deploy from the command line using a single script and argument

.gitignore

@@ -49,3 +49,6 @@ __pycache__/
 **/.idea/
 **/config_output/
 **/exec_output
+
+# ignore deploy.sh output
+**/generated-configurations/*

src/build/apply_tf.sh

@@ -35,8 +35,10 @@ tier2_vars=$6
 display_tf_output=${7:-n}
 
 # reference paths
-core_path=$(realpath ../core/)
-scripts_path=$(realpath ../scripts/)
+this_script_path=$(realpath "${BASH_SOURCE%/*}")
+src_dir=$(dirname "${this_script_path}")
+core_path="${src_dir}/core/"
+scripts_path="${src_dir}/scripts/"
 
 # apply function
 apply() {
@@ -90,24 +92,24 @@ apply() {
 
   while [ $apply_success == "false" ]
   do
-    echo "Applying ${name} (${attempts}/${max_attempts})..."
+    echo "INFO: applying ${name} (${attempts}/${max_attempts})..."
 
     if ! eval "$apply_command";
     then
       # if we fail, run terraform destroy and try again
-      error_log "Failed to apply ${name} (${attempts}/${max_attempts}). Trying some manual clean-up and Terraform destroy..."
+      error_log "ERROR: failed to apply ${name} (${attempts}/${max_attempts}). Trying some manual clean-up and Terraform destroy..."
       eval "$destroy_command"
 
       ((attempts++))
 
       if [[ $attempts -gt $max_attempts ]]; then
-        error_log "Failed ${max_attempts} times to apply ${name}. Exiting."
+        error_log "ERROR: failed ${max_attempts} times to apply ${name}. Exiting."
         exit 1
       fi
     else
       # if we succeed meet the base case
       apply_success="true"
-      echo "Finished applying ${name}!"
+      echo "INFO: finished applying ${name}!"
     fi
   done
 }

src/build/destroy_tf.sh

@@ -35,8 +35,10 @@ tier2_vars=$6
 display_tf_output=${7:-n}
 
 # reference paths
-core_path=$(realpath ../core/)
-scripts_path=$(realpath ../scripts/)
+this_script_path=$(realpath "${BASH_SOURCE%/*}")
+src_dir=$(dirname "${this_script_path}")
+core_path="${src_dir}/core/"
+scripts_path="${src_dir}/scripts/"
 
 # destroy function
 destroy() {
@@ -88,22 +90,22 @@ destroy() {
 
   while [ $destroy_success == "false" ]
   do
-    echo "Destroying ${name} (${attempts}/${max_attempts})..."
+    echo "INFO: destroying ${name} (${attempts}/${max_attempts})..."
 
     if ! eval "$destroy_command";
     then
       # if we fail, run terraform destroy again until $max_attempts
-      error_log "Failed to destroy ${name} (${attempts}/${max_attempts})"
+      error_log "ERROR: failed to destroy ${name} (${attempts}/${max_attempts})"
 
       ((attempts++))
 
       if [[ $attempts -gt $max_attempts ]]; then
-        error_log "Failed ${max_attempts} times to destroy ${name}. Exiting."
+        error_log "ERROR: failed ${max_attempts} times to destroy ${name}. Exiting."
         exit 1
       fi
     else
       destroy_success="true"
-      echo "Finished destroying ${name}!"
+      echo "INFO: finished destroying ${name}!"
     fi
   done
 }

src/clean.sh

@@ -0,0 +1,127 @@
+#!/bin/bash
+#
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+#
+# shellcheck disable=1090,2154
+#
+# remove resources deployed by deploy.sh by mlz env name
+
+set -e
+
+error_log() {
+  echo "${1}" 1>&2;
+}
+
+show_help() {
+  print_formatted() {
+    long_name=$1
+    char_name=$2
+    desc=$3
+    printf "%20s %2s %s \n" "$long_name" "$char_name" "$desc"
+  }
+  print_formatted "argument" "" "description"
+  print_formatted "--mlz-env-name" "-z" "[OPTIONAL] Unique name for MLZ environment (defaults to 'mlz' + UNIX timestamp)"
+}
+
+usage() {
+  echo "clean.sh: remove resources deployed by deploy.sh by mlz env name"
+  show_help
+}
+
+this_script_path=$(realpath "${BASH_SOURCE%/*}")
+configuration_output_path="${this_script_path}/generated-configurations"
+
+# check for dependencies
+
+"${this_script_path}/scripts/util/checkforazcli.sh"
+"${this_script_path}/scripts/util/checkforterraform.sh"
+
+# inspect user input
+while [ $# -gt 0 ] ; do
+  case $1 in
+    -z | --mlz-env-name) mlz_env_name="$2" ;;
+  esac
+  shift
+done
+
+# check mandatory parameters
+# shellcheck disable=1083
+for i in { $mlz_env_name }
+do
+  if [[ $i == "notset" ]]; then
+    error_log "ERROR: Missing required arguments. These arguments are mandatory: -z"
+    usage
+    exit 1
+  fi
+done
+
+# source generated config
+mlz_config_file="${configuration_output_path}/${mlz_env_name}.mlzconfig"
+. "${mlz_config_file}"
+
+# generate names for reference
+. "${this_script_path}/scripts/config/generate_names.sh" "${mlz_config_file}"
+
+# source generated terraform vars
+tfvars_filename="${mlz_env_name}.tfvars"
+tfvars_path="${configuration_output_path}/${tfvars_filename}"
+
+# login
+echo "INFO: setting current subscription to ${mlz_config_subid}..."
+az account set \
+  --subscription "${mlz_config_subid}" \
+  --only-show-errors \
+  --output none
+
+# destroy terraform
+echo "INFO: destroying Terraform using ${mlz_config_file} and ${tfvars_path}..."
+"${this_script_path}/build/destroy_tf.sh" \
+  "${mlz_config_file}" \
+  "${tfvars_path}" \
+  "${tfvars_path}" \
+  "${tfvars_path}" \
+  "${tfvars_path}" \
+  "${tfvars_path}" \
+  "y"
+
+# clean up MLZ config resources
+echo "INFO: cleaning up MLZ resources with tag 'DeploymentName=${mlz_env_name}'..."
+
+# Create array of unique subscription IDs. The 'sed' command below search thru the source
+# variables file looking for all lines that do not have a '#' in the line. If a line with
+# a '#' is found, the '#' and ever character after it in the line is ignored. The output
+# of what remains from the sed command is then piped to grep to find the words that match
+# the pattern. These words are what make up the 'mlz_subs' array.
+mlz_sub_pattern="mlz_.*._subid"
+mlz_subs=$(< "${mlz_config_file}" sed 's:#.*$::g' | grep -w "${mlz_sub_pattern}")
+subs=()
+
+for mlz_sub in $mlz_subs
+do
+    mlz_sub_id=$(echo "${mlz_sub#*=}" | tr -d '"')
+    if [[ ! "${subs[*]}" =~ ${mlz_sub_id} ]];then
+        subs+=("${mlz_sub_id}")
+    fi
+done
+
+# delete resource groups where deploymentname is mlz_env_name in each subscription
+for sub in "${subs[@]}";
+do
+  rgs_to_delete=$(az group list --subscription ${sub} --tag DeploymentName="${mlz_env_name}" --query [].name -o tsv)
+  for rg in $rgs_to_delete;
+  do
+    echo "INFO: deleting ${rg}..."
+
+    az group delete \
+      --name "${rg}" \
+      --yes \
+      --only-show-errors \
+      --output none
+  done
+done
+
+echo "INFO: deleting service principal ${mlz_sp_name}..."
+az ad sp delete --id "http://${mlz_sp_name}"
+
+echo "INFO: Complete! Resources for ${mlz_env_name} deleted!"

src/core/saca-hub/main.tf

@@ -27,6 +27,10 @@ provider "random" {
 resource "azurerm_resource_group" "hub" {
   location = var.mlz_location
   name     = var.saca_rgname
+
+  tags = {
+    DeploymentName = var.deploymentname
+  }
 }
 
 module "saca-hub-network" {

src/core/saca-hub/variables.tf

@@ -73,14 +73,17 @@ variable "firewall_address_space" {
 
 variable "saca_fwname" {
   description = "Name of the Hub Firewall"
+  default     = "mlzDemoFirewall"
 }
 
 variable "firewall_ipconfig_name" {
   description = "The name of the Firewall IP Configuration"
+  default     = "mlzDemoFirewallIpConfiguration"
 }
 
 variable "public_ip_name" {
   description = "The name of the Firewall Public IP"
+  default     = "mlzDemoFirewallPip"
 }
 
 variable "create_network_watcher" {

src/core/tier-0/main.tf

@@ -59,6 +59,10 @@ data "azurerm_firewall" "firewall" {
 resource "azurerm_resource_group" "t0" {
   location = var.mlz_location
   name     = var.tier0_rgname
+
+  tags = {
+    DeploymentName = var.deploymentname
+  }
 }
 
 module "t0-network" {
@@ -133,4 +137,4 @@ module "t0-inbound-peering" {
   tags = {
     DeploymentName = var.deploymentname
   }
-}
+}

src/core/tier-0/variables.tf

@@ -76,6 +76,7 @@ variable "tier0_vnetname" {
 variable "tier0_vnet_address_space" {
   description = "Address space prefixes list of strings"
   type        = list(string)
+  default     = ["10.0.110.0/26"]
 }
 
 variable "subnets" {
@@ -103,6 +104,44 @@ variable "subnets" {
 
     routetable_name = string
   }))
+  default = {
+    "tier0vms" = {
+      name              = "tier0vms"
+      address_prefixes  = ["10.0.110.0/27"]
+      service_endpoints = ["Microsoft.Storage"]
+
+      enforce_private_link_endpoint_network_policies = false
+      enforce_private_link_service_network_policies  = false
+
+      nsg_name = "tier0vmsnsg"
+      nsg_rules = {
+        "allow_ssh" = {
+          name                       = "allow_ssh"
+          priority                   = "100"
+          direction                  = "Inbound"
+          access                     = "Allow"
+          protocol                   = "Tcp"
+          source_port_range          = "22"
+          destination_port_range     = ""
+          source_address_prefix      = "*"
+          destination_address_prefix = ""
+        },
+        "allow_rdp" = {
+          name                       = "allow_rdp"
+          priority                   = "200"
+          direction                  = "Inbound"
+          access                     = "Allow"
+          protocol                   = "Tcp"
+          source_port_range          = "3389"
+          destination_port_range     = ""
+          source_address_prefix      = "*"
+          destination_address_prefix = ""
+        }
+      }
+
+      routetable_name = "tier0vmsrt"
+    }
+  }
 }
 
 variable "create_network_watcher" {

src/core/tier-1/main.tf

@@ -59,6 +59,10 @@ data "azurerm_firewall" "firewall" {
 resource "azurerm_resource_group" "t1" {
   location = var.mlz_location
   name     = var.tier1_rgname
+
+  tags = {
+    DeploymentName = var.deploymentname
+  }
 }
 
 module "t1-network" {

src/core/tier-1/variables.tf

@@ -76,6 +76,7 @@ variable "tier1_vnetname" {
 variable "tier1_vnet_address_space" {
   description = "Address space prefixes for the virtual network"
   type        = list(string)
+  default     = ["10.0.115.0/26"]
 }
 
 variable "subnets" {
@@ -103,6 +104,44 @@ variable "subnets" {
 
     routetable_name = string
   }))
+  default = {
+    "tier1vms" = {
+      name              = "tier1vms"
+      address_prefixes  = ["10.0.115.0/27"]
+      service_endpoints = ["Microsoft.Storage"]
+
+      enforce_private_link_endpoint_network_policies = false
+      enforce_private_link_service_network_policies  = false
+
+      nsg_name = "tier1vmsnsg"
+      nsg_rules = {
+        "allow_ssh" = {
+          name                       = "allow_ssh"
+          priority                   = "100"
+          direction                  = "Inbound"
+          access                     = "Allow"
+          protocol                   = "Tcp"
+          source_port_range          = "22"
+          destination_port_range     = ""
+          source_address_prefix      = "*"
+          destination_address_prefix = ""
+        },
+        "allow_rdp" = {
+          name                       = "allow_rdp"
+          priority                   = "200"
+          direction                  = "Inbound"
+          access                     = "Allow"
+          protocol                   = "Tcp"
+          source_port_range          = "3389"
+          destination_port_range     = ""
+          source_address_prefix      = "*"
+          destination_address_prefix = ""
+        }
+      }
+
+      routetable_name = "tier1vmsrt"
+    }
+  }
 }
 
 variable "create_network_watcher" {

src/core/tier-2/main.tf

@@ -59,6 +59,10 @@ data "azurerm_firewall" "firewall" {
 resource "azurerm_resource_group" "t2" {
   location = var.mlz_location
   name     = var.tier2_rgname
+
+  tags = {
+    DeploymentName = var.deploymentname
+  }
 }
 
 module "t2-network" {