Merge remote-tracking branch 'upstream/main'

hundredacres · Sep 24, 2024 · cd43173 · cd43173
2 parents 5791703 + 33030a8
commit cd43173
Show file tree

Hide file tree

Showing 73 changed files with 5,881 additions and 767 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -62,6 +62,7 @@
 /avm/res/desktop-virtualization/host-pool/ @Azure/avm-res-desktopvirtualization-hostpool-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/res/desktop-virtualization/scaling-plan/ @Azure/avm-res-desktopvirtualization-scalingplan-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/res/desktop-virtualization/workspace/ @Azure/avm-res-desktopvirtualization-workspace-module-owners-bicep @Azure/avm-module-reviewers-bicep
+/avm/res/dev-ops-infrastructure/pool/ @Azure/avm-res-devopsinfrastructure-pool-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/res/dev-test-lab/lab/ @Azure/avm-res-devtestlab-lab-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/res/digital-twins/digital-twins-instance/ @Azure/avm-res-digitaltwins-digitaltwinsinstance-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/res/document-db/database-account/ @Azure/avm-res-documentdb-databaseaccount-module-owners-bicep @Azure/avm-module-reviewers-bicep

diff --git a/.github/ISSUE_TEMPLATE/avm_module_issue.yml b/.github/ISSUE_TEMPLATE/avm_module_issue.yml
@@ -97,6 +97,7 @@ body:
         - "avm/res/desktop-virtualization/host-pool"
         - "avm/res/desktop-virtualization/scaling-plan"
         - "avm/res/desktop-virtualization/workspace"
+        - "avm/res/dev-ops-infrastructure/pool"
         - "avm/res/dev-test-lab/lab"
         - "avm/res/digital-twins/digital-twins-instance"
         - "avm/res/document-db/database-account"

diff --git a/.github/workflows/avm.res.dev-ops-infrastructure.pool.yml b/.github/workflows/avm.res.dev-ops-infrastructure.pool.yml
@@ -0,0 +1,88 @@
+name: "avm.res.dev-ops-infrastructure.pool"
+
+on:
+  workflow_dispatch:
+    inputs:
+      staticValidation:
+        type: boolean
+        description: "Execute static validation"
+        required: false
+        default: true
+      deploymentValidation:
+        type: boolean
+        description: "Execute deployment validation"
+        required: false
+        default: true
+      removeDeployment:
+        type: boolean
+        description: "Remove deployed module"
+        required: false
+        default: true
+      customLocation:
+        type: string
+        description: "Default location overwrite (e.g., eastus)"
+        required: false
+  push:
+    branches:
+      - main
+    paths:
+      - ".github/actions/templates/avm-**"
+      - ".github/workflows/avm.template.module.yml"
+      - ".github/workflows/avm.res.dev-ops-infrastructure.pool.yml"
+      - "avm/res/dev-ops-infrastructure/pool/**"
+      - "avm/utilities/pipelines/**"
+      - "!avm/utilities/pipelines/platform/**"
+      - "!*/**/README.md"
+
+env:
+  modulePath: "avm/res/dev-ops-infrastructure/pool"
+  workflowPath: ".github/workflows/avm.res.dev-ops-infrastructure.pool.yml"
+
+concurrency:
+  group: ${{ github.workflow }}
+
+jobs:
+  ###########################
+  #   Initialize pipeline   #
+  ###########################
+  job_initialize_pipeline:
+    runs-on: ubuntu-latest
+    name: "Initialize pipeline"
+    steps:
+      - name: "Checkout"
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: "Set input parameters to output variables"
+        id: get-workflow-param
+        uses: ./.github/actions/templates/avm-getWorkflowInput
+        with:
+          workflowPath: "${{ env.workflowPath}}"
+      - name: "Get module test file paths"
+        id: get-module-test-file-paths
+        uses: ./.github/actions/templates/avm-getModuleTestFiles
+        with:
+          modulePath: "${{ env.modulePath }}"
+    outputs:
+      workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }}
+      moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }}
+      psRuleModuleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.psRuleModuleTestFilePaths }}
+      modulePath: "${{ env.modulePath }}"
+
+  ##############################
+  #   Call reusable workflow   #
+  ##############################
+  call-workflow-passing-data:
+    name: "Run"
+    permissions:
+      id-token: write # For OIDC
+      contents: write # For release tags
+    needs:
+      - job_initialize_pipeline
+    uses: ./.github/workflows/avm.template.module.yml
+    with:
+      workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}"
+      moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}"
+      psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}"
+      modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}"
+    secrets: inherit
diff --git a/avm/ptn/ai-platform/baseline/README.md b/avm/ptn/ai-platform/baseline/README.md
@@ -38,7 +38,6 @@ By integrating with Microsoft Entra ID for secure identity management and utiliz
 | `Microsoft.MachineLearningServices/workspaces` | [2024-04-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.MachineLearningServices/2024-04-01-preview/workspaces) |
 | `Microsoft.MachineLearningServices/workspaces/computes` | [2022-10-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.MachineLearningServices/2022-10-01/workspaces/computes) |
 | `Microsoft.Maintenance/configurationAssignments` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Maintenance/2023-04-01/configurationAssignments) |
-| `Microsoft.ManagedIdentity/userAssignedIdentities` | [2023-01-31](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ManagedIdentity/2023-01-31/userAssignedIdentities) |
 | `Microsoft.Network/bastionHosts` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2022-11-01/bastionHosts) |
 | `Microsoft.Network/networkInterfaces` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/networkInterfaces) |
 | `Microsoft.Network/networkSecurityGroups` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-11-01/networkSecurityGroups) |
@@ -54,8 +53,8 @@ By integrating with Microsoft Entra ID for secure identity management and utiliz
 | `Microsoft.Network/privateDnsZones/virtualNetworkLinks` | [2020-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/virtualNetworkLinks) |
 | `Microsoft.Network/privateEndpoints` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-11-01/privateEndpoints) |
 | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) |
-| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) |
 | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-11-01/privateEndpoints/privateDnsZoneGroups) |
+| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) |
 | `Microsoft.Network/publicIPAddresses` | [2023-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-09-01/publicIPAddresses) |
 | `Microsoft.Network/virtualNetworks` | [2024-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/virtualNetworks) |
 | `Microsoft.Network/virtualNetworks/subnets` | [2024-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/virtualNetworks/subnets) |
@@ -185,10 +184,7 @@ module baseline 'br/public:avm/ptn/ai-platform/baseline:<version>' = {
     logAnalyticsConfiguration: {
       name: 'log-aipbmax'
     }
-    managedIdentityConfiguration: {
-      hubName: 'id-hub-aipbmax'
-      projectName: 'id-project-aipbmax'
-    }
+    managedIdentityName: '<managedIdentityName>'
     storageAccountConfiguration: {
       allowSharedKeyAccess: true
       name: 'staipbmax'
@@ -321,11 +317,8 @@ module baseline 'br/public:avm/ptn/ai-platform/baseline:<version>' = {
         "name": "log-aipbmax"
       }
     },
-    "managedIdentityConfiguration": {
-      "value": {
-        "hubName": "id-hub-aipbmax",
-        "projectName": "id-project-aipbmax"
-      }
+    "managedIdentityName": {
+      "value": "<managedIdentityName>"
     },
     "storageAccountConfiguration": {
       "value": {
@@ -544,6 +537,7 @@ module baseline 'br/public:avm/ptn/ai-platform/baseline:<version>' = {
     // Required parameters
     name: '<name>'
     // Non-required parameters
+    managedIdentityName: '<managedIdentityName>'
     tags: {
       Env: 'test'
       'hidden-title': 'This is visible in the resource name'
@@ -591,6 +585,9 @@ module baseline 'br/public:avm/ptn/ai-platform/baseline:<version>' = {
       "value": "<name>"
     },
     // Non-required parameters
+    "managedIdentityName": {
+      "value": "<managedIdentityName>"
+    },
     "tags": {
       "value": {
         "Env": "test",
@@ -649,7 +646,7 @@ module baseline 'br/public:avm/ptn/ai-platform/baseline:<version>' = {
 | [`keyVaultConfiguration`](#parameter-keyvaultconfiguration) | object | Configuration for the key vault. |
 | [`location`](#parameter-location) | string | Location for all Resources. |
 | [`logAnalyticsConfiguration`](#parameter-loganalyticsconfiguration) | object | Configuration for the Log Analytics workspace. |
-| [`managedIdentityConfiguration`](#parameter-managedidentityconfiguration) | object | Configuration for the user-assigned managed identities. |
+| [`managedIdentityName`](#parameter-managedidentityname) | string | The name of the user assigned identity for the AI Studio hub. If not provided, the hub will use a system assigned identity. |
 | [`storageAccountConfiguration`](#parameter-storageaccountconfiguration) | object | Configuration for the storage account. |
 | [`tags`](#parameter-tags) | object | Resource tags. |
 | [`virtualMachineConfiguration`](#parameter-virtualmachineconfiguration) | secureObject | Configuration for the virtual machine. |
@@ -889,30 +886,9 @@ The name of the Log Analytics workspace.
 - Required: No
 - Type: string
 
-### Parameter: `managedIdentityConfiguration`
-
-Configuration for the user-assigned managed identities.
-
-- Required: No
-- Type: object
-
-**Optional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`hubName`](#parameter-managedidentityconfigurationhubname) | string | The name of the workspace hub user-assigned managed identity. |
-| [`projectName`](#parameter-managedidentityconfigurationprojectname) | string | The name of the workspace project user-assigned managed identity. |
-
-### Parameter: `managedIdentityConfiguration.hubName`
-
-The name of the workspace hub user-assigned managed identity.
-
-- Required: No
-- Type: string
-
-### Parameter: `managedIdentityConfiguration.projectName`
+### Parameter: `managedIdentityName`
 
-The name of the workspace project user-assigned managed identity.
+The name of the user assigned identity for the AI Studio hub. If not provided, the hub will use a system assigned identity.
 
 - Required: No
 - Type: string
@@ -1144,14 +1120,6 @@ The name of the AI Studio workspace project.
 | `location` | string | The location the module was deployed to. |
 | `logAnalyticsWorkspaceName` | string | The name of the log analytics workspace. |
 | `logAnalyticsWorkspaceResourceId` | string | The resource ID of the log analytics workspace. |
-| `managedIdentityHubClientId` | string | The client ID of the workspace hub user assigned managed identity. |
-| `managedIdentityHubName` | string | The name of the workspace hub user assigned managed identity. |
-| `managedIdentityHubPrincipalId` | string | The principal ID of the workspace hub user assigned managed identity. |
-| `managedIdentityHubResourceId` | string | The resource ID of the workspace hub user assigned managed identity. |
-| `managedIdentityProjectClientId` | string | The client ID of the workspace project user assigned managed identity. |
-| `managedIdentityProjectName` | string | The name of the workspace project user assigned managed identity. |
-| `managedIdentityProjectPrincipalId` | string | The principal ID of the workspace project user assigned managed identity. |
-| `managedIdentityProjectResourceId` | string | The resource ID of the workspace project user assigned managed identity. |
 | `resourceGroupName` | string | The name of the resource group the module was deployed to. |
 | `storageAccountName` | string | The name of the storage account. |
 | `storageAccountResourceId` | string | The resource ID of the storage account. |
@@ -1161,8 +1129,10 @@ The name of the AI Studio workspace project.
 | `virtualNetworkResourceId` | string | The resource ID of the virtual network. |
 | `virtualNetworkSubnetName` | string | The name of the subnet in the virtual network. |
 | `virtualNetworkSubnetResourceId` | string | The resource ID of the subnet in the virtual network. |
+| `workspaceHubManagedIdentityPrincipalId` | string | The principal ID of the workspace hub system assigned identity, if applicable. |
 | `workspaceHubName` | string | The name of the workspace hub. |
 | `workspaceHubResourceId` | string | The resource ID of the workspace hub. |
+| `workspaceProjectManagedIdentityPrincipalId` | string | The principal ID of the workspace project system assigned identity. |
 | `workspaceProjectName` | string | The name of the workspace project. |
 | `workspaceProjectResourceId` | string | The resource ID of the workspace project. |