Azure · glennmusa · Sep 22, 2021 · Aug 5, 2021 · Aug 10, 2021 · Aug 26, 2021
@@ -35,13 +35,6 @@ RUN add-apt-repository ppa:git-core/ppa \
     sudo \
     shellcheck
 
-# Install Python 3
-RUN apt-get update \
-    && apt-get install -y \
-    python3 \
-    python3-pip \
-    && ln -s /usr/bin/python3 /usr/bin/python 
-
 # Install Terraform and tflint
 RUN wget -O terraform.zip https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip \
     && wget -O tflint.zip https://github.com/terraform-linters/tflint/releases/download/v${TFLINT_VERSION}/tflint_linux_amd64.zip \
@@ -95,6 +88,10 @@ RUN AZ_REPO=$(lsb_release -cs) \
 # Install AZ CLI
 RUN apt-get update && apt-get install -y azure-cli=${AZURE_CLI_VERSION}
 
+# Install Bicep
+RUN curl -Lo /usr/local/bin/bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64 \
+    && chmod +x /usr/local/bin/bicep
+
 # Clean up
 RUN apt-get autoremove -y \
     && apt-get clean -y \

@@ -11,7 +11,8 @@ All configuration related to the development container is in the `.devcontainer`
 
 ### Step-by-Step
 
-1. Follow the Mission LZ [Getting Started](https://github.com/Azure/missionlz/blob/main/src/docs/getting-started.md#pre-requisites) pre-requisites and step-by-step guide.
+1. Follow the Mission LZ [Getting Started](../docs/getting-started.md) pre-requisites and step-by-step guide.
+
 1. Open a command line (e.g. `wsl.exe` or `bash.exe`), change to the root folder of the local workspace for the cloned Mission LZ project, and start VS Code from this root folder (not a sub folder or a parent folder).
    > **NOTE:** If you are using WSL or BASH on Linux or Mac, you can navigate to the root folder of the project (for example, in the path `$HOME/missionlz` assuming you cloned the project to $HOME) and enter the command below to launch VS Code in correct directory. Be sure to include the trailing "." in the second command.
 

@@ -22,7 +22,8 @@
 		"ms-vscode-remote.vscode-remote-extensionpack",
 		"davidanson.vscode-markdownlint",
 		"github.vscode-pull-request-github",
-		"timonwong.shellcheck"
+		"timonwong.shellcheck",
+		"ms-azuretools.vscode-bicep"
 	],
 
 	// Additional args to pass to the 'docker run' command

@@ -0,0 +1,18 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+name: validate-bicep
+on: 
+  pull_request:
+    paths: 
+    - '**.bicep'
+  workflow_dispatch:
+    paths:
+    - '**.bicep'
+jobs:
+  validate-bicep:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - run: |
+          az bicep build --file src/bicep/mlz.bicep
@@ -0,0 +1,22 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+name: validate-build-bicep
+on:
+  push:
+    paths:
+    - '**.bicep'
+    branches:
+      - bicep
+jobs:
+  validate-build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - run: |
+          git config user.name github-actions
+          git config user.email [email protected]
+          az bicep build --file src/bicep/mlz.bicep --outfile src/bicep/mlz.json
+          git add src/bicep/mlz.json
+          git commit -m "GitHub Action: Build Bicep to JSON"
+          git push
@@ -2,14 +2,18 @@
 # Licensed under the MIT License.
 
 name: validate-terraform
-on: [pull_request, workflow_dispatch]
+on: 
+  pull_request:
+    paths: 
+    - 'src/terraform/**'
+  workflow_dispatch:
 jobs:
   validate-terraform:
     runs-on: ubuntu-latest
     steps:
     - uses: hashicorp/setup-terraform@v1
       with:
-        terraform_version: 0.13.4
+        terraform_version: 1.0.3
     - shell: bash
       name: check tooling versions
       run: |
@@ -18,4 +22,8 @@ jobs:
     - shell: bash
       name: validate and lint terraform
       run: |
-        src/build/validate_tf.sh
+        src/build/validate_tf.sh src/terraform/mlz src/terraform/tier3
+    - shell: bash
+      name: check terraform formatting
+      run: |
+        src/build/check_tf_format.sh src/terraform
@@ -1,5 +1,6 @@
 # Copyright (c) Microsoft Corporation.
 # Licensed under the MIT License.
+
 # Terraform artifacts
 *.tfvars
 *.terraform
@@ -17,48 +18,5 @@ crash.log
 *plan*
 *.plan*
 
-# Setup config variables file
-mlz.config
-saca-hub.tfvars.json
-tier-0.tfvars.json
-tier-1.tfvars.json
-tier-2.tfvars.json
-globals.tfvars.json
-*.tfvars.json
-!*.orig.tfvars.json
-
-# Bash artifacts
-*.vars
-
 # Mac files
 .DS_Store
-
-# .NET Core
-project.lock.json
-project.fragment.lock.json
-artifacts/
-**/Properties/launchSettings.json
-
-# NuGet Packages
-*.nupkg
-# The packages folder can be ignored because of Package Restore
-**/[Pp]ackages/*
-# except build/, which is used as an MSBuild target.
-!**/[Pp]ackages/build/
-# Uncomment if necessary however generally it will be regenerated when needed
-#!**/[Pp]ackages/repositories.config
-# NuGet v3's project.json files produces more ignorable files
-*.nuget.props
-*.nuget.targets
-
-# Python Tools for Visual Studio (PTVS)
-__pycache__/
-*.pyc
-**/.idea/
-**/config_output/
-**/exec_output
-
-# ignore generated output
-**/generated-configurations/*
-mlz.zip
-mlz.tar
@@ -9,6 +9,7 @@
 		"ms-vscode-remote.vscode-remote-extensionpack",
 		"davidanson.vscode-markdownlint",
 		"github.vscode-pull-request-github",
+		"ms-azuretools.vscode-bicep",
 	],
 	// List of extensions recommended by VS Code that should not be recommended for users of this workspace.
 	"unwantedRecommendations": [

@@ -45,20 +45,20 @@ Mission LZ has the following scope:
 
 <!-- markdownlint-disable MD033 -->
 <!-- allow html for images so that they can be sized -->
-<img src="src/docs/images/scope.png" alt="Mission LZ Scope" width="600" />
+<img src="docs/images/scope.png" alt="Mission LZ Scope" width="600" />
 <!-- markdownlint-enable MD033 -->
 
 ## Networking
 
 Networking is set up in a hub and spoke design, separated by tiers: T0 (Identity and Authorization), T1 (Infrastructure Operations), T2 (DevSecOps and Shared Services), and multiple T3s (Workloads). Security can be configured to allow separation of duties between all tiers. Most customers will deploy each tier to a separate Azure subscription, but multiple subscriptions are not required.
 
 <!-- markdownlint-disable MD033 -->
-<img src="src/docs/images/networking.png" alt="Mission LZ Networking" width="600" />
+<img src="docs/images/networking.png" alt="Mission LZ Networking" width="600" />
 <!-- markdownlint-enable MD033 -->
 
 ## Getting Started using Mission LZ
 
-See our [Getting Started Guide](src/docs/getting-started.md) in the docs.
+See our [Getting Started Guide](docs/getting-started.md) in the docs.
 
 ## Product Roadmap
 
@@ -67,7 +67,7 @@ See the [Projects](https://github.com/Azure/missionlz/projects) page for the rel
 Here's what the repo consists of as of May 2021:
 
 <!-- markdownlint-disable MD033 -->
-<img src="src/docs/images/missionlz_as_of_july2021.jpg" alt="Mission LZ as of July 2021" width="600" />
+<img src="docs/images/missionlz_as_of_may2021.png" alt="Mission LZ as of April 2021" width="600" />
 <!-- markdownlint-enable MD033 -->
 
 ## Contributing

@@ -0,0 +1,25 @@
+# Command-Line Deployment
+
+The steps in this article assume the following pre-requisites for command-line deployments:
+
+* Follow the Mission LZ [Getting Started](./getting-started.md) steps.
+
+## Step-by-step
+
+1. Follow the [steps to open the `.devcontainer`](../.devcontainer/README.md) as recommended (or start a local BASH shell with the prerequisites installed)
+
+   > `vscode@missionlz-dev:/workspaces/missionlz$` is the root working directory for the BASH shell in the `.devcontainer`
+
+1. Deploy with Bicep (recommended)
+   1. [Deploy](../src/bicep/README.md#Azure-CLI)
+   1. [Customize deployment](../src/bicep/README.md#Deploying-to-Other-Clouds)
+
+1. Or, deploy with Terraform
+   1. [Apply](../src/terraform/README.md)
+   1. [Customize deployment](../src/terraform/README.md#Deploying-to-Other-Clouds)
+
+See the development container [README](../.devcontainer/README.md) for more details on building and running the container.
+
+## Helpful Links
+
+For more endpoint mappings between AzureCloud and AzureUsGovernment: <https://docs.microsoft.com/en-us/azure/azure-government/compare-azure-government-global-azure#guidance-for-developers/>
@@ -0,0 +1,42 @@
+# Getting Started
+
+## Prerequisites
+
+* Current version of the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli)
+* An Azure Subscription where you have ['Owner' RBAC permissions](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#owner)
+
+## Concepts
+
+### Command Line Deployments
+
+You can deploy Mission LZ from your workstation using the command line. Some other configurations are possible, but this is the simplest path.
+
+We highly recommend deploying from the Development Container since it comes packaged with all the right versions of the dependencies you'll need.
+
+### Use the Development Container for Command Line Deployments
+
+If you are planning to deploy from your local workstation, we recommend using the VS Code development container specified in this repository. The container includes all the tools and pre-requisites, but you have to build and run the container. If you have Docker Desktop installed, then VS Code makes the rest of it easy. See the [README](../.devcontainer/README.md) document in the `.devcontainer` folder for details.
+
+See [Using the devcontainer](./using-the-devcontainer.md) for configuring your workstation with the development container.
+
+If you want to deploy from the command line on your workstation but do not want to use the development container, take a look at the [`Dockerfile`](../.devcontainer/Dockerfile) and the [`devcontainer.json`](../.devcontainer/Dockerfile) file for examples on how to configure your environment.
+
+## Next steps
+
+### 1. Deploy the Hub and Spoke
+
+With the environment pre-requisites out of the way, deploy the hub and spoke using the [Command Line Deployment](./command-line-deployment.md) for step-by-step instructions:
+
+* [Command Line Deployment](./command-line-deployment.md)
+
+### 2. Deploy Your Workloads
+
+Now that you have the core hub and spoke tiers deployed (Hub, Tier 0, Tier 1, Tier 2), the next step is to deploy one or more workload tiers. Misson LZ supports multiple workload tiers. See [Workload Deployment](./workload-deployment.md) for details and step-by-step instructions:
+
+* [Workload Deployment](./workload-deployment.md)
+
+### 3. Manage Your Deployment
+
+Once you have a lab deployment of Mission Landing Zone established and have decided to move forward, you will want to start planning your production deployment. We recommend reviewing the following pages during your planning phase.
+
+* [Using Management Groups with Mission Landing Zone](./management-groups.md)