]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('functionName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Web/sites', variables('functionName'))]",
"groupIds": [
"sites"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('privateEndpointSubnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointName'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointName'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneId')]"
}
}
]
}
}
],
"outputs": {}
}

33
infra/Function/params.function001.json
Просмотреть файл

@ -1,33 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"functionName": {
"value": "dh-function001"
},
"serverFarmSkuName": {
"value": "EP1"
},
"serverFarmSkuTier": {
"value": "ElasticPremium"
},
"storageAccountId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-mgmt/providers/Microsoft.Storage/storageAccounts/datahubstorage001"
},
"logAnalyticsWorkspaceId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-la/providers/Microsoft.OperationalInsights/workspaces/dh-la001"
},
"integrationSubnetId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-network/providers/Microsoft.Network/virtualNetworks/dh-vnet/subnets/dh-function001-subnet"
},
"privateEndpointSubnetId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-network/providers/Microsoft.Network/virtualNetworks/dh-vnet/subnets/dh-privatelink-subnet"
},
"privateDnsZoneId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net"
}
}
}

50
infra/IntegrationServiceEnvironment/deploy.integrationServiceEnvironment.json
Просмотреть файл

@ -1,50 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"integrationServiceEnvironmentName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Integration Service Environment."
}
},
"subnetIds": {
"type": "array",
"metadata": {
"description": "Specifies the resource ids of the subnets which will be used by the integration service environments."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"integrationServiceEnvironmentName": "[parameters('integrationServiceEnvironmentName')]",
"subnetIds": "[parameters('subnetIds')]"
},
"resources": [
{
"type": "Microsoft.Logic/integrationServiceEnvironments",
"apiVersion": "2019-05-01",
"name": "[variables('integrationServiceEnvironmentName')]",
"location": "[variables('location')]",
"sku": {
"name": "Developer",
"capacity": 0
},
"properties": {
"networkConfiguration": {
"subnets": "[variables('subnetIds')]",
"accessEndpoint": "Internal"
}
}
}
],
"outputs": {}
}

20
infra/IntegrationServiceEnvironment/params.integrationServiceEnvironment001.json
Просмотреть файл

@ -1,20 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"integrationServiceEnvironmentName": {
"value": "dh-integrationserviceenvironment001"
},
"subnetIds": {
"value": [
"",
"",
"",
""
]
}
}
}

18
infra/KeyVault/params.keyVault002.json
Просмотреть файл

@ -1,18 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"keyVaultName": {
"value": "dh-keyvault002"
},
"subnetId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-network/providers/Microsoft.Network/virtualNetworks/dh-vnet/subnets/dh-privatelink-subnet"
},
"privateDnsZoneId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"
}
}
}

18
infra/KeyVault/params.keyVault003.json
Просмотреть файл

@ -1,18 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"keyVaultName": {
"value": "dh-keyvault003"
},
"subnetId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-network/providers/Microsoft.Network/virtualNetworks/dh-vnet/subnets/dh-privatelink-subnet"
},
"privateDnsZoneId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"
}
}
}

98
infra/LogAnalytics/deploy.logAnalytics.json
Просмотреть файл

@ -1,98 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"defaultValue": "[resourceGroup().location]",
"type": "string",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"logAnalyticsWorkspaceName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the log analytics workspace."
}
},
"keyVaultId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the key vault to store the storage access key."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"logAnalyticsWorkspaceName": "[parameters('logAnalyticsWorkspaceName')]",
"keyVaultId": "[parameters('keyVaultId')]",
"keyVaultName": "[last(split(variables('keyVaultId'), '/'))]"
},
"resources": [
{
"type": "Microsoft.OperationalInsights/workspaces",
"apiVersion": "2020-08-01",
"name": "[variables('logAnalyticsWorkspaceName')]",
"location": "[variables('location')]",
"properties": {
"sku": {
"name": "PerGB2018"
},
"retentionInDays": 120,
"publicNetworkAccessForIngestion": "Disabled",
"publicNetworkAccessForQuery": "Disabled"
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"name": "SecretDeployment",
"dependsOn": [
"[resourceId('Microsoft.OperationalInsights/workspaces', variables('logAnalyticsWorkspaceName'))]"
],
"properties": {
"expressionEvaluationOptions": {
"scope": "outer"
},
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.KeyVault/vaults/secrets",
"apiVersion": "2019-09-01",
"name": "[concat(variables('keyVaultName'), '/logAnalyticsWorkspaceId')]",
"properties": {
"contentType": "text/plain",
"value": "[reference(resourceId('Microsoft.OperationalInsights/workspaces', variables('logAnalyticsWorkspaceName')), '2020-08-01').customerId]",
"attributes": {
"enabled": true
}
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"apiVersion": "2019-09-01",
"name": "[concat(variables('keyVaultName'), '/logAnalyticsWorkspaceKey')]",
"properties": {
"contentType": "text/plain",
"value": "[listkeys(resourceId('Microsoft.OperationalInsights/workspaces', variables('logAnalyticsWorkspaceName')), '2020-08-01').primarySharedKey]",
"attributes": {
"enabled": true
}
}
}
],
"outputs": {}
}
},
"subscriptionId": "[split(variables('keyVaultId'), '/')[2]]",
"resourceGroup": "[split(variables('keyVaultId'), '/')[4]]"
}
],
"outputs": {}
}

15
infra/LogAnalytics/params.logAnalytics001.json
Просмотреть файл

@ -1,15 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"logAnalyticsWorkspaceName": {
"value": "dh-la001"
},
"keyVaultId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-logging/providers/Microsoft.KeyVault/vaults/dh-keyvault002"
}
}
}

60
infra/LogicApp/deploy.logicApp.json
Просмотреть файл

@ -1,60 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"logicAppName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the logic app."
}
},
"integrationServiceEnvironmentId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the integration service environment."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"logicAppName": "[parameters('logicAppName')]",
"integrationServiceEnvironmentId": "[parameters('integrationServiceEnvironmentId')]"
},
"resources": [
{
"type": "Microsoft.Logic/workflows",
"apiVersion": "2017-07-01",
"name": "[variables('logicAppName')]",
"location": "[variables('location')]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
// "integrationAccount": {
// "id": ""
// },
// "integrationServiceEnvironment": {
// "id": "[variables('integrationServiceEnvironmentId')]"
// },
"definition": {
"$schema": "https://schema.management.azure.com/schemas/2016-06-01/Microsoft.Logic.json",
"contentVersion": "1.0.0.0",
"parameters": {},
"triggers": {},
"actions": {},
"outputs": {}
},
"parameters": {}
}
}
],
"outputs": {}
}

15
infra/LogicApp/params.logicApp001.json
Просмотреть файл

@ -1,15 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"logicAppName": {
"value": "dh-logicapp001"
},
"integrationServiceEnvironmentId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-automation/providers/Microsoft.Logic/integrationServiceEnvironments/dh-keyvault002"
}
}
}

130
infra/PowerBi/deploy.powerBi.json
Просмотреть файл

@ -1,130 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"powerBiName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the key vault."
}
},
"tenantId": {
"type": "string",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneIdAnalysis": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zonee for Power BI analysis endpoint."
}
},
"privateDnsZoneIdPbiDedicated": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zonee for Power BI Dedicated endpoint."
}
},
"privateDnsZoneIdPowerQuery": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zonee for Power BI power query."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"powerBiName": "[parameters('powerBiName')]",
"tenantId": "[parameters('tenantId')]",
"subnetId": "[parameters('subnetId')]",
"privateDnsZoneIdAnalysis": "[parameters('privateDnsZoneIdAnalysis')]",
"privateDnsZoneIdPbiDedicated": "[parameters('privateDnsZoneIdPbiDedicated')]",
"privateDnsZoneIdPowerQuery": "[parameters('privateDnsZoneIdPowerQuery')]",
"privateEndpointName": "[concat(variables('powerBiName'), '-private-endpoint')]"
},
"resources": [
{
"type": "Microsoft.PowerBI/privateLinkServicesForPowerBI",
"apiVersion": "2020-06-01",
"name": "[variables('powerBiName')]",
"location": "global",
"properties": {
"tenantId": "[variables('tenantId')]"
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointName')]",
"dependsOn": [
"[resourceId('Microsoft.PowerBI/privateLinkServicesForPowerBI', variables('powerBiName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.PowerBI/privateLinkServicesForPowerBI', variables('powerBiName'))]",
"groupIds": [
"Tenant"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointName'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointName'), '-aRecord-analysis')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneIdAnalysis')]"
}
},
{
"name": "[concat(variables('privateEndpointName'), '-aRecord-pbidedicated')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneIdPbiDedicated')]"
}
},
{
"name": "[concat(variables('privateEndpointName'), '-aRecord-powerquery')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneIdPowerQuery')]"
}
}
]
}
}
],
"outputs": {}
}

27
infra/PowerBi/params.powerBi001.json
Просмотреть файл

@ -1,27 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"powerBiName": {
"value": "dh-powerbi001"
},
"tenantId": {
"value": "52d40f65-ad6d-48c3-906f-1ccf598612d4"
},
"subnetId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-network/providers/Microsoft.Network/virtualNetworks/dh-vnet/subnets/dh-privatelink-subnet"
},
"privateDnsZoneIdAnalysis": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.analysis.windows.net"
},
"privateDnsZoneIdPbiDedicated": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.pbidedicated.windows.net"
},
"privateDnsZoneIdPowerQuery": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.tip1.powerquery.microsoft.com"
}
}
}

340
infra/PowerBiGateway/deploy.powerBiGateway.json
Просмотреть файл

@ -1,340 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"vmssName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the virtual machine scale set."
}
},
"vmssSkuTier": {
"type": "string",
"allowedValues": [
"Standard",
"Basic"
],
"defaultValue": "Standard",
"metadata": {
"description": "Specifies the SKU tier of the virtual machine scale set."
}
},
"vmssSkuName": {
"type": "string",
"metadata": {
"description": "Specifies the SKU name of the virtual machine scale set."
}
},
"vmssAdminUsername": {
"type": "string",
"metadata": {
"description": "Specifies the admin username of the virtual machine scale set."
}
},
"vmssAdminPassword": {
"type": "securestring",
"metadata": {
"description": "Specifies the admin password of the virtual machine scale set."
}
},
"storageAccountContainerId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of an existing storage account."
}
},
"storageAccountKey": {
"type": "securestring",
"metadata": {
"description": "Specifies the ID of the existing storage account where the powershell script is stored."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the resource Id of the subnet to which the virtual machine should connect."
}
},
"powerBiTenantId": {
"type": "securestring",
"metadata": {
"description": "Specifies the tenant id of the Power BI Gateway."
}
},
"powerBiGatewayClientId": {
"type": "string",
"metadata": {
"description": "Specifies the client Id of the service principal which will be used for installing the Power BI Gateway."
}
},
"powerBiGatewayClientSecret": {
"type": "securestring",
"metadata": {
"description": "Specifies the client secret of the service principal which will be used for installing the Power BI Gateway."
}
},
"powerBiGatewayRecoveryKey": {
"type": "securestring",
"metadata": {
"description": "Specifies the recovery Key of the Power BI Gateway."
}
},
"powerBiGatewayAdminGroupObjectId": {
"type": "securestring",
"metadata": {
"description": "Specifies the admin object id that should have admin rights to the Power BI Gateway."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"vmssName": "[parameters('vmssName')]",
"vmssSkuTier": "[parameters('vmssSkuTier')]",
"vmssSkuName": "[parameters('vmssSkuName')]",
"vmssAdminUsername": "[parameters('vmssAdminUsername')]",
"vmssAdminPassword": "[parameters('vmssAdminPassword')]",
"storageAccountContainerId": "[parameters('storageAccountContainerId')]",
"storageAccountName": "[split(variables('storageAccountContainerId'), '/')[8]]",
"storageAccountContainerName": "[last(split(variables('storageAccountContainerId'), '/'))]",
"storageAccountKey": "[parameters('storageAccountKey')]",
"subnetId": "[parameters('subnetId')]",
"powerBiGatewayClientId": "[parameters('powerBiGatewayClientId')]",
"powerBiGatewayClientSecret": "[parameters('powerBiGatewayClientSecret')]",
"powerBiGatewayRecoveryKey": "[parameters('powerBiGatewayRecoveryKey')]",
"powerBiTenantId": "[parameters('powerBiTenantId')]",
"powerBiGatewayAdminGroupObjectId": "[parameters('powerBiGatewayAdminGroupObjectId')]"
},
"resources": [
{
"type": "Microsoft.Network/publicIPAddresses",
"apiVersion": "2020-05-01",
"name": "[concat(variables('vmssName'), '-publicip')]",
"location": "[variables('location')]",
"sku": {
"name": "Standard"
},
"properties": {
"publicIPAllocationMethod": "Static",
"publicIPAddressVersion": "IPv4",
"dnsSettings": {
"domainNameLabel": "[toLower(variables('vmssName'))]"
},
// "ddosSettings": {
// "protectionCoverage": "Standard",
// "protectedIP": true
// },
"ipTags": []
}
},
{
"type": "Microsoft.Network/loadBalancers",
"apiVersion": "2020-05-01",
"name": "[concat(variables('vmssName'), '-lb')]",
"location": "[variables('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses', concat(variables('vmssName'), '-publicip'))]"
],
"sku": {
"name": "Standard"
},
"properties": {
"frontendIPConfigurations": [
{
"name": "loadBalancerFrontEnd",
"properties": {
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses', concat(variables('vmssName'), '-publicip'))]"
}
// "subnet": {
// "id": "[variables('subnetId')]"
// }
}
}
],
"backendAddressPools": [
{
"name": "[concat(variables('vmssName'), '-backendPool')]"
}
],
"inboundNatPools": [
{
"name": "[concat(variables('vmssName'), '-natPool')]",
"properties": {
"frontendIPConfiguration": {
"id": "[resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', concat(variables('vmssName'), '-lb'), 'loadBalancerFrontEnd')]"
},
"protocol": "Tcp",
"frontendPortRangeStart": 50000,
"frontendPortRangeEnd": 50099,
"backendPort": 3389,
"idleTimeoutInMinutes": 4
}
}
],
"loadBalancingRules": [
{
"name": "ProbeRule",
"properties": {
"loadDistribution": "Default",
"frontendIPConfiguration": {
"id": "[resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', concat(variables('vmssName'), '-lb'), 'loadBalancerFrontEnd')]"
},
"backendAddressPool": {
"id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', concat(variables('vmssName'), '-lb'), concat(variables('vmssName'), '-backendPool'))]"
},
"protocol": "Tcp",
"frontendPort": 80,
"backendPort": 80,
"enableFloatingIP": false,
"idleTimeoutInMinutes": 5,
"probe": {
"id": "[resourceId('Microsoft.Network/loadBalancers/probes/', concat(variables('vmssName'), '-lb'), concat(variables('vmssName'), '-probe'))]"
}
}
}
],
"probes": [
{
"name": "[concat(variables('vmssName'), '-probe')]",
"properties": {
"protocol": "Http",
"port": 80,
"requestPath": "/",
"intervalInSeconds": 5,
"numberOfProbes": 2
}
}
]
}
},
{
"type": "Microsoft.Compute/virtualMachineScaleSets",
"apiVersion": "2019-07-01",
"name": "[variables('vmssName')]",
"location": "[variables('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/loadBalancers', concat(variables('vmssName'), '-lb'))]"
],
"identity": {
"type": "SystemAssigned"
},
"sku": {
"name": "[variables('vmssSkuName')]",
"tier": "[variables('vmssSkuTier')]",
"capacity": 1
},
"zones": [
"1",
"2"
],
"properties": {
"additionalCapabilities": {},
"automaticRepairsPolicy": {},
"doNotRunExtensionsOnOverprovisionedVMs": true,
"overprovision": true,
"platformFaultDomainCount": 1,
"zoneBalance": true,
"scaleInPolicy": {
"rules": [
"Default"
]
},
"singlePlacementGroup": false,
"upgradePolicy": {
"mode": "Automatic"
// "automaticOSUpgradePolicy": {
// "disableAutomaticRollback": false,
// "enableAutomaticOSUpgrade": true
// }
},
"virtualMachineProfile": {
"priority": "Regular",
"osProfile": {
"adminUsername": "[variables('vmssAdminUsername')]",
"adminPassword": "[variables('vmssAdminPassword')]",
"computerNamePrefix": "[take(variables('vmssName'), 9)]"
},
"networkProfile": {
"networkInterfaceConfigurations": [
{
"name": "[concat(variables('vmssName'), '-nic')]",
"properties": {
"primary": true,
"enableAcceleratedNetworking": false,
"dnsSettings": {},
"enableIPForwarding": false,
"ipConfigurations": [
{
"name": "[concat(variables('vmssName'), '-ipConfig')]",
"properties": {
"primary": true,
"privateIPAddressVersion": "IPv4",
"subnet": {
"id": "[variables('subnetId')]"
},
"loadBalancerBackendAddressPools": [
{
"id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', concat(variables('vmssName'), '-lb'), concat(variables('vmssName'), '-backendPool'))]"
}
],
"loadBalancerInboundNatPools": [
{
"id": "[resourceId('Microsoft.Network/loadBalancers/inboundNatPools', concat(variables('vmssName'), '-lb'), concat(variables('vmssName'), '-natPool'))]"
}
]
}
}
]
}
}
]
},
"storageProfile": {
"osDisk": {
"createOption": "FromImage",
"caching": "ReadWrite"
},
"imageReference": {
"publisher": "MicrosoftWindowsServer",
"offer": "WindowsServer",
"sku": "2019-Datacenter",
"version": "latest"
}
},
"extensionProfile": {
"extensions": [
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"name": "[concat(parameters('vmssName'),'-installGateway')]",
"properties": {
"publisher": "Microsoft.Compute",
"type": "CustomScriptExtension",
"typeHandlerVersion": "1.10",
"autoUpgradeMinorVersion": true,
"settings": {
"fileUris": [
"[concat('https://', variables('storageAccountName'), '.blob.core.windows.net/', variables('storageAccountContainerName'), '/installPowerBiGateway.ps1')]"
]
},
"protectedSettings": {
"storageAccountName": "[variables('storageAccountName')]",
"storageAccountKey": "[variables('storageAccountKey')]",
"commandToExecute": "[concat('powershell.exe -ExecutionPolicy Unrestricted -File installPowerBiGateway.ps1 -GatewayName \"', variables('vmssName'), '\" -ApplicationId \"', variables('powerBiGatewayClientId'), '\" -ClientSecret \"', variables('powerBiGatewayClientSecret'), '\" -RecoveryKey \"', variables('powerBiGatewayRecoveryKey'), '\" -RegionKey \"', variables('location'), '\" -TenantId \"', variables('powerBiTenantId'), '\" -AdditionalGatewayAdminGroupId \"', variables('powerBiGatewayAdminGroupObjectId'),'\"')]"
}
}
}
]
}
}
}
}
]
}

89
infra/PowerBiGateway/installPowerBiGateway.ps1
Просмотреть файл

@ -1,89 +0,0 @@
# This sample helps automate the installation and configuration of the On-premises data gateway using available PowerShell cmdlets.
# This script helps with silent install of new gateway cluster with one gateway member only. The script also allows addition gateway
# admins. For information on each PowerShell script visit the help page for individual PowerSHell cmdlets. Before begining to install
# and register a gateway, for connecting to the gateway service, you would need to use the # Connect-DataGatewayServiceAccount. More
# information documented in the help page of that cmdlet.
Param(
# Name of the Power BI Gateway
[Parameter(Mandatory = $true)]
[String]
$GatewayName,
# Application Id for login
[Parameter()]
[String]
$TenantId,
# Application Id for login
[Parameter()]
[String]
$ApplicationId,
# Application Id for login
[Parameter()]
[String]
$ClientSecret,
# Recovery Key of the Power BI Gateway
[Parameter(Mandatory = $true)]
[String]
$RecoveryKey,
# Region of the Power BI Gateway
[Parameter(Mandatory = $true)]
[String]
$RegionKey,
[Parameter()]
[Guid]
$AdditionalGatewayAdminGroupId
)
$ErrorActionPreference = "stop"
# Print pwsh version
$psVersion = (Get-Host).Version
Write-Host $psVersion
# Convert input parameters
$clientSecretSecureString = $ClientSecret | ConvertTo-SecureString -AsPlainText -Force
$recoveryKeySecureString = $RecoveryKey | ConvertTo-SecureString -AsPlainText -Force
# Install DataGateway module
Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted
Install-Module -Name DataGateway
# Connect to the Data Gateway service
$connectDataGatewayServiceAccountArguments = @{
ApplicationId = $ApplicationId;
ClientSecret = $clientSecretSecureString;
Environment = "Public";
Tenant = $TenantId;
}
Connect-DataGatewayServiceAccount @connectDataGatewayServiceAccountArguments
# Thrown an error if not logged in
Get-DataGatewayAccessToken | Out-Null
# Run the gateway installer on the local computer
Install-DataGateway -AcceptConditions
# Create a gateway cluster and save the cluster ID
$addDataGatewayClusterArguments = @{
RecoveryKey = $recoveryKeySecureString;
GatewayName = $GatewayName;
RegionKey = "northeurope";
OverwriteExistingGateway = $true;
}
$newGatewayClusterId = (Add-DataGatewayCluster @addDataGatewayClusterArguments).GatewayObjectId
# Optionally add admin to new gateway
if ($null -ne $AdminPrincipalObjectIdForNewGateway) {
$addDataGatewayClusterUserArguments = @{
GatewayClusterId = $newGatewayClusterId;
PrincipalObjectId = $AdditionalGatewayAdminGroupId;
Role = "Admin";
AllowedDataSourceTypes = $null;
}
Add-DataGatewayClusterUser @addDataGatewayClusterUserArguments
}

53
infra/PowerBiGateway/params.powerBiGateway.json
Просмотреть файл

@ -1,53 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"vmssName": {
"value": "dhPBIGatewaytest"
},
"vmssSkuTier": {
"value": "Standard"
},
"vmssSkuName": {
"value": "Standard_A1_v2"
},
"vmssAdminUsername": {
"value": "vmssMainUser"
},
"vmssAdminPassword": {
"value": "<your-secure-password>!"
},
"storageAccountContainerId": {
"value": "/subscriptions/feab2d15-66b4-438b-accf-51f889b30ec3/resourceGroups/dh-mgmt/providers/Microsoft.Storage/storageAccounts/datahubstorage001/blobServices/default/containers/scripts"
},
"storageAccountKey": {
"reference": {
"keyVault": {
"id": "/subscriptions/feab2d15-66b4-438b-accf-51f889b30ec3/resourceGroups/dh-mgmt/providers/Microsoft.KeyVault/vaults/dh-keyvault001"
},
"secretName": "storageAccountKey"
}
},
"subnetId": {
"value": "/subscriptions/feab2d15-66b4-438b-accf-51f889b30ec3/resourceGroups/dh-network/providers/Microsoft.Network/virtualNetworks/dh-vnet/subnets/dh-subnet"
},
"powerBiTenantId": {
"value": "<your-power-bi-tenant-id>"
},
"powerBiGatewayClientId": {
"value": "<your-power-bi-client-id>"
},
"powerBiGatewayClientSecret": {
"value": "<your-power-bi-client-secret>"
},
"powerBiGatewayRecoveryKey": {
"value": "<your-power-bi-recovery-key>"
},
"powerBiGatewayAdminGroupObjectId": {
"value": "<your-power-bi-admin-group-object-id>"
}
}
}

290
infra/SelfHostedIntegrationRuntime/deploy.shir.json
Просмотреть файл

@ -1,290 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"vmssName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the virtual machine scale set."
}
},
"vmssSkuTier": {
"type": "string",
"allowedValues": [
"Standard",
"Basic"
],
"metadata": {
"description": "Specifies the SKU tier of the virtual machine scale set."
}
},
"vmssSkuName": {
"type": "string",
"metadata": {
"description": "Specifies the SKU name of the virtual machine scale set."
}
},
"vmssAdminUsername": {
"type": "string",
"metadata": {
"description": "Specifies the admin username of the virtual machine scale set."
}
},
"vmssAdminPassword": {
"type": "securestring",
"metadata": {
"description": "Specifies the admin password of the virtual machine scale set."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the existing subnet to which the scale set should be attached."
}
},
"dataFactoryId": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the existing data factory for which an integration runtime should be created."
}
},
"storageAccountId": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the existing storage account where the powershell script is stored."
}
},
"storageAccountContainerName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the storage account container name where the powershell script is stored."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"vmssName": "[parameters('vmssName')]",
"vmssSkuTier": "[parameters('vmssSkuTier')]",
"vmssSkuName": "[parameters('vmssSkuName')]",
"vmssAdminUsername": "[parameters('vmssAdminUsername')]",
"vmssAdminPassword": "[parameters('vmssAdminPassword')]",
"dataFactoryId": "[parameters('dataFactoryId')]",
"dataFactoryName": "[last(split(variables('dataFactoryId'), '/'))]",
"dataFactorySelfHostedIntegrationRuntimeName": "[concat('datahubSelfHostedIntegrationRuntime', variables('vmssName'))]",
"storageAccountId": "[parameters('storageAccountId')]",
"storageAccountName": "[last(split(variables('storageAccountId'), '/'))]",
"storageAccountContainerName": "[parameters('storageAccountContainerName')]",
"subnetId": "[parameters('subnetId')]"
},
"resources": [
{
"type": "Microsoft.Network/loadBalancers",
"apiVersion": "2020-05-01",
"name": "[concat(variables('vmssName'), '-lb')]",
"location": "[variables('location')]",
"sku": {
"name": "Basic"
},
"properties": {
"frontendIPConfigurations": [
{
"name": "loadBalancerFrontEnd",
"properties": {
"subnet": {
"id": "[variables('subnetId')]"
}
}
}
],
"backendAddressPools": [
{
"name": "[concat(variables('vmssName'), '-backendPool')]"
}
],
"inboundNatPools": [
{
"name": "[concat(variables('vmssName'), '-natPool')]",
"properties": {
"frontendIPConfiguration": {
"id": "[resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', concat(variables('vmssName'), '-lb'), 'loadBalancerFrontEnd')]"
},
"protocol": "Tcp",
"frontendPortRangeStart": 50000,
"frontendPortRangeEnd": 50099,
"backendPort": 3389,
"idleTimeoutInMinutes": 4
}
}
],
"loadBalancingRules": [
{
"name": "ProbeRule",
"properties": {
"loadDistribution": "Default",
"frontendIPConfiguration": {
"id": "[resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', concat(variables('vmssName'), '-lb'), 'loadBalancerFrontEnd')]"
},
"backendAddressPool": {
"id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', concat(variables('vmssName'), '-lb'), concat(variables('vmssName'), '-backendPool'))]"
},
"protocol": "Tcp",
"frontendPort": 80,
"backendPort": 80,
"enableFloatingIP": false,
"idleTimeoutInMinutes": 5,
"probe": {
"id": "[resourceId('Microsoft.Network/loadBalancers/probes/', concat(variables('vmssName'), '-lb'), concat(variables('vmssName'), '-probe'))]"
}
}
}
],
"probes": [
{
"name": "[concat(variables('vmssName'), '-probe')]",
"properties": {
"protocol": "Http",
"port": 80,
"requestPath": "/",
"intervalInSeconds": 5,
"numberOfProbes": 2
}
}
]
}
},
{
"type": "Microsoft.Compute/virtualMachineScaleSets",
"apiVersion": "2019-07-01",
"name": "[variables('vmssName')]",
"location": "[variables('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/loadBalancers', concat(variables('vmssName'), '-lb'))]",
"[resourceId('Microsoft.DataFactory/factories/integrationRuntimes', variables('dataFactoryName'), variables('dataFactorySelfHostedIntegrationRuntimeName'))]"
],
"identity": {
"type": "SystemAssigned"
},
"sku": {
"name": "[variables('vmssSkuName')]",
"tier": "[variables('vmssSkuTier')]",
"capacity": 1
},
"properties": {
"additionalCapabilities": {},
"automaticRepairsPolicy": {},
"doNotRunExtensionsOnOverprovisionedVMs": true,
"overprovision": true,
"platformFaultDomainCount": 1,
"scaleInPolicy": {
"rules": [
"Default"
]
},
"singlePlacementGroup": true,
"upgradePolicy": {
"mode": "Automatic"
// "automaticOSUpgradePolicy": {
// "disableAutomaticRollback": false,
// "enableAutomaticOSUpgrade": true
// }
},
"virtualMachineProfile": {
"priority": "Regular",
"osProfile": {
"adminUsername": "[variables('vmssAdminUsername')]",
"adminPassword": "[variables('vmssAdminPassword')]",
"computerNamePrefix": "[take(variables('vmssName'), 9)]"
},
"networkProfile": {
"networkInterfaceConfigurations": [
{
"name": "[concat(variables('vmssName'), '-nic')]",
"properties": {
"primary": true,
"enableAcceleratedNetworking": false,
"dnsSettings": {},
"enableIPForwarding": false,
"ipConfigurations": [
{
"name": "[concat(variables('vmssName'), '-ipConfig')]",
"properties": {
"privateIPAddressVersion": "IPv4",
"subnet": {
"id": "[variables('subnetId')]"
},
"loadBalancerBackendAddressPools": [
{
"id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', concat(variables('vmssName'), '-lb'), concat(variables('vmssName'), '-backendPool'))]"
}
],
"loadBalancerInboundNatPools": [
{
"id": "[resourceId('Microsoft.Network/loadBalancers/inboundNatPools', concat(variables('vmssName'), '-lb'), concat(variables('vmssName'), '-natPool'))]"
}
]
}
}
]
}
}
]
},
"storageProfile": {
"osDisk": {
"caching": "ReadWrite",
"createOption": "FromImage"
},
"imageReference": {
"publisher": "MicrosoftWindowsServer",
"offer": "WindowsServer",
"sku": "2019-Datacenter",
"version": "latest"
}
},
"extensionProfile": {
"extensions": [
{
"name": "[concat(variables('vmssName'), '-installGateway')]",
"properties": {
"publisher": "Microsoft.Compute",
"type": "CustomScriptExtension",
"typeHandlerVersion": "1.10",
"autoUpgradeMinorVersion": true,
"settings": {
"fileUris": [
"[concat('https://', variables('storageAccountName'), '.blob.core.windows.net/', variables('storageAccountContainerName'), '/installSHIRGateway.ps1')]"
]
},
"protectedSettings": {
"commandToExecute": "[concat('powershell.exe -ExecutionPolicy Unrestricted -File installSHIRGateway.ps1 ', listAuthKeys(resourceId('Microsoft.DataFactory/factories/integrationRuntimes', variables('dataFactoryName'), variables('dataFactorySelfHostedIntegrationRuntimeName')), '2018-06-01').authKey1)]",
"storageAccountName": "[variables('storageAccountName')]",
"storageAccountKey": "[listkeys(variables('storageAccountId'), '2020-08-01-preview').keys[0].value]"
}
}
}
]
}
}
}
},
{
"type": "Microsoft.DataFactory/factories/integrationRuntimes",
"apiVersion": "2018-06-01",
"name": "[concat(variables('dataFactoryName'), '/', variables('dataFactorySelfHostedIntegrationRuntimeName'))]",
"properties": {
"additionalProperties": {},
"type": "SelfHosted",
"description": "Data Hub - Self Hosted Integration Runtime"
}
}
],
"outputs": {}
}

180
infra/SelfHostedIntegrationRuntime/installSHIRGateway.ps1
Просмотреть файл

@ -1,180 +0,0 @@
param(
[string]
$gatewayKey
)
# init log setting
$logLoc = "$env:SystemDrive\WindowsAzure\Logs\Plugins\Microsoft.Compute.CustomScriptExtension\"
if (! (Test-Path($logLoc)))
{
New-Item -path $logLoc -type directory -Force
}
$logPath = "$logLoc\tracelog.log"
"Start to excute gatewayInstall.ps1. `n" | Out-File $logPath
function Now-Value()
{
return (Get-Date -Format "yyyy-MM-dd HH:mm:ss")
}
function Throw-Error([string] $msg)
{
try
{
throw $msg
}
catch
{
$stack = $_.ScriptStackTrace
Trace-Log "DMDTTP is failed: $msg`nStack:`n$stack"
}
throw $msg
}
function Trace-Log([string] $msg)
{
$now = Now-Value
try
{
"${now} $msg`n" | Out-File $logPath -Append
}
catch
{
#ignore any exception during trace
}
}
function Run-Process([string] $process, [string] $arguments)
{
Write-Verbose "Run-Process: $process $arguments"
$errorFile = "$env:tmp\tmp$pid.err"
$outFile = "$env:tmp\tmp$pid.out"
"" | Out-File $outFile
"" | Out-File $errorFile
$errVariable = ""
if ([string]::IsNullOrEmpty($arguments))
{
$proc = Start-Process -FilePath $process -Wait -Passthru -NoNewWindow `
-RedirectStandardError $errorFile -RedirectStandardOutput $outFile -ErrorVariable errVariable
}
else
{
$proc = Start-Process -FilePath $process -ArgumentList $arguments -Wait -Passthru -NoNewWindow `
-RedirectStandardError $errorFile -RedirectStandardOutput $outFile -ErrorVariable errVariable
}
$errContent = [string] (Get-Content -Path $errorFile -Delimiter "!!!DoesNotExist!!!")
$outContent = [string] (Get-Content -Path $outFile -Delimiter "!!!DoesNotExist!!!")
Remove-Item $errorFile
Remove-Item $outFile
if($proc.ExitCode -ne 0 -or $errVariable -ne "")
{
Throw-Error "Failed to run process: exitCode=$($proc.ExitCode), errVariable=$errVariable, errContent=$errContent, outContent=$outContent."
}
Trace-Log "Run-Process: ExitCode=$($proc.ExitCode), output=$outContent"
if ([string]::IsNullOrEmpty($outContent))
{
return $outContent
}
return $outContent.Trim()
}
function Download-Gateway([string] $url, [string] $gwPath)
{
try
{
$ErrorActionPreference = "Stop";
$client = New-Object System.Net.WebClient
$client.DownloadFile($url, $gwPath)
Trace-Log "Download gateway successfully. Gateway loc: $gwPath"
}
catch
{
Trace-Log "Fail to download gateway msi"
Trace-Log $_.Exception.ToString()
throw
}
}
function Install-Gateway([string] $gwPath)
{
if ([string]::IsNullOrEmpty($gwPath))
{
Throw-Error "Gateway path is not specified"
}
if (!(Test-Path -Path $gwPath))
{
Throw-Error "Invalid gateway path: $gwPath"
}
Trace-Log "Start Gateway installation"
Run-Process "msiexec.exe" "/i gateway.msi INSTALLTYPE=AzureTemplate /quiet /norestart"
Start-Sleep -Seconds 30
Trace-Log "Installation of gateway is successful"
}
function Get-RegistryProperty([string] $keyPath, [string] $property)
{
Trace-Log "Get-RegistryProperty: Get $property from $keyPath"
if (! (Test-Path $keyPath))
{
Trace-Log "Get-RegistryProperty: $keyPath does not exist"
}
$keyReg = Get-Item $keyPath
if (! ($keyReg.Property -contains $property))
{
Trace-Log "Get-RegistryProperty: $property does not exist"
return ""
}
return $keyReg.GetValue($property)
}
function Get-InstalledFilePath()
{
$filePath = Get-RegistryProperty "hklm:\Software\Microsoft\DataTransfer\DataManagementGateway\ConfigurationManager" "DiacmdPath"
if ([string]::IsNullOrEmpty($filePath))
{
Throw-Error "Get-InstalledFilePath: Cannot find installed File Path"
}
Trace-Log "Gateway installation file: $filePath"
return $filePath
}
function Register-Gateway([string] $instanceKey)
{
Trace-Log "Register Agent"
$filePath = Get-InstalledFilePath
Run-Process $filePath "-era 8060"
Run-Process $filePath "-k $instanceKey"
Trace-Log "Agent registration is successful!"
}
Trace-Log "Log file: $logLoc"
$uri = "https://go.microsoft.com/fwlink/?linkid=839822"
Trace-Log "Gateway download fw link: $uri"
$gwPath= "$PWD\gateway.msi"
Trace-Log "Gateway download location: $gwPath"
Download-Gateway $uri $gwPath
Install-Gateway $gwPath
Register-Gateway $gatewayKey

36
infra/SelfHostedIntegrationRuntime/params.shir001.json
Просмотреть файл

@ -1,36 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"vmssName": {
"value": "dhSHIR001"
},
"vmssSkuTier": {
"value": "Standard"
},
"vmssSkuName": {
"value": "Standard_A1_v2"
},
"vmssAdminUsername": {
"value": "VmssMainUser"
},
"vmssAdminPassword": {
"value": "<your-secure-password>"
},
"dataFactoryId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-mgmt/providers/Microsoft.DataFactory/factories/dh-datafactory001"
},
"storageAccountId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-integration/providers/Microsoft.Storage/storageAccounts/datahubstorage001"
},
"storageAccountContainerName": {
"value": "scripts"
},
"subnetId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-network/providers/Microsoft.Network/virtualNetworks/dh-vnet/subnets/dh-subnet"
}
}
}

84
infra/ShareSelfHostedIntegrationRuntime/deploy.shareSelfHostedIntegrationRuntime.json
Просмотреть файл

@ -1,84 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"dataFactoryId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the data factory with which the SHIR should be shared."
}
},
"datahubDataFactoryId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the datahub data factory which shares the SHIR."
}
},
"datahubDataFactoryShirId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the datahub self hosted integration runtime which should be shared."
}
}
},
"functions": [],
"variables": {
"dataFactoryId": "[parameters('dataFactoryId')]",
"dataFactoryName": "[last(split(variables('dataFactoryId'), '/'))]",
"datahubDataFactoryId": "[parameters('datahubDataFactoryId')]",
"datahubDataFactoryName": "[last(split(variables('datahubDataFactoryId'), '/'))]",
"datahubDataFactoryShirId": "[parameters('datahubDataFactoryShirId')]"
},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"name": "AdfRoleAssignment",
"properties": {
"expressionEvaluationOptions": {
"scope": "outer"
},
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"name": "[concat(variables('datahubDataFactoryName'), '/Microsoft.Authorization/', guid(uniqueString(variables('dataFactoryName'))))]",
"type": "Microsoft.DataFactory/factories/providers/roleAssignments",
"apiVersion": "2018-09-01-preview",
"properties": {
"roleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
"principalId": "[reference(variables('dataFactoryId'), '2018-06-01', 'Full').identity.principalId]"
}
}
],
"outputs": {}
}
},
"subscriptionId": "[split(variables('datahubDataFactoryId'), '/')[2]]",
"resourceGroup": "[split(variables('datahubDataFactoryId'), '/')[4]]"
},
{
"type": "Microsoft.DataFactory/factories/integrationRuntimes",
"apiVersion": "2018-06-01",
"name": "[concat(variables('dataFactoryName'), '/datahubSharedSelfHostedIntegrationRuntime')]",
"dependsOn": [
"AdfRoleAssignment"
],
"properties": {
"type": "SelfHosted",
"description": "Data Hub - Self Hosted Integration Runtime",
"typeProperties": {
"linkedInfo": {
"resourceId": "[variables('datahubDataFactoryShirId')]",
"authorizationType": "RBAC"
}
}
}
}
],
"outputs": {}
}

15
infra/ShareSelfHostedIntegrationRuntime/params.shareSelfHostedIntegrationRuntime001.json
Просмотреть файл

@ -1,15 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"dataFactoryId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-processing-domain/providers/Microsoft.DataFactory/factories/dn001-datafactory001"
},
"datahubDataFactoryId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-integration/providers/Microsoft.DataFactory/factories/dh-datafactory001"
},
"datahubDataFactoryShirId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-integration/providers/Microsoft.DataFactory/factories/dh-datafactory001/integrationruntimes/datahubSelfHostedIntegrationRuntime"
}
}
}

15
infra/ShareSelfHostedIntegrationRuntime/params.shareSelfHostedIntegrationRuntime002.json
Просмотреть файл

@ -1,15 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"dataFactoryId": {
"value": "/subscriptions/558bf93d-0c7b-4436-82ab-a7ed6fda34aa/resourceGroups/dn002-processing-domain/providers/Microsoft.DataFactory/factories/dn002-datafactory001"
},
"datahubDataFactoryId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-integration/providers/Microsoft.DataFactory/factories/dh-datafactory001"
},
"datahubDataFactoryShirId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-integration/providers/Microsoft.DataFactory/factories/dh-datafactory001/integrationruntimes/datahubSelfHostedIntegrationRuntime"
}
}
}

2
infra/SynapsePrivateLinkHub/params.synapsePrivateLinkHub.json → infra/SynapsePrivateLinkHub/params.synapsePrivateLinkHub001.json
Просмотреть файл

@ -6,7 +6,7 @@
"value": "northeurope"
},
"synapsePrivateLinkHubName": {
"value": "dhsynapseprivatelinkhub"
"value": "dhsynapseprivatelinkhub001"
},
"subnetId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-network/providers/Microsoft.Network/virtualNetworks/dh-vnet/subnets/dh-privatelink-subnet"

32
infra/VirtualNetwork/deploy.vnet.json
Просмотреть файл

@ -15,6 +15,19 @@
"description": "Specifies the name of the vnet that gets created."
}
},
"dataHubName": {
"type": "string",
"defaultValue": "dh",
"metadata": {
"description": "Specifies the name of the data hub."
}
},
"dnsServerAdresses": {
"type": "array",
"metadata": {
"description": "Specifies the addresses of DNS forwarders in the hub."
}
},
"firewallPrivateIp": {
"type": "string",
"metadata": {
@ -26,13 +39,15 @@
"variables": {
"location": "[parameters('location')]",
"vnetName": "[parameters('vnetName')]",
"dataHubName": "[parameters('dataHubName')]",
"dnsServerAdresses": "[parameters('dnsServerAdresses')]",
"firewallPrivateIp": "[parameters('firewallPrivateIp')]"
},
"resources": [
{
"type": "Microsoft.Network/routeTables",
"apiVersion": "2020-05-01",
"name": "dh-routetable",
"name": "[concat(variables('dataHubName'), '-routetable')]",
"location": "[variables('location')]",
"properties": {
"routes": [
@ -51,7 +66,7 @@
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2019-11-01",
"name": "dh-nsg",
"name": "[concat(variables('dataHubName'), '-nsg')]",
"location": "[variables('location')]",
"properties": {
"securityRules": [
@ -119,6 +134,9 @@
"10.0.0.0/16"
]
},
"dhcpOptions": {
"dnsServers": "[if(empty(variables('dnsServerAdresses')), '[]', variables('dnsServerAdresses'))]"
},
"subnets": [
{
"name": "AzureFirewallSubnet",
@ -130,7 +148,7 @@
}
},
{
"name": "dh-subnet",
"name": "[concat(variables('dataHubName'), '-subnet')]",
"properties": {
"addressPrefix": "10.0.1.0/24",
"privateEndpointNetworkPolicies": "Enabled",
@ -144,7 +162,7 @@
}
},
{
"name": "dh-privatelink-subnet",
"name": "[concat(variables('dataHubName'), '-privatelink-subnet')]",
"properties": {
"addressPrefix": "10.0.2.0/24",
"privateEndpointNetworkPolicies": "Disabled",
@ -158,7 +176,7 @@
}
},
{
"name": "dh-function001-subnet",
"name": "[concat(variables('dataHubName'), '-function001-subnet')]",
"properties": {
"addressPrefix": "10.0.3.0/24",
"privateEndpointNetworkPolicies": "Enabled",
@ -194,11 +212,11 @@
},
"subnetId": {
"type": "string",
"value": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('vnetName'), 'dh-subnet')]"
"value": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('vnetName'), concat(variables('dataHubName'), '-subnet'))]"
},
"privateLinkSubnetId": {
"type": "string",
"value": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('vnetName'), 'dh-privatelink-subnet')]"
"value": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('vnetName'), concat(variables('dataHubName'), '-privatelink-subnet'))]"
}
}
}

8
infra/VirtualNetwork/params.vnet.json → infra/VirtualNetwork/params.vnet001.json
Просмотреть файл

@ -8,6 +8,14 @@
"vnetName": {
"value": "dh-vnet"
},
"dataHubName": {
"value": "dh"
},
"dnsServerAdresses": {
"value": [
"10.0.0.4"
]
},
"firewallPrivateIp": {
"value": "10.0.0.4"
}

10
infra/VirtualNetworkPeering/deploy.vnetPeering.json
Просмотреть файл

@ -9,10 +9,10 @@
"description": "Specifies the location for all resources."
}
},
"originVnetId": {
"sourceVnetId": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the origin vnet."
"description": "Specifies the ID of the source vnet."
}
},
"destinationVnetId": {
@ -25,8 +25,8 @@
"functions": [],
"variables": {
"location": "[parameters('location')]",
"originVnetId": "[parameters('originVnetId')]",
"originVnetName": "[last(split(variables('originVnetId'), '/'))]",
"sourceVnetId": "[parameters('sourceVnetId')]",
"sourceVnetName": "[last(split(variables('sourceVnetId'), '/'))]",
"destinationVnetId": "[parameters('destinationVnetId')]",
"destinationVnetName": "[last(split(variables('destinationVnetId'), '/'))]"
},
@ -34,7 +34,7 @@
{
"type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
"apiVersion": "2020-05-01",
"name": "[concat(variables('originVnetName'), '/', variables('destinationVnetName'))]",
"name": "[concat(variables('sourceVnetName'), '/', variables('destinationVnetName'))]",
"location": "[variables('location')]",
"properties": {
"allowForwardedTraffic": true,

2
infra/VirtualNetworkPeering/params.vnetPeering001.json
Просмотреть файл

@ -5,7 +5,7 @@
"location": {
"value": "northeurope"
},
"originVnetId": {
"sourceVnetId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-network/providers/Microsoft.Network/virtualNetworks/dh-vnet"
},
"destinationVnetId": {

15
infra/VirtualNetworkPeering/params.vnetPeering002.json
Просмотреть файл

@ -1,15 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"originVnetId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-network/providers/Microsoft.Network/virtualNetworks/dh-vnet"
},
"destinationVnetId": {
"value": "/subscriptions/558bf93d-0c7b-4436-82ab-a7ed6fda34aa/resourceGroups/dn002-network/providers/Microsoft.Network/virtualNetworks/dn002-vnet"
}
}
}