Skip to content

Commit

Permalink
use Bicep loop syntax to create spoke resources the same way (#497)
Browse files Browse the repository at this point in the history
  • Loading branch information
glennmusa authored Nov 3, 2021
1 parent 52882f6 commit b39c930
Show file tree
Hide file tree
Showing 10 changed files with 652 additions and 3,528 deletions.
86 changes: 86 additions & 0 deletions src/bicep/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,10 @@ By default, this template deploys **[Azure Firewall Premium](https://docs.micros
- See [Setting the Firewall SKU](#Setting-the-Firewall-SKU) for steps on how to use the Standard SKU instead.
- See [Setting the Firewall Location](#Setting-the-Firewall-Location) for steps on how to deploy into a different region.

After a deployment is complete, you can refer to the provisioned resources programmaticaly with the Azure CLI.

- See [Reference Deployment Output](#Reference-Deployment-Output) for steps on how to use `az deployment` subcommands and JMESPath to query for specific properties.

### Azure CLI

Use `az deployment sub` to deploy MLZ across 1:M subscriptions (and `az deployment sub create --help` for more information).
Expand Down Expand Up @@ -246,6 +250,88 @@ az deployment sub create \
--template-file "src/bicep/mlz.bicep"
```

### Reference Deployment Output

After you've deployed Mission Landing Zone you'll probably want to integrate additional services or infrastructure.

You can use the `az deployment sub show` command with a `--query` argument to retrieve information about the resources you deployed.

Before giving the next steps a try, it's probably a good idea to [review the Azure CLI's documentation on querying with JMESPath](https://docs.microsoft.com/en-us/cli/azure/query-azure-cli).

First off, let's say you deployed Mission Landing Zone with a deployment name of `myMissionLandingZone`:

```plaintext
az deployment sub create \
--name "myMissionLandingZone" \
--location "East US" \
--template-file "src/bicep/mlz.bicep"
```

Once it's complete, you could see all the resources provisioned in that deployment by querying the `properties.outputResources` property:

```plaintext
az deployment sub show \
--name "myMissionLandingZone" \
--query "properties.outputResources"
```

That's a lot of resources. Thankfully, the template produces outputs for just the things you _probably_ need at `properties.outputs`:

```plaintext
az deployment sub show \
--name "myMissionLandingZone" \
--query "properties.outputs"
```

For example, if you need just the Firewall Private IP address you could retrieve it like this:

```plaintext
az deployment sub show \
--name "myMissionLandingZone" \
--query "properties.outputs.firewallPrivateIPAddress.value"
```

Or, if you need just the Log Analytics Workspace that performs central logging you could retrieve it like this:

```plaintext
az deployment sub show \
--name "myMissionLandingZone" \
--query "properties.outputs.logAnalyticsWorkspaceResourceId.value"
```

Or, say you wanted to deploy resources into the Identity spoke. You could retrieve information about the Identity spoke by querying it from the `properties.outputs.spokes` array like this:

```plaintext
az deployment sub show \
--name "myMissionLandingZone" \
--query "properties.outputs.spokes.value[?name=='identity']"
```

Which would return an output similar to:

```json
[
{
"name": "identity",
"networkSecurityGroupName": "identity-nsg",
"networkSecurityGroupResourceId": ".../providers/Microsoft.Network/networkSecurityGroups/identity-nsg",
"resourceGroupId": ".../resourceGroups/mlz-identity",
"resourceGroupName": "mlz-identity",
"subnetAddressPrefix": "10.0.110.0/27",
"subnetName": "identity-subnet",
"subscriptionId": "<A GUID>",
"virtualNetworkName": "identity-vnet",
"virtualNetworkResourceId": ".../providers/Microsoft.Network/virtualNetworks/identity-vnet"
}
]
```

Bicep templates, the Azure CLI, and JMESpath queries allows you to manually, or in an automated fashion, compose infrastructure incrementally and pass output from one template as input to another.

Read more about `az deployment` at: [https://docs.microsoft.com](https://docs.microsoft.com/en-us/cli/azure/deployment?view=azure-cli-latest)

Read more about JMESPath queries at: <https://jmespath.org/>

## Development Pre-requisites

If you want to develop with Bicep you'll need these:
Expand Down
41 changes: 12 additions & 29 deletions src/bicep/examples/newWorkload/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -48,46 +48,29 @@ az deployment sub show \

```plaintext
{
"hubSubscriptionId": {
"type": "String",
"value": "0987654-3210..."
},
...
"hubResourceGroupName": {
"type": "String",
"value": "mlz-dev-hub"
},
...
"hubVirtualNetworkName": {
"firewallPrivateIPAddress": {
"type": "String",
"value": "hub-vnet"
"value": "10.0.100.4"
},
...
"hubVirtualNetworkId": {
"type": "String",
"value": "/subscriptions/.../providers/Microsoft.Network/virtualNetworks/hub-vnet"
"hub": {
"type": "Object",
"value": {
...
"resourceGroupName": "mlz-dev-hub",
...
"subscriptionId": "...",
"virtualNetworkName": "hub-vnet",
"virtualNetworkResourceId": "/subscriptions/.../providers/Microsoft.Network/virtualNetworks/hub-vnet"
}
},
...
"logAnalyticsWorkspaceResourceId": {
"type": "String",
"value": "/subscriptions/.../providers/Microsoft.OperationalInsights/workspaces/mlz-dev-laws"
},
...
"firewallPrivateIPAddress": {
"type": "String",
"value": "10.0.100.4"
},
}
```

...and if you're on a BASH terminal, this command (take note to replace "myMlzDeployment" with your deployment name) will export the values as environment variables:

<!-- markdownlint-disable MD013 -->
```bash
export $(az deployment sub show --name "myMlzDeployment" --query "properties.outputs.{ args: [ join('', ['hubSubscriptionId=', hubSubscriptionId.value]), join('', ['hubResourceGroupName=', hubResourceGroupName.value]), join('', ['hubVirtualNetworkName=', hubVirtualNetworkName.value]), join('', ['hubVirtualNetworkResourceId=', hubVirtualNetworkResourceId.value]), join('', ['logAnalyticsWorkspaceResourceId=', logAnalyticsWorkspaceResourceId.value]), join('', ['firewallPrivateIPAddress=', firewallPrivateIPAddress.value]) ] }.args" --output tsv | xargs)
```
<!-- markdownlint-enable MD013 -->

## Deploy the example

Once you have the Mission LZ output values, you can pass those in as parameters to this deployment.
Expand Down
40 changes: 13 additions & 27 deletions src/bicep/examples/remoteAccess/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -55,41 +55,27 @@ az deployment sub show \
```plaintext
{
...
"hubResourceGroupName": {
"type": "String",
"value": "mlz-dev-hub"
},
...
"hubVirtualNetworkName": {
"type": "String",
"value": "hub-vnet"
},
...
"hubSubnetResourceId": {
"type": "String",
"value": "/subscriptions/.../providers/Microsoft.Network/virtualNetworks/hub-vnet/subnets/hub-subnet"
},
...
"hubNetworkSecurityGroupResourceId": {
"type": "String",
"value": "/subscriptions/.../providers/Microsoft.Network/networkSecurityGroups/hub-nsg"
"hub": {
"type": "Object",
"value": {
...
"resourceGroupName": "mlz-dev-hub",
...
"networkSecurityGroupResourceId": "/subscriptions/.../providers/Microsoft.Network/networkSecurityGroups/hub-nsg
...
"subnetResourceId": "/subscriptions/.../providers/Microsoft.Network/virtualNetworks/hub-vnet/subnets/hub-subnet",
...
"virtualNetworkName": "hub-vnet"
}
},
...
"logAnalyticsWorkspaceResourceId": {
"type": "String",
"value": "/subscriptions/.../providers/Microsoft.OperationalInsights/workspaces/mlz-dev-laws"
},
...
}
```

...and if you're on a BASH terminal, this command (take note to replace "myMlzDeployment" with your deployment name) will export the values as environment variables:

<!-- markdownlint-disable MD013 -->
```bash
export $(az deployment sub show --name "myMlzDeployment" --query "properties.outputs.{ args: [ join('', ['hubResourceGroupName=', hubResourceGroupName.value]), join('', ['hubVirtualNetworkName=', hubVirtualNetworkName.value]), join('', ['hubSubnetResourceId=', hubSubnetResourceId.value]), join('', ['hubNetworkSecurityGroupResourceId=', hubNetworkSecurityGroupResourceId.value]), join('', ['logAnalyticsWorkspaceResourceId=', logAnalyticsWorkspaceResourceId.value]) ] }.args" --output tsv | xargs)
```
<!-- markdownlint-enable MD013 -->

## Deploy the example

Once you have the Mission LZ output values, you can pass those in as parameters to this deployment.
Expand Down
Loading

0 comments on commit b39c930

Please sign in to comment.