diff --git a/.azure-devops/nightlybuild/mlz-bicep-azurecloud-pipelines.yml b/.azure-devops/nightlybuild/mlz-bicep-azurecloud-pipelines.yml index 9ec8247d9..7099b6a0b 100644 --- a/.azure-devops/nightlybuild/mlz-bicep-azurecloud-pipelines.yml +++ b/.azure-devops/nightlybuild/mlz-bicep-azurecloud-pipelines.yml @@ -29,15 +29,77 @@ jobs: --name $(bDeploymentName) \ --location $(Location) \ --template-file $(TemplateFile) + + - task: AzureCLI@2 + displayName: "Extract Values and Hydrate Variables for T3 Deployment" + inputs: + azureSubscription: $(ServiceConnectionName) + scriptType: 'bash' + scriptLocation: 'inlineScript' + inlineScript: | + deploymentoutput=$(az deployment sub show \ + --name $(bDeploymentName) \ + --query '{ + hubSubId: properties.outputs.hub.value.subscriptionId, + hubRGroupName: properties.outputs.hub.value.resourceGroupName, + hubVNetworkName: properties.outputs.hub.value.virtualNetworkName, + hubVNetworkResourceId: properties.outputs.hub.value.virtualNetworkResourceId, + logAWspaceResourceId: properties.outputs.logAnalyticsWorkspaceResourceId.value, + firewallPrivateIP: properties.outputs.firewallPrivateIPAddress.value + }' \ + --output json) + + hubSubId=$(echo $deploymentoutput | jq '.hubSubId') \ + && echo "##vso[task.setvariable variable=hubSubscriptionId;]$hubSubId" + + hubRGroupName=$(echo $deploymentoutput | jq '.hubRGroupName') \ + && echo "##vso[task.setvariable variable=hubResourceGroupName;]$hubRGroupName" + + hubVNetworkName=$(echo $deploymentoutput | jq '.hubVNetworkName') \ + && echo "##vso[task.setvariable variable=hubVirtualNetworkName;]$hubVNetworkName" + + hubVNetworkResourceId=$(echo $deploymentoutput | jq '.hubVNetworkResourceId') \ + && echo "##vso[task.setvariable variable=hubVirtualNetworkResourceId;]$hubVNetworkResourceId" + + logAWspaceResourceId=$(echo $deploymentoutput | jq '.logAWspaceResourceId') \ + && echo "##vso[task.setvariable variable=logAnalyticsWorkspaceResourceId;]$logAWspaceResourceId" + + firewallPrivateIP=$(echo $deploymentoutput | jq '.firewallPrivateIP') \ + && echo "##vso[task.setvariable variable=firewallPrivateIPAddress;]$firewallPrivateIP" + + - task: AzureCLI@2 + displayName: "T3 Bicep Deployment" + inputs: + azureSubscription: $(ServiceConnectionName) + scriptType: 'bash' + scriptLocation: 'inlineScript' + inlineScript: | + az deployment sub create \ + --subscription $(workloadSubId) \ + --location $(Location) \ + --name $(workloadName) \ + --template-file $(T3TemplateFile) \ + --parameters \ + workloadName=$(workloadName) \ + hubSubscriptionId=$(hubSubscriptionId) \ + hubResourceGroupName=$(hubResourceGroupName) \ + hubVirtualNetworkName=$(hubVirtualNetworkName) \ + hubVirtualNetworkResourceId=$(hubVirtualNetworkResourceId) \ + logAnalyticsWorkspaceResourceId=$(logAnalyticsWorkspaceResourceId) \ + firewallPrivateIPAddress=$(firewallPrivateIPAddress) + - task: AzureCLI@2 displayName: "Clean up Subscription Diagnostics Settings" + condition: always() inputs: azureSubscription: $(ServiceConnectionName) scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: 'az monitor diagnostic-settings subscription list --query "value[? contains(@.name, ''$1'')].name" -o table |grep ''mlz''| awk ''{system(" az monitor diagnostic-settings delete --resource ''"/subscriptions/$(subId)"'' --name "$1)}''' + - task: AzureCLI@2 displayName: "Clean up Resources" + condition: always() inputs: azureSubscription: $(ServiceConnectionName) scriptType: 'bash' diff --git a/.azure-devops/nightlybuild/mlz-bicep-azuregov-pipelines.yml b/.azure-devops/nightlybuild/mlz-bicep-azuregov-pipelines.yml index 9256750cd..8331053db 100644 --- a/.azure-devops/nightlybuild/mlz-bicep-azuregov-pipelines.yml +++ b/.azure-devops/nightlybuild/mlz-bicep-azuregov-pipelines.yml @@ -29,15 +29,76 @@ jobs: --name $(bDeploymentName) \ --location $(GLocation) \ --template-file $(TemplateFile) + + - task: AzureCLI@2 + displayName: "Extract Values and Hydrate Variables for T3 Deployment" + inputs: + azureSubscription: $(GServiceConnectionName) + scriptType: 'bash' + scriptLocation: 'inlineScript' + inlineScript: | + deploymentoutput=$(az deployment sub show \ + --name $(bDeploymentName) \ + --query '{ + hubSubId:properties.outputs.hub.value.subscriptionId, + hubRGroupName:properties.outputs.hub.value.resourceGroupName, + hubVNetworkName:properties.outputs.hub.value.virtualNetworkName, + hubVNetworkResourceId:properties.outputs.hub.value.virtualNetworkResourceId, + logAWspaceResourceId:properties.outputs.logAnalyticsWorkspaceResourceId.value, + firewallPrivateIP:properties.outputs.firewallPrivateIPAddress.value }' \ + --output json) + + hubSubId=$(echo $deploymentoutput | jq '.hubSubId') \ + && echo "##vso[task.setvariable variable=hubSubscriptionId;]$hubSubId" + + hubRGroupName=$(echo $deploymentoutput | jq '.hubRGroupName') \ + && echo "##vso[task.setvariable variable=hubResourceGroupName;]$hubRGroupName" + + hubVNetworkName=$(echo $deploymentoutput | jq '.hubVNetworkName') \ + && echo "##vso[task.setvariable variable=hubVirtualNetworkName;]$hubVNetworkName" + + hubVNetworkResourceId=$(echo $deploymentoutput | jq '.hubVNetworkResourceId') \ + && echo "##vso[task.setvariable variable=hubVirtualNetworkResourceId;]$hubVNetworkResourceId" + + logAWspaceResourceId=$(echo $deploymentoutput | jq '.logAWspaceResourceId') \ + && echo "##vso[task.setvariable variable=logAnalyticsWorkspaceResourceId;]$logAWspaceResourceId" + + firewallPrivateIP=$(echo $deploymentoutput | jq '.firewallPrivateIP') \ + && echo "##vso[task.setvariable variable=firewallPrivateIPAddress;]$firewallPrivateIP" + + - task: AzureCLI@2 + displayName: "T3 Bicep Deployment" + inputs: + azureSubscription: $(GServiceConnectionName) + scriptType: 'bash' + scriptLocation: 'inlineScript' + inlineScript: | + az deployment sub create \ + --subscription $(GSubId) \ + --location $(GLocation) \ + --name $(workloadName) \ + --template-file $(T3TemplateFile) \ + --parameters \ + workloadName=$(workloadName) \ + hubSubscriptionId=$(hubSubscriptionId) \ + hubResourceGroupName=$(hubResourceGroupName) \ + hubVirtualNetworkName=$(hubVirtualNetworkName) \ + hubVirtualNetworkResourceId=$(hubVirtualNetworkResourceId) \ + logAnalyticsWorkspaceResourceId=$(logAnalyticsWorkspaceResourceId) \ + firewallPrivateIPAddress=$(firewallPrivateIPAddress) + - task: AzureCLI@2 displayName: "Clean up Subscription Diagnostics Settings" + condition: always() inputs: azureSubscription: $(GServiceConnectionName) scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: 'az monitor diagnostic-settings subscription list --query "value[? contains(@.name, ''$1'')].name" -o table |grep ''mlz''| awk ''{system(" az monitor diagnostic-settings delete --resource ''"/subscriptions/$(GSubId)"'' --name "$1)}''' + - task: AzureCLI@2 displayName: "Clean up Resources" + condition: always() inputs: azureSubscription: $(GServiceConnectionName) scriptType: 'bash' diff --git a/.azure-devops/nightlybuild/mlz-tf-azurecloud-pipelines.yml b/.azure-devops/nightlybuild/mlz-tf-azurecloud-pipelines.yml index 7f7d804cb..dfa172264 100644 --- a/.azure-devops/nightlybuild/mlz-tf-azurecloud-pipelines.yml +++ b/.azure-devops/nightlybuild/mlz-tf-azurecloud-pipelines.yml @@ -21,9 +21,9 @@ jobs: - task: TerraformInstaller@0 inputs: terraformVersion: '1.0.8' + - task: AzureCLI@2 displayName: "Apply MLZ Terraform" - continueOnError: true inputs: azureSubscription: $(CAzureConnection) scriptType: 'bash' @@ -39,8 +39,81 @@ jobs: terraform apply -var "hub_subid=$(subid)" -auto-approve -input=false workingDirectory: '$(System.DefaultWorkingDirectory)/src/terraform/mlz' useGlobalConfig: true + + - task: AzureCLI@2 + displayName: "Extract Values and Hydrate Variables for T3 Deployment" + inputs: + azureSubscription: $(CAzureConnection) + scriptType: 'bash' + scriptLocation: 'inlineScript' + addSpnToEnvironment: true + inlineScript: | + echo "##vso[task.setvariable variable=hubSubscriptionId;]$(terraform output -raw hub_subid)" + echo "##vso[task.setvariable variable=hubVirtualNetworkName;]$(terraform output -raw hub_vnetname)" + echo "##vso[task.setvariable variable=hubResourceGroupName;]$(terraform output -raw hub_rgname)" + echo "##vso[task.setvariable variable=firewallPrivateIPAddress;]$(terraform output -raw firewall_private_ip)" + echo "##vso[task.setvariable variable=lawsName;]$(terraform output -raw laws_name)" + echo "##vso[task.setvariable variable=lawsRgName;]$(terraform output -raw laws_rgname)" + echo "##vso[task.setvariable variable=tier1SubId;]$(terraform output -raw tier1_subid)" + echo "##vso[task.setvariable variable=tier3SubId;]$(terraform output -raw tier1_subid)" + workingDirectory: '$(System.DefaultWorkingDirectory)/src/terraform/mlz' + useGlobalConfig: true + + - task: AzureCLI@2 + displayName: "Apply T3 Workload Terraform" + inputs: + azureSubscription: $(CAzureConnection) + scriptType: 'bash' + scriptLocation: 'inlineScript' + addSpnToEnvironment: true + inlineScript: | + export ARM_CLIENT_ID=$(ClientId) + export ARM_CLIENT_SECRET=$(ClientSecret) + export ARM_SUBSCRIPTION_ID=$(subId) + export ARM_TENANT_ID=$(tenantId) + terraform init + terraform apply -var "hub_subid=$(hubSubscriptionId)" \ + -var "hub_rgname=$(hubResourceGroupName)" \ + -var "firewall_private_ip=$(firewallPrivateIPAddress)" \ + -var "hub_vnetname=$(hubVirtualNetworkName)" \ + -var "laws_name=$(lawsName)" -var "laws_rgname=$(lawsRgName)" \ + -var "tier1_subid=$(tier1SubId)" \ + -var "tier3_subid=$(tier3SubId)" \ + -auto-approve \ + -input=false + workingDirectory: '$(System.DefaultWorkingDirectory)/src/terraform/tier3' + useGlobalConfig: true + + - task: AzureCLI@2 + displayName: "Destroy T3 Workload Terraform" + condition: always() + inputs: + azureSubscription: $(CAzureConnection) + scriptType: 'bash' + scriptLocation: 'inlineScript' + addSpnToEnvironment: true + inlineScript: | + export ARM_CLIENT_ID=$(ClientId) + export ARM_CLIENT_SECRET=$(ClientSecret) + export ARM_SUBSCRIPTION_ID=$(subId) + export ARM_TENANT_ID=$(tenantId) + terraform init + terraform destroy -var "hub_subid=$(hubSubscriptionId)" \ + -var "hub_rgname=$(hubResourceGroupName)" \ + -var "firewall_private_ip=$(firewallPrivateIPAddress)" \ + -var "hub_vnetname=$(hubVirtualNetworkName)" \ + -var "laws_name=$(lawsName)" \ + -var "laws_rgname=$(lawsRgName)" \ + -var "tier1_subid=$(tier1SubId)" \ + -var "tier3_subid=$(tier3SubId)" \ + -auto-approve \ + -input=false + workingDirectory: '$(System.DefaultWorkingDirectory)/src/terraform/tier3' + useGlobalConfig: true + - task: AzureCLI@2 displayName: "Destroy MLZ Terraform" + condition: always() inputs: azureSubscription: $(CAzureConnection) scriptType: 'bash' @@ -55,3 +128,4 @@ jobs: terraform destroy -var "hub_subid=$(subid)" -auto-approve -input=false workingDirectory: '$(System.DefaultWorkingDirectory)/src/terraform/mlz' useGlobalConfig: true + \ No newline at end of file diff --git a/.azure-devops/nightlybuild/mlz-tf-azuregov-pipelines.yml b/.azure-devops/nightlybuild/mlz-tf-azuregov-pipelines.yml index 6b3fc8aaf..427e7e8e8 100644 --- a/.azure-devops/nightlybuild/mlz-tf-azuregov-pipelines.yml +++ b/.azure-devops/nightlybuild/mlz-tf-azuregov-pipelines.yml @@ -2,12 +2,13 @@ # Licensed under the MIT License. schedules: - - cron: '55 1 * * *' + - cron: "0 2 * * *" displayName: "Nightly - mlz Terraform azure US Gov cloud" branches: include: - main - always: 'true' + always: true + pool: vmImage: ubuntu-latest @@ -20,9 +21,9 @@ jobs: - task: TerraformInstaller@0 inputs: terraformVersion: '1.0.8' + - task: AzureCLI@2 displayName: "Apply MLZ Terraform" - continueOnError: true inputs: azureSubscription: $(GAzureConnection) scriptType: 'bash' @@ -35,12 +36,104 @@ jobs: export ARM_TENANT_ID=$(GTenantId) export ARM_ENVIRONMENT=$(CloudEnv) terraform init - terraform plan -var "hub_subid=$(GSubid)" -var metadata_host=$(MetadataHost) -var environment=$(CloudEnv) -var location=$(GLocation) -input=false - terraform apply -var "hub_subid=$(GSubid)" -var metadata_host=$(MetadataHost) -var environment=$(CloudEnv) -var location=$(GLocation) -auto-approve -input=false + terraform plan \ + -var "hub_subid=$(GSubid)" \ + -var metadata_host=$(MetadataHost) \ + -var environment=$(CloudEnv) \ + -var location=$(GLocation) \ + -input=false + terraform apply -var "hub_subid=$(GSubid)" \ + -var metadata_host=$(MetadataHost) \ + -var environment=$(CloudEnv) \ + -var location=$(GLocation) \ + -auto-approve \ + -input=false + workingDirectory: '$(System.DefaultWorkingDirectory)/src/terraform/mlz' + useGlobalConfig: true + + - task: AzureCLI@2 + displayName: "Extract Values and Hydrate Variables for T3 Deployment" + inputs: + azureSubscription: $(GAzureConnection) + scriptType: 'bash' + scriptLocation: 'inlineScript' + addSpnToEnvironment: true + inlineScript: | + echo "##vso[task.setvariable variable=hubSubscriptionId;]$(terraform output -raw hub_subid)" + echo "##vso[task.setvariable variable=hubVirtualNetworkName;]$(terraform output -raw hub_vnetname)" + echo "##vso[task.setvariable variable=hubResourceGroupName;]$(terraform output -raw hub_rgname)" + echo "##vso[task.setvariable variable=firewallPrivateIPAddress;]$(terraform output -raw firewall_private_ip)" + echo "##vso[task.setvariable variable=lawsName;]$(terraform output -raw laws_name)" + echo "##vso[task.setvariable variable=lawsRgName;]$(terraform output -raw laws_rgname)" + echo "##vso[task.setvariable variable=tier1SubId;]$(terraform output -raw tier1_subid)" + echo "##vso[task.setvariable variable=tier3SubId;]$(terraform output -raw tier1_subid)" workingDirectory: '$(System.DefaultWorkingDirectory)/src/terraform/mlz' useGlobalConfig: true + + - task: AzureCLI@2 + displayName: "Apply T3 Workload Terraform" + inputs: + azureSubscription: $(GAzureConnection) + scriptType: 'bash' + scriptLocation: 'inlineScript' + addSpnToEnvironment: true + inlineScript: | + export ARM_CLIENT_ID=$(GClientId) + export ARM_CLIENT_SECRET=$(GClientSecret) + export ARM_SUBSCRIPTION_ID=$(GSubId) + export ARM_TENANT_ID=$(GTenantId) + export ARM_ENVIRONMENT=$(CloudEnv) + terraform init + terraform apply -var "hub_subid=$(hubSubscriptionId)" \ + -var metadata_host=$(MetadataHost) \ + -var environment=$(CloudEnv) \ + -var location=$(GLocation) \ + -var "hub_rgname=$(hubResourceGroupName)" \ + -var "firewall_private_ip=$(firewallPrivateIPAddress)" \ + -var "hub_vnetname=$(hubVirtualNetworkName)" \ + -var "laws_name=$(lawsName)" \ + -var "laws_rgname=$(lawsRgName)" \ + -var "tier1_subid=$(tier1SubId)" \ + -var "tier3_subid=$(tier3SubId)" \ + -auto-approve \ + -input=false + workingDirectory: '$(System.DefaultWorkingDirectory)/src/terraform/tier3' + useGlobalConfig: true + + - task: AzureCLI@2 + displayName: "Destroy T3 Workload Terraform" + condition: always() + inputs: + azureSubscription: $(GAzureConnection) + scriptType: 'bash' + scriptLocation: 'inlineScript' + addSpnToEnvironment: true + inlineScript: | + export ARM_CLIENT_ID=$(GClientId) + export ARM_CLIENT_SECRET=$(GClientSecret) + export ARM_SUBSCRIPTION_ID=$(GSubId) + export ARM_TENANT_ID=$(GTenantId) + export ARM_ENVIRONMENT=$(CloudEnv) + terraform init + terraform destroy -var "hub_subid=$(hubSubscriptionId)" \ + -var metadata_host=$(MetadataHost) \ + -var environment=$(CloudEnv) \ + -var location=$(GLocation) \ + -var "hub_rgname=$(hubResourceGroupName)" \ + -var "firewall_private_ip=$(firewallPrivateIPAddress)" \ + -var "hub_vnetname=$(hubVirtualNetworkName)" \ + -var "laws_name=$(lawsName)" \ + -var "laws_rgname=$(lawsRgName)" \ + -var "tier1_subid=$(tier1SubId)" \ + -var "tier3_subid=$(tier3SubId)" \ + -auto-approve \ + -input=false + workingDirectory: '$(System.DefaultWorkingDirectory)/src/terraform/tier3' + useGlobalConfig: true + - task: AzureCLI@2 displayName: "Destroy MLZ Terraform" + condition: always() inputs: azureSubscription: $(GAzureConnection) scriptType: 'bash' @@ -53,6 +146,11 @@ jobs: export ARM_TENANT_ID=$(GTenantId) export ARM_ENVIRONMENT=$(CloudEnv) terraform init - terraform destroy -var "hub_subid=$(GSubid)" -var metadata_host=$(MetadataHost) -var environment=$(CloudEnv) -var location=$(GLocation) -auto-approve -input=false + terraform destroy -var "hub_subid=$(GSubid)" \ + -var metadata_host=$(MetadataHost) \ + -var environment=$(CloudEnv) \ + -var location=$(GLocation) \ + -auto-approve \ + -input=false workingDirectory: '$(System.DefaultWorkingDirectory)/src/terraform/mlz' useGlobalConfig: true