Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Management Group module #10

Merged
merged 15 commits into from
Aug 24, 2021
Merged

Add Management Group module #10

merged 15 commits into from
Aug 24, 2021

Conversation

SenthuranSivananthan
Copy link
Contributor

Overview/Summary

Initial implementation of the Management Group Module based on AdventureWorks reference implementation.

This PR fixes/adds/changes/removes

  1. Azure DevOps - #67853

Breaking Changes

  1. None

Testing Evidence

Example output is added to README.md

As part of this Pull Request I have

  • Checked for duplicate Pull Requests
  • Associated it with relevant ADO items
  • Ensured my code/branch is up-to-date with the latest changes in the main branch
  • Performed testing and provided evidence.
  • Updated relevant and associated documentation.

Copy link
Collaborator

@jtracey93 jtracey93 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great start, just a few things to get us off on the right tracks 👍

infra-as-code/bicep/modules/mgmtGroups.bicep Outdated Show resolved Hide resolved
infra-as-code/bicep/modules/mgmtGroups.bicep Outdated Show resolved Hide resolved
infra-as-code/bicep/modules/mgmtGroups.bicep Outdated Show resolved Hide resolved
infra-as-code/bicep/modules/mgmtGroups.bicep Outdated Show resolved Hide resolved
infra-as-code/bicep/modules/README.md Outdated Show resolved Hide resolved
infra-as-code/bicep/modules/README.md Outdated Show resolved Hide resolved
infra-as-code/bicep/modules/README.md Outdated Show resolved Hide resolved
infra-as-code/bicep/modules/mgmtGroups.bicep Outdated Show resolved Hide resolved
Copy link
Collaborator

@jtracey93 jtracey93 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interested to understand why the move away from loops as I liked the looping for child MGs of Platform and Landing Zones.

We can use Output Loops to generate the same output objects for these child MGs as per: https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/loop-outputs

Also as part of testing, can you test what would happen if the array for the child MGs of Platform & Landing Zones are empty? Do we get an error, or does it work and no child MGs are created?

Might be worth putting an if expression in place on these loops to cover this also as per: https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/loop-resources#resource-iteration-with-condition

Copy link
Collaborator

@jtracey93 jtracey93 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work, lets :shipit:

@SenthuranSivananthan SenthuranSivananthan merged commit 5c54e1a into Azure:main Aug 24, 2021
faister added a commit that referenced this pull request Jan 11, 2022
* Create main.yml

* Delete main.yml

* Create update-policy-china.yml

* make update-policy-china.yml to work against upstream repo

* Azure main (#10)

* fix link and update description (#97)

* Update description for parNetworkDNSEnableProxy (#98)

* Mooncake Support and Guidance - SE Backlog 74072 (#95)

* Create update-policy-china.yml

Separate Update Policy for Azure China due to some discrepancies between Azure global regions and Azure China such as some Azure services not deployed, and some built-in policy definitions are not yet available there.

* committing separate PS scripts for updating policy for Azure China and a new workflow yaml too

* changing github.repository == 'faister/ALZ-Bicep' to make the workflow run

* Added china folder structures

* making sure new china folder structure stays

* Update Policy Library for Azure China (automated) (#2)

Co-authored-by: github-actions <action@github.com>

* Revert "Update Policy Library for Azure China (automated) (#2)" (#3)

This reverts commit 37c7775.

* Added prefix mc in all files to differentiate output files for mooncake policies - easier for future troubleshooting

* no changes really

* Update Policy Library for Azure China (automated) (#4)

Co-authored-by: github-actions <action@github.com>

* updated policy definitions and custom role definitions modules

* no mooncake specific policy assignments

* removed the need to have infra-as-code/bicep/modules/policy/assignments/lib/china

* Update Policy Library for Azure China (automated) (#8)

Co-authored-by: github-actions <action@github.com>

* updated and tested DINE MS Defender configuration policy assignment for Mooncake

* 2nd round testing and changes

* fixed some errors in markdownlint linter

* test deployment for all remaining Bicep modules

* updated README.md for 8 modules

* fixed some READMEs

* converted the spaces here to tabs to be consistent with jtracey93/ALZ-Bicep@fee446d

* setting Mooncake specific changes only in the parameters file, instead of an additional bicep file

* keeping URL generic not fixed to en-us

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions <action@github.com>

* Task81595 - Test Deployment of changed modules (#86)

* ReadmeFiles associated with reusables & Spoke Vnet

* Updates based on Reveiw

* Updates based on Review

* Update infra-as-code/bicep/modules/spoke-networking/README.md

Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>

* Update infra-as-code/bicep/modules/spoke-networking/README.md

Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>

* Update infra-as-code/bicep/modules/reusable/virtual-network-peer/README.md

Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>

* Update infra-as-code/bicep/modules/reusable/virtual-network-peer/README.md

Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>

* Update infra-as-code/bicep/modules/reusable/virtual-network-peer/README.md

Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>

* Update infra-as-code/bicep/modules/reusable/virtual-network-peer/README.md

Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>

* Update infra-as-code/bicep/modules/reusable/virtual-network-peer/README.md

Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>

* Adding change for HubNVA description

* adding changes to bicep build test

* correction to spacing

* correction indetations

* removing space in variable

* testing a deployment

* adding githubworkspace

* correcting deployment

* testing for public ip

* removing . from the tempate path

* changing test to HubNetwork

* setting flag to not fail on StdErr

* adding additional module

* adding separate workflow for deploy

* adding deploy to existing script

* removing management group deployment to test AZ

* change to az deploy

* change resource group var to env

* Correction to hubnetworking path

* adding some testing

* additional updates for testing

* Testing AZ deploy

* Another test

* Az dep

* making more readable

* changing line brake

* removing line break

* Adding git diff for hubNetworking

* Adding with before fetch depth

* update path

* removing diff and check pwd

* adding back diff

* removing working directory

* removing git workspace

* Deleting CR to trigger build test

* correcting path

* Removing one of the git vars

* adding CR to test

* another test

* removing line

* test

* removing diff dependancy

* removing checkout path

* removing working directroy

* Changing over to ALZ Subscription

* adding management groups

* Adding cleanup script for CI Pipepline

* Updating with destroy for the CI Pipline

* Adding powershell dependancies

* adding confirm to the install-modules

* Changing Confirm to Force

* Adding in Roles and Policies to test

* Adding in builds up to Hub

* correction to logging cli call

* adding required space in front of parameters

* changing param for subscription placement to build

* Changing destroy to its own job

* CHaning LogAnlyticsLink to reference workspace

* adding spoke networking to the deploy validation

* changing default for DNSProxy to false

* changing defaults to allow for automated build

* correcting nextHoptType to allow for non DNS Proxy

* turning ddosplan to false

* Adding git diff test

* adding management groups to git diff test

* Check for diff on all files

* Change to Cleanup script to check for changes

* remove dependancy on bicep build

* checking for changes before creating rg

* Removing training spaces and write-host

* Fixing linter issues

* Change to function to support should process

* correcting shouldprocess

* removing unneeded comments

* Removing trailing Space

* changes requested per review

* testing job outputs

* removing unneeded comments

* logging change per review

* Updating version per updates

* Documentation changes

* Adding details to Release Notes

* Changing secret to match repo secret

* changes based on review

* testing condition

* changing condition

* Test of conditionals

* Testing different conditional logic

* changing conditional logic

* adding missing fi

* using envinronment vars instead of set-env

* correcting if condition

* Changing exit code location due to error

* changing comparison to number instead of bool

* testing exit code again

* removing unneeded then

* adding continue to test exit code

* changing 1 to a string

* changing condition for RG

* removing echo

* adding a cr

* Changing loggin diff output condition

* change to diff param

* moving conditional logic to cli

* conditional test wiht !=

* conditional test with !=

* Correction to output references

* Condition test

* hail mary

* simplify condition

* checking for null

* Testing with all conditions

* adding space

* adding in all checks to bash

* chaning resource group logic

* changing all mgmt group logic

* All conditional logic in git action

* chan ge to git diff for management group

* checking loggin.

* adding in ; before then

* changing logging

* changing logging back

* another test

* Rolling back to cli

* adding missing fi

* correcting resource group creation

* removing comment

* removing a comment to test the build

* correction to bad syntax

* another test

* adding in bash shell

* comenting out to see if that works

* correcting spacing

* adding missing #

* Adding in changes from review and addition of creation of sub
Co-authored-by: Jack Tracey <jtracey93@users.noreply.github.com>

* Correcting variables

* changing env vars

* removing duplicate with

* Correcting AZ call

* seting active subscription

* testing output

* correcting outputs

* echo sub id  to validate

* changing output to specify specific output

* adding value to output

* updates to mg prefix and names and make sub alias support EA, MCA, MPA

* update params file

* update sub alias docs

* Testing with run instead of CLI
Co-authored-by: Jack Tracey <jtracey93@users.noreply.github.com>

* Testing run changes

* testing with jq

* changing output name

* Changing to env

* adding env instead of output

* Changing to echo out

* Changing settting of var

* moving echo

* hail mary

* removing extra call

* test

* correcting )

* update action

* u ate workflow and sub move params

* typo

* remove env

* add quotes

* changing conditional logic on Cleanup

* changing to pwsh for cleanup

* placing {{}} around git var

* Changing conditional logic

* changing exit condition

* changing output

* Changing conditional logic

* changing output

* changing logic

* testing if condition on sub

* changing subscription logic

* changing Logging

* adding shell to each step

* chaning logging to var

* Testing a change to logging

* change

* changing conditional

* changing RG logic

* removing if

* changing sub condition

* additional conditional logic

* adding subscription in to allow deletion of RG

* correction to RG cleanup

* seting rg to always delete

* correcting if always

* outputing subid from previous step

* Removing comment on tenantRoot Param

* changing env variables to work around busted sub

* Removing trailing spaces

* removing a comment that was a test

* fix linting

* sleeping after subscription creation

* Making a change to force a build

* removing testing from PR name

* Adding silent continue so script continues

* adding missing modules from Registry example

* Removing unneeded line

* Changing version to push a build

* removing change to trigger pipeline

* Updating to force a build

* disabling dnsproxy

* updating bicep linter to exclude registry

* modifying to remove registry from bicep build

* Update infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep

Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>

* Update .github/scripts/Wipe-ESLZAzTenant.ps1

Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>

Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>

Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>
Co-authored-by: Senthuran Sivananthan <senthuran.sivananthan@microsoft.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions <action@github.com>
Co-authored-by: Troy Ault <aultt@users.noreply.github.com>

* Update update-policy-china.yml

* Update update-policy-china.yml

updated to have this workflow run against Azure/ALZ-Bicep main repo

Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>
Co-authored-by: Senthuran Sivananthan <senthuran.sivananthan@microsoft.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions <action@github.com>
Co-authored-by: Troy Ault <aultt@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants