зеркало из https://github.com/Azure/vdc.git
9 Коммитов
| Автор | SHA1 | Сообщение | Дата |
|---|---|---|---|
Christopher Bennage
|
f0b3944d89
|
Module folder cleanup (#128)
* revmoing version from orchestration files * removed logic for module subpath * removed examples using "2.0" folder * removing the '2.0' folder from modules |
|
Kungumaraj Nachimuthu
|
afdebb4d06 |
AKS and On-Premise Archetype updates (#112)
* Changes based on feedback. First round of corrections. * Fix added for multi-subscription deployment * Added Debug argument for troubleshooting pipeline * Reset the context change after storage setup * Minor update to fix type * Added Debug flag * Minor update * Update to avoid switching subscription when in validation mode * Debugging consolidation script * More debugging * Debugging continued * Debugging continued 2 * Removed extra Cmdlet that pollutes the outputs * Logging to troubleshoot invalid cache in pipeline added * Applied a fix for AzureDevOps Cache implementation to cache objects arrays and object * Convert cache string to object when possible * More logging added * Test-Json logic may be flawed. Debugging it. * Debug * Pipeline bootstrap var added * Debugging failed module - AKS * Merged the rootcert.ps1 and rootcert.sh * Debugging On-Prem Archetype * Debugging On-Prem * Feedback based on recent changes. * Changes based on PR feedback * Changed based on PR feedback * Added Debug for storage accounts * Preserving the context after bootstrap. * Added the missing parameter * Initialize and Teardown of Validation Resource Group logic added * Excluding the dependency on the SetupValidationResourceGroup job because it was removed. * Removed orphaned dependencies * Added missing mode parameter * Fixed invalid function name * Validation Resource Group default location set * Passing the validation resource group created based on archetype instance name * Missing variable fixed * Missing parameter is passed to the method * ResourceGroupName for validation RG is reset * Minor change to validation group name * Minor updates * Removed the constrain to switch subscription on deploy mode only * Setup and Teardown testing in the same job * Resource Group name being reset on delete * Commented out the write-host used for debugging * Destroy the validation resource group at the end * Setup of validation resource group is now merged with deployment resource group setup logic. * Typo in function name * typo in function name fixed * Added debug lines * Removed the extra condition that prevented the creation of rg in validation mode * Fix for teardown of rg * Running SecurityCenter module in debug mode * Fix for UpdateAzureFirewall added * Storing outputs as objects instead of hashtables. * Avoiding ConvertTo-Json due to serialization problem * Fix applied for Output conversion * Comments added. * Cleaned up comments. * Cleaned up based on feedback item * Change to AzureFirewall Id to reference the output * Fixed the incorrect token * Running storage module in debug mode * Empty string values need to evaluate to false * Modified cache key retrieval logic * Validation of resource group moved inside InvokeARMOperation method * Minor var name fix * Debugging UpdateAzFw module * Teardown should also create the validation resource group * Using different secrets group * Updated the service conn. profile * Updated the CreateRootCertificate module * Pipeline will now use test var group * OnPremises pipeline's sc updated * Updated the path after on-premises folder name change * Added isOutput=true to bootstrap initialize * Updated Shared Services Pipeline yaml for testing * Shared Services OnPrem Extension updated * Adding Debug to Azfw for troubleshooting * P2S root certificate generation script fixed * Debug added for vgw * Updated the deployment name for Shared Services without OnPremises extension for testing * Debug added for OnPremises extension for storage account * Debug added to all modules * Fixed indention and Null Guid issue * Location updated * Debugging all modules * Minor fix * Removed isOutput from the PowerShell script * Fixed Test-JsonContent * Enabled artifacts storage account * Reverted the changes to pipeline yaml files * Reverted changes to pipeline yaml * Revert the change to deployment name in Shared Services * Reverted the artifacts storage account name * Removed comments in Test-JsonContent * Merging the changes from AKS & OnPremises (#121) * Continuing Shared Services deployment * Updated the order of execution of the components * Updated location of the Shared Services Archetype * Modified the code to use the location from the parameters file or module configuration and not subscription * Removed additional logic for location of the resource group and reusing the existing location var * Updated the parameters value being passed for Disk Encryption module * Accounting for output of simple data types * Using Test Var Group * Updated the SC * Debugging EventHub * Changed the order of execution of AKS LandingZone in pipeline * Reordering the modules * AKS deployment * Fix * Added a new rule to the firewall * Reverted changes before PR submission * Removed the additional Debug flag during invocation * Reverting the ArtifactsStorageAccount and making it disabled * Reverting the changes to Parameters.json for OnPremises Extended version * Reverting Artifacts Storage Account Name. * Reverting the parameters file in Shared Service Non-Extended Version * Added RBAC to AKS * Merging deltas / updates to AKS-OnPrem-Feedback Branch (#129) * Updated the pipeline to run in MS Subscription * Fixed the name of the var group * Updated the region. * Minor changes as per discussion * Added NSG flow module to the archetypes - AKS and OnPremises * Adding the enable.flow.logs under NetworkSecurityGroups module. This will be added again after merge vnext post jcotillo/governance-stage branch merge to vnext. * Reverted back the secret group name and service connection name * Added the Enable NSG Flow Logs module to pipeline yaml file. * Split the AKS into three stage deployment - included ApplyGovernance stage * Minor updates to stage names * Updates from today's discussion * Corrected the DeployEnvironment Stage * Minor update * Added the missing switch for TearDownValidationResourceGroup * Shared Services non extended version updated * Updates to add diagnostic settings to EventHub * PR finalized. |
|
Jorge Cotillo
|
544838b54f |
Jcotillo/governance stage (#126)
* created new pipeline stage * updated artifacts storage account reference * updated location reference on all archetypes * rolled back to West US region * moved domain admin information to shared services object * removed comments and updated kv name * Enabled Service Map and diag strg connection * added diagnostic and logging to resources * enabled monitoring on PaaS services * enable service endpoint on diagnostics * updated adds asg * enable accelerated networking by default * fixed vmss template and added nsg flow logs script * updated pipelines to match orchestration.json * fixed onpremises pipeline reference name * renamed environment folder * fixed stage name * fixed path name * removed landing zone from shared services pipeline * added governance * added custom task to upload scripts to SA * updated Linux VM SKU * updated availability set default name * fixed unit tests * removed dependency * removed log analytics dependency * fixed NSG flow logs relative path * updated ntier iaas archetype stage name * fixed module name * updated diagnostic storage account name * updated default config * added missing parameter * fixed shared services parameter reference * moved parameter files into test folder * updated diagnostic settings * added missing parameters to sample parameter file * updated base on feedback * updated test context names |
|
Jorge Cotillo
|
264075d170 | gw fix | |
|
Jorge Cotillo
|
c64adb9961 | added policy and rbac tests | |
|
Jorge Cotillo
|
6a8a7d7827 | fixed unit test | |
|
Kungumaraj Nachimuthu
|
2c83f220e1 |
AKS Archetype (#96)
* AKS Archetype - Initial Commit * Change in pipeline variable group for testing * Corrected dependency to the teardown of validation resource group * Corrected the dependsOn for TearDownValidationResourceGroup * Changed the Azure Subscription * Changed from SharedServices to AKS in pipeline.yml * Added missing Tests folder * Removing duplicate task * Updates to new modules * Separate module for application rule * Update to application rule module * Clean up * Cleaned up security center module * Multiple var groups * Added var groups for AKS * Added env vars for User group IDs * Updated the Packer agent file to include the az cli installation * Splitting into Archetype and LandingZone * Updated the paths in pipeline.yml after restructuring folders * More updates to file paths * AzureSecurityCenter correction * Separate module for updating Azure Firewall * Code fix for prevention of resource group while executing scripts * Corrections to the orchestration and parameters file * Added the Azure Firewall update section to the pipeline yml file * Fixed json parameters file for AKS module that was formatted incorrectly * Minor fixes to Virtual Network * Updated the subscription GUIDs and added a subscription info for AKS * Changed vNet to VirtualNetwork. Also, added dependsOn for AKS Archetype in Orchestration file. * Changed the KeyVault behavior to enable Service EndPoint after Landing Zone deployment. * Orchestration and Pipeline updates for AKS Archetype * AKS Archetype pipeline / orchestration update * Fixed unsupported versions for aks * Changes based on feedback from AKS Archetype review * Minor changes - feedback work continued * Pipeline changes specific to AKS LandingZone * AKS Archetype - Initial Commit * Change in pipeline variable group for testing * Corrected dependency to the teardown of validation resource group * Corrected the dependsOn for TearDownValidationResourceGroup * Changed the Azure Subscription * Changed from SharedServices to AKS in pipeline.yml * Added missing Tests folder * Removing duplicate task * Updates to new modules * Separate module for application rule * Update to application rule module * Clean up * Cleaned up security center module * Multiple var groups * Added var groups for AKS * Added env vars for User group IDs * Updated the Packer agent file to include the az cli installation * Splitting into Archetype and LandingZone * Updated the paths in pipeline.yml after restructuring folders * More updates to file paths * AzureSecurityCenter correction * Separate module for updating Azure Firewall * Code fix for prevention of resource group while executing scripts * Corrections to the orchestration and parameters file * Added the Azure Firewall update section to the pipeline yml file * Fixed json parameters file for AKS module that was formatted incorrectly * Minor fixes to Virtual Network * Updated the subscription GUIDs and added a subscription info for AKS * Changed vNet to VirtualNetwork. Also, added dependsOn for AKS Archetype in Orchestration file. * Changed the KeyVault behavior to enable Service EndPoint after Landing Zone deployment. * Orchestration and Pipeline updates for AKS Archetype * AKS Archetype pipeline / orchestration update * Fixed unsupported versions for aks * Changes based on feedback from AKS Archetype review * Minor changes - feedback work continued * Pipeline changes specific to AKS LandingZone * Changes based on testing firewall rules update logic * Pipeline yml file updated * Minor update * Minor update * Minor update * Minor correction to file path * Minor file path correction * Minor correction * Debug statements added * Fix for Azure Firewall scripts * Updated * Updated * Minor update * Pipeline jobs rearranged. * File path fixed * Fixes to chmod script * Minor fixes * Updated the dependencies * Corrected the bootstrap var in pipeline * Live updates from feedback review * Fixes based on today's review |
|
|
Kungumaraj Nachimuthu
|
51b3710985 |
Kunachim/on prem v2 (#100)
* Initial commit for On-Premise Archetype * Corrected depends-on for pipeline * Moving ArtifactsStorageAccount module to the top and adding a ADO task for uploading scripts required for AD module * Added a dependency to upload scripts for AD module * Added a separate stage for uploading artifacts. * Invalid dependency removed * Importing Az.Storage Module before executing other commands. * Printing out modules path * Remove Artifacts storage from test * Minor change to UploadScripts module * Minor change * Minor Change to update PSModulePath * Testing * Minor path fix * Minor changes to file path regex to be non-greedy * Pipeline fixed with reorder Artifacts storage and scripts upload to Artifacts storage * Minor updates * Moved the Installation of the PowerShell modules one folder up * Point-to-Site VPN added to On-Premise Archetype * Cleaned up the scripts for VPN Root Cert creation * Finalized Script * Modularization of Virtual Machine templates (#101) * initial commit * moved parameters file outside of the module * initial commit of new Jumpbox design * added encryption task * removed unnecessary parameters * initial implementation of encryption using kek * fixed output storage from custom script * Added format data disks DSC * added adds dsc that excludes disk formatting * removed dsc folder * added policy and rbac tests * removed 0 file * updated template static test * updated ad and adds templates * updated non-extended shared services environment * updated display names * added enable key vault service endpoint task * fix validate dependency * fixed task name * fixed module definition reference * fixed azure firewall api version * fixed pipeline and added new environment variable * updated azure firewall api version * fixed key vault access policy * updated parameters comment * updated zones copy loop * updated zones condition * fixed parameters.json error * removed double quote encoding * added string array to zones * updated description name * updated output reference to lowercase * enabled debug on AD encryption * enabled debug on AD encryption * moved enabling service endpoint of Key Vault after VM deployment * disabled validation stage * enabled pipelines * added SQL Analytics solution * removed uneeded parameter * added disk verification before formatting a disk * updated DSC code * removed data jumpbox datadisk * added drive letter parameter to adds * added workaround to prevent storage initialization multiple times * added get public IP ps1 * removed finally block * updated get ip ps1 path * updated network rules copy loop: * removed networkacls from initial key vault deployment * explicit set of ps1 argument * updated initialize file * fixed return type * fixed return type from getSasToken function * added ashashtable to convert from json cmdlet * added networkAcls with IP whitelisting * added test-jsoncontent to helper * added debug * updated storage account details cache value * removed debug flag * updated set variable syntax * fixed variable name * added -Compress to JSON string creation * updated default action on kv networkacls * added global variable * updated variable name * Update pipeline.yml for Azure Pipelines * moved org name as env variable * update pipeline * Update pipeline.yml for Azure Pipelines * added additional logging info * temp reduced validation tasks * fixed dependency * removed global variable from pipeline * enabled debug on deployment * enabled debug * moved similar tasks into same job * updated shared services extended pipeline * removed write-host * enabled multi-stage jobs * added env variables * updated variable set * removed comments from inline script * updated pipeline, pass variable between jobs * added missing environment variable retrieval * removed unnecessary write-host * added vnet dependency * updated job output dependency name * added multi-job variable * updated modules path of shared services onprem extension * fixed parameters * removed active directory reference * added Virtual Network dependency * added spn access policy * moved dns server as a separate task * removed additional api calls * removed duplicate * added logic for more than one resource ids * Added exponential backoff logic (#103) * output az graph query * Update pipeline.yml for Azure Pipelines * Restore pipeline stages * added exponential backoff * added exponential backoff * added debug function * Exception handling functions added to Helper (#102) * Applied the changes * Minor changes to the exception * Cleanup * Cleaned up one of the function * minor change * Merged the Exponential backoff logic with Get exception * Fix for excluding resource ids from file path parse logic * fixed - expression syntax * updated required parameter * removed dns server task * enhanced error message details * updated adds vm name * added exception analyzer to ARM REST API call * fixed Get-Exception cmdlet invocation * added comments to set-context cmdlet * Added KeyVault service point * Updated the Archetype to include the new Active Directory Module and new Virtual Machine Module. * Updated the On-Premise Pipeline * Minor updates to the pipeline yml file * Added missing dependency * Minor update * More updates to dependencies * enable pip only if sepcified * Minor update to enable Pip in VGW * Minor update to VGW * CHanged casing on labvm files (#106) * Error parser logic fixed (#108) * Initial commit for On-Premise Archetype * Corrected depends-on for pipeline * Moving ArtifactsStorageAccount module to the top and adding a ADO task for uploading scripts required for AD module * Added a dependency to upload scripts for AD module * Added a separate stage for uploading artifacts. * Invalid dependency removed * Importing Az.Storage Module before executing other commands. * Printing out modules path * Remove Artifacts storage from test * Minor change to UploadScripts module * Minor change * Minor Change to update PSModulePath * Testing * Minor path fix * Minor changes to file path regex to be non-greedy * Pipeline fixed with reorder Artifacts storage and scripts upload to Artifacts storage * Minor updates * Moved the Installation of the PowerShell modules one folder up * Point-to-Site VPN added to On-Premise Archetype * Cleaned up the scripts for VPN Root Cert creation * Finalized Script * Added KeyVault service point * Updated the Archetype to include the new Active Directory Module and new Virtual Machine Module. * Updated the On-Premise Pipeline * Minor updates to the pipeline yml file * Added missing dependency * Minor update * More updates to dependencies * enable pip only if sepcified * Minor update to enable Pip in VGW * Minor update to VGW * Pipeline yml fixes * Typo fix * Access policies added to KeyVault to App and User. * Pipeline yml updated with feedback from today's review |
|
|
Jorge Cotillo
|
fc1327053c
|
ASE sql archetype (#71)
* initial commit that creates the new archetype * added infra baseline to ASE/SQL deployment * added vnet peering module configurations * set app service plan and webapp as generic modules, added ASE orchestration modules to archetype * Fixes to pester tests applied * added baseline archetype * added Nist controls * added new NIST policies * update settings * fixed repeated policy display name * Update Archetype Instance Json with Script Output (#65) * Completed the implementation of the archetype instance update with script outpout * Created script to create / use a subscription and associate it to a new / existing management group * SQL database (#64) * Add files via upload * Delete _README.md * Add files via upload * Delete sql.database.deploy.json * Delete sql.database.parameters.json * Add files via upload * Delete sql.database.azuredevops.ci.yaml * Add files via upload * Add files via upload * Delete git_placeholder.md * Update module.tests.ps1 * Update module.tests.ps1 * added new NIST policies * initial commit that creates the new archetype * added infra baseline to ASE/SQL deployment * added vnet peering module configurations * set app service plan and webapp as generic modules, added ASE orchestration modules to archetype * Fixes to pester tests applied * added baseline archetype * Completed the implementation of the archetype instance update with script outpout * Created script to create / use a subscription and associate it to a new / existing management group * update settings * fixed repeated policy display name * initial commit that creates the new archetype * added infra baseline to ASE/SQL deployment * added vnet peering module configurations * set app service plan and webapp as generic modules, added ASE orchestration modules to archetype * Fixes to pester tests applied * added baseline archetype * Completed the implementation of the archetype instance update with script outpout * Created script to create / use a subscription and associate it to a new / existing management group * initial commit that creates the new archetype * added infra baseline to ASE/SQL deployment * added vnet peering module configurations * set app service plan and webapp as generic modules, added ASE orchestration modules to archetype * Completed the implementation of the archetype instance update with script outpout * Completed the implementation of the archetype instance update with script outpout * Created script to create / use a subscription and associate it to a new / existing management group * initial commit that creates the new archetype * added infra baseline to ASE/SQL deployment * added vnet peering module configurations * set app service plan and webapp as generic modules, added ASE orchestration modules to archetype * added baseline archetype * Completed the implementation of the archetype instance update with script outpout * initial commit that creates the new archetype * added infra baseline to ASE/SQL deployment * added vnet peering module configurations * initial commit that creates the new archetype * set app service plan and webapp as generic modules, added ASE orchestration modules to archetype * added infra baseline to ASE/SQL deployment * added vnet peering module configurations * set app service plan and webapp as generic modules, added ASE orchestration modules to archetype * Completed the implementation of the archetype instance update with script outpout * Resolved a conflict * removed subscription verification * running custom script * cleaned up variables * Tested custom script execution * Updated the subscription name for testing * Check for null subscript and tenant id added * Added debug for pipeline failures * Updated Add-SubscriptionAndTenantIds to run only for archetype configuration * Throw more information when script execution fails * Throw more information when script execution fails * Throw more information when script execution fails * Throw more information when script execution fails * Throw more information when script execution fails * Throw more information when script execution fails * Throw more information when script execution fails * Throw more information when script execution fails * finished NIST Controls * moved baseline configuration to ASE-SQL * fixed common file path reference * updated Shared Services pipeline * updated file name - case sensitive issue * updated validation rg creation * Changed the tenant id and subscription id in New-AzureResourceManagerDeployment to string * added workload baseline pipeline * added ase sql pipeline * fixed invalid subscription id saved to resource state * updated variable name * Reference Functions scope changed to Module Configuration Object (#66) * Initial changes * Completed the implementation * Cleaned up prior to PR submission * adding LandingZone * updated pipeline paths * updated pipeline paths * updated parameters file * correcting case * removed folders * placing files back * delete files * put files back * Fix to resolving reference functions * fixed casing * fixed casing in code * updated modules to Modules in pipeline.yml * Updated config folder name * Updated config folder name * fixed casing * added vpn shared key * finished ASE SQLDB landing zone * added ASE-SQL archetype * replaced hardcoded resource group name * fixed relative path * fixed automation account alias * fixed relative paths * renamed ADDS to ActiveDirectoryDomainServices * fixed onprem vgw name * fixed artifacts storage account name * fixed custom extensions casing * enabled adds deployment * updated on-premises AD information * updated Key Vault name to pass deployment error * fixed bug on resource group creation * updated adds vm name and set pipeline timeout to 0 * updated ADDS address start * updated ADDS name * updated dockerignore * Fixed the pester test failure |