зеркало из https://github.com/Azure/vdc.git
Shared services - without extending onpremises Active Directory (#90)
* initial commit * updated orchestration and pipeline for shared services that doesn't extends onprem * removed onpremises references * fixed cyclic reference * added missing parameters * added missing parameters * added debug on get access token * fixed if condition * Update pipeline.yml for Azure Pipelines * Update pipeline.yml for Azure Pipelines * Update pipeline.yml for Azure Pipelines * removed break condition * added ActiveDirectory module deployment * Update pipeline.yml for Azure Pipelines * added dns server * moved vnet before jumpbox * fixed DNS Server IPs * removed invalid dependency * removed invalid dns server * moved sas token to part of uri * added back all resources * Update pipeline.yml for Azure Pipelines * updated route table module * added jobs to shared services pipeline * removed repeated job name * moved upload task into artifacts storage * fixed dependency
This commit is contained in:
Родитель
02042ce9a2
Коммит
61aae825fd
|
@ -172,9 +172,6 @@
|
|||
"OverrideParameters": {
|
||||
"routeTableName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.RouteTables.SharedServices.Name}"
|
||||
},
|
||||
"routes": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.RouteTables.SharedServices.Routes}"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -191,9 +188,6 @@
|
|||
"vnetAddressPrefixes": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.AddressPrefixes}"
|
||||
},
|
||||
"dnsServers": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.DnsServers}"
|
||||
},
|
||||
"subnets": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Subnets}"
|
||||
},
|
||||
|
@ -222,96 +216,6 @@
|
|||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "VirtualNetworkGateway",
|
||||
"ModuleDefinitionName": "VirtualNetworkGateway",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.ResourceGroup}",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"virtualNetworkGatewayName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.Name}"
|
||||
},
|
||||
"virtualNetworkGatewayType": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.VirtualNetworkGatewayType}"
|
||||
},
|
||||
"virtualNetworkGatewaySku": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.VirtualNetworkGatewaySku}"
|
||||
},
|
||||
"vpnType": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.VpnType}"
|
||||
},
|
||||
"vNetId": {
|
||||
"value": "reference(VirtualNetwork.vNetResourceId)"
|
||||
},
|
||||
"enableBgp": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.EnableBgp}"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "LocalVirtualNetworkGatewayConnection",
|
||||
"Comments": "Connect Shared Services Virtual Network Gateway to a Simulated On-Premises Virtual Network Gateway",
|
||||
"ModuleDefinitionName": "VirtualNetworkGatewayConnection",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.ResourceGroup}",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"localVirtualNetworkGatewayName": {
|
||||
"value": "reference(VirtualNetworkGateway.virtualNetworkGatewayName)"
|
||||
},
|
||||
"remoteVirtualNetworkGatewayName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.VirtualNetworkGateway.Name}"
|
||||
},
|
||||
"remoteVirtualNetworkResourceGroup": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.VirtualNetworkGateway.ResourceGroup}"
|
||||
},
|
||||
"remoteVirtualNetworkGatewaySubscriptionId": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.SubscriptionId}"
|
||||
},
|
||||
"enableBgp": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.EnableBgp}"
|
||||
},
|
||||
"vpnSharedKey": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.VpnSharedKey}"
|
||||
},
|
||||
"remoteConnectionName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.LocalConnection.Name}"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "RemoteVirtualNetworkGatewayConnection",
|
||||
"Comments": "Connect On-Premises Virtual Network Gateway to a Simulated Shared Services Virtual Network Gateway",
|
||||
"ModuleDefinitionName": "VirtualNetworkGatewayConnection",
|
||||
"Subscription": "OnPremises",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.VirtualNetworkGateway.ResourceGroup}",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"localVirtualNetworkGatewayName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.VirtualNetworkGateway.Name}"
|
||||
},
|
||||
"remoteVirtualNetworkGatewayName": {
|
||||
"value": "reference(VirtualNetworkGateway.virtualNetworkGatewayName)"
|
||||
},
|
||||
"remoteVirtualNetworkResourceGroup": {
|
||||
"value": "reference(VirtualNetworkGateway.virtualNetworkGatewayResourceGroup)"
|
||||
},
|
||||
"remoteVirtualNetworkGatewaySubscriptionId": {
|
||||
"value": "${Subscriptions.SharedServices.SubscriptionId}"
|
||||
},
|
||||
"enableBgp": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.EnableBgp}"
|
||||
},
|
||||
"vpnSharedKey": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.VpnSharedKey}"
|
||||
},
|
||||
"remoteConnectionName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.RemoteConnection.Name}"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "AzureFirewall",
|
||||
"ModuleDefinitionName": "AzureFirewall",
|
||||
|
@ -339,6 +243,19 @@
|
|||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "AddRoutesToSharedServicesRouteTable",
|
||||
"ModuleDefinitionName": "RouteTables",
|
||||
"Updates": "SharedServicesRouteTable",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.RouteTables.ResourceGroup}",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"routes": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.RouteTables.SharedServices.Routes}"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "KeyVault",
|
||||
"ModuleDefinitionName": "KeyVault",
|
||||
|
@ -486,6 +403,86 @@
|
|||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "ActiveDirectory",
|
||||
"ModuleDefinitionName": "ActiveDirectory",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.ResourceGroup}",
|
||||
"Comments": "Creates Active Directory Domain Services VMs",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"virtualMachineName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.Name}"
|
||||
},
|
||||
"virtualMachineSize": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.VMSize}"
|
||||
},
|
||||
"virtualMachineOSImage": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.OSImage}"
|
||||
},
|
||||
"artifactsStorageAccountSasKey": {
|
||||
"value": "reference(ArtifactsStorageAccount.storageAccountSasToken)"
|
||||
},
|
||||
"artifactsStorageAccountName": {
|
||||
"value": "reference(ArtifactsStorageAccount.storageAccountName)"
|
||||
},
|
||||
"artifactsStorageAccountKey": {
|
||||
"value": "reference(ArtifactsStorageAccount.storageAccountAccessKey)"
|
||||
},
|
||||
"workspaceId": {
|
||||
"value": "reference(LogAnalytics.logAnalyticsWorkspaceId)"
|
||||
},
|
||||
"logAnalyticsWorkspacePrimarySharedKey": {
|
||||
"value": "reference(LogAnalytics.logAnalyticsPrimarySharedKey)"
|
||||
},
|
||||
"diagnosticsStorageAccountName": {
|
||||
"value": "reference(DiagnosticStorageAccount.storageAccountName)"
|
||||
},
|
||||
"diagnosticsStorageAccountSasToken": {
|
||||
"value": "reference(DiagnosticStorageAccount.storageAccountSasToken)"
|
||||
},
|
||||
"adIpAddress": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.PrimaryDomainControllerIP}"
|
||||
},
|
||||
"vNetId": {
|
||||
"value": "reference(VirtualNetwork.vNetResourceId)"
|
||||
},
|
||||
"domainControllerAsgId": {
|
||||
"value": "reference(DomainControllerASG.applicationSecurityGroupResourceId)"
|
||||
},
|
||||
"subnetName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.SubnetName}"
|
||||
},
|
||||
"cloudZone": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.CloudZone}"
|
||||
},
|
||||
"domainName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.DomainName}"
|
||||
},
|
||||
"adSitename": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.ADSitename}"
|
||||
},
|
||||
"domainAdminUsername": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.DomainAdminUsername}"
|
||||
},
|
||||
"domainAdminPassword": {
|
||||
"reference": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.DomainAdminPassword}"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "EnableDnsServersOnVirtualNetwork",
|
||||
"ModuleDefinitionName": "vNet",
|
||||
"Updates": "VirtualNetwork",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.ResourceGroup}",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"dnsServers": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.DnsServers}"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "ActiveDirectoryDomainServices",
|
||||
"ModuleDefinitionName": "ActiveDirectoryDomainServices",
|
||||
|
@ -533,12 +530,7 @@
|
|||
"value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.AdminUsername}"
|
||||
},
|
||||
"adminPassword": {
|
||||
"reference": {
|
||||
"keyVault": {
|
||||
"id": "reference(KeyVault.keyVaultResourceId)"
|
||||
},
|
||||
"secretName": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[0].secretName}"
|
||||
}
|
||||
"reference": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.AdminPassword}"
|
||||
},
|
||||
"addsAddressStart": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.AddsIPAddressStart}"
|
||||
|
@ -562,12 +554,7 @@
|
|||
"value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.DomainAdminUsername}"
|
||||
},
|
||||
"domainAdminPassword": {
|
||||
"reference": {
|
||||
"keyVault": {
|
||||
"id": "reference(KeyVault.keyVaultResourceId)"
|
||||
},
|
||||
"secretName": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[1].secretName}"
|
||||
}
|
||||
"reference": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.DomainAdminPassword}"
|
||||
},
|
||||
"domainControllerAsgId": {
|
||||
"value": "reference(DomainControllerASG.applicationSecurityGroupResourceId)"
|
||||
|
|
|
@ -5,22 +5,6 @@
|
|||
"Subscription": "SharedServices",
|
||||
"ModuleConfigurationParameters": {
|
||||
"DeploymentUserId": "env(DEPLOYMENT_USER_ID)",
|
||||
"OnPremisesInformation": {
|
||||
"ActiveDirectory": {
|
||||
"PrimaryDomainControllerIP": "192.168.1.4",
|
||||
"DomainName": "fontoso.com",
|
||||
"ADSitename": "Cloud-Site",
|
||||
"DomainAdminUserName": "fontoso"
|
||||
},
|
||||
"Network": {
|
||||
"AddressPrefix": "192.168.1.0/28"
|
||||
},
|
||||
"VirtualNetworkGateway": {
|
||||
"Name": "fontoso-onprem-gw",
|
||||
"ResourceGroup": "fontoso-onprem-net-rg"
|
||||
},
|
||||
"SubscriptionId": "${Subscriptions.OnPremises.SubscriptionId}"
|
||||
},
|
||||
"DiagnosticStorageAccount": {
|
||||
"Name": "${Parameters.Organization}${Parameters.DeploymentName}diag01",
|
||||
"ResourceGroup": "${Parameters.InstanceName}-diagnostics-rg",
|
||||
|
@ -213,7 +197,7 @@
|
|||
"direction": "Inbound",
|
||||
"priority": 120,
|
||||
"protocol": "Tcp",
|
||||
"sourceAddressPrefix": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.PrimaryDomainControllerIP}",
|
||||
"sourceAddressPrefix": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.PrimaryDomainControllerIP}",
|
||||
"sourcePortRange": "*",
|
||||
"sourcePortRanges": [],
|
||||
"destinationApplicationSecurityGroups": [
|
||||
|
@ -245,7 +229,7 @@
|
|||
"direction": "Inbound",
|
||||
"priority": 130,
|
||||
"protocol": "Udp",
|
||||
"sourceAddressPrefix": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.PrimaryDomainControllerIP}",
|
||||
"sourceAddressPrefix": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.PrimaryDomainControllerIP}",
|
||||
"sourcePortRange": "*",
|
||||
"sourcePortRanges": [],
|
||||
"destinationApplicationSecurityGroups": [
|
||||
|
@ -296,7 +280,7 @@
|
|||
"direction": "Inbound",
|
||||
"priority": 150,
|
||||
"protocol": "TCP",
|
||||
"sourceAddressPrefix": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.Network.AddressPrefix}",
|
||||
"sourceAddressPrefix": "VirtualNetwork",
|
||||
"sourcePortRange": "*",
|
||||
"sourcePortRanges": [],
|
||||
"destinationApplicationSecurityGroups": [
|
||||
|
@ -448,16 +432,9 @@
|
|||
"name": "default",
|
||||
"properties": {
|
||||
"addressPrefix": "0.0.0.0/0",
|
||||
"nextHopIpAddress": "172.0.3.4",
|
||||
"nextHopIpAddress": "reference(AzureFirewall.azureFirewallPrivateIp)",
|
||||
"nextHopType": "VirtualAppliance"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "to-on-premises",
|
||||
"properties": {
|
||||
"addressPrefix": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.Network.AddressPrefix}",
|
||||
"nextHopType": "VirtualNetworkGateway"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -521,7 +498,7 @@
|
|||
}
|
||||
],
|
||||
"DnsServers": [
|
||||
"${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.PrimaryDomainControllerIP}"
|
||||
"${Parameters.ModuleConfigurationParameters.ActiveDirectory.PrimaryDomainControllerIP}"
|
||||
]
|
||||
},
|
||||
"VirtualNetworkGateway": {
|
||||
|
@ -747,7 +724,7 @@
|
|||
"secretValue": "env(ADMIN_USER_PWD)"
|
||||
},
|
||||
{
|
||||
"secretName": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.DomainAdminUserName}",
|
||||
"secretName": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.DomainAdminUserName}",
|
||||
"secretValue": "env(DOMAIN_ADMIN_USER_PWD)"
|
||||
}
|
||||
]
|
||||
|
@ -792,12 +769,42 @@
|
|||
}
|
||||
}
|
||||
},
|
||||
"ActiveDirectory": {
|
||||
"Name": "primary-ad",
|
||||
"ResourceGroup": "${Parameters.InstanceName}-adds-rg",
|
||||
"Comments": "Windows VM name cannot exceed 13 characters.",
|
||||
"PrimaryDomainControllerIP": "172.0.0.10",
|
||||
"DomainName": "fontoso.com",
|
||||
"ADSitename": "Cloud-Site",
|
||||
"CloudZone": "fontosocloud.com",
|
||||
"DomainAdminUsername": "fontoso",
|
||||
"DomainAdminPassword": {
|
||||
"keyVault": {
|
||||
"id": "reference(KeyVault.keyVaultResourceId)"
|
||||
},
|
||||
"secretName": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[1].secretName}"
|
||||
},
|
||||
"VMSize": "Standard_DS3_v2",
|
||||
"OSImage": {
|
||||
"offer": "WindowsServer",
|
||||
"publisher": "MicrosoftWindowsServer",
|
||||
"sku": "2016-Datacenter"
|
||||
},
|
||||
"SubnetName": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Subnets[0].name}"
|
||||
},
|
||||
"ActiveDirectoryDomainServices": {
|
||||
"Name": "adds-vm",
|
||||
"ResourceGroup": "${Parameters.InstanceName}-adds-rg",
|
||||
"Comments": "Windows VM name cannot exceed 13 characters",
|
||||
"ResourceGroup": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.ResourceGroup}",
|
||||
"Comments": "Windows VM name cannot exceed 13 characters. Additionally, Make sure that AddsIPAddressStart and ActiveDirectory.PrimaryDomainControllerIP are in the same subnet address prefix and they don't overlap",
|
||||
"AdminUsername": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[0].secretName}",
|
||||
"DomainAdminUsername": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[1].secretName}",
|
||||
"AdminPassword": {
|
||||
"keyVault": {
|
||||
"id": "reference(KeyVault.keyVaultResourceId)"
|
||||
},
|
||||
"secretName": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[0].secretName}"
|
||||
},
|
||||
"DomainAdminUsername": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.DomainAdminUsername}",
|
||||
"DomainAdminPassword": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.DomainAdminPassword}",
|
||||
"VMCount": 2,
|
||||
"VMSize": "Standard_DS3_v2",
|
||||
"OSImage": {
|
||||
|
@ -806,9 +813,9 @@
|
|||
"sku": "2016-Datacenter"
|
||||
},
|
||||
"AddsIPAddressStart": "172.0.0.20",
|
||||
"DomainName": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.DomainName}",
|
||||
"PrimaryDomainControllerIP": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.PrimaryDomainControllerIP}",
|
||||
"ADSitename": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.ADSitename}",
|
||||
"DomainName": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.DomainName}",
|
||||
"PrimaryDomainControllerIP": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.PrimaryDomainControllerIP}",
|
||||
"ADSitename": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.ADSitename}",
|
||||
"DomaincontrollerDriveLetter": "F",
|
||||
"SubnetName": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Subnets[0].name}"
|
||||
}
|
||||
|
|
|
@ -307,66 +307,6 @@ stages:
|
|||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: VirtualNetworkGateway
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: SetupValidationResourceGroup
|
||||
steps:
|
||||
- task: PowerShell@2
|
||||
displayName: "Pester Tests for Module - Virtual Network Gateway"
|
||||
inputs:
|
||||
targetType: 'inline'
|
||||
script: '# Write your powershell commands here.
|
||||
|
||||
Invoke-Pester -Script "./Modules/VirtualNetworkGateway/2.0/Tests";
|
||||
|
||||
# Use the environment variables input below to pass secret variables to this script.'
|
||||
pwsh: true
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ARM Validation - Virtual Network Gateway"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "VirtualNetworkGateway" -Validate'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: VirtualNetworkGatewayConnection
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: SetupValidationResourceGroup
|
||||
steps:
|
||||
- task: PowerShell@2
|
||||
displayName: "Pester Tests for Module - Virtual Network Gateway Connection"
|
||||
inputs:
|
||||
targetType: 'inline'
|
||||
script: '# Write your powershell commands here.
|
||||
|
||||
Invoke-Pester -Script "./Modules/VirtualNetworkGatewayConnection/2.0/Tests";
|
||||
|
||||
# Use the environment variables input below to pass secret variables to this script.'
|
||||
pwsh: true
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ARM Validation - Local Virtual Network Gateway Connection"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "LocalVirtualNetworkGatewayConnection" -Validate'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: AzureFirewall
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
|
@ -457,6 +397,36 @@ stages:
|
|||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: ActiveDirectory
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: SetupValidationResourceGroup
|
||||
steps:
|
||||
- task: PowerShell@2
|
||||
displayName: "Pester Tests for Module - ActiveDirectory"
|
||||
inputs:
|
||||
targetType: 'inline'
|
||||
script: '# Write your powershell commands here.
|
||||
|
||||
Invoke-Pester -Script "./Modules/ActiveDirectory/2.0/Tests";
|
||||
|
||||
# Use the environment variables input below to pass secret variables to this script.'
|
||||
pwsh: true
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ARM Validation - ActiveDirectory"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "ActiveDirectory" -Validate'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: ActiveDirectoryDomainServices
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
|
@ -490,7 +460,7 @@ stages:
|
|||
- job: TearDownValidationResourceGroup
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: [ StorageAccounts, LogAnalytics, AutomationAccounts, ApplicationSecurityGroups, NetworkSecurityGroups, RouteTables, vNet, VirtualNetworkGateway, VirtualNetworkGatewayConnection, AzureFirewall, Jumpbox, ActiveDirectoryDomainServices ]
|
||||
dependsOn: [ StorageAccounts, LogAnalytics, AutomationAccounts, ApplicationSecurityGroups, NetworkSecurityGroups, RouteTables, vNet, AzureFirewall, Jumpbox, ActiveDirectory, ActiveDirectoryDomainServices ]
|
||||
steps:
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Teardown Validation Resource Group"
|
||||
|
@ -502,7 +472,7 @@ stages:
|
|||
azurePowerShellVersion: 'LatestVersion'
|
||||
- stage: Deploy
|
||||
jobs:
|
||||
- job: Deployment
|
||||
- job: DiagnosticStorageAccount
|
||||
timeoutInMinutes: 0
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
|
@ -522,6 +492,12 @@ stages:
|
|||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: LogAnalytics
|
||||
timeoutInMinutes: 0
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: DiagnosticStorageAccount
|
||||
steps:
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Log Analytics"
|
||||
inputs:
|
||||
|
@ -537,6 +513,12 @@ stages:
|
|||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: AutomationAccounts
|
||||
timeoutInMinutes: 0
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: [LogAnalytics, DiagnosticStorageAccount]
|
||||
steps:
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Automation Accounts"
|
||||
inputs:
|
||||
|
@ -552,6 +534,12 @@ stages:
|
|||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: LinkLogAnalyticsWithAutomationAccount
|
||||
timeoutInMinutes: 0
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: LogAnalytics
|
||||
steps:
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Link Log Analytics With Automation Account"
|
||||
inputs:
|
||||
|
@ -567,6 +555,11 @@ stages:
|
|||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: JumpboxASG
|
||||
timeoutInMinutes: 0
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
steps:
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "JumpboxASG"
|
||||
inputs:
|
||||
|
@ -582,6 +575,11 @@ stages:
|
|||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: DomainControllerASG
|
||||
timeoutInMinutes: 0
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
steps:
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Domain Controller ASG"
|
||||
inputs:
|
||||
|
@ -597,6 +595,12 @@ stages:
|
|||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: SharedServicesNSG
|
||||
timeoutInMinutes: 0
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: [JumpboxASG, DomainControllerASG, LogAnalytics, DiagnosticStorageAccount]
|
||||
steps:
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Shared Services NSG"
|
||||
inputs:
|
||||
|
@ -612,6 +616,12 @@ stages:
|
|||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: DMZNSG
|
||||
timeoutInMinutes: 0
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: [JumpboxASG, DomainControllerASG, LogAnalytics, DiagnosticStorageAccount]
|
||||
steps:
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "DMZ NSG"
|
||||
inputs:
|
||||
|
@ -627,6 +637,11 @@ stages:
|
|||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: SharedServicesRouteTable
|
||||
timeoutInMinutes: 0
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
steps:
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Shared Services Route Table"
|
||||
inputs:
|
||||
|
@ -642,6 +657,12 @@ stages:
|
|||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: VirtualNetwork
|
||||
timeoutInMinutes: 0
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: [SharedServicesNSG, DMZNSG, SharedServicesRouteTable]
|
||||
steps:
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Virtual Network"
|
||||
inputs:
|
||||
|
@ -657,6 +678,12 @@ stages:
|
|||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: EnableServiceEndpointOnDiagnosticStorage
|
||||
timeoutInMinutes: 0
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: [DiagnosticStorageAccount, VirtualNetwork]
|
||||
steps:
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Enable Service Endpoint On Diagnostic Storage Account"
|
||||
inputs:
|
||||
|
@ -672,51 +699,12 @@ stages:
|
|||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Virtual Network Gateway"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "VirtualNetworkGateway"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Local Virtual Network Gateway Connection"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "LocalVirtualNetworkGatewayConnection"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Remote Virtual Network Gateway Connection"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "RemoteVirtualNetworkGatewayConnection"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: AzureFirewall
|
||||
timeoutInMinutes: 0
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: [VirtualNetwork, DiagnosticStorageAccount, LogAnalytics]
|
||||
steps:
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Azure Firewall"
|
||||
inputs:
|
||||
|
@ -732,6 +720,33 @@ stages:
|
|||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: AddRoutesToSharedServicesRouteTable
|
||||
timeoutInMinutes: 0
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: [SharedServicesRouteTable, AzureFirewall]
|
||||
steps:
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Add Routes to Shared Services Route Table"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "AddRoutesToSharedServicesRouteTable"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: KeyVault
|
||||
timeoutInMinutes: 0
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: [VirtualNetwork, DiagnosticStorageAccount, LogAnalytics]
|
||||
steps:
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Key Vault"
|
||||
inputs:
|
||||
|
@ -747,6 +762,11 @@ stages:
|
|||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: ArtifactsStorageAccount
|
||||
timeoutInMinutes: 0
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
steps:
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Artifacts Storage Account"
|
||||
inputs:
|
||||
|
@ -774,6 +794,54 @@ stages:
|
|||
uploadDirectory: 'Scripts'
|
||||
sasTokenStartTime: '1m'
|
||||
sasTokenExpiryTime: '1h'
|
||||
- job: ActiveDirectory
|
||||
timeoutInMinutes: 0
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: [VirtualNetwork, DiagnosticStorageAccount, LogAnalytics, KeyVault, ArtifactsStorageAccount]
|
||||
steps:
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ActiveDirectory"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "ActiveDirectory"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: EnableDNSServerOnVirtualNetwork
|
||||
timeoutInMinutes: 0
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: [ActiveDirectory, VirtualNetwork]
|
||||
steps:
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Enable DNS Server on Virtual Network"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "EnableDnsServersOnVirtualNetwork"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: Jumpbox
|
||||
timeoutInMinutes: 0
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: [VirtualNetwork, DiagnosticStorageAccount, LogAnalytics, KeyVault, ArtifactsStorageAccount]
|
||||
steps:
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Jumpbox"
|
||||
inputs:
|
||||
|
@ -789,8 +857,14 @@ stages:
|
|||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: ActiveDirectoryDomainServices
|
||||
timeoutInMinutes: 0
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: [ActiveDirectory, EnableDNSServerOnVirtualNetwork, VirtualNetwork, DiagnosticStorageAccount, LogAnalytics, KeyVault, ArtifactsStorageAccount]
|
||||
steps:
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ActiveDirectoryDomainServices"
|
||||
displayName: "Active Directory Domain Services"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Subscriptions": "env(VDC_SUBSCRIPTIONS)",
|
||||
"Parameters": "file(./parameters.json)",
|
||||
"Orchestration": "file(./orchestration.json)"
|
||||
}
|
|
@ -0,0 +1,569 @@
|
|||
{
|
||||
"ModuleConfigurationsPath": "../../Modules",
|
||||
"ModuleConfigurations": [
|
||||
{
|
||||
"Name": "DiagnosticStorageAccount",
|
||||
"ModuleDefinitionName": "StorageAccounts",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.ResourceGroup}",
|
||||
"Comments": "Storage Account that is used for ...",
|
||||
"Version": "2.0",
|
||||
"Policies": {
|
||||
"Comments": "Optional - If no object is specified, no Policies deployment will occur",
|
||||
"OverrideParameters": {
|
||||
"effect": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.Policies.Effect}"
|
||||
},
|
||||
"resourceGroup": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.ResourceGroup}"
|
||||
},
|
||||
"resourceGroupLocation": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.Location}"
|
||||
}
|
||||
}
|
||||
},
|
||||
"Deployment": {
|
||||
"Comments": "We need the 'update' module instance to lock this resource after the Virtual Network got created",
|
||||
"TemplatePath": "../../Modules/StorageAccounts/2.0/deploy.json",
|
||||
"OverrideParameters": {
|
||||
"storageAccountName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.Name}"
|
||||
},
|
||||
"storageAccountSku": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.Sku}"
|
||||
},
|
||||
"location": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.Location}"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "LogAnalytics",
|
||||
"ModuleDefinitionName": "LogAnalytics",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.LogAnalytics.ResourceGroup}",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"logAnalyticsWorkspaceName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.LogAnalytics.Name}"
|
||||
},
|
||||
"diagnosticStorageAccountName": {
|
||||
"value": "reference(DiagnosticStorageAccount.storageAccountName)"
|
||||
},
|
||||
"diagnosticStorageAccountId": {
|
||||
"value": "reference(DiagnosticStorageAccount.storageAccountResourceId)"
|
||||
},
|
||||
"diagnosticStorageAccountAccessKey": {
|
||||
"value": "reference(DiagnosticStorageAccount.storageAccountAccessKey)"
|
||||
},
|
||||
"location": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.LogAnalytics.Location}"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "AutomationAccounts",
|
||||
"ModuleDefinitionName": "AutomationAccounts",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.AutomationAccounts.ResourceGroup}",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"automationAccountName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.AutomationAccounts.Name}"
|
||||
},
|
||||
"location": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.AutomationAccounts.Location}"
|
||||
},
|
||||
"umTimeZone": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.AutomationAccounts.UpdateManagementTimeZone}"
|
||||
},
|
||||
"workspaceId": {
|
||||
"value": "reference(LogAnalytics.logAnalyticsWorkspaceResourceId)"
|
||||
},
|
||||
"diagnosticStorageAccountId": {
|
||||
"value": "reference(DiagnosticStorageAccount.storageAccountResourceId)"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "LinkLogAnalyticsWithAutomationAccount",
|
||||
"ModuleDefinitionName": "LogAnalytics",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.AutomationAccounts.ResourceGroup}",
|
||||
"Updates": "LogAnalytics",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"automationAccountId": {
|
||||
"value": "reference(AutomationAccounts.automationAccountResourceId)"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "JumpboxASG",
|
||||
"ModuleDefinitionName": "ApplicationSecurityGroups",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.ResourceGroup}",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"applicationSecurityGroupName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.Jumpbox.Name}"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "DomainControllerASG",
|
||||
"ModuleDefinitionName": "ApplicationSecurityGroups",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.ResourceGroup}",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"applicationSecurityGroupName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.DomainController.Name}"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "SharedServicesNSG",
|
||||
"ModuleDefinitionName": "NetworkSecurityGroups",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.NetworkSecurityGroups.ResourceGroup}",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"workspaceId": {
|
||||
"value": "reference(LogAnalytics.logAnalyticsWorkspaceResourceId)"
|
||||
},
|
||||
"diagnosticStorageAccountId": {
|
||||
"value": "reference(DiagnosticStorageAccount.storageAccountResourceId)"
|
||||
},
|
||||
"networkSecurityGroupName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.NetworkSecurityGroups.SharedServices.Name}"
|
||||
},
|
||||
"networkSecurityGroupSecurityRules": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.NetworkSecurityGroups.SharedServices.Rules}"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "DMZNSG",
|
||||
"ModuleDefinitionName": "NetworkSecurityGroups",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.NetworkSecurityGroups.ResourceGroup}",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"workspaceId": {
|
||||
"value": "reference(LogAnalytics.logAnalyticsWorkspaceResourceId)"
|
||||
},
|
||||
"diagnosticStorageAccountId": {
|
||||
"value": "reference(DiagnosticStorageAccount.storageAccountResourceId)"
|
||||
},
|
||||
"networkSecurityGroupName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.NetworkSecurityGroups.DMZ.Name}"
|
||||
},
|
||||
"networkSecurityGroupSecurityRules": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.NetworkSecurityGroups.DMZ.Rules}"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "SharedServicesRouteTable",
|
||||
"ModuleDefinitionName": "RouteTables",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.RouteTables.ResourceGroup}",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"routeTableName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.RouteTables.SharedServices.Name}"
|
||||
},
|
||||
"routes": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.RouteTables.SharedServices.Routes}"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "VirtualNetwork",
|
||||
"ModuleDefinitionName": "vNet",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.ResourceGroup}",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"vnetName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Name}"
|
||||
},
|
||||
"vnetAddressPrefixes": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.AddressPrefixes}"
|
||||
},
|
||||
"dnsServers": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.DnsServers}"
|
||||
},
|
||||
"subnets": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Subnets}"
|
||||
},
|
||||
"enableDdosProtection": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.EnableDdosProtection}"
|
||||
},
|
||||
"enableVmProtection": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.EnableVmProtection}"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "EnableServiceEndpointOnDiagnosticStorageAccount",
|
||||
"ModuleDefinitionName": "StorageAccounts",
|
||||
"Updates": "DiagnosticStorageAccount",
|
||||
"Comments": "Enables Service endpoint on the Storage Account",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"networkAcls": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.NetworkAcls}"
|
||||
},
|
||||
"vNetId": {
|
||||
"value": "reference(VirtualNetwork.vNetResourceId)"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "VirtualNetworkGateway",
|
||||
"ModuleDefinitionName": "VirtualNetworkGateway",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.ResourceGroup}",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"virtualNetworkGatewayName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.Name}"
|
||||
},
|
||||
"virtualNetworkGatewayType": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.VirtualNetworkGatewayType}"
|
||||
},
|
||||
"virtualNetworkGatewaySku": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.VirtualNetworkGatewaySku}"
|
||||
},
|
||||
"vpnType": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.VpnType}"
|
||||
},
|
||||
"vNetId": {
|
||||
"value": "reference(VirtualNetwork.vNetResourceId)"
|
||||
},
|
||||
"enableBgp": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.EnableBgp}"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "LocalVirtualNetworkGatewayConnection",
|
||||
"Comments": "Connect Shared Services Virtual Network Gateway to a Simulated On-Premises Virtual Network Gateway",
|
||||
"ModuleDefinitionName": "VirtualNetworkGatewayConnection",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.ResourceGroup}",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"localVirtualNetworkGatewayName": {
|
||||
"value": "reference(VirtualNetworkGateway.virtualNetworkGatewayName)"
|
||||
},
|
||||
"remoteVirtualNetworkGatewayName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.VirtualNetworkGateway.Name}"
|
||||
},
|
||||
"remoteVirtualNetworkResourceGroup": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.VirtualNetworkGateway.ResourceGroup}"
|
||||
},
|
||||
"remoteVirtualNetworkGatewaySubscriptionId": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.SubscriptionId}"
|
||||
},
|
||||
"enableBgp": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.EnableBgp}"
|
||||
},
|
||||
"vpnSharedKey": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.VpnSharedKey}"
|
||||
},
|
||||
"remoteConnectionName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.LocalConnection.Name}"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "RemoteVirtualNetworkGatewayConnection",
|
||||
"Comments": "Connect On-Premises Virtual Network Gateway to a Simulated Shared Services Virtual Network Gateway",
|
||||
"ModuleDefinitionName": "VirtualNetworkGatewayConnection",
|
||||
"Subscription": "OnPremises",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.VirtualNetworkGateway.ResourceGroup}",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"localVirtualNetworkGatewayName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.VirtualNetworkGateway.Name}"
|
||||
},
|
||||
"remoteVirtualNetworkGatewayName": {
|
||||
"value": "reference(VirtualNetworkGateway.virtualNetworkGatewayName)"
|
||||
},
|
||||
"remoteVirtualNetworkResourceGroup": {
|
||||
"value": "reference(VirtualNetworkGateway.virtualNetworkGatewayResourceGroup)"
|
||||
},
|
||||
"remoteVirtualNetworkGatewaySubscriptionId": {
|
||||
"value": "${Subscriptions.SharedServices.SubscriptionId}"
|
||||
},
|
||||
"enableBgp": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.EnableBgp}"
|
||||
},
|
||||
"vpnSharedKey": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.VpnSharedKey}"
|
||||
},
|
||||
"remoteConnectionName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.RemoteConnection.Name}"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "AzureFirewall",
|
||||
"ModuleDefinitionName": "AzureFirewall",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.AzureFirewall.ResourceGroup}",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"azureFirewallName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.AzureFirewall.Name}"
|
||||
},
|
||||
"applicationRuleCollections": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.AzureFirewall.ApplicationRuleCollections}"
|
||||
},
|
||||
"networkRuleCollections": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.AzureFirewall.networkRuleCollections}"
|
||||
},
|
||||
"vNetId": {
|
||||
"value": "reference(VirtualNetwork.vNetResourceId)"
|
||||
},
|
||||
"diagnosticStorageAccountId": {
|
||||
"value": "reference(DiagnosticStorageAccount.storageAccountResourceId)"
|
||||
},
|
||||
"workspaceId": {
|
||||
"value": "reference(LogAnalytics.logAnalyticsWorkspaceResourceId)"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "KeyVault",
|
||||
"ModuleDefinitionName": "KeyVault",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.KeyVault.ResourceGroup}",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"keyVaultName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.Name}"
|
||||
},
|
||||
"accessPolicies": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.AccessPolicies}"
|
||||
},
|
||||
"secretsObject": {
|
||||
"value": {
|
||||
"secrets": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets}"
|
||||
}
|
||||
},
|
||||
"enableVaultForDeployment": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.EnableVaultForDeployment}"
|
||||
},
|
||||
"enableVaultForDiskEncryption": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.EnableVaultForDiskEncryption}"
|
||||
},
|
||||
"enableVaultForTemplateDeployment": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.EnableVaultForTemplateDeployment}"
|
||||
},
|
||||
"vaultSku": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.Sku}"
|
||||
},
|
||||
"diagnosticStorageAccountId": {
|
||||
"value": "reference(DiagnosticStorageAccount.storageAccountResourceId)"
|
||||
},
|
||||
"workspaceId": {
|
||||
"value": "reference(LogAnalytics.logAnalyticsWorkspaceResourceId)"
|
||||
},
|
||||
"networkAcls": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.NetworkAcls}"
|
||||
},
|
||||
"vNetId": {
|
||||
"value": "reference(VirtualNetwork.vNetResourceId)"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "ArtifactsStorageAccount",
|
||||
"Subscription": "Artifacts",
|
||||
"ModuleDefinitionName": "StorageAccounts",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.ArtifactsStorageAccount.ResourceGroup}",
|
||||
"Comments": "Storage Account that is used for ...",
|
||||
"Policies": {
|
||||
"Comments": "Optional - If no object is specified, no Policies deployment will occur",
|
||||
"OverrideParameters": {
|
||||
"effect": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ArtifactsStorageAccount.Policies.Effect}"
|
||||
},
|
||||
"resourceGroup": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ArtifactsStorageAccount.ResourceGroup}"
|
||||
},
|
||||
"resourceGroupLocation": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ArtifactsStorageAccount.Location}"
|
||||
}
|
||||
}
|
||||
},
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"storageAccountName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ArtifactsStorageAccount.Name}"
|
||||
},
|
||||
"storageAccountSku": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ArtifactsStorageAccount.Sku}"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "Jumpbox",
|
||||
"ModuleDefinitionName": "Jumpbox",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.Jumpbox.ResourceGroup}",
|
||||
"Comments": "Creates Windows and Linux Jumpboxes",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"windowsVirtualMachineName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.Jumpbox.Windows.Name}"
|
||||
},
|
||||
"linuxVirtualMachineName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.Jumpbox.Linux.Name}"
|
||||
},
|
||||
"workspaceId": {
|
||||
"value": "reference(LogAnalytics.logAnalyticsWorkspaceId)"
|
||||
},
|
||||
"logAnalyticsWorkspacePrimarySharedKey": {
|
||||
"value": "reference(LogAnalytics.logAnalyticsPrimarySharedKey)"
|
||||
},
|
||||
"artifactsStorageAccountKey": {
|
||||
"value": "reference(ArtifactsStorageAccount.storageAccountAccessKey)"
|
||||
},
|
||||
"artifactsStorageAccountName": {
|
||||
"value": "reference(ArtifactsStorageAccount.storageAccountName)"
|
||||
},
|
||||
"vNetId": {
|
||||
"value": "reference(VirtualNetwork.vNetResourceId)"
|
||||
},
|
||||
"jumpboxAsgId": {
|
||||
"value": "reference(JumpboxASG.applicationSecurityGroupResourceId)"
|
||||
},
|
||||
"subnetName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.Jumpbox.SubnetName}"
|
||||
},
|
||||
"adminUsername": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.Jumpbox.AdminUsername}"
|
||||
},
|
||||
"adminPassword": {
|
||||
"reference": {
|
||||
"keyVault": {
|
||||
"id": "reference(KeyVault.keyVaultResourceId)"
|
||||
},
|
||||
"secretName": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[0].secretName}"
|
||||
}
|
||||
},
|
||||
"windowsVirtualMachineCount": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.Jumpbox.Windows.VMCount}"
|
||||
},
|
||||
"windowsVirtualMachineSize": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.Jumpbox.Windows.VMSize}"
|
||||
},
|
||||
"windowsOSImage": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.Jumpbox.Windows.OSImage}"
|
||||
},
|
||||
"linuxVirtualMachineCount": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.Jumpbox.Linux.VMCount}"
|
||||
},
|
||||
"linuxVirtualMachineSize": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.Jumpbox.Linux.VMSize}"
|
||||
},
|
||||
"linuxOSImage": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.Jumpbox.Linux.OSImage}"
|
||||
},
|
||||
"diagnosticsStorageAccountName": {
|
||||
"value": "reference(DiagnosticStorageAccount.storageAccountName)"
|
||||
},
|
||||
"diagnosticsStorageAccountSasToken": {
|
||||
"value": "reference(DiagnosticStorageAccount.storageAccountSasToken)"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "ActiveDirectoryDomainServices",
|
||||
"ModuleDefinitionName": "ActiveDirectoryDomainServices",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.ResourceGroup}",
|
||||
"Comments": "Creates Active Directory Domain Services VMs",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"virtualMachineName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.Name}"
|
||||
},
|
||||
"virtualMachineOSImage": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.OSImage}"
|
||||
},
|
||||
"virtualMachineCount": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.VMCount}"
|
||||
},
|
||||
"virtualMachineSize": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.VMSize}"
|
||||
},
|
||||
"artifactsStorageAccountSasKey": {
|
||||
"value": "reference(ArtifactsStorageAccount.storageAccountSasToken)"
|
||||
},
|
||||
"artifactsStorageAccountKey": {
|
||||
"value": "reference(ArtifactsStorageAccount.storageAccountAccessKey)"
|
||||
},
|
||||
"artifactsStorageAccountName": {
|
||||
"value": "reference(ArtifactsStorageAccount.storageAccountName)"
|
||||
},
|
||||
"workspaceId": {
|
||||
"value": "reference(LogAnalytics.logAnalyticsWorkspaceId)"
|
||||
},
|
||||
"logAnalyticsWorkspacePrimarySharedKey": {
|
||||
"value": "reference(LogAnalytics.logAnalyticsPrimarySharedKey)"
|
||||
},
|
||||
"diagnosticsStorageAccountName": {
|
||||
"value": "reference(DiagnosticStorageAccount.storageAccountName)"
|
||||
},
|
||||
"diagnosticsStorageAccountSasToken": {
|
||||
"value": "reference(DiagnosticStorageAccount.storageAccountSasToken)"
|
||||
},
|
||||
"vNetId": {
|
||||
"value": "reference(VirtualNetwork.vNetResourceId)"
|
||||
},
|
||||
"adminUsername": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.AdminUsername}"
|
||||
},
|
||||
"adminPassword": {
|
||||
"reference": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.AdminPassword}"
|
||||
},
|
||||
"addsAddressStart": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.AddsIPAddressStart}"
|
||||
},
|
||||
"domainName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.DomainName}"
|
||||
},
|
||||
"primaryDCIP": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.PrimaryDomainControllerIP}"
|
||||
},
|
||||
"ADSitename": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.ADSitename}"
|
||||
},
|
||||
"domaincontrollerDriveLetter": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.DomaincontrollerDriveLetter}"
|
||||
},
|
||||
"subnetName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.SubnetName}"
|
||||
},
|
||||
"domainAdminUsername": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.DomainAdminUsername}"
|
||||
},
|
||||
"domainAdminPassword": {
|
||||
"reference": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.DomainAdminPassword}"
|
||||
},
|
||||
"domainControllerAsgId": {
|
||||
"value": "reference(DomainControllerASG.applicationSecurityGroupResourceId)"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
|
@ -0,0 +1,828 @@
|
|||
{
|
||||
"Organization": "file(../_Common/organizationName.txt)",
|
||||
"DeploymentName": "shrdsvcs",
|
||||
"InstanceName": "${Parameters.Organization}-${Parameters.DeploymentName}",
|
||||
"Subscription": "SharedServices",
|
||||
"ModuleConfigurationParameters": {
|
||||
"DeploymentUserId": "env(DEPLOYMENT_USER_ID)",
|
||||
"OnPremisesInformation": {
|
||||
"ActiveDirectory": {
|
||||
"PrimaryDomainControllerIP": "192.168.1.4",
|
||||
"DomainName": "fontoso.com",
|
||||
"ADSitename": "Cloud-Site",
|
||||
"DomainAdminUserName": "fontoso"
|
||||
},
|
||||
"Network": {
|
||||
"AddressPrefix": "192.168.1.0/28"
|
||||
},
|
||||
"VirtualNetworkGateway": {
|
||||
"Name": "fontoso-onprem-gw",
|
||||
"ResourceGroup": "fontoso-onprem-net-rg"
|
||||
},
|
||||
"SubscriptionId": "${Subscriptions.OnPremises.SubscriptionId}"
|
||||
},
|
||||
"DiagnosticStorageAccount": {
|
||||
"Name": "${Parameters.Organization}${Parameters.DeploymentName}diag01",
|
||||
"ResourceGroup": "${Parameters.InstanceName}-diagnostics-rg",
|
||||
"Location": "${Parameters.Location}",
|
||||
"Sku": "Standard_GRS",
|
||||
"NetworkAcls": {
|
||||
"bypass": "AzureServices",
|
||||
"defaultAction": "Deny",
|
||||
"virtualNetworkRules": [
|
||||
{
|
||||
"subnet": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Subnets[0].Name}"
|
||||
}
|
||||
],
|
||||
"ipRules": []
|
||||
},
|
||||
"Policies": {
|
||||
"Effect": "Audit"
|
||||
}
|
||||
},
|
||||
"LogAnalytics": {
|
||||
"Name": "${Parameters.InstanceName}-la",
|
||||
"Comments": "Log Analytics and Diagnostic Storage Account must be deployed in the same region",
|
||||
"ResourceGroup": "${Parameters.InstanceName}-diagnostics-rg",
|
||||
"Location": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.Location}",
|
||||
"ListOfAllowedRegions": [
|
||||
"Australia Central",
|
||||
"Australia East",
|
||||
"Australia Southeast",
|
||||
"Canada Central",
|
||||
"Central India",
|
||||
"Central US",
|
||||
"East Asia",
|
||||
"East US",
|
||||
"East US 2",
|
||||
"France Central",
|
||||
"Japan East",
|
||||
"Korea Central",
|
||||
"North Europe",
|
||||
"South Central US",
|
||||
"Southeast Asia",
|
||||
"UK South",
|
||||
"West Europe",
|
||||
"West US",
|
||||
"West US 2"
|
||||
]
|
||||
},
|
||||
"AutomationAccounts": {
|
||||
"Name": "${Parameters.InstanceName}-automation",
|
||||
"Comments": "Automation Account and Log Analytics must be deployed in the same region",
|
||||
"ResourceGroup": "${Parameters.ModuleConfigurationParameters.LogAnalytics.ResourceGroup}",
|
||||
"Location": "${Parameters.ModuleConfigurationParameters.LogAnalytics.Location}",
|
||||
"UpdateManagementTimeZone": "America/Chicago",
|
||||
"ListOfAllowedRegions": [
|
||||
"Australia Central",
|
||||
"Australia East",
|
||||
"Australia Southeast",
|
||||
"Brazil South",
|
||||
"Canada Central",
|
||||
"Central India",
|
||||
"East US",
|
||||
"East US 2",
|
||||
"France Central",
|
||||
"Japan East",
|
||||
"Korea Central",
|
||||
"North Europe",
|
||||
"South Central US",
|
||||
"Southeast Asia",
|
||||
"UK South",
|
||||
"West Central US",
|
||||
"West Europe",
|
||||
"West US 2"
|
||||
]
|
||||
},
|
||||
"ApplicationSecurityGroups": {
|
||||
"ResourceGroup": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.ResourceGroup}",
|
||||
"Jumpbox": {
|
||||
"Name": "jumpbox-asg"
|
||||
},
|
||||
"DomainController": {
|
||||
"Name": "dc-asg"
|
||||
}
|
||||
},
|
||||
"NetworkSecurityGroups": {
|
||||
"ResourceGroup": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.ResourceGroup}",
|
||||
"SharedServices": {
|
||||
"Name": "${Parameters.DeploymentName}-nsg",
|
||||
"Rules": [
|
||||
{
|
||||
"name": "allow-tcp-between-adds",
|
||||
"properties": {
|
||||
"access": "Allow",
|
||||
"destinationAddressPrefixes": [],
|
||||
"destinationAddressPrefix": "",
|
||||
"destinationPortRange": "",
|
||||
"destinationPortRanges": [
|
||||
"389",
|
||||
"42",
|
||||
"88",
|
||||
"636",
|
||||
"3268",
|
||||
"3269",
|
||||
"445",
|
||||
"25",
|
||||
"135",
|
||||
"5722",
|
||||
"464",
|
||||
"9389",
|
||||
"139",
|
||||
"53",
|
||||
"49152-65535"
|
||||
],
|
||||
"direction": "Inbound",
|
||||
"priority": 100,
|
||||
"protocol": "Tcp",
|
||||
"sourceAddressPrefix": "",
|
||||
"sourcePortRange": "*",
|
||||
"sourcePortRanges": [],
|
||||
"destinationApplicationSecurityGroups": [
|
||||
{
|
||||
"name": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.DomainController.Name}"
|
||||
}
|
||||
],
|
||||
"sourceApplicationSecurityGroups": [
|
||||
{
|
||||
"name": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.DomainController.Name}"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "allow-udp-between-adds",
|
||||
"properties": {
|
||||
"access": "Allow",
|
||||
"destinationAddressPrefixes": [],
|
||||
"destinationAddressPrefix": "",
|
||||
"destinationPortRange": "",
|
||||
"destinationPortRanges": [
|
||||
"389",
|
||||
"88",
|
||||
"445",
|
||||
"123",
|
||||
"464",
|
||||
"138",
|
||||
"137",
|
||||
"53",
|
||||
"49152-65535"
|
||||
],
|
||||
"destinationApplicationSecurityGroups": [
|
||||
{
|
||||
"name": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.DomainController.Name}"
|
||||
}
|
||||
],
|
||||
"direction": "Inbound",
|
||||
"priority": 110,
|
||||
"protocol": "Udp",
|
||||
"sourceAddressPrefix": "",
|
||||
"sourcePortRange": "*",
|
||||
"sourcePortRanges": [],
|
||||
"sourceApplicationSecurityGroups": [
|
||||
{
|
||||
"name": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.DomainController.Name}"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "allow-tcp-ad",
|
||||
"properties": {
|
||||
"access": "Allow",
|
||||
"destinationAddressPrefixes": [],
|
||||
"destinationAddressPrefix": "",
|
||||
"destinationPortRange": "",
|
||||
"destinationPortRanges": [
|
||||
"389",
|
||||
"42",
|
||||
"88",
|
||||
"636",
|
||||
"3268",
|
||||
"3269",
|
||||
"445",
|
||||
"25",
|
||||
"135",
|
||||
"5722",
|
||||
"464",
|
||||
"9389",
|
||||
"139",
|
||||
"53",
|
||||
"49152-65535"
|
||||
],
|
||||
"direction": "Inbound",
|
||||
"priority": 120,
|
||||
"protocol": "Tcp",
|
||||
"sourceAddressPrefix": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.PrimaryDomainControllerIP}",
|
||||
"sourcePortRange": "*",
|
||||
"sourcePortRanges": [],
|
||||
"destinationApplicationSecurityGroups": [
|
||||
{
|
||||
"name": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.DomainController.Name}"
|
||||
}
|
||||
],
|
||||
"sourceApplicationSecurityGroups": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "allow-udp-ad",
|
||||
"properties": {
|
||||
"access": "Allow",
|
||||
"destinationAddressPrefixes": [],
|
||||
"destinationAddressPrefix": "",
|
||||
"destinationPortRange": "",
|
||||
"destinationPortRanges": [
|
||||
"389",
|
||||
"88",
|
||||
"445",
|
||||
"123",
|
||||
"464",
|
||||
"138",
|
||||
"137",
|
||||
"53",
|
||||
"49152-65535"
|
||||
],
|
||||
"direction": "Inbound",
|
||||
"priority": 130,
|
||||
"protocol": "Udp",
|
||||
"sourceAddressPrefix": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.PrimaryDomainControllerIP}",
|
||||
"sourcePortRange": "*",
|
||||
"sourcePortRanges": [],
|
||||
"destinationApplicationSecurityGroups": [
|
||||
{
|
||||
"name": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.DomainController.Name}"
|
||||
}
|
||||
],
|
||||
"sourceApplicationSecurityGroups": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "allow-rdp-into-dc",
|
||||
"properties": {
|
||||
"access": "Allow",
|
||||
"destinationAddressPrefixes": [],
|
||||
"destinationAddressPrefix": "",
|
||||
"destinationPortRange": "3389",
|
||||
"destinationPortRanges": [],
|
||||
"direction": "Inbound",
|
||||
"priority": 140,
|
||||
"protocol": "TCP",
|
||||
"sourceAddressPrefix": "",
|
||||
"sourcePortRange": "*",
|
||||
"sourcePortRanges": [],
|
||||
"destinationApplicationSecurityGroups": [
|
||||
{
|
||||
"name": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.DomainController.Name}"
|
||||
}
|
||||
],
|
||||
"sourceApplicationSecurityGroups": [
|
||||
{
|
||||
"name": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.Jumpbox.Name}"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "allow-rdp-ssh-into-jb",
|
||||
"properties": {
|
||||
"access": "Allow",
|
||||
"destinationAddressPrefixes": [],
|
||||
"destinationAddressPrefix": "",
|
||||
"destinationPortRanges": [
|
||||
"3389",
|
||||
"22"
|
||||
],
|
||||
"destinationPortRange": "",
|
||||
"direction": "Inbound",
|
||||
"priority": 150,
|
||||
"protocol": "TCP",
|
||||
"sourceAddressPrefix": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.Network.AddressPrefix}",
|
||||
"sourcePortRange": "*",
|
||||
"sourcePortRanges": [],
|
||||
"destinationApplicationSecurityGroups": [
|
||||
{
|
||||
"name": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.Jumpbox.Name}"
|
||||
}
|
||||
],
|
||||
"sourceApplicationSecurityGroups": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "allow-tcp-vnet-adds",
|
||||
"properties": {
|
||||
"access": "Allow",
|
||||
"destinationAddressPrefixes": [],
|
||||
"destinationAddressPrefix": "",
|
||||
"destinationPortRanges": [
|
||||
"389",
|
||||
"42",
|
||||
"88",
|
||||
"636",
|
||||
"3268",
|
||||
"3269",
|
||||
"445",
|
||||
"25",
|
||||
"135",
|
||||
"5722",
|
||||
"464",
|
||||
"9389",
|
||||
"139",
|
||||
"53",
|
||||
"49152-65535"
|
||||
],
|
||||
"destinationPortRange": "",
|
||||
"direction": "Inbound",
|
||||
"priority": 160,
|
||||
"protocol": "TCP",
|
||||
"sourceAddressPrefix": "VirtualNetwork",
|
||||
"sourcePortRange": "*",
|
||||
"sourcePortRanges": [],
|
||||
"destinationApplicationSecurityGroups": [
|
||||
{
|
||||
"name": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.DomainController.Name}"
|
||||
}
|
||||
],
|
||||
"sourceApplicationSecurityGroups": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "allow-udp-vnet-adds",
|
||||
"properties": {
|
||||
"access": "Allow",
|
||||
"destinationAddressPrefixes": [],
|
||||
"destinationAddressPrefix": "",
|
||||
"destinationPortRanges": [
|
||||
"389",
|
||||
"88",
|
||||
"445",
|
||||
"123",
|
||||
"464",
|
||||
"138",
|
||||
"137",
|
||||
"53",
|
||||
"49152-65535"
|
||||
],
|
||||
"destinationPortRange": "",
|
||||
"direction": "Inbound",
|
||||
"priority": 170,
|
||||
"protocol": "UDP",
|
||||
"sourceAddressPrefix": "VirtualNetwork",
|
||||
"sourcePortRange": "*",
|
||||
"sourcePortRanges": [],
|
||||
"destinationApplicationSecurityGroups": [
|
||||
{
|
||||
"name": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.DomainController.Name}"
|
||||
}
|
||||
],
|
||||
"sourceApplicationSecurityGroups": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "deny-vnet",
|
||||
"properties": {
|
||||
"access": "Deny",
|
||||
"destinationAddressPrefix": "VirtualNetwork",
|
||||
"destinationAddressPrefixes": [],
|
||||
"destinationPortRange": "*",
|
||||
"destinationPortRanges": [],
|
||||
"direction": "Inbound",
|
||||
"priority": 4096,
|
||||
"protocol": "*",
|
||||
"sourceAddressPrefix": "VirtualNetwork",
|
||||
"sourcePortRange": "*",
|
||||
"sourcePortRanges": [],
|
||||
"destinationApplicationSecurityGroups": [],
|
||||
"sourceApplicationSecurityGroups": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "allow-vnet",
|
||||
"properties": {
|
||||
"access": "Allow",
|
||||
"destinationAddressPrefix": "*",
|
||||
"destinationAddressPrefixes": [],
|
||||
"destinationPortRange": "*",
|
||||
"destinationPortRanges": [],
|
||||
"direction": "Outbound",
|
||||
"priority": 100,
|
||||
"protocol": "*",
|
||||
"sourceAddressPrefix": "VirtualNetwork",
|
||||
"sourcePortRange": "*",
|
||||
"sourcePortRanges": [],
|
||||
"destinationApplicationSecurityGroups": [],
|
||||
"sourceApplicationSecurityGroups": []
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"DMZ": {
|
||||
"Name": "dmz-nsg",
|
||||
"Rules": [
|
||||
{
|
||||
"name": "allow-vnet",
|
||||
"properties": {
|
||||
"access": "Allow",
|
||||
"destinationAddressPrefix": "*",
|
||||
"destinationAddressPrefixes": [],
|
||||
"destinationPortRange": "*",
|
||||
"destinationPortRanges": [],
|
||||
"direction": "Inbound",
|
||||
"priority": 100,
|
||||
"protocol": "*",
|
||||
"sourceAddressPrefix": "VirtualNetwork",
|
||||
"sourcePortRange": "*",
|
||||
"sourcePortRanges": [],
|
||||
"destinationApplicationSecurityGroups": [],
|
||||
"sourceApplicationSecurityGroups": []
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"RouteTables": {
|
||||
"ResourceGroup": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.ResourceGroup}",
|
||||
"SharedServices": {
|
||||
"Name": "${Parameters.DeploymentName}-udr",
|
||||
"Routes": [
|
||||
{
|
||||
"name": "default",
|
||||
"properties": {
|
||||
"addressPrefix": "0.0.0.0/0",
|
||||
"nextHopIpAddress": "172.0.3.4",
|
||||
"nextHopType": "VirtualAppliance"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "to-on-premises",
|
||||
"properties": {
|
||||
"addressPrefix": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.Network.AddressPrefix}",
|
||||
"nextHopType": "VirtualNetworkGateway"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"VirtualNetwork": {
|
||||
"Name": "${Parameters.InstanceName}-vnet",
|
||||
"ResourceGroup": "${Parameters.InstanceName}-network-rg",
|
||||
"AddressPrefixes": [
|
||||
"172.0.0.0/16"
|
||||
],
|
||||
"EnableDdosProtection": false,
|
||||
"EnableVmProtection": false,
|
||||
"Subnets": [
|
||||
{
|
||||
"name": "${Parameters.DeploymentName}",
|
||||
"addressPrefix": "172.0.0.0/24",
|
||||
"networkSecurityGroupName": "${Parameters.ModuleConfigurationParameters.NetworkSecurityGroups.SharedServices.Name}",
|
||||
"routeTableName": "${Parameters.ModuleConfigurationParameters.RouteTables.SharedServices.Name}",
|
||||
"serviceEndpoints": [
|
||||
{
|
||||
"service": "Microsoft.EventHub"
|
||||
},
|
||||
{
|
||||
"service": "Microsoft.Sql"
|
||||
},
|
||||
{
|
||||
"service": "Microsoft.Storage"
|
||||
},
|
||||
{
|
||||
"service": "Microsoft.KeyVault"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "dmz",
|
||||
"addressPrefix": "172.0.1.0/24",
|
||||
"networkSecurityGroupName": "${Parameters.ModuleConfigurationParameters.NetworkSecurityGroups.DMZ.Name}",
|
||||
"routeTableName": "",
|
||||
"serviceEndpoints": []
|
||||
},
|
||||
{
|
||||
"name": "AppGateway",
|
||||
"addressPrefix": "172.0.2.0/24",
|
||||
"networkSecurityGroupName": "",
|
||||
"routeTableName": "",
|
||||
"serviceEndpoints": []
|
||||
},
|
||||
{
|
||||
"name": "AzureFirewallSubnet",
|
||||
"addressPrefix": "172.0.3.0/24",
|
||||
"networkSecurityGroupName": "",
|
||||
"routeTableName": "",
|
||||
"serviceEndpoints": []
|
||||
},
|
||||
{
|
||||
"name": "GatewaySubnet",
|
||||
"addressPrefix": "172.0.4.0/24",
|
||||
"networkSecurityGroupName": "",
|
||||
"routeTableName": "",
|
||||
"serviceEndpoints": []
|
||||
}
|
||||
],
|
||||
"DnsServers": [
|
||||
"${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.PrimaryDomainControllerIP}"
|
||||
]
|
||||
},
|
||||
"VirtualNetworkGateway": {
|
||||
"Name": "${Parameters.InstanceName}-vgw",
|
||||
"ResourceGroup": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.ResourceGroup}",
|
||||
"VirtualNetworkGatewayType": "vpn",
|
||||
"VirtualNetworkGatewaySku": "VpnGw1",
|
||||
"VpnType": "RouteBased",
|
||||
"EnableBgp": false,
|
||||
"VpnSharedKey": "asodgfhjkaw4tu0w9vuijv0qu3409tu",
|
||||
"LocalConnection": {
|
||||
"Name": "${Parameters.Organization}-to-onprem"
|
||||
},
|
||||
"RemoteConnection": {
|
||||
"Name": "onprem-to-${Parameters.Organization}"
|
||||
}
|
||||
},
|
||||
"AzureFirewall": {
|
||||
"Name": "${Parameters.InstanceName}-azfw",
|
||||
"ResourceGroup": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.ResourceGroup}",
|
||||
"ApplicationRuleCollections": [
|
||||
{
|
||||
"name": "allow-app-rules",
|
||||
"properties": {
|
||||
"priority": 100,
|
||||
"action": {
|
||||
"type": "allow"
|
||||
},
|
||||
"rules": [
|
||||
{
|
||||
"name": "allow-ase-tags",
|
||||
"sourceAddresses": [
|
||||
"*"
|
||||
],
|
||||
"protocols": [
|
||||
{
|
||||
"protocolType": "HTTP",
|
||||
"port": "80"
|
||||
},
|
||||
{
|
||||
"protocolType": "HTTPS",
|
||||
"port": "443"
|
||||
}
|
||||
],
|
||||
"fqdnTags": [
|
||||
"AppServiceEnvironment",
|
||||
"WindowsUpdate"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "allow-ase-management",
|
||||
"sourceAddresses": [
|
||||
"*"
|
||||
],
|
||||
"protocols": [
|
||||
{
|
||||
"protocolType": "HTTP",
|
||||
"port": "80"
|
||||
},
|
||||
{
|
||||
"protocolType": "HTTPS",
|
||||
"port": "443"
|
||||
}
|
||||
],
|
||||
"targetFqdns": [
|
||||
"management.azure.com",
|
||||
"*.digicert.com",
|
||||
"*.data.microsoft.com",
|
||||
"global.metrics.nsatc.net",
|
||||
"ocsp.msocsp.com"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "allow-sites",
|
||||
"sourceAddresses": [
|
||||
"*"
|
||||
],
|
||||
"protocols": [
|
||||
{
|
||||
"protocolType": "HTTP",
|
||||
"port": "80"
|
||||
},
|
||||
{
|
||||
"protocolType": "HTTPS",
|
||||
"port": "443"
|
||||
}
|
||||
],
|
||||
"targetFqdns": [
|
||||
"*.trafficmanager.net",
|
||||
"*.azureedge.net",
|
||||
"*.microsoft.com",
|
||||
"*.core.windows.net",
|
||||
"*.windows.com",
|
||||
"*.opinsights.azure.com",
|
||||
"*.azure-automation.net",
|
||||
"*.visualstudio.com",
|
||||
"*.bing.com",
|
||||
"*.ubuntu.com",
|
||||
"api.snapcraft.io",
|
||||
"api.rubygems.org",
|
||||
"*.powershellgallery.com",
|
||||
"powershellgallery.com",
|
||||
"*.msecnd.net",
|
||||
"msecnd.net",
|
||||
"*.nuget.org",
|
||||
"nuget.org",
|
||||
"*.azureprofilerfrontdoor.cloudapp.net",
|
||||
"azureprofilerfrontdoor.cloudapp.net",
|
||||
"*.download.opensuse.org",
|
||||
"download.opensuse.org",
|
||||
"*.monitoring.azure.com",
|
||||
"monitoring.azure.com"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
],
|
||||
"NetworkRuleCollections": [
|
||||
{
|
||||
"name": "allow-network-rules",
|
||||
"properties": {
|
||||
"priority": 100,
|
||||
"action": {
|
||||
"type": "allow"
|
||||
},
|
||||
"rules": [
|
||||
{
|
||||
"name": "allow-ntp",
|
||||
"sourceAddresses": [
|
||||
"*"
|
||||
],
|
||||
"destinationAddresses": [
|
||||
"*"
|
||||
],
|
||||
"destinationPorts": [
|
||||
"123",
|
||||
"12000"
|
||||
],
|
||||
"protocols": [
|
||||
"Any"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "allow-windows-activation-server",
|
||||
"sourceAddresses": [
|
||||
"*"
|
||||
],
|
||||
"destinationAddresses": [
|
||||
"23.102.135.246"
|
||||
],
|
||||
"destinationPorts": [
|
||||
"1688"
|
||||
],
|
||||
"protocols": [
|
||||
"TCP"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "allow-udp-adds",
|
||||
"sourceAddresses": [
|
||||
"${Parameters.ModuleConfigurationParameters.VirtualNetwork.Subnets[0].addressPrefix}"
|
||||
],
|
||||
"destinationAddresses": [
|
||||
"*"
|
||||
],
|
||||
"destinationPorts": [
|
||||
"*"
|
||||
],
|
||||
"protocols": [
|
||||
"UDP"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "allow-tcp-adds",
|
||||
"sourceAddresses": [
|
||||
"${Parameters.ModuleConfigurationParameters.VirtualNetwork.Subnets[0].addressPrefix}"
|
||||
],
|
||||
"destinationAddresses": [
|
||||
"*"
|
||||
],
|
||||
"destinationPorts": [
|
||||
"*"
|
||||
],
|
||||
"protocols": [
|
||||
"TCP"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"KeyVault": {
|
||||
"Name": "${Parameters.InstanceName}-kv03",
|
||||
"ResourceGroup": "${Parameters.InstanceName}-keyvault-rg",
|
||||
"Sku": "Premium",
|
||||
"EnableVaultForDeployment": true,
|
||||
"EnableVaultForDiskEncryption": true,
|
||||
"EnableVaultForTemplateDeployment": true,
|
||||
"AccessPolicies": [
|
||||
{
|
||||
"tenantId": "${Parameters.TenantId}",
|
||||
"objectId": "${Parameters.ModuleConfigurationParameters.DeploymentUserId}",
|
||||
"permissions": {
|
||||
"certificates": [
|
||||
"All"
|
||||
],
|
||||
"keys": [
|
||||
"All"
|
||||
],
|
||||
"secrets": [
|
||||
"All"
|
||||
]
|
||||
}
|
||||
}
|
||||
],
|
||||
"SecretsObject": {
|
||||
"Comments": "Creating an object so we can use a secretsobject parameter type in our ARM template",
|
||||
"Secrets": [
|
||||
{
|
||||
"secretName": "admin-user",
|
||||
"secretValue": "env(ADMIN_USER_PWD)"
|
||||
},
|
||||
{
|
||||
"secretName": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.DomainAdminUserName}",
|
||||
"secretValue": "env(DOMAIN_ADMIN_USER_PWD)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"NetworkAcls": {
|
||||
"bypass": "AzureServices",
|
||||
"defaultAction": "Deny",
|
||||
"virtualNetworkRules": [
|
||||
{
|
||||
"subnet": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Subnets[0].Name}"
|
||||
}
|
||||
],
|
||||
"ipRules": []
|
||||
}
|
||||
},
|
||||
"ArtifactsStorageAccount": "file(../_Common/artifactsStorageAccount.json)",
|
||||
"Jumpbox": {
|
||||
"ResourceGroup": "${Parameters.InstanceName}-jumpbox-rg",
|
||||
"AdminUsername": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[0].secretName}",
|
||||
"SubnetName": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Subnets[0].name}",
|
||||
"Windows": {
|
||||
"Comments": "Windows VM name cannot exceed 13 characters",
|
||||
"Name": "win-jb-vm",
|
||||
"VMCount": 1,
|
||||
"VMSize": "Standard_DS2_v2",
|
||||
"OSImage": {
|
||||
"offer": "WindowsServer",
|
||||
"publisher": "MicrosoftWindowsServer",
|
||||
"sku": "2016-Datacenter"
|
||||
}
|
||||
},
|
||||
"Linux": {
|
||||
"Comments": "Linux VM name cannot exceed 63 characters",
|
||||
"Name": "linux-jb-vm",
|
||||
"VMCount": 1,
|
||||
"VMSize": "Standard_D2s_v3",
|
||||
"OSImage": {
|
||||
"publisher": "Canonical",
|
||||
"offer": "UbuntuServer",
|
||||
"sku": "18.04-LTS",
|
||||
"version": "latest"
|
||||
}
|
||||
}
|
||||
},
|
||||
"ActiveDirectoryDomainServices": {
|
||||
"Name": "adds-vm",
|
||||
"ResourceGroup": "${Parameters.InstanceName}-adds-rg",
|
||||
"Comments": "Windows VM name cannot exceed 13 characters",
|
||||
"AdminUsername": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[0].secretName}",
|
||||
"AdminPassword": {
|
||||
"keyVault": {
|
||||
"id": "reference(KeyVault.keyVaultResourceId)"
|
||||
},
|
||||
"secretName": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[0].secretName}"
|
||||
},
|
||||
"DomainAdminUsername": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[1].secretName}",
|
||||
"DomainAdminPassword": {
|
||||
"keyVault": {
|
||||
"id": "reference(KeyVault.keyVaultResourceId)"
|
||||
},
|
||||
"secretName": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[1].secretName}"
|
||||
},
|
||||
"VMCount": 2,
|
||||
"VMSize": "Standard_DS3_v2",
|
||||
"OSImage": {
|
||||
"offer": "WindowsServer",
|
||||
"publisher": "MicrosoftWindowsServer",
|
||||
"sku": "2016-Datacenter"
|
||||
},
|
||||
"AddsIPAddressStart": "172.0.0.20",
|
||||
"DomainName": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.DomainName}",
|
||||
"PrimaryDomainControllerIP": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.PrimaryDomainControllerIP}",
|
||||
"ADSitename": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.ADSitename}",
|
||||
"DomaincontrollerDriveLetter": "F",
|
||||
"SubnetName": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Subnets[0].name}"
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,806 @@
|
|||
# VDC Starter pipeline
|
||||
# Start with a minimal pipeline that you can customize to build and deploy your code.
|
||||
# Add steps that build, run tests, deploy, and more:
|
||||
# https://aka.ms/yaml
|
||||
# Set variables once
|
||||
variables:
|
||||
- group: VDC_SECRETS
|
||||
trigger:
|
||||
- master
|
||||
stages:
|
||||
- stage: Validate
|
||||
jobs:
|
||||
- job: SetupValidationResourceGroup
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
steps:
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Setup Validation Resource Group"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ValidationResourceGroupSetup.ps1'
|
||||
ScriptArguments: '-ResourceGroupName vdc-validation-rg -SetupResourceGroup'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
- job: StorageAccounts
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: SetupValidationResourceGroup
|
||||
steps:
|
||||
- task: PowerShell@2
|
||||
displayName: "Pester Tests for Module - Storage Accounts"
|
||||
inputs:
|
||||
targetType: 'inline'
|
||||
script: '# Write your powershell commands here.
|
||||
|
||||
Invoke-Pester -Script "./Modules/StorageAccounts/2.0/Tests";
|
||||
|
||||
# Use the environment variables input below to pass secret variables to this script.'
|
||||
pwsh: true
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ARM Validation - Diagnostic Storage Account"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "DiagnosticStorageAccount" -Validate'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ARM Validation - Enable Service Endpoint On Diagnostic Storage Account"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "EnableServiceEndpointOnDiagnosticStorageAccount" -Validate'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ARM Validation - Artifacts Storage Account"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "ArtifactsStorageAccount" -Validate'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: LogAnalytics
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: SetupValidationResourceGroup
|
||||
steps:
|
||||
- task: PowerShell@2
|
||||
displayName: "Pester Tests for Module - Log Analytics"
|
||||
inputs:
|
||||
targetType: 'inline'
|
||||
script: '# Write your powershell commands here.
|
||||
|
||||
Invoke-Pester -Script "./Modules/LogAnalytics/2.0/Tests";
|
||||
|
||||
# Use the environment variables input below to pass secret variables to this script.'
|
||||
pwsh: true
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ARM Validation - Log Analytics"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "LogAnalytics" -Validate'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ARM Validation - Link Log Analytics With Automation Account"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "LinkLogAnalyticsWithAutomationAccount" -Validate'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: AutomationAccounts
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: SetupValidationResourceGroup
|
||||
steps:
|
||||
- task: PowerShell@2
|
||||
displayName: "Pester Tests for Module - Automation Accounts"
|
||||
inputs:
|
||||
targetType: 'inline'
|
||||
script: '# Write your powershell commands here.
|
||||
|
||||
Invoke-Pester -Script "./Modules/AutomationAccounts/2.0/Tests";
|
||||
|
||||
# Use the environment variables input below to pass secret variables to this script.'
|
||||
pwsh: true
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ARM Validation - Automation Accounts"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "AutomationAccounts" -Validate'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: ApplicationSecurityGroups
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: SetupValidationResourceGroup
|
||||
steps:
|
||||
- task: PowerShell@2
|
||||
displayName: "Pester Tests for Module - Application Security Groups"
|
||||
inputs:
|
||||
targetType: 'inline'
|
||||
script: '# Write your powershell commands here.
|
||||
|
||||
Invoke-Pester -Script "./Modules/ApplicationSecurityGroups/2.0/Tests";
|
||||
|
||||
# Use the environment variables input below to pass secret variables to this script.'
|
||||
pwsh: true
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ARM Validation - Jumpbox ASG"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "JumpboxASG" -Validate'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ARM Validation - Domain Controller ASG"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "DomainControllerASG" -Validate'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: NetworkSecurityGroups
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: SetupValidationResourceGroup
|
||||
steps:
|
||||
- task: PowerShell@2
|
||||
displayName: "Pester Tests for Module - Network Security Groups"
|
||||
inputs:
|
||||
targetType: 'inline'
|
||||
script: '# Write your powershell commands here.
|
||||
|
||||
Invoke-Pester -Script "./Modules/NetworkSecurityGroups/2.0/Tests";
|
||||
|
||||
# Use the environment variables input below to pass secret variables to this script.'
|
||||
pwsh: true
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ARM Validation - Shared Services NSG"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "SharedServicesNSG" -Validate'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ARM Validation - DMZ NSG"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "DMZNSG" -Validate'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: RouteTables
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: SetupValidationResourceGroup
|
||||
steps:
|
||||
- task: PowerShell@2
|
||||
displayName: "Pester Tests for Module - Route Tables"
|
||||
inputs:
|
||||
targetType: 'inline'
|
||||
script: '# Write your powershell commands here.
|
||||
|
||||
Invoke-Pester -Script "./Modules/RouteTables/2.0/Tests";
|
||||
|
||||
# Use the environment variables input below to pass secret variables to this script.'
|
||||
pwsh: true
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ARM Validation - Shared Services Route Table"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "SharedServicesRouteTable" -Validate'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: vNet
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: SetupValidationResourceGroup
|
||||
steps:
|
||||
- task: PowerShell@2
|
||||
displayName: "Pester Tests for Module - vNet"
|
||||
inputs:
|
||||
targetType: 'inline'
|
||||
script: '# Write your powershell commands here.
|
||||
|
||||
Invoke-Pester -Script "./Modules/vNet/2.0/Tests";
|
||||
|
||||
# Use the environment variables input below to pass secret variables to this script.'
|
||||
pwsh: true
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ARM Validation - Virtual Network"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "VirtualNetwork" -Validate'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: VirtualNetworkGateway
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: SetupValidationResourceGroup
|
||||
steps:
|
||||
- task: PowerShell@2
|
||||
displayName: "Pester Tests for Module - Virtual Network Gateway"
|
||||
inputs:
|
||||
targetType: 'inline'
|
||||
script: '# Write your powershell commands here.
|
||||
|
||||
Invoke-Pester -Script "./Modules/VirtualNetworkGateway/2.0/Tests";
|
||||
|
||||
# Use the environment variables input below to pass secret variables to this script.'
|
||||
pwsh: true
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ARM Validation - Virtual Network Gateway"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "VirtualNetworkGateway" -Validate'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: VirtualNetworkGatewayConnection
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: SetupValidationResourceGroup
|
||||
steps:
|
||||
- task: PowerShell@2
|
||||
displayName: "Pester Tests for Module - Virtual Network Gateway Connection"
|
||||
inputs:
|
||||
targetType: 'inline'
|
||||
script: '# Write your powershell commands here.
|
||||
|
||||
Invoke-Pester -Script "./Modules/VirtualNetworkGatewayConnection/2.0/Tests";
|
||||
|
||||
# Use the environment variables input below to pass secret variables to this script.'
|
||||
pwsh: true
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ARM Validation - Local Virtual Network Gateway Connection"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "LocalVirtualNetworkGatewayConnection" -Validate'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: AzureFirewall
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: SetupValidationResourceGroup
|
||||
steps:
|
||||
- task: PowerShell@2
|
||||
displayName: "Pester Tests for Module - Azure Firewall"
|
||||
inputs:
|
||||
targetType: 'inline'
|
||||
script: '# Write your powershell commands here.
|
||||
|
||||
Invoke-Pester -Script "./Modules/AzureFirewall/2.0/Tests";
|
||||
|
||||
# Use the environment variables input below to pass secret variables to this script.'
|
||||
pwsh: true
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ARM Validation - Azure Firewall"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "AzureFirewall" -Validate'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: KeyVault
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: SetupValidationResourceGroup
|
||||
steps:
|
||||
- task: PowerShell@2
|
||||
displayName: "Pester Tests for Module - Key Vault"
|
||||
inputs:
|
||||
targetType: 'inline'
|
||||
script: '# Write your powershell commands here.
|
||||
|
||||
Invoke-Pester -Script "./Modules/KeyVault/2.0/Tests";
|
||||
|
||||
# Use the environment variables input below to pass secret variables to this script.'
|
||||
pwsh: true
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ARM Validation - Key Vault"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "KeyVault" -Validate'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: Jumpbox
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: SetupValidationResourceGroup
|
||||
steps:
|
||||
- task: PowerShell@2
|
||||
displayName: "Pester Tests for Module - Jumpbox"
|
||||
inputs:
|
||||
targetType: 'inline'
|
||||
script: '# Write your powershell commands here.
|
||||
|
||||
Invoke-Pester -Script "./Modules/Jumpbox/2.0/Tests";
|
||||
|
||||
# Use the environment variables input below to pass secret variables to this script.'
|
||||
pwsh: true
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ARM Validation - Jumpbox"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "Jumpbox" -Validate'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: ActiveDirectoryDomainServices
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: SetupValidationResourceGroup
|
||||
steps:
|
||||
- task: PowerShell@2
|
||||
displayName: "Pester Tests for Module - ActiveDirectoryDomainServices"
|
||||
inputs:
|
||||
targetType: 'inline'
|
||||
script: '# Write your powershell commands here.
|
||||
|
||||
Invoke-Pester -Script "./Modules/ActiveDirectoryDomainServices/2.0/Tests";
|
||||
|
||||
# Use the environment variables input below to pass secret variables to this script.'
|
||||
pwsh: true
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ARM Validation - ActiveDirectoryDomainServices"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "ActiveDirectoryDomainServices" -Validate'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- job: TearDownValidationResourceGroup
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: [ StorageAccounts, LogAnalytics, AutomationAccounts, ApplicationSecurityGroups, NetworkSecurityGroups, RouteTables, vNet, VirtualNetworkGateway, VirtualNetworkGatewayConnection, AzureFirewall, Jumpbox, ActiveDirectoryDomainServices ]
|
||||
steps:
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Teardown Validation Resource Group"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ValidationResourceGroupSetup.ps1'
|
||||
ScriptArguments: '-TearDownResourceGroup'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
- stage: Deploy
|
||||
jobs:
|
||||
- job: Deployment
|
||||
timeoutInMinutes: 0
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
steps:
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Diagnostic Storage Account"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "DiagnosticStorageAccount"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Log Analytics"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "LogAnalytics"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Automation Accounts"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "AutomationAccounts"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Link Log Analytics With Automation Account"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "LinkLogAnalyticsWithAutomationAccount"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "JumpboxASG"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "JumpboxASG"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Domain Controller ASG"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "DomainControllerASG"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Shared Services NSG"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "SharedServicesNSG"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "DMZ NSG"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "DMZNSG"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Shared Services Route Table"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "SharedServicesRouteTable"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Virtual Network"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "VirtualNetwork"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Enable Service Endpoint On Diagnostic Storage Account"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "EnableServiceEndpointOnDiagnosticStorageAccount"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Virtual Network Gateway"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "VirtualNetworkGateway"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Local Virtual Network Gateway Connection"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "LocalVirtualNetworkGatewayConnection"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Remote Virtual Network Gateway Connection"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "RemoteVirtualNetworkGatewayConnection"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Azure Firewall"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "AzureFirewall"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Key Vault"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "KeyVault"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Artifacts Storage Account"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "ArtifactsStorageAccount"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: turtlesystems-azure-storage@1
|
||||
displayName: "Upload Scripts to Artifacts Storage"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
action: 'create'
|
||||
resourceGroupName: $(vdc_cache_ArtifactsStorageAccount_StorageAccountResourceGroup)
|
||||
location: $(vdc_cache_ArtifactsStorageAccount_StorageAccountRegion)
|
||||
storageAccountName: $(vdc_cache_ArtifactsStorageAccount_StorageAccountName)
|
||||
containerName: 'scripts'
|
||||
uploadDirectory: 'Scripts'
|
||||
sasTokenStartTime: '1m'
|
||||
sasTokenExpiryTime: '1h'
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Jumpbox"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "Jumpbox"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ActiveDirectoryDomainServices"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-hub'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "ActiveDirectoryDomainServices"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID)
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
TENANT_ID: $(TENANT_ID)
|
|
@ -0,0 +1,151 @@
|
|||
<#
|
||||
.NOTES
|
||||
==============================================================================================
|
||||
Copyright(c) Microsoft Corporation. All rights reserved.
|
||||
|
||||
File: module.tests.ps1
|
||||
|
||||
Purpose: Pester - Test ADDS ARM Templates
|
||||
|
||||
Version: 1.0.0.0 - 1st April 2019 - Azure Virtual Datacenter Development Team
|
||||
==============================================================================================
|
||||
|
||||
.SYNOPSIS
|
||||
This script contains functionality used to test Azure Storage Account ARM template synatax.
|
||||
|
||||
.DESCRIPTION
|
||||
This script contains functionality used to test Azure Storage Account ARM template synatax.
|
||||
|
||||
Deployment steps of the script are outlined below.
|
||||
1) Test Template File Syntax
|
||||
2) Test Parameter File Syntax
|
||||
3) Test Template and Parameter File Compactibility
|
||||
#>
|
||||
|
||||
#Requires -Version 5
|
||||
|
||||
#region Parameters
|
||||
|
||||
$here = Split-Path -Parent $MyInvocation.MyCommand.Path
|
||||
$here = Join-Path $here ".."
|
||||
$template = Split-Path -Leaf $here
|
||||
$TemplateFileTestCases = @()
|
||||
ForEach ( $File in (Get-ChildItem (Join-Path "$here" "deploy.json") -Recurse | Select-Object -ExpandProperty Name) ) {
|
||||
$TemplateFileTestCases += @{ TemplateFile = $File }
|
||||
}
|
||||
$ParameterFileTestCases = @()
|
||||
ForEach ( $File in (Get-ChildItem (Join-Path "$here" "parameters.json") -Recurse | Select-Object -ExpandProperty Name) ) {
|
||||
$ParameterFileTestCases += @{ ParameterFile = $File }
|
||||
}
|
||||
$Modules = @();
|
||||
ForEach ( $File in (Get-ChildItem (Join-Path "$here" "deploy.json") ) ) {
|
||||
$Module = [PSCustomObject]@{
|
||||
'Template' = $null
|
||||
'Parameters' = $null
|
||||
}
|
||||
$Module.Template = $File.FullName;
|
||||
$Module.Parameters = (Get-ChildItem -Path (Join-Path $($File.DirectoryName) "parameters.json")).FullName;
|
||||
$Modules += @{ Module = $Module };
|
||||
|
||||
}
|
||||
|
||||
#endregion
|
||||
|
||||
#region Run Pester Test Script
|
||||
Describe "Template: $template - Storage Accounts" -Tags Unit {
|
||||
|
||||
Context "Template File Syntax" {
|
||||
|
||||
It "Has a JSON template file" {
|
||||
(Join-Path "$here" "deploy.json") | Should Exist
|
||||
}
|
||||
|
||||
It "Converts from JSON and has the expected properties" -TestCases $TemplateFileTestCases {
|
||||
Param( $TemplateFile )
|
||||
$expectedProperties = '$schema',
|
||||
'contentVersion',
|
||||
'parameters',
|
||||
'variables',
|
||||
'resources',
|
||||
'outputs' | Sort-Object
|
||||
$templateProperties = (Get-Content (Join-Path "$here" "$TemplateFile") `
|
||||
| ConvertFrom-Json -ErrorAction SilentlyContinue) `
|
||||
| Get-Member -MemberType NoteProperty `
|
||||
| Sort-Object -Property Name `
|
||||
| ForEach-Object Name
|
||||
$templateProperties | Should Be $expectedProperties
|
||||
}
|
||||
}
|
||||
|
||||
Context "Parameter File Syntax" {
|
||||
|
||||
It "Has environment parameters file" {
|
||||
(Join-Path "$here" "parameters.json") | Should Exist
|
||||
}
|
||||
|
||||
It "Parameter file does not contains the expected properties" -TestCases $ParameterFileTestCases {
|
||||
Param( $ParameterFile )
|
||||
$expectedProperties = '$schema',
|
||||
'contentVersion',
|
||||
'parameters' | Sort-Object
|
||||
$templateFileProperties = (Get-Content (Join-Path "$here" "$ParameterFile") `
|
||||
| ConvertFrom-Json -ErrorAction SilentlyContinue) `
|
||||
| Get-Member -MemberType NoteProperty `
|
||||
| Sort-Object -Property Name `
|
||||
| ForEach-Object Name
|
||||
$templateFileProperties | Should Be $expectedProperties
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
Context "Template and Parameter Compactibility" {
|
||||
|
||||
It "Is count of required parameters in template file equal or lesser than count of all parameters in parameters file" -TestCases $Modules {
|
||||
Param( $Module )
|
||||
|
||||
$requiredParametersInTemplateFile = (Get-Content "$($Module.Template)" `
|
||||
| ConvertFrom-Json -ErrorAction SilentlyContinue).Parameters.PSObject.Properties `
|
||||
| Where-Object -FilterScript { -not ($_.Value.PSObject.Properties.Name -eq "defaultValue") } `
|
||||
| Sort-Object -Property Name `
|
||||
| ForEach-Object Name
|
||||
$allParametersInParametersFile = (Get-Content "$($Module.Parameters)" `
|
||||
| ConvertFrom-Json -ErrorAction SilentlyContinue).Parameters.PSObject.Properties `
|
||||
| Sort-Object -Property Name `
|
||||
| ForEach-Object Name
|
||||
$requiredParametersInTemplateFile.Count | Should Not BeGreaterThan $allParametersInParametersFile.Count;
|
||||
|
||||
}
|
||||
|
||||
It "Has all parameters in parameters file existing in template file" -TestCases $Modules {
|
||||
Param( $Module )
|
||||
|
||||
$allParametersInTemplateFile = (Get-Content "$($Module.Template)" `
|
||||
| ConvertFrom-Json -ErrorAction SilentlyContinue).Parameters.PSObject.Properties `
|
||||
| Sort-Object -Property Name `
|
||||
| ForEach-Object Name
|
||||
$allParametersInParametersFile = (Get-Content "$($Module.Parameters)" `
|
||||
| ConvertFrom-Json -ErrorAction SilentlyContinue).Parameters.PSObject.Properties `
|
||||
| Sort-Object -Property Name `
|
||||
| ForEach-Object Name
|
||||
@($allParametersInParametersFile| Where-Object {$allParametersInTemplateFile -notcontains $_}).Count | Should Be 0;
|
||||
}
|
||||
|
||||
It "Has required parameters in template file existing in parameters file" -TestCases $Modules {
|
||||
Param( $Module )
|
||||
|
||||
$requiredParametersInTemplateFile = (Get-Content "$($Module.Template)" `
|
||||
| ConvertFrom-Json -ErrorAction SilentlyContinue).Parameters.PSObject.Properties `
|
||||
| Where-Object -FilterScript { -not ($_.Value.PSObject.Properties.Name -eq "defaultValue") } `
|
||||
| Sort-Object -Property Name `
|
||||
| ForEach-Object Name
|
||||
$allParametersInParametersFile = (Get-Content "$($Module.Parameters)" `
|
||||
| ConvertFrom-Json -ErrorAction SilentlyContinue).Parameters.PSObject.Properties `
|
||||
| Sort-Object -Property Name `
|
||||
| ForEach-Object Name
|
||||
@($requiredParametersInTemplateFile| Where-Object {$allParametersInParametersFile -notcontains $_}).Count | Should Be 0;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
#endregion
|
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
|
@ -0,0 +1,67 @@
|
|||
{
|
||||
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
|
||||
"contentVersion": "1.0.0.0",
|
||||
"parameters": {
|
||||
"virtualMachineName": {
|
||||
"value": "adds"
|
||||
},
|
||||
"virtualMachineSize": {
|
||||
"value": "Standard_DS2_v2"
|
||||
},
|
||||
"virtualMachineOSImage": {
|
||||
"value": {
|
||||
"offer": "WindowsServer",
|
||||
"publisher": "MicrosoftWindowsServer",
|
||||
"sku": "2016-Datacenter"
|
||||
}
|
||||
},
|
||||
"artifactsStorageAccountSasKey": {
|
||||
"value": ""
|
||||
},
|
||||
"artifactsStorageAccountName": {
|
||||
"value": "vdcstorage"
|
||||
},
|
||||
"artifactsStorageAccountKey": {
|
||||
"value": ""
|
||||
},
|
||||
"workspaceId": {
|
||||
"value": "00000000-0000-0000-0000-000000000000"
|
||||
},
|
||||
"logAnalyticsWorkspacePrimarySharedKey": {
|
||||
"value": ""
|
||||
},
|
||||
"diagnosticsStorageAccountName": {
|
||||
"value": "contoso-diag-storage"
|
||||
},
|
||||
"diagnosticsStorageAccountSasToken": {
|
||||
"value": ""
|
||||
},
|
||||
"adIpAddress": {
|
||||
"value": "11.4.0.46"
|
||||
},
|
||||
"vNetId": {
|
||||
"value": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup/providers/Microsoft.Network/virtualNetworks/contoso-vnet-example"
|
||||
},
|
||||
"domainControllerAsgId": {
|
||||
"value": "dc"
|
||||
},
|
||||
"subnetName": {
|
||||
"value": "sharedsvcs"
|
||||
},
|
||||
"cloudZone": {
|
||||
"value": "Cloud-Zone"
|
||||
},
|
||||
"domainName": {
|
||||
"value": "contoso.com"
|
||||
},
|
||||
"adSitename": {
|
||||
"value": "Cloud-Site"
|
||||
},
|
||||
"domainAdminUsername": {
|
||||
"value": "contoso"
|
||||
},
|
||||
"domainAdminPassword": {
|
||||
"value": "password"
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,55 @@
|
|||
# ADDS
|
||||
|
||||
This template deploys Active Directory Domain Services.
|
||||
|
||||
## Resources
|
||||
|
||||
- Microsoft.Compute/availabilitySets
|
||||
- Microsoft.Network/networkInterfaces
|
||||
- Microsoft.Compute/virtualMachines
|
||||
- Microsoft.Compute/virtualMachines/extensions
|
||||
- Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments
|
||||
|
||||
## Parameters
|
||||
|
||||
| Parameter Name | Default Value | Description |
|
||||
| :- | :- | :- |
|
||||
| `virtualMachineName` | | Required. Name for the ADDS VMs
|
||||
| `virtualMachineCount` | `2` | Optional. Number of VMs to create
|
||||
| `virtualMachineSize` | `Standard_DS2_v2` | Optional. Size of the ADDS VMs
|
||||
| `virtualMachineOSImage` | | Required. OS image used for the ADDS VMs| `artifactsStorageAccountSasKey` | | Required. Shared Access Signature Key used to download custom scripts
|
||||
| `artifactsStorageAccountName` | | Required. Default storage account name. Storage account that contains output parameters and common scripts
|
||||
| `artifactsStorageAccountKey` | | Required. Default storage account Key. Storage account that contains output parameters and common scripts
|
||||
| `workspaceId` | | Required. WorkspaceId or CustomerId value of OMS. This value is referenced in OMS VM Extension
|
||||
| `logAnalyticsWorkspacePrimarySharedKey` | | Required. WorkspaceKey value of OMS. This value is referenced in OMS VM Extension
|
||||
| `diagnosticsStorageAccountName` | | Required. Storage account used to store diagnostic information
|
||||
| `diagnosticsStorageAccountSasToken` | | Required. Diagnostic Storage Account SAS token
|
||||
| `addsAddressStart` | | Required. IP address used as initial Active Directory Domain Services IP
|
||||
| `keyVaultId` | `""` | Optional. AKV Resource Id
|
||||
| `keyVaultURL` | `""` | Optional. AKV URL
|
||||
| `addsKeyEncryptionURL` | `""` | Optional. Active Directory Domain Services AKV encryption key
|
||||
| `vNetId` | | Required. Shared services Virtual Network resource identifier
|
||||
| `domainControllerAsgId` | | Required. ASG associated to Domain Controllers
|
||||
| `subnetName` | | Required. Name of Shared Services Subnet, this name is used to get the SubnetId
|
||||
| `adminUsername` | | Required. The username used to establish ADDS VMs
|
||||
| `adminPassword` | | Required. The password given to the admin user
|
||||
| `domainName` | | Required. AD domain name
|
||||
| `primaryDCIP` | | Required. On-premises domain IP
|
||||
| `ADSitename` | | Required. On-premises Active Directory site name
|
||||
| `domaincontrollerDriveLetter` | | Required. Drive letter to install ADDS
|
||||
| `domainAdminPassword` | | Required. Domain user that has privileges to join a VM into a Domain
|
||||
|
||||
## Outputs
|
||||
|
||||
| Output Name | Description |
|
||||
| :- | :- |
|
||||
| `aadsResourceGroup` | The Resource Group that was deployed to.
|
||||
|
||||
## Considerations
|
||||
|
||||
*N/A*
|
||||
|
||||
## Additional resources
|
||||
|
||||
- [Active Directory Domain Services](https://docs.microsoft.com/en-us/windows/desktop/ad/active-directory-domain-services)
|
||||
- [Microsoft.Compute virtualMachines template reference](https://docs.microsoft.com/en-us/azure/templates/microsoft.compute/2019-03-01/virtualmachines)
|
|
@ -179,7 +179,6 @@
|
|||
"MMAExtensionName": "OMSExtension",
|
||||
"azureDiskEncryptionExtensionName": "AzureDiskEncryption",
|
||||
"customAddsExtensionName": "DSCSetupADDS",
|
||||
"encryptionExtensionName": "AzureDiskEncryption",
|
||||
"encryptionOperation": "EnableEncryption",
|
||||
"keyEncryptionAlgorithm": "RSA-OAEP",
|
||||
"tagPatching": "3rdSat7pm",
|
||||
|
@ -948,7 +947,7 @@
|
|||
"sourceVault": {
|
||||
"id": "[parameters('keyVaultId')]"
|
||||
},
|
||||
"secretUrl": "[if(equals(variables('enableDiskEncryption'), bool('false')), json('null'), reference(resourceId('Microsoft.Compute/virtualMachines/extensions', concat(parameters('virtualMachineName'), copyindex(1)), variables('encryptionExtensionName')), '2018-10-01').instanceView.statuses[0].message)]"
|
||||
"secretUrl": "[if(equals(variables('enableDiskEncryption'), bool('false')), json('null'), reference(resourceId('Microsoft.Compute/virtualMachines/extensions', concat(parameters('virtualMachineName'), copyindex(1)), variables('azureDiskEncryptionExtensionName')), '2018-10-01').instanceView.statuses[0].message)]"
|
||||
},
|
||||
"keyEncryptionKey": {
|
||||
"sourceVault": {
|
||||
|
|
|
@ -10,9 +10,9 @@
|
|||
},
|
||||
"routes": {
|
||||
"type": "array",
|
||||
"minLength": 1,
|
||||
"defaultValue": [],
|
||||
"metadata": {
|
||||
"description": "Required. An Array of Routes to be established within the hub route table."
|
||||
"description": "Optional. An Array of Routes to be established within the hub route table."
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
|
@ -4,39 +4,6 @@
|
|||
"parameters": {
|
||||
"routeTableName": {
|
||||
"value": "route-table"
|
||||
},
|
||||
"routes": {
|
||||
"value": [
|
||||
{
|
||||
"name": "tojumpboxes",
|
||||
"properties": {
|
||||
"addressPrefix": "172.16.0.48/28",
|
||||
"nextHopType": "VnetLocal"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "tosharedservices",
|
||||
"properties": {
|
||||
"addressPrefix": "172.16.0.64/27",
|
||||
"nextHopType": "VnetLocal"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "toonprem",
|
||||
"properties": {
|
||||
"addressPrefix": "10.0.0.0/8",
|
||||
"nextHopType": "VirtualNetworkGateway"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "tonva",
|
||||
"properties": {
|
||||
"addressPrefix": "172.16.0.0/18",
|
||||
"nextHopType": "VirtualAppliance",
|
||||
"nextHopIpAddress": "172.16.0.20"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -11,7 +11,7 @@ This template deploys User Defined Route Tables.
|
|||
| Parameter Name | Default Value | Description |
|
||||
| :- | :- | :- |
|
||||
| `routeTableName` | | Required. Name given for the hub route table.
|
||||
| `routes` | | Required. An Array of Routes to be established within the hub route table.
|
||||
| `routes` | [] | Optional. An Array of Routes to be established within the hub route table.
|
||||
|
||||
### Parameter Usage: ``
|
||||
|
||||
|
|
|
@ -23,9 +23,9 @@
|
|||
},
|
||||
"dnsServers": {
|
||||
"type": "array",
|
||||
"minLength": 1,
|
||||
"defaultValue": [],
|
||||
"metadata": {
|
||||
"description": "Required. DNS Servers associated to the Virtual Network."
|
||||
"description": "Optional. DNS Servers associated to the Virtual Network."
|
||||
}
|
||||
},
|
||||
"enableDdosProtection": {
|
||||
|
@ -62,7 +62,10 @@
|
|||
}
|
||||
]
|
||||
},
|
||||
"ddosProtectionPlanName": "[concat(parameters('vNetName'), '-ddos')]"
|
||||
"ddosProtectionPlanName": "[concat(parameters('vNetName'), '-ddos')]",
|
||||
"dnsServers": {
|
||||
"dnsServers": "[parameters('dnsServers')]"
|
||||
}
|
||||
},
|
||||
"resources": [
|
||||
{
|
||||
|
@ -83,9 +86,7 @@
|
|||
"addressPrefixes": "[parameters('vNetAddressPrefixes')]"
|
||||
},
|
||||
"ddosProtectionPlan": "[if(equals(parameters('enableDdosProtection'), bool('false')), json('null'), json(concat('{\"id\":\"', resourceId('Microsoft.Network/ddosProtectionPlans', variables('ddosProtectionPlanName')),'\"}')))]",
|
||||
"dhcpOptions": {
|
||||
"dnsServers": "[parameters('dnsServers')]"
|
||||
},
|
||||
"dhcpOptions": "[if(empty(parameters('dnsServers')), json('null'), variables('dnsServers'))]",
|
||||
"enableDdosProtection": "[parameters('enableDdosProtection')]",
|
||||
"enableVmProtection": "[parameters('enableVmProtection')]",
|
||||
"copy": [
|
||||
|
|
|
@ -10,11 +10,6 @@
|
|||
"10.0.0.0/16"
|
||||
]
|
||||
},
|
||||
"dnsServers": {
|
||||
"value": [
|
||||
"192.168.1.4"
|
||||
]
|
||||
},
|
||||
"subnets": {
|
||||
"value": [
|
||||
{
|
||||
|
|
|
@ -359,12 +359,26 @@ Class AzureResourceManagerDeploymentService: IDeploymentService {
|
|||
$cacheItems | ForEach-Object {
|
||||
# Cache Items object's TenantId is null when run in
|
||||
# an AzDO Agent
|
||||
if ($null -ne $_.TenantId `
|
||||
-and $_.TenantId -eq $tenantId `
|
||||
-and $_.ExpiresOn -gt (Get-Date)) {
|
||||
$accessToken = $_.AccessToken;
|
||||
|
||||
# Note, doing a break; in Powershell, exits the entire
|
||||
# script execution, not only the function.
|
||||
if([string]::IsNullOrEmpty($accessToken))
|
||||
{
|
||||
if ($null -ne $_.TenantId `
|
||||
-and $_.TenantId -eq $tenantId `
|
||||
-and $_.ExpiresOn -gt (Get-Date)) {
|
||||
$accessToken = $_.AccessToken;
|
||||
Write-Debug "Access token found with tenant id filter";
|
||||
}
|
||||
elseif ($null -eq $_.TenantId `
|
||||
-and $_.ExpiresOn -gt (Get-Date))
|
||||
{
|
||||
$accessToken = $_.AccessToken;
|
||||
Write-Debug "Access token found without tenant id filter";
|
||||
}
|
||||
}
|
||||
}
|
||||
Write-Debug "Access token is: $(ConvertTo-Json $accessToken)";
|
||||
if([string]::IsNullOrEmpty($accessToken)) {
|
||||
Throw "Login to the right tenant. Tenant specified in the `
|
||||
subscription file may be different from the logged in Tenant `
|
||||
|
|
Загрузка…
Ссылка в новой задаче