From b1b0964b3146dcb15c55d60ec2060fa52420efc5 Mon Sep 17 00:00:00 2001 From: Glenn Musa <4622125+glennmusa@users.noreply.github.com> Date: Fri, 3 Dec 2021 15:10:35 +0000 Subject: [PATCH 1/4] make resourceprefix a mandatory parameter --- .../mlz-bicep-azurecloud-pipelines.yml | 4 ++- .../mlz-bicep-azuregov-pipelines.yml | 2 ++ .../mlz-pr-bicep-azurecloud-pipelines.yml | 2 ++ .../mlz-pr-bicep-azuregov-pipelines.yml | 4 ++- README.md | 6 ++++ src/bicep/README.md | 35 +++++++++++++------ src/bicep/mlz.bicep | 8 ++--- 7 files changed, 45 insertions(+), 16 deletions(-) diff --git a/.azure-devops/nightlybuild/mlz-bicep-azurecloud-pipelines.yml b/.azure-devops/nightlybuild/mlz-bicep-azurecloud-pipelines.yml index 7099b6a0b..c48913d8f 100644 --- a/.azure-devops/nightlybuild/mlz-bicep-azurecloud-pipelines.yml +++ b/.azure-devops/nightlybuild/mlz-bicep-azurecloud-pipelines.yml @@ -25,10 +25,12 @@ jobs: scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | + datetime=$(date +%s) # gets the current date time as a epoch az deployment sub create \ --name $(bDeploymentName) \ --location $(Location) \ - --template-file $(TemplateFile) + --template-file $(TemplateFile) \ + --parameters resourcePrefix=$datetime - task: AzureCLI@2 displayName: "Extract Values and Hydrate Variables for T3 Deployment" diff --git a/.azure-devops/nightlybuild/mlz-bicep-azuregov-pipelines.yml b/.azure-devops/nightlybuild/mlz-bicep-azuregov-pipelines.yml index 8331053db..9fa605578 100644 --- a/.azure-devops/nightlybuild/mlz-bicep-azuregov-pipelines.yml +++ b/.azure-devops/nightlybuild/mlz-bicep-azuregov-pipelines.yml @@ -25,10 +25,12 @@ jobs: scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | + datetime=$(date +%s) # gets the current date time as a epoch az deployment sub create \ --name $(bDeploymentName) \ --location $(GLocation) \ --template-file $(TemplateFile) + --parameters resourcePrefix=$datetime - task: AzureCLI@2 displayName: "Extract Values and Hydrate Variables for T3 Deployment" diff --git a/.azure-devops/prbuild/mlz-pr-bicep-azurecloud-pipelines.yml b/.azure-devops/prbuild/mlz-pr-bicep-azurecloud-pipelines.yml index 45eb3bf8b..953dbdaf9 100644 --- a/.azure-devops/prbuild/mlz-pr-bicep-azurecloud-pipelines.yml +++ b/.azure-devops/prbuild/mlz-pr-bicep-azurecloud-pipelines.yml @@ -26,7 +26,9 @@ jobs: scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | + datetime=$(date +%s) # gets the current date time as a epoch az deployment sub what-if \ --name $(bDeploymentName) \ --location $(Location) \ --template-file $(TemplateFile) + --parameters resourcePrefix=$datetime diff --git a/.azure-devops/prbuild/mlz-pr-bicep-azuregov-pipelines.yml b/.azure-devops/prbuild/mlz-pr-bicep-azuregov-pipelines.yml index 9fd0caea1..ed389ce25 100644 --- a/.azure-devops/prbuild/mlz-pr-bicep-azuregov-pipelines.yml +++ b/.azure-devops/prbuild/mlz-pr-bicep-azuregov-pipelines.yml @@ -26,7 +26,9 @@ jobs: scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | + datetime=$(date +%s) # gets the current date time as a epoch az deployment sub what-if \ --name $(bDeploymentName) \ --location $(GLocation) \ - --template-file $(TemplateFile) + --template-file $(TemplateFile) \ + --parameters resourcePrefix=$datetime diff --git a/README.md b/README.md index f5b305742..17e1f8bb1 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,12 @@ az deployment sub create \ --template-file ./missionlz/src/bicep/mlz.bicep ``` +You'll be prompted for the one required argument `resourcePrefix` (a unique alphanumeric string 3-10 characters in length), which is used to to generate names for your resource groups and resources: + +```plaintext +> Please provide string value for 'resourcePrefix' (? for help): (your unique alphanumeric string 3-10 characters in length) +``` + ## Scope Mission LZ has the following scope: diff --git a/src/bicep/README.md b/src/bicep/README.md index 89b8c0814..5fd448dba 100644 --- a/src/bicep/README.md +++ b/src/bicep/README.md @@ -11,24 +11,33 @@ You can deploy with the Azure Portal, the Azure CLI, or with both in a Azure Com > NOTE: The AZ CLI will automatically install the Bicep tools when a command is run that needs them, or you can manually install them following the [instructions here.](https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/install#azure-cli) -Are you deploying into a cloud other than `AzureCloud` like say `AzureUsGovernment`? +#### Decide on a Resource Prefix -- See [Deploying to Other Clouds](#Deploying-to-Other-Clouds). +Resource Groups and resource names are derived from the mandatory parameter `resourcePrefix`. -Want to add Azure Policies to this deployment? +Pick a unqiue resource prefix that is 3-10 alphanumeric characters in length without whitespaces. -- See [Adding Azure Policy](#Adding-Azure-Policy) to add policies like DoD IL5, NIST 800-53, CMMC Level 3, or how to apply your own. +#### Pick your deployment options -Want to remotely access the network without exposing it via Public IP Addresses? +- Are you deploying into a cloud other than `AzureCloud` like say `AzureUsGovernment`? -- See [Adding Remote Access via Bastion Host](#Adding-Remote-Access-via-Bastion-Host) to add virtual machines inside the network that you can access from an authenticated session in the Azure Portal with Azure Bastion. + - See [Deploying to Other Clouds](#Deploying-to-Other-Clouds). -By default, this template deploys **[Azure Firewall Premium](https://docs.microsoft.com/en-us/azure/firewall/premium-features)**. +- Want to add Azure Policies to this deployment? -**Not all regions support Azure Firewall Premium.** Check here to [see if the region you're deploying to supports Azure Firewall Premium](https://docs.microsoft.com/en-us/azure/firewall/premium-features#supported-regions). If this doesn't fit your needs: + - See [Adding Azure Policy](#Adding-Azure-Policy) to add policies like DoD IL5, NIST 800-53, CMMC Level 3, or how to apply your own. -- See [Setting the Firewall SKU](#Setting-the-Firewall-SKU) for steps on how to use the Standard SKU instead. -- See [Setting the Firewall Location](#Setting-the-Firewall-Location) for steps on how to deploy into a different region. +- Want to remotely access the network without exposing it via Public IP Addresses? + + - See [Adding Remote Access via Bastion Host](#Adding-Remote-Access-via-Bastion-Host) to add virtual machines inside the network that you can access from an authenticated session in the Azure Portal with Azure Bastion. + +- By default, this template deploys **[Azure Firewall Premium](https://docs.microsoft.com/en-us/azure/firewall/premium-features)**. + + - **Not all regions support Azure Firewall Premium.** Check here to [see if the region you're deploying to supports Azure Firewall Premium](https://docs.microsoft.com/en-us/azure/firewall/premium-features#supported-regions). If this doesn't fit your needs: + - See [Setting the Firewall SKU](#Setting-the-Firewall-SKU) for steps on how to use the Standard SKU instead. + - See [Setting the Firewall Location](#Setting-the-Firewall-Location) for steps on how to deploy into a different region. + +#### Know where to find your deployment output After a deployment is complete, you can refer to the provisioned resources programmaticaly with the Azure CLI. @@ -49,6 +58,12 @@ az deployment sub create \ --template-file ./mlz.bicep ``` +You'll be prompted for the one required argument `resourcePrefix` (a unique alphanumeric string 3-10 characters in length), which is used to to generate names for your resource groups and resources: + +```plaintext +> Please provide string value for 'resourcePrefix' (? for help): mymlz01 +``` + #### Multiple subscription deployment I can deploy into multiple subscriptions by specifying the `--parameters` flag and passing `key=value` arguments: diff --git a/src/bicep/mlz.bicep b/src/bicep/mlz.bicep index d733b63a4..75fdff887 100644 --- a/src/bicep/mlz.bicep +++ b/src/bicep/mlz.bicep @@ -302,9 +302,9 @@ module remoteAccess './modules/remoteAccess.bicep' = if(deployRemoteAccess) { // parameters @minLength(3) -@maxLength(24) -@description('A name (3-24 alphanumeric characters in length without whitespace) used to prefix resources and generate uniqueness for resources with globally unique naming requirements like Storage Accounts and Log Analytics Workspaces') -param resourcePrefix string = 'mlz-${uniqueId}' +@maxLength(10) +@description('A name (3-10 alphanumeric characters without whitespace) used to prefix resources and generate uniqueness for resources with globally unique naming requirements like Storage Accounts and Log Analytics Workspaces') +param resourcePrefix string param hubSubscriptionId string = subscription().subscriptionId param identitySubscriptionId string = hubSubscriptionId param operationsSubscriptionId string = hubSubscriptionId @@ -526,7 +526,7 @@ var defaultTags = { } var calculatedTags = union(tags,defaultTags) -param uniqueId string = uniqueString(deployment().name) +param uniqueId string = uniqueString(resourcePrefix, nowUtc) param nowUtc string = utcNow() var spokes = [ From f618b5163dc1c75ecbe625acee9415719703027c Mon Sep 17 00:00:00 2001 From: Glenn Musa <4622125+glennmusa@users.noreply.github.com> Date: Fri, 3 Dec 2021 15:22:55 +0000 Subject: [PATCH 2/4] missing escape character --- .azure-devops/nightlybuild/mlz-bicep-azurecloud-pipelines.yml | 2 +- .azure-devops/nightlybuild/mlz-bicep-azuregov-pipelines.yml | 4 ++-- .azure-devops/prbuild/mlz-pr-bicep-azurecloud-pipelines.yml | 4 ++-- .azure-devops/prbuild/mlz-pr-bicep-azuregov-pipelines.yml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.azure-devops/nightlybuild/mlz-bicep-azurecloud-pipelines.yml b/.azure-devops/nightlybuild/mlz-bicep-azurecloud-pipelines.yml index c48913d8f..96d40ddc6 100644 --- a/.azure-devops/nightlybuild/mlz-bicep-azurecloud-pipelines.yml +++ b/.azure-devops/nightlybuild/mlz-bicep-azurecloud-pipelines.yml @@ -25,7 +25,7 @@ jobs: scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | - datetime=$(date +%s) # gets the current date time as a epoch + datetime=$(date +%s) # gets the current date time as an epoch az deployment sub create \ --name $(bDeploymentName) \ --location $(Location) \ diff --git a/.azure-devops/nightlybuild/mlz-bicep-azuregov-pipelines.yml b/.azure-devops/nightlybuild/mlz-bicep-azuregov-pipelines.yml index 9fa605578..9e7928349 100644 --- a/.azure-devops/nightlybuild/mlz-bicep-azuregov-pipelines.yml +++ b/.azure-devops/nightlybuild/mlz-bicep-azuregov-pipelines.yml @@ -25,11 +25,11 @@ jobs: scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | - datetime=$(date +%s) # gets the current date time as a epoch + datetime=$(date +%s) # gets the current date time as an epoch az deployment sub create \ --name $(bDeploymentName) \ --location $(GLocation) \ - --template-file $(TemplateFile) + --template-file $(TemplateFile) \ --parameters resourcePrefix=$datetime - task: AzureCLI@2 diff --git a/.azure-devops/prbuild/mlz-pr-bicep-azurecloud-pipelines.yml b/.azure-devops/prbuild/mlz-pr-bicep-azurecloud-pipelines.yml index 953dbdaf9..ebcd08483 100644 --- a/.azure-devops/prbuild/mlz-pr-bicep-azurecloud-pipelines.yml +++ b/.azure-devops/prbuild/mlz-pr-bicep-azurecloud-pipelines.yml @@ -26,9 +26,9 @@ jobs: scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | - datetime=$(date +%s) # gets the current date time as a epoch + datetime=$(date +%s) # gets the current date time as an epoch az deployment sub what-if \ --name $(bDeploymentName) \ --location $(Location) \ - --template-file $(TemplateFile) + --template-file $(TemplateFile) \ --parameters resourcePrefix=$datetime diff --git a/.azure-devops/prbuild/mlz-pr-bicep-azuregov-pipelines.yml b/.azure-devops/prbuild/mlz-pr-bicep-azuregov-pipelines.yml index ed389ce25..5d033c2b4 100644 --- a/.azure-devops/prbuild/mlz-pr-bicep-azuregov-pipelines.yml +++ b/.azure-devops/prbuild/mlz-pr-bicep-azuregov-pipelines.yml @@ -26,7 +26,7 @@ jobs: scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | - datetime=$(date +%s) # gets the current date time as a epoch + datetime=$(date +%s) # gets the current date time as an epoch az deployment sub what-if \ --name $(bDeploymentName) \ --location $(GLocation) \ From 67c57720e9697b4ec1ef4a4ed50fc3f14d5a9a85 Mon Sep 17 00:00:00 2001 From: Glenn Musa <4622125+glennmusa@users.noreply.github.com> Date: Fri, 3 Dec 2021 15:39:13 +0000 Subject: [PATCH 3/4] add built template --- src/bicep/mlz.json | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/bicep/mlz.json b/src/bicep/mlz.json index afcce18ac..7f5a21a59 100644 --- a/src/bicep/mlz.json +++ b/src/bicep/mlz.json @@ -5,17 +5,16 @@ "_generator": { "name": "bicep", "version": "0.4.1008.15138", - "templateHash": "8860935919538003927" + "templateHash": "15227849893402646033" } }, "parameters": { "resourcePrefix": { "type": "string", - "defaultValue": "[format('mlz-{0}', parameters('uniqueId'))]", "metadata": { - "description": "A name (3-24 alphanumeric characters in length without whitespace) used to prefix resources and generate uniqueness for resources with globally unique naming requirements like Storage Accounts and Log Analytics Workspaces" + "description": "A name (3-10 alphanumeric characters without whitespace) used to prefix resources and generate uniqueness for resources with globally unique naming requirements like Storage Accounts and Log Analytics Workspaces" }, - "maxLength": 24, + "maxLength": 10, "minLength": 3 }, "hubSubscriptionId": { @@ -624,7 +623,7 @@ }, "uniqueId": { "type": "string", - "defaultValue": "[uniqueString(deployment().name)]" + "defaultValue": "[uniqueString(parameters('resourcePrefix'), parameters('nowUtc'))]" }, "nowUtc": { "type": "string", From 7437d46293db81dab3b7629a24ba37ae55fcd1eb Mon Sep 17 00:00:00 2001 From: Glenn Musa <4622125+glennmusa@users.noreply.github.com> Date: Fri, 3 Dec 2021 16:07:53 +0000 Subject: [PATCH 4/4] trigger pipelines with empty commit