Skip to content

Commit

Permalink
feat: avm/ptn/ai-platform/baseline Add VNet, Bastion and VM to module
Browse files Browse the repository at this point in the history
  • Loading branch information
cecheta committed Aug 12, 2024
1 parent e006349 commit f7b5d62
Show file tree
Hide file tree
Showing 11 changed files with 16,454 additions and 249 deletions.
515 changes: 502 additions & 13 deletions avm/ptn/ai-platform/baseline/README.md

Large diffs are not rendered by default.

440 changes: 433 additions & 7 deletions avm/ptn/ai-platform/baseline/main.bicep

Large diffs are not rendered by default.

15,304 changes: 15,078 additions & 226 deletions avm/ptn/ai-platform/baseline/main.json

Large diffs are not rendered by default.

12 changes: 12 additions & 0 deletions avm/ptn/ai-platform/baseline/tests/e2e/defaults/main.test.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,14 @@ param baseTime string = utcNow('u')
@description('Optional. A token to inject into the name of each resource.')
param namePrefix string = '#_namePrefix_#'

@description('Generated. The username to leverage for the login.')
@secure()
param username string = uniqueString(newGuid())

@description('Generated. The password to leverage for the login.')
@secure()
param password string = newGuid()

// ============ //
// Dependencies //
// ============ //
Expand All @@ -45,6 +53,10 @@ module testDeployment '../../../main.bicep' = [
name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}'
params: {
name: '${namePrefix}${serviceShort}${substring(uniqueString(baseTime), 0, 3)}'
virtualMachineSettings: {
adminUsername: username
adminPassword: password
}
}
}
]
189 changes: 189 additions & 0 deletions avm/ptn/ai-platform/baseline/tests/e2e/max/dependencies.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,15 @@ param location string = resourceGroup().location
@description('Required. The name of the Storage Account to create.')
param storageAccountName string

@description('Required. The name of the Maintenance Configuration to create.')
param maintenanceConfigurationName string

@description('Required. The name of the network security group to create.')
param networkSecurityGroupName string

@description('Required. The name of the Bastion Network Security Group to create.')
param networkSecurityGroupBastionName string

resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
name: storageAccountName
location: location
Expand All @@ -13,5 +22,185 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
kind: 'StorageV2'
}

resource maintenanceConfiguration 'Microsoft.Maintenance/maintenanceConfigurations@2023-10-01-preview' = {
name: maintenanceConfigurationName
location: location
properties: {
extensionProperties: {
InGuestPatchMode: 'User'
}
maintenanceScope: 'InGuestPatch'
maintenanceWindow: {
startDateTime: '2024-06-16 00:00'
duration: '03:55'
timeZone: 'W. Europe Standard Time'
recurEvery: '1Day'
}
visibility: 'Custom'
installPatches: {
rebootSetting: 'IfRequired'
windowsParameters: {
classificationsToInclude: [
'Critical'
'Security'
]
}
}
}
}

resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2023-11-01' = {
name: networkSecurityGroupName
location: location
properties: {
securityRules: [
{
name: 'DenyAnySSHInbound'
properties: {
access: 'Deny'
direction: 'Inbound'
protocol: 'Tcp'
priority: 100
sourcePortRange: '*'
sourceAddressPrefix: '*'
destinationPortRange: '22'
destinationAddressPrefix: '*'
}
}
]
}
}

resource networkSecurityGroupBastion 'Microsoft.Network/networkSecurityGroups@2023-04-01' = {
name: networkSecurityGroupBastionName
location: location
properties: {
securityRules: [
{
name: 'AllowHttpsInbound'
properties: {
priority: 120
protocol: 'Tcp'
access: 'Allow'
direction: 'Inbound'
sourceAddressPrefix: 'Internet'
sourcePortRange: '*'
destinationAddressPrefix: '*'
destinationPortRange: '443'
}
}
{
name: 'AllowGatewayManagerInbound'
properties: {
priority: 130
protocol: 'Tcp'
access: 'Allow'
direction: 'Inbound'
sourceAddressPrefix: 'GatewayManager'
sourcePortRange: '*'
destinationAddressPrefix: '*'
destinationPortRange: '443'
}
}
{
name: 'AllowAzureLoadBalancerInbound'
properties: {
priority: 140
protocol: 'Tcp'
access: 'Allow'
direction: 'Inbound'
sourceAddressPrefix: 'AzureLoadBalancer'
sourcePortRange: '*'
destinationAddressPrefix: '*'
destinationPortRange: '443'
}
}
{
name: 'AllowBastionHostCommunication'
properties: {
priority: 150
protocol: '*'
access: 'Allow'
direction: 'Inbound'
sourceAddressPrefix: 'VirtualNetwork'
sourcePortRange: '*'
destinationAddressPrefix: 'VirtualNetwork'
destinationPortRanges: [
'8080'
'5701'
]
}
}
{
name: 'AllowSshOutbound'
properties: {
priority: 100
protocol: '*'
access: 'Allow'
direction: 'Outbound'
sourceAddressPrefix: '*'
sourcePortRange: '*'
destinationAddressPrefix: 'VirtualNetwork'
destinationPortRanges: [
'22'
'3389'
]
}
}
{
name: 'AllowAzureCloudOutbound'
properties: {
priority: 110
protocol: 'Tcp'
access: 'Allow'
direction: 'Outbound'
sourceAddressPrefix: '*'
sourcePortRange: '*'
destinationAddressPrefix: 'AzureCloud'
destinationPortRange: '443'
}
}
{
name: 'AllowBastionCommunication'
properties: {
priority: 120
protocol: '*'
access: 'Allow'
direction: 'Outbound'
sourceAddressPrefix: 'VirtualNetwork'
sourcePortRange: '*'
destinationAddressPrefix: 'VirtualNetwork'
destinationPortRanges: [
'8080'
'5701'
]
}
}
{
name: 'AllowHttpOutbound'
properties: {
priority: 130
protocol: '*'
access: 'Allow'
direction: 'Outbound'
sourceAddressPrefix: '*'
sourcePortRange: '*'
destinationAddressPrefix: 'Internet'
destinationPortRange: '80'
}
}
]
}
}

@description('The resource ID of the created Storage Account.')
output storageAccountResourceId string = storageAccount.id

@description('The resource ID of the created Network Security Group.')
output networkSecurityGroupResourceId string = networkSecurityGroup.id

@description('The resource ID of the created Bastion Network Security Group.')
output networkSecurityGroupBastionResourceId string = networkSecurityGroupBastion.id

@description('The resource ID of the maintenance configuration.')
output maintenanceConfigurationResourceId string = maintenanceConfiguration.id
79 changes: 78 additions & 1 deletion avm/ptn/ai-platform/baseline/tests/e2e/max/main.test.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,14 @@ param baseTime string = utcNow('u')
@description('Optional. A token to inject into the name of each resource.')
param namePrefix string = '#_namePrefix_#'

@description('Generated. The username to leverage for the login.')
@secure()
param username string = uniqueString(newGuid())

@description('Generated. The password to leverage for the login.')
@secure()
param password string = newGuid()

// ============ //
// Dependencies //
// ============ //
Expand All @@ -34,6 +42,18 @@ resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
location: resourceLocation
}

module nestedDependencies 'dependencies.bicep' = {
scope: resourceGroup
name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies'
params: {
location: resourceLocation
storageAccountName: 'dep${namePrefix}st${serviceShort}'
maintenanceConfigurationName: 'dep-${namePrefix}-mc-${serviceShort}'
networkSecurityGroupName: 'dep${namePrefix}nsg${serviceShort}'
networkSecurityGroupBastionName: 'dep-${namePrefix}-nsg-bastion-${serviceShort}'
}
}

// ============== //
// Test Execution //
// ============== //
Expand All @@ -58,7 +78,6 @@ module testDeployment '../../../main.bicep' = [
storageAccountSettings: {
name: '${namePrefix}st${serviceShort}'
sku: 'Standard_GRS'
allowSharedKeyAccess: true
}
containerRegistrySettings: {
name: '${namePrefix}cr${serviceShort}'
Expand All @@ -67,6 +86,64 @@ module testDeployment '../../../main.bicep' = [
applicationInsightsSettings: {
name: '${namePrefix}-appi-${serviceShort}'
}
virtualNetworkSettings: {
name: '${namePrefix}-vnet-${serviceShort}'
addressPrefix: '10.1.0.0/16'
enabled: true
subnet: {
name: '${namePrefix}-snet-${serviceShort}'
addressPrefix: '10.1.0.0/24'
networkSecurityGroupResourceId: nestedDependencies.outputs.networkSecurityGroupResourceId
}
}
bastionSettings: {
enabled: true
name: '${namePrefix}-bas-${serviceShort}'
sku: 'Standard'
networkSecurityGroupResourceId: nestedDependencies.outputs.networkSecurityGroupBastionResourceId
subnetAddressPrefix: '10.1.1.0/26'
disableCopyPaste: true
enableFileCopy: true
enableIpConnect: true
enableKerberos: true
enableShareableLink: true
scaleUnits: 3
}
virtualMachineSettings: {
enabled: true
name: '${namePrefix}-vm-${serviceShort}'
zone: 1
size: 'Standard_DS1_v2'
adminUsername: username
adminPassword: password
nicConfigurationSettings: {
name: '${namePrefix}-nic-${serviceShort}'
ipConfigName: '${namePrefix}-ipcfg-${serviceShort}'
privateIPAllocationMethod: 'Dynamic'
networkSecurityGroupResourceId: nestedDependencies.outputs.networkSecurityGroupResourceId
}
imageReference: {
publisher: 'microsoft-dsvm'
offer: 'dsvm-win-2019'
sku: 'server-2019'
version: 'latest'
}
osDisk: {
name: '${namePrefix}-disk-${serviceShort}'
diskSizeGB: 256
createOption: 'FromImage'
caching: 'ReadOnly'
managedDisk: {
storageAccountType: 'Standard_LRS'
}
deleteOption: 'Delete'
}
patchMode: 'AutomaticByPlatform'
encryptionAtHost: false
enableAadLoginExtension: true
enableAzureMonitorAgent: true
maintenanceConfigurationResourceId: nestedDependencies.outputs.maintenanceConfigurationResourceId
}
workspaceHubSettings: {
name: '${namePrefix}-hub-${serviceShort}'
computes: [
Expand Down
56 changes: 56 additions & 0 deletions avm/ptn/ai-platform/baseline/tests/e2e/no-vm/main.test.bicep
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
targetScope = 'subscription'

metadata name = 'Without virtual machine'
metadata description = 'This instance deploys the module with a virtual network, but no virtual machine or Azure Bastion host.'

// ========== //
// Parameters //
// ========== //

@description('Optional. The name of the resource group to deploy for testing purposes.')
@maxLength(90)
param resourceGroupName string = 'dep-${namePrefix}-aiplatform-baseline-${serviceShort}-rg'

@description('Optional. The location to deploy resources to.')
param resourceLocation string = deployment().location

@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
param serviceShort string = 'aipbnovm'

@description('Generated. Used as a basis for unique resource names.')
param baseTime string = utcNow('u')

@description('Optional. A token to inject into the name of each resource.')
param namePrefix string = '#_namePrefix_#'

// ============ //
// Dependencies //
// ============ //

// General resources
// =================
resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
name: resourceGroupName
location: resourceLocation
}

// ============== //
// Test Execution //
// ============== //

@batchSize(1)
module testDeployment '../../../main.bicep' = [
for iteration in ['init', 'idem']: {
scope: resourceGroup
name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}'
params: {
name: '${namePrefix}${serviceShort}${substring(uniqueString(baseTime), 0, 3)}'
bastionSettings: {
enabled: false
}
virtualMachineSettings: {
enabled: false
}
}
}
]
Loading

0 comments on commit f7b5d62

Please sign in to comment.