Azure · jfaurskov · Jun 27, 2022 · Jun 21, 2022 · Jun 21, 2022 · Jun 21, 2022
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -31,5 +31,6 @@ Replace this with any testing evidence to show that your Pull Request works/fixe
   - [Linting](https://github.com/Azure/ALZ-Bicep/tree/main/.github/workflows)
   - [E2E (End-To-End)](https://github.com/Azure/ALZ-Bicep/blob/main/tests/pipelines/bicep-build-to-validate.yml)
   - [ValidateAzCloud (Base validation in Azure Cloud)](https://github.com/Azure/ALZ-Bicep/blob/main/tests/pipelines/base-unit-validate.yml)
+  - [ValidateMcCloud (Base validation in Azure China Cloud)](https://github.com/Azure/ALZ-Bicep/blob/main/tests/pipelines/mc-base-unit-validate.yml)
 - [ ] Updated relevant and associated documentation (e.g. Contribution Guide, Module READMEs, Wiki Docs etc.)
 - [ ] If relevant, created or updated Code Tours [here](https://github.com/Azure/ALZ-Bicep/blob/main/.vscode/tours)
diff --git a/.github/scripts/mc-Wipe-AlzTenant.ps1 b/.github/scripts/mc-Wipe-AlzTenant.ps1
@@ -0,0 +1,102 @@
+[CmdletBinding()]
+param (
+    #Added this back into parameters as error occurs if multiple tenants are found when using Get-AzTenant
+    [Parameter(Mandatory = $true, Position = 1, HelpMessage = "Please the Insert Tenant ID (GUID) of your Azure AD tenant e.g.'f73a2b89-6c0e-4382-899f-ea227cd6b68f'")]
+    [string]
+    $tenantRootGroupID = "<Insert the Tenant ID (GUID) of your Azure AD tenant>",
+
+    [Parameter(Mandatory = $true, Position = 2, HelpMessage = "Insert the name of your intermediate root Management Group e.g. 'Contoso'")]
+    [string]
+    $intermediateRootGroupID = "<Insert the name of your intermediate root Management Group e.g. Contoso>",
+
+    [Parameter(Mandatory = $true, Position = 4, HelpMessage = "Insert the subscription name of the subscription to wipe e.g. sub-unit-test-pr-108")]
+    [string]
+    $subscriptionName = "<Insert the subscription Id of the subscription to wipe e.g. sub-unit-test-pr-108>"
+)
+
+
+# Start timer
+$StopWatch = New-Object -TypeName System.Diagnostics.Stopwatch
+$StopWatch.Start()
+
+$subToMove = Get-AzSubscription -SubscriptionName $subscriptionName
+
+if ($subToMove.State -ne "Disabled") {
+    Write-Output "Moving Subscription: '$($subscriptionName)' under Tenant Root Management Group: '$tenantRootGroupID'"
+    New-AzManagementGroupSubscription -GroupId $tenantRootGroupID -SubscriptionId $subToMove.Id
+}
+
+
+# For each Subscription in the Intermediate Root Management Group's hierarchy tree, remove all Resources, Resource Groups and Deployments
+Write-Output "Removing all Azure Resources, Resource Groups and Deployments from subscription $($subscriptionName)"
+Write-Output "Set context to SubscriptionId: '$($subToMove.Id)'"
+Set-AzContext -Subscription $subToMove.Id #| Out-Null
+
+# Get all Resource Groups in Subscription
+$resources = Get-AzResourceGroup
+
+$resources | ForEach-Object -Parallel {
+    Write-Output "Deleting  $($_.ResourceGroupName) ..."
+    Remove-AzResourceGroup -Name $_.ResourceGroupName -Force | Out-Null
+}
+
+# Get Deployments for Subscription
+$subDeployments = Get-AzSubscriptionDeployment
+
+Write-Output "Removing All Subscription Deployments for: $($subscriptionName)"
+
+# For each Subscription level deployment, remove it
+$subDeployments | ForEach-Object -Parallel {
+    Write-Output "Removing $($_.DeploymentName) ..."
+    Remove-AzSubscriptionDeployment -Id $_.Id
+}
+
+
+# Get all AAD Tenant level deployments
+$tenantDeployments = Get-AzTenantDeployment | Where-Object {$PSItem.DeploymentName -like "$intermediateRootGroupID*"}
+
+Write-Output "Removing all Tenant level deployments prefixed with $intermediateRootGroupID"
+
+# For each AAD Tenant level deployment, remove it
+$tenantDeployments | ForEach-Object -Parallel {
+    Write-Output "Removing $($_.DeploymentName) ..."
+    Remove-AzTenantDeployment -Id $_.Id
+}
+
+# This function only deletes Management Groups in the Intermediate Root Management Group's hierarchy tree and will NOT delete other Intermediate Root level Management Groups and their children e.g. in the case of "canary"
+function Remove-Recursively {
+    [CmdletBinding(SupportsShouldProcess)]
+    param($name)
+    # Enters the parent Level
+    Write-Output "Entering the scope with $name"
+    $parent = Get-AzManagementGroup -GroupId $name -Expand -Recurse
+
+    # Checks if there is any parent level
+    if ($null -ne $parent.Children) {
+        Write-Output "Found the following Children :"
+        Write-Output ($parent.Children | Select-Object Name).Name
+
+        foreach ($children in $parent.Children) {
+            # Tries to recur to each child item
+            if ($PSCmdlet.ShouldProcess($children.Name)) {
+                Remove-Recursively($children.Name)
+            }
+        }
+    }
+
+    # If no children are found at each scope
+    Write-Output "No children found in scope $name"
+    Write-Output "Removing the scope $name"
+
+    Remove-AzManagementGroup -InputObject $parent -ErrorAction SilentlyContinue
+}
+
+# Remove all the Management Groups in Intermediate Root Management Group's hierarchy tree, including itself
+Remove-Recursively($intermediateRootGroupID)
+
+# Stop timer
+$StopWatch.Stop()
+
+# Display timer output as table
+Write-Output "Time taken to complete task:"
+$StopWatch.Elapsed | Format-Table
diff --git a/.vscode/tours/azurechinacloud-base-validation-pipeline.tour b/.vscode/tours/azurechinacloud-base-validation-pipeline.tour
@@ -0,0 +1,116 @@
+{
+  "$schema": "https://aka.ms/codetour-schema",
+  "title": "Azure China Cloud base validation pipeline",
+  "steps": [
+    {
+      "file": "tests/pipelines/mc-base-unit-validate.yml",
+      "description": "Get and expand all variables. ",
+      "line": 5
+    },
+    {
+      "file": "tests/pipelines/mc-base-unit-validate.yml",
+      "description": "Log in to Azure",
+      "line": 25
+    },
+    {
+      "file": "tests/pipelines/mc-base-unit-validate.yml",
+      "description": "Create a resource group to test against. This step is required for some of the following steps (all resource group scoped deployments)\r\n\r\n",
+      "line": 34
+    },
+    {
+      "file": "tests/pipelines/mc-base-unit-validate.yml",
+      "description": "Create a management groups to test against. This step is required for some of the following steps (all management group scoped deployments)\r\n\r\n",
+      "line": 46
+    },
+    {
+      "file": "tests/pipelines/mc-base-unit-validate.yml",
+      "description": "Validate ALZ custom role definitions deployment. Depends on management groups previously created.",
+      "line": 54
+    },
+    {
+      "file": "tests/pipelines/mc-base-unit-validate.yml",
+      "description": "Validate ALZ custom policy and policyset definitions deployment. Depends on management groups previously created.",
+      "line": 62
+    },
+    {
+      "file": "tests/pipelines/mc-base-unit-validate.yml",
+      "description": "Validate ALZ logging component deployment. Depends on resource group previously created.",
+      "line": 70
+    },
+    {
+      "file": "tests/pipelines/mc-base-unit-validate.yml",
+      "description": "Validate ALZ subscription placement into management group deployment. Depends on management groups previously created.",
+      "line": 78
+    },
+    {
+      "file": "tests/pipelines/mc-base-unit-validate.yml",
+      "description": "Validate ALZ default policy assignments deployment. Depends on management groups previously created.",
+      "line": 86
+    },
+    {
+      "file": "tests/pipelines/mc-base-unit-validate.yml",
+      "description": "Validate ALZ HUB Networking deployment. Depends on resource group previously created.",
+      "line": 94
+    },
+    {
+      "file": "tests/pipelines/mc-base-unit-validate.yml",
+      "description": "Validate ALZ VWAN deployment. Depends on resource group previously created.\r\n\r\n",
+      "line": 102
+    },
+    {
+      "file": "tests/pipelines/mc-base-unit-validate.yml",
+      "description": "Validate ALZ Spoke Network deployment. Depends on resource group previously created.\r\n\r\n",
+      "line": 110
+    },
+    {
+      "file": "tests/pipelines/mc-base-unit-validate.yml",
+      "description": "Validate ALZ VWAN Network connection deployment. Depends on subscription previously created.\r\n\r\n",
+      "line": 118
+    },
+    {
+      "file": "tests/pipelines/mc-base-unit-validate.yml",
+      "description": "Validate ALZ Vnet Peer from spoke to HUB deployment. Depends on resource group previously created.\r\n\r\n",
+      "line": 126
+    },
+    {
+      "file": "tests/pipelines/mc-base-unit-validate.yml",
+      "description": "Validate ALZ Private DNS Zones deployment. Depends on resource group previously created.\r\n\r\n",
+      "line": 134
+    },
+    {
+      "file": "tests/pipelines/mc-base-unit-validate.yml",
+      "description": "Validate ALZ Public IP deployment. Depends on resource group previously created.\r\n\r\n",
+      "line": 142
+    },
+    {
+      "file": "tests/pipelines/mc-base-unit-validate.yml",
+      "description": "Validate ALZ RBAC assignment to single management group deployment. Depends on management groups previously created.\r\n\r\n",
+      "line": 150
+    },
+    {
+      "file": "tests/pipelines/mc-base-unit-validate.yml",
+      "description": "Validate ALZ RBAC assignment to multiple management group deployment. Depends on management groups previously created.\r\n\r\n",
+      "line": 158
+    },
+    {
+      "file": "tests/pipelines/mc-base-unit-validate.yml",
+      "description": "Validate ALZ RBAC assignment to single subscription deployment. Depends on subscription previously created.\r\n\r\n",
+      "line": 166
+    },
+    {
+      "file": "tests/pipelines/mc-base-unit-validate.yml",
+      "description": "Validate ALZ RBAC assignment to multiple subscription deployment. Depends on subscription previously created.\r\n",
+      "line": 174
+    },
+    {
+      "file": "tests/pipelines/mc-base-unit-validate.yml",
+      "description": "Validate ALZ hub peered spoke orchestration module deployment. Depends on management groups previously created.\r\n\r\n",
+      "line": 182
+    },
+    {
+      "file": "tests/pipelines/mc-base-unit-validate.yml",
+      "description": "Job to clean up tenant after deploy -> remove management group structure specific to this PR, delete resources in created subscription. ",
+      "line": 190
+    }
+  ]
+}