deploy Azure Container Registry Example

src/bicep/examples/containerRegistry/README.md

@@ -0,0 +1,63 @@
+# Azure Container Registry Example
+
+This example deploys a premium Azure Container Registry suitable for hosting docker containers.  The registry will be deployed to the MLZ shared services resource group using default naming unless alternative values are provided at run time.
+
+Read on to understand what this example does, and when you're ready, collect all of the pre-requisites, then deploy the example.
+
+## What this example does
+
+### Deploys an Azure Container Registry
+
+The docs on Azure Container Registry: <https://docs.microsoft.com/en-us/azure/container-registry/>.  This sample shows how to deploy using Bicep and utilizes the shared file variable pattern to support the deployment.  By default, this template will deploy resources into standard default MLZ subscriptions and resource groups.  
+
+The subscription and resource group can be changed by providing the resource group name (Param: targetResourceGroup) and ensuring that the Azure context is set the proper subscription.  
+
+## Pre-requisites
+
+1. A Mission LZ deployment (a deployment of mlz.bicep)
+2. The outputs from a deployment of mlz.bicep (./src/bicep/examples/deploymentVariables.json).  
+
+See below for information on how to create the appropriate deployment variables file for use with this template.
+
+### Template Parameters
+
+Template Parameters Name | Description
+-----------------------| -----------
+contRegistryName | The name of the Container Registry.  If not specified, the name will default to the MLZ default naming pattern.  
+targetResourceGroup | The name of the resource group where the Container Registry will be deployed.   If not specified, the resource group name will default to the shared services MLZ resource group name and subscription.
+
+### Generate MLZ VAriable File (deploymentVariables.json)
+
+For instructions on generating 'deploymentVariables.json' using both Azure PowerShell and Azure CLI, please see the [README at the root of the examples folder](..\README.md).
+
+Place the resulting 'deploymentVariables.json' file within the ./src/bicep/examples folder.
+
+### Deploying an Container Registry
+
+Connect to the appropriate Azure Environment and set appropriate context, see getting started with Azure PowerShell or Azure CLI for help if needed.  The commands below assume you are deploying in Azure Commercial and show the entire process from deploying MLZ and then adding an Azure Container Registry post-deployment.
+
+```PowerShell
+cd .\src\bicep
+Connect-AzAccount
+New-AzSubscriptionDeployment -Name contoso -TemplateFile .\mlz.bicep -resourcePrefix 'contoso' -Location 'eastus'
+cd .\examples
+(Get-AzSubscriptionDeployment -Name contoso).outputs | ConvertTo-Json | Out-File -FilePath .\deploymentVariables.json
+cd .\containerRegistry
+New-AzSubscriptionDeployment -DeploymentName deployContainerRegistry -TemplateFile .\contRegistry.bicep -Location 'eastus'
+```
+
+```Azure CLI
+az login
+cd src/bicep
+az deployment sub create -n contoso -f mlz.bicep -l eastus --parameters resourcePrefix=contoso
+cd examples
+az deployment sub show -n contoso --query properties.outputs >> ./deploymentVariables.json
+cd containerRegistry
+az deployment sub create -n deployContainerRegistry -f contRegistry.bicep -l eastus
+```
+
+### References
+
+* [Introduction to private Docker container registries in Azure](https://docs.microsoft.com/en-us/azure/app-service/overview-hosting-plans)
+* [Bicep Shared Variable File Pattern](https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/patterns-shared-variable-file)
+* [Azure Container Registry service tiers(Sku's)](https://docs.microsoft.com/en-us/azure/container-registry/container-registry-skus)

src/bicep/examples/containerRegistry/contRegistry.bicep

@@ -0,0 +1,31 @@
+/*
+Deployes a premium Azure Container Registry suitable for hosting docker containers.
+*/
+targetScope = 'subscription'
+
+param mlzDeploymentVariables object = json(loadTextContent('../deploymentVariables.json'))
+
+@description('The name of the container registry which will be created. Must be globaly unique. No hyphens allowed, must be alpha numeric only, and between 5-50 characters.  If unchanged or not specified, the MLZ resource prefix + "acr" will be utilized.')
+param contRegistryName string = replace('${mlzDeploymentVariables.mlzResourcePrefix.Value}${deployment().location}acr','-','')
+
+@description('The name of the resource group in which the container registry will be deployed. If unchanged or not specified, the MLZ shared services resource group is used.')
+param targetResourceGroup string = '${mlzDeploymentVariables.spokes.Value[2].resourceGroupName}'
+
+var targetSubscriptionId_Var = targetResourceGroup == '${mlzDeploymentVariables.spokes.Value[2].resourceGroupName}' ? '${mlzDeploymentVariables.spokes.Value[2].subscriptionId}' : subscription().subscriptionId
+var location = deployment().location
+
+resource targetACRResourceGroup 'Microsoft.Resources/resourceGroups@2020-10-01' = {
+  name: targetResourceGroup
+  location: location
+}
+
+module containerRegistry 'modules/containerRegistry.bicep' = {
+  scope: resourceGroup(targetSubscriptionId_Var, targetACRResourceGroup.name)
+  name: contRegistryName
+  params: {
+    registryName: contRegistryName
+  }
+}
+
+output azureContainerRegistryName string = contRegistryName
+output azureContainerRegistryResourceGroup string = targetACRResourceGroup.name

src/bicep/examples/containerRegistry/modules/containerRegistry.bicep

@@ -0,0 +1,28 @@
+@minLength(5)
+@maxLength(50)
+param registryName string
+param location string = resourceGroup().location
+param registrySku string = 'premium'
+param publicNetworkAccess string = 'enabled'
+
+resource registryName_resource 'Microsoft.ContainerRegistry/registries@2020-11-01-preview' = {
+  name: registryName
+  location: location
+  sku: {
+    name: registrySku
+  }
+  properties: {
+    publicNetworkAccess: publicNetworkAccess
+    adminUserEnabled: true
+    policies: {
+      trustPolicy: {
+        type: 'Notary'
+        status: 'enabled'
+      }
+      retentionPolicy: {
+        days: 7
+        status: 'enabled'
+      }
+    }
+  }
+}

src/bicep/examples/deploymentVariables.json

@@ -0,0 +1,77 @@
+{
+  "mlzResourcePrefix": {
+    "Type": "String",
+    "Value": "contoso"
+  },
+  "firewallPrivateIPAddress": {
+    "Type": "String",
+    "Value": "10.0.100.4"
+  },
+  "hub": {
+    "Type": "Object",
+    "Value": {
+      "subscriptionId": "ddf87969-a498-4676-a488-1932fbc5a306",
+      "resourceGroupName": "contoso-hub",
+      "resourceGroupResourceId": "/subscriptions/ddf87969-a498-4676-a488-1932fbc5a306/resourceGroups/contoso-hub",
+      "virtualNetworkName": "hub-vnet",
+      "virtualNetworkResourceId": "/subscriptions/ddf87969-a498-4676-a488-1932fbc5a306/resourceGroups/contoso-hub/providers/Microsoft.Network/virtualNetworks/hub-vnet",
+      "subnetName": "hub-vnet/hub-subnet",
+      "subnetResourceId": "/subscriptions/ddf87969-a498-4676-a488-1932fbc5a306/resourceGroups/contoso-hub/providers/Microsoft.Network/virtualNetworks/hub-vnet/subnets/hub-subnet",
+      "subnetAddressPrefix": "10.0.100.128/27",
+      "networkSecurityGroupName": "hub-nsg",
+      "networkSecurityGroupResourceId": "/subscriptions/ddf87969-a498-4676-a488-1932fbc5a306/resourceGroups/contoso-hub/providers/Microsoft.Network/networkSecurityGroups/hub-nsg"
+    }
+  },
+  "logAnalyticsWorkspaceName": {
+    "Type": "String",
+    "Value": "contoso-laws"
+  },
+  "logAnalyticsWorkspaceResourceId": {
+    "Type": "String",
+    "Value": "/subscriptions/ddf87969-a498-4676-a488-1932fbc5a306/resourceGroups/contoso-operations/providers/Microsoft.OperationalInsights/workspaces/contoso-laws"
+  },
+  "spokes": {
+    "Type": "Array",
+    "Value": [
+      {
+        "name": "operations",
+        "subscriptionId": "ddf87969-a498-4676-a488-1932fbc5a306",
+        "resourceGroupName": "contoso-operations",
+        "resourceGroupId": "/subscriptions/ddf87969-a498-4676-a488-1932fbc5a306/resourceGroups/contoso-operations",
+        "virtualNetworkName": "operations-vnet",
+        "virtualNetworkResourceId": "/subscriptions/ddf87969-a498-4676-a488-1932fbc5a306/resourceGroups/contoso-operations/providers/Microsoft.Network/virtualNetworks/operations-vnet",
+        "subnetName": "operations-subnet",
+        "subnetResourceId": "/subscriptions/ddf87969-a498-4676-a488-1932fbc5a306/resourceGroups/contoso-operations/providers/Microsoft.Network/virtualNetworks/operations-vnet/subnets/operations-subnet",
+        "subnetAddressPrefix": "10.0.115.0/27",
+        "networkSecurityGroupName": "operations-nsg",
+        "networkSecurityGroupResourceId": "/subscriptions/ddf87969-a498-4676-a488-1932fbc5a306/resourceGroups/contoso-operations/providers/Microsoft.Network/networkSecurityGroups/operations-nsg"
+      },
+      {
+        "name": "identity",
+        "subscriptionId": "ddf87969-a498-4676-a488-1932fbc5a306",
+        "resourceGroupName": "contoso-identity",
+        "resourceGroupId": "/subscriptions/ddf87969-a498-4676-a488-1932fbc5a306/resourceGroups/contoso-identity",
+        "virtualNetworkName": "identity-vnet",
+        "virtualNetworkResourceId": "/subscriptions/ddf87969-a498-4676-a488-1932fbc5a306/resourceGroups/contoso-identity/providers/Microsoft.Network/virtualNetworks/identity-vnet",
+        "subnetName": "identity-subnet",
+        "subnetResourceId": "/subscriptions/ddf87969-a498-4676-a488-1932fbc5a306/resourceGroups/contoso-identity/providers/Microsoft.Network/virtualNetworks/identity-vnet/subnets/identity-subnet",
+        "subnetAddressPrefix": "10.0.110.0/27",
+        "networkSecurityGroupName": "identity-nsg",
+        "networkSecurityGroupResourceId": "/subscriptions/ddf87969-a498-4676-a488-1932fbc5a306/resourceGroups/contoso-identity/providers/Microsoft.Network/networkSecurityGroups/identity-nsg"
+      },
+      {
+        "name": "sharedServices",
+        "subscriptionId": "ddf87969-a498-4676-a488-1932fbc5a306",
+        "resourceGroupName": "contoso-sharedServices",
+        "resourceGroupId": "/subscriptions/ddf87969-a498-4676-a488-1932fbc5a306/resourceGroups/contoso-sharedServices",
+        "virtualNetworkName": "sharedServices-vnet",
+        "virtualNetworkResourceId": "/subscriptions/ddf87969-a498-4676-a488-1932fbc5a306/resourceGroups/contoso-sharedServices/providers/Microsoft.Network/virtualNetworks/sharedServices-vnet",
+        "subnetName": "sharedServices-subnet",
+        "subnetResourceId": "/subscriptions/ddf87969-a498-4676-a488-1932fbc5a306/resourceGroups/contoso-sharedServices/providers/Microsoft.Network/virtualNetworks/sharedServices-vnet/subnets/sharedServices-subnet",
+        "subnetAddressPrefix": "10.0.120.0/27",
+        "networkSecurityGroupName": "sharedServices-nsg",
+        "networkSecurityGroupResourceId": "/subscriptions/ddf87969-a498-4676-a488-1932fbc5a306/resourceGroups/contoso-sharedServices/providers/Microsoft.Network/networkSecurityGroups/sharedServices-nsg"
+      }
+    ]
+  }
+}

src/bicep/mlz.json

@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.4.1008.15138",
-      "templateHash": "17151661725468237381"
+      "templateHash": "15169166681509362530"
     }
   },
   "parameters": {