arcus-azure · pim-simons · Aug 29, 2024 · Aug 6, 2024 · Aug 6, 2024 · Aug 6, 2024
@@ -18,6 +18,10 @@ parameters:
   - name: 'Package.Version.ManualTrigger'
     type: string
     default: 'preview'
+  - name: azureServiceConnection
+    displayName: 'Azure service connection'
+    type: string
+    default: 'Azure Codit-Arcus Service Principal'
   - name: 'UnitTests'
     type: object
     default: 
@@ -62,9 +66,9 @@ resources:
 variables:
   - group: 'Build Configuration'
   - group: 'Arcus Scripting - Integration Testing'
-  - group: 'Arcus - GitHub Package Registry'
   - group: 'MyGet'
   - template: ./variables/build.yml
+  - template: ./variables/test.yml
   - name: 'Package.Version'
     value: '0.$(Build.BuildNumber)'
   - name: 'Prerelease'
@@ -111,6 +115,7 @@ stages:
             parameters:
               projectName: '$(Project).Tests.Unit'
               testName: '$(Project).${{UnitTest.name}}'
+              azureServiceConnection: ${{ parameters.azureServiceConnection }}
 
   - stage: IntegrationTests
     displayName: Integration Tests
@@ -139,6 +144,7 @@ stages:
             parameters:
               projectName: '$(Project).Tests.Integration'
               testName: '$(Project).${{IntegrationTest.name}}'
+              azureServiceConnection: ${{ parameters.azureServiceConnection }}
 
   - stage: ReleaseToMyget
     displayName: 'Release to MyGet'

@@ -0,0 +1,78 @@
+name: Arcus Scripting - Deploy test resources
+
+trigger: none
+pr: none
+
+parameters:
+  - name: azureServiceConnection
+    displayName: 'Azure service connection'
+    type: string
+    default: 'Azure Codit-Arcus Service Principal'
+  - name: resourceGroupName
+    displayName: 'Resource group name'
+    default: arcus-scripting-dev-we-rg
+
+variables:
+  - template: ./variables/build.yml
+  - template: ./variables/test.yml
+
+stages:
+  - stage: Deploy
+    jobs:
+      - job: DeployBicep
+        displayName: 'Deploy test resources'
+        pool:
+          vmImage: '$(Vm.Linux.Image)'
+        steps:
+          - task: AzureCLI@2
+            env:
+              SYSTEM_ACCESSTOKEN: $(System.AccessToken)
+            inputs:
+              azureSubscription: '${{ parameters.azureServiceConnection }}'
+              addSpnToEnvironment: true
+              scriptType: 'pscore'
+              scriptLocation: 'inlineScript'
+              inlineScript: |
+                az deployment sub create `
+                  --location westeurope `
+                  --template-file ./build/templates/deploy-resource-group.bicep `
+                  --parameters resourceGroupName=$env:ARCUS_SCRIPTING_RESOURCEGROUP_NAME `
+                  --parameters location=westeurope 
+
+                $objectId = (az ad sp show --id $env:servicePrincipalId | ConvertFrom-Json).id
+
+                $symbols = '!@#$%^&*=(),.?'.ToCharArray()
+                $characterList = 'a'..'z' + 'A'..'Z' + '0'..'9' + $symbols
+                function Gen-Password {
+                    param($length)
+                    do {
+                        $password = ""
+                        for ($i = 0; $i -lt $length; $i++) {
+                            $randomIndex = [System.Security.Cryptography.RandomNumberGenerator]::GetInt32(0, $characterList.Length)
+                            $password += $characterList[$randomIndex]
+                        }
+
+                        $hasLowerChar = $password -cmatch '[a-z]'
+                        $hasUpperChar = $password -cmatch '[A-Z]'
+                        $hasDigit = $password -match '[0-9]'
+                        $hasSymbol = $password.IndexOfAny($symbols) -ne -1
+                    }
+                    until (($hasLowerChar + $hasUpperChar + $hasDigit + $hasSymbol) -ge 3)
+                    $password
+                }
+
+                $sqlAdminPassword = Gen-Password 14
+                az deployment group create `
+                  --resource-group $env:ARCUS_SCRIPTING_RESOURCEGROUP_NAME `
+                  --template-file ./build/templates/deploy-test-resources.bicep `
+                  --parameters location=westeurope `
+                  --parameters keyVaultName=$env:ARCUS_SCRIPTING_KEYVAULT_NAME `
+                  --parameters storageAccountName=$env:ARCUS_SCRIPTING_STORAGEACCOUNT_NAME `
+                  --parameters appServiceName=$env:ARCUS_SCRIPTING_APPSERVICE_NAME `
+                  --parameters sqlServerName=$env:ARCUS_SCRIPTING_SQL_SERVERNAME `
+                  --parameters sqlDatabaseName=$env:ARCUS_SCRIPTING_SQL_DATABASENAME `
+                  --parameters sqlAdminUserName=$env:ARCUS_SCRIPTING_SQL_USERNAME `
+                  --parameters sqlAdminPassword=$sqlAdminPassword `
+                  --parameters sqlAdminPassword_secretName=$env:ARCUS_SCRIPTING_SQL_PASSWORD_SECRETNAME `
+                  --parameters integrationAccountName=$env:ARCUS_SCRIPTING_INTEGRATIONACCOUNT_NAME `
+                  --parameters servicePrincipal_objectId=$objectId
@@ -10,6 +10,10 @@ parameters:
     displayName: 'Prerelease string (ex. -alpha, -alpha1, -BETA, -update20171020) or none'
     type: 'string'
     default: 'none'
+  - name: azureServiceConnection
+    displayName: 'Azure service connection'
+    type: string
+    default: 'Azure Codit-Arcus Service Principal'
   - name: 'UnitTests'
     type: object
     default: 
@@ -56,6 +60,7 @@ variables:
   - group: 'Arcus Scripting - Integration Testing'
   - group: 'Arcus.Scripting - Releasing PS Gallery'
   - template: ./variables/build.yml
+  - template: ./variables/test.yml
   - name: 'Repository'
     value: 'arcus-azure/arcus.scripting'
   - name: 'Package.Version'
@@ -104,6 +109,7 @@ stages:
             parameters:
               projectName: '$(Project).Tests.Unit'
               testName: '$(Project).${{UnitTest.name}}'
+              azureServiceConnection: ${{ parameters.azureServiceConnection }}
 
   - stage: IntegrationTests
     displayName: Integration Tests
@@ -132,6 +138,7 @@ stages:
             parameters:
               projectName: '$(Project).Tests.Integration'
               testName: '$(Project).${{IntegrationTest.name}}'
+              azureServiceConnection: ${{ parameters.azureServiceConnection }}
 
   - stage: Release
     displayName: 'Release to PowerShell Gallery'

@@ -0,0 +1,15 @@
+// Define the name of the resource group.
+param resourceGroupName string
+
+// Define the location for the deployment of the components.
+param location string
+
+targetScope='subscription'
+
+module resourceGroup 'br/public:avm/res/resources/resource-group:0.2.3' = {
+  name: 'resourceGroupDeployment'
+  params: {
+    name: resourceGroupName
+    location: location
+  }
+}
@@ -0,0 +1,155 @@
+// Define the location for the deployment of the components.
+param location string
+
+// Define the name of the storage account that will be created.
+param storageAccountName string
+
+// Define the name of the Azure Functions app service that will be created.
+param appServiceName string
+
+// Define the name of the Azure SQL server instance that will be created.
+param sqlServerName string
+
+// Define the username of the administrator login for the Azure SQL server instance.
+param sqlAdminUserName string
+
+// Define the password of the administrator login for the Azure SQL server instance.
+@secure()
+param sqlAdminPassword string
+
+// Define the Azure Key vault secret name of the administrator login password for the Azure SQL server instance.
+param sqlAdminPassword_secretName string
+
+// Define the name of the Azure SQL database that will be created within the Azure SQL server instance.
+param sqlDatabaseName string
+
+// Define the name of the integration account that will be created.
+param integrationAccountName string
+
+// Define the name of the Key Vault.
+param keyVaultName string
+
+// Define the Service Principal ID that needs access full access to the deployed resource group.
+param servicePrincipal_objectId string
+
+module storageAccount 'br/public:avm/res/storage/storage-account:0.9.1' = {
+  name: 'storageAccountDeployment'
+  params: {
+    name: storageAccountName
+    location: location
+    allowBlobPublicAccess: true
+    publicNetworkAccess: 'Enabled'
+    networkAcls: {
+      bypass: 'AzureServices'
+      defaultAction: 'Allow'
+      ipRules: []
+      virtualNetworkRules: []
+    }
+    roleAssignments: [
+      {
+        principalId: servicePrincipal_objectId
+        roleDefinitionIdOrName: 'Storage Blob Data Contributor'
+      }
+      {
+        principalId: servicePrincipal_objectId
+        roleDefinitionIdOrName: 'Storage Table Data Contributor'
+      }
+    ]
+  }
+}
+
+module serverfarm 'br/public:avm/res/web/serverfarm:0.2.2' = {
+  name: 'serverfarmDeployment'
+  params: {
+    name: '${appServiceName}-plan'
+    skuCapacity: 2
+    skuName: 'Y1'
+    location: location
+  }
+}
+
+module functionApp 'br/public:avm/res/web/site:0.3.9' = {
+  name: 'functionAppDeployment'
+  params: {
+    kind: 'functionapp'
+    name: appServiceName
+    serverFarmResourceId: serverfarm.outputs.resourceId
+    location: location
+    enableTelemetry: false
+    siteConfig: {
+      alwaysOn: false
+    }
+  }
+}
+
+module sqlServer 'br/public:avm/res/sql/server:0.4.1' = {
+  name: 'sqlServerDeployment'
+  params: {
+    name: sqlServerName
+    location: location
+    administratorLogin: sqlAdminUserName
+    administratorLoginPassword: sqlAdminPassword
+    enableTelemetry: false
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    auditSettings: {
+      state: 'Disabled'
+    }
+    databases: [
+      {
+        name: sqlDatabaseName
+        skuName: 'Basic'
+        skuTier: 'Basic'
+        maxSizeBytes: 2147483648
+      }
+    ]
+  }
+}
+
+resource integrationAccount 'Microsoft.Logic/integrationAccounts@2019-05-01' = {
+  name: integrationAccountName
+  location: location
+  properties: {
+    state: 'Enabled'
+  }
+  sku: {
+    name: 'Free'
+  }
+}
+
+module vault 'br/public:avm/res/key-vault/vault:0.6.1' = {
+  name: 'vaultDeployment'
+  params: {
+    name: keyVaultName
+    location: location
+    enableRbacAuthorization: false
+    sku: 'standard'
+    accessPolicies: [
+      {
+        objectId: servicePrincipal_objectId
+        permissions: {
+          secrets: [
+            'get', 'list', 'set', 'delete'
+          ]
+          keys: [
+            'get', 'list', 'create', 'delete'
+          ]
+        }
+      }
+      {
+        objectId: '0d926a02-88dc-4279-8265-fbcd8178ecb0' // (built-in) Azure Logic Apps service principal
+        permissions: {
+          keys: [
+            'list', 'get', 'decrypt', 'sign'
+          ]
+        }
+      }
+    ]
+    secrets: [
+      {
+        name: sqlAdminPassword_secretName
+        value: sqlAdminPassword
+      }
+    ]
+  }
+}