Merge remote-tracking branch 'upstream/main'

tony-box · May 21, 2024 · 382c324 · 382c324
2 parents 7035d98 + 07699bd
commit 382c324
Show file tree

Hide file tree

Showing 392 changed files with 12,185 additions and 1,771 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -4,13 +4,14 @@
 /avm/ @Azure/avm-core-team-technical-bicep
 /avm/utilities/ @Azure/avm-core-team-technical-bicep
 /avm/ptn/authorization/policy-assignment/ @Azure/avm-ptn-authorization-policyassignment-module-owners-bicep @Azure/avm-core-team-technical-bicep
+/avm/ptn/authorization/resource-role-assignment/ @Azure/avm-ptn-authorization-resourceroleassignment-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/ptn/authorization/role-assignment/ @Azure/avm-ptn-authorization-roleassignment-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/ptn/security/security-center/ @Azure/avm-ptn-security-securitycenter-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/aad/domain-service/ @Azure/avm-res-aad-domainservice-module-owners-bicep @Azure/avm-core-team-technical-bicep
-#/avm/res/aad/domain-service/ @Azure/avm-res-aad-domainservice-module-owners-bicep
 /avm/res/analysis-services/server/ @Azure/avm-res-analysisservices-server-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/api-management/service/ @Azure/avm-res-apimanagement-service-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/app/container-app/ @Azure/avm-res-app-containerapp-module-owners-bicep @Azure/avm-core-team-technical-bicep
+/avm/res/app/job/ @Azure/avm-res-app-job-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/app/managed-environment/ @Azure/avm-res-app-managedenvironment-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/app-configuration/configuration-store/ @Azure/avm-res-appconfiguration-configurationstore-module-owners-bicep @Azure/avm-core-team-technical-bicep
 #/avm/res/authorization/lock/ @Azure/avm-res-authorization-lock-module-owners-bicep @Azure/avm-core-team-technical-bicep
@@ -24,6 +25,8 @@
 /avm/res/cache/redis/ @Azure/avm-res-cache-redis-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/cdn/profile/ @Azure/avm-res-cdn-profile-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/cognitive-services/account/ @Azure/avm-res-cognitiveservices-account-module-owners-bicep @Azure/avm-core-team-technical-bicep
+/avm/res/communication/communication-service/ @Azure/avm-res-communication-communicationservice-module-owners-bicep @Azure/avm-core-team-technical-bicep
+/avm/res/communication/email-service/ @Azure/avm-res-communication-emailservice-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/compute/availability-set/ @Azure/avm-res-compute-availabilityset-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/compute/disk/ @Azure/avm-res-compute-disk-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/compute/disk-encryption-set/ @Azure/avm-res-compute-diskencryptionset-module-owners-bicep @Azure/avm-core-team-technical-bicep

diff --git a/.github/ISSUE_TEMPLATE/avm_module_issue.yml b/.github/ISSUE_TEMPLATE/avm_module_issue.yml
@@ -39,6 +39,7 @@ body:
       options:
         - ""
         - "avm/ptn/authorization/policy-assignment"
+        - "avm/ptn/authorization/resource-role-assignment"
         - "avm/ptn/authorization/role-assignment"
         # - "avm/ptn/avd-lza/insights"
         # - "avm/ptn/avd-lza/management-plane"
@@ -50,12 +51,15 @@ body:
         - "avm/res/api-management/service"
         - "avm/res/app-configuration/configuration-store"
         - "avm/res/app/container-app"
+        - "avm/res/app/job"
         - "avm/res/app/managed-environment"
         - "avm/res/automation/automation-account"
         - "avm/res/batch/batch-account"
         - "avm/res/cache/redis"
         - "avm/res/cdn/profile"
         - "avm/res/cognitive-services/account"
+        - "avm/res/communication/communication-service"
+        - "avm/res/communication/email-service"
         - "avm/res/compute/availability-set"
         - "avm/res/compute/disk"
         - "avm/res/compute/disk-encryption-set"

diff --git a/.github/actions/templates/avm-getWorkflowInput/action.yml b/.github/actions/templates/avm-getWorkflowInput/action.yml
@@ -66,6 +66,11 @@ runs:
           # Output values to be accessed by next jobs
           $workflowInput = @{}
           foreach($parameterName in $parameters.Keys) {
+            if([String]::IsNullOrEmpty($parameters[$parameterName])) {
+              Write-Verbose "Skipping parameter [$parameterName] as it has no explicit or default value" -Verbose
+              continue
+            }
+
             Write-Verbose ('Passing output [{0}] with value [{1}]' -f $parameterName, $parameters[$parameterName]) -Verbose
             $workflowInput[$parameterName] = $parameters[$parameterName]
           }
@@ -88,6 +93,12 @@ runs:
           # Output values to be accessed by next jobs
           $workflowInput = @{}
           foreach($parameterName in $workflowParameters.Keys) {
+
+            if([String]::IsNullOrEmpty($workflowParameters[$parameterName])) {
+              Write-Verbose "Skipping parameter [$parameterName] as it has no explicit or default value" -Verbose
+              continue
+            }
+
             Write-Verbose ('Passing output [{0}] with value [{1}]' -f $parameterName, $workflowParameters[$parameterName]) -Verbose
             $workflowInput[$parameterName] = $workflowParameters[$parameterName].toString()
           }

diff --git a/.github/actions/templates/avm-validateModuleDeployment/action.yml b/.github/actions/templates/avm-validateModuleDeployment/action.yml
@@ -14,13 +14,14 @@
 ##   |======================================================================================================================================================================================|
 ##   | Parameter                  | Required | Default | Description                                           | Example                                                                    |
 ##   |----------------------------|----------|---------|-------------------------------------------------------|----------------------------------------------------------------------------|
-##   | modulePath                 | true     | ''      | The path to the module file directory                 | 'modules/api-management/service/main.bicep'
-##   | templateFilePath           | true     | ''      | The path to the template file to use for deployment   | 'modules/api-management/service/tests/e2e/maix/main.test.bicep'                                |
+##   | modulePath                 | true     | ''      | The path to the module file directory                 | 'modules/api-management/service/main.bicep'                                |
+##   | templateFilePath           | true     | ''      | The path to the template file to use for deployment   | 'modules/api-management/service/tests/e2e/maix/main.test.bicep'            |
 ##   | deploymentMetadataLocation | true     | ''      | The location to store the deployment metadata         | 'WestEurope'                                                               |
 ##   | subscriptionId             | false    | ''      | The subscriptionId to deploy to                       | '1a97b80a-4dda-4f50-ab53-349e29344654'                                     |
 ##   | managementGroupId          | false    | ''      | The managementGroupId to deploy to                    | '1a97b80a-4dda-4f50-ab53-349e29344654'                                     |
 ##   | customTokens               | false    | ''      | Additional token pairs in json format.                | '{"tokenName":"tokenValue"}'                                               |
 ##   | removeDeployment           | false    | 'true'  | Set "true" to set module up for removal               | 'true'                                                                     |
+##   | customLocation             | false    |         | Custom location overwrite, if needed                  | 'WestEurope'                                                               |
 ##   |======================================================================================================================================================================================|
 ##
 #########################################################
@@ -51,6 +52,9 @@ inputs:
     description: 'Set "true" to set module up for removal'
     default: "true"
     required: false
+  customLocation:
+    description: "Custom location overwrite, if needed"
+    required: false
 
 runs:
   using: "composite"
@@ -73,7 +77,7 @@ runs:
           Write-Output '::group::Get Recommended Regions'
 
           # Load used functions
-          . (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines' 'e2eValidation' 'regionSelector' 'Get-AzAvailableResourceLocation.ps1')
+          . (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines' 'e2eValidation' 'regionSelector' 'Get-AvailableResourceLocation.ps1')
 
           # Set function input parameters
           $functionInput = @{
@@ -84,7 +88,12 @@ runs:
           Write-Verbose "Invoke function with" -Verbose
           Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose
 
-          $resourceLocation = Get-AzAvailableResourceLocation @functionInput -Verbose
+          if([String]::IsNullOrEmpty('${{ inputs.customLocation }}')) {
+            $resourceLocation = Get-AvailableResourceLocation @functionInput -Verbose
+          } else {
+            $resourceLocation = '${{ inputs.customLocation }}'
+            Write-Verbose 'Using specified location [${{ inputs.customLocation }}]' -Verbose
+          }
 
           Write-Verbose ('{0}-{1}' -f 'resourceLocation', $resourceLocation) -Verbose
           Write-Output ('{0}={1}' -f 'resourceLocation', $resourceLocation) >> $env:GITHUB_OUTPUT
@@ -196,7 +205,11 @@ runs:
             SubscriptionId             = $subscriptionId
             ManagementGroupId          = $managementGroupId
             RepoRoot                   = $env:GITHUB_WORKSPACE
-            AdditionalParameters       = @{
+            AdditionalParameters       = @{}
+          }
+
+          if($moduleTemplatePossibleParameters -contains 'resourceLocation') {
+            $functionInput.AdditionalParameters += @{
               resourceLocation = '${{ steps.get-resource-location.outputs.resourceLocation }}'
             }
           }
@@ -248,7 +261,11 @@ runs:
             ManagementGroupId          = $managementGroupId
             DoNotThrow                 = $true
             RepoRoot                   = $env:GITHUB_WORKSPACE
-            AdditionalParameters       = @{
+            AdditionalParameters       = @{}
+          }
+
+          if($moduleTemplatePossibleParameters -contains 'resourceLocation') {
+            $functionInput.AdditionalParameters += @{
               resourceLocation = '${{ steps.get-resource-location.outputs.resourceLocation }}'
             }
           }

diff --git a/.github/workflows/avm.ptn.authorization.policy-assignment.yml b/.github/workflows/avm.ptn.authorization.policy-assignment.yml
@@ -20,6 +20,10 @@ on:
         description: "Remove deployed module"
         required: false
         default: true
+      customLocation:
+        type: string
+        description: "Default location overwrite (e.g., eastus)"
+        required: false
   push:
     branches:
       - main

diff --git a/.github/workflows/avm.ptn.authorization.resource-role-assignment.yml b/.github/workflows/avm.ptn.authorization.resource-role-assignment.yml
@@ -0,0 +1,90 @@
+name: "avm.ptn.authorization.resource-role-assignment"
+
+on:
+  schedule:
+    - cron: "0 12 1/15 * *" # Bi-Weekly Test (on 1st & 15th of month)
+  workflow_dispatch:
+    inputs:
+      staticValidation:
+        type: boolean
+        description: "Execute static validation"
+        required: false
+        default: true
+      deploymentValidation:
+        type: boolean
+        description: "Execute deployment validation"
+        required: false
+        default: true
+      removeDeployment:
+        type: boolean
+        description: "Remove deployed module"
+        required: false
+        default: true
+      customLocation:
+        type: string
+        description: "Default location overwrite (e.g., eastus)"
+        required: false
+  push:
+    branches:
+      - main
+    paths:
+      - ".github/actions/templates/avm-**"
+      - ".github/workflows/avm.template.module.yml"
+      - ".github/workflows/avm.ptn.authorization.resource-role-assignment.yml"
+      - "avm/ptn/authorization/resource-role-assignment/**"
+      - "avm/utilities/pipelines/**"
+      - "!avm/utilities/pipelines/platform/**"
+      - "!*/**/README.md"
+
+env:
+  modulePath: "avm/ptn/authorization/resource-role-assignment"
+  workflowPath: ".github/workflows/avm.ptn.authorization.resource-role-assignment.yml"
+
+concurrency:
+  group: ${{ github.workflow }}
+
+jobs:
+  ###########################
+  #   Initialize pipeline   #
+  ###########################
+  job_initialize_pipeline:
+    runs-on: ubuntu-latest
+    name: "Initialize pipeline"
+    steps:
+      - name: "Checkout"
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: "Set input parameters to output variables"
+        id: get-workflow-param
+        uses: ./.github/actions/templates/avm-getWorkflowInput
+        with:
+          workflowPath: "${{ env.workflowPath}}"
+      - name: "Get module test file paths"
+        id: get-module-test-file-paths
+        uses: ./.github/actions/templates/avm-getModuleTestFiles
+        with:
+          modulePath: "${{ env.modulePath }}"
+    outputs:
+      workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }}
+      moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }}
+      psRuleModuleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.psRuleModuleTestFilePaths }}
+      modulePath: "${{ env.modulePath }}"
+
+  ##############################
+  #   Call reusable workflow   #
+  ##############################
+  call-workflow-passing-data:
+    name: "Run"
+    permissions:
+      id-token: write # For OIDC
+      contents: write # For release tags
+    needs:
+      - job_initialize_pipeline
+    uses: ./.github/workflows/avm.template.module.yml
+    with:
+      workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}"
+      moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}"
+      psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}"
+      modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}"
+    secrets: inherit
diff --git a/.github/workflows/avm.ptn.authorization.role-assignment.yml b/.github/workflows/avm.ptn.authorization.role-assignment.yml
@@ -20,6 +20,10 @@ on:
         description: "Remove deployed module"
         required: false
         default: true
+      customLocation:
+        type: string
+        description: "Default location overwrite (e.g., eastus)"
+        required: false
   push:
     branches:
       - main

diff --git a/.github/workflows/avm.ptn.policy-insights.remediation.yml b/.github/workflows/avm.ptn.policy-insights.remediation.yml
@@ -20,6 +20,10 @@ on:
         description: "Remove deployed module"
         required: false
         default: true
+      customLocation:
+        type: string
+        description: "Default location overwrite (e.g., eastus)"
+        required: false
   push:
     branches:
       - main

diff --git a/.github/workflows/avm.ptn.security.security-center.yml b/.github/workflows/avm.ptn.security.security-center.yml
@@ -20,6 +20,10 @@ on:
         description: "Remove deployed module"
         required: false
         default: true
+      customLocation:
+        type: string
+        description: "Default location overwrite (e.g., eastus)"
+        required: false
   push:
     branches:
       - main

diff --git a/.github/workflows/avm.res.aad.domain-service.yml b/.github/workflows/avm.res.aad.domain-service.yml
@@ -20,6 +20,10 @@ on:
         description: "Remove deployed module"
         required: false
         default: true
+      customLocation:
+        type: string
+        description: "Default location overwrite (e.g., eastus)"
+        required: false
   push:
     branches:
       - main

diff --git a/.github/workflows/avm.res.analysis-services.server.yml b/.github/workflows/avm.res.analysis-services.server.yml
@@ -20,6 +20,10 @@ on:
         description: "Remove deployed module"
         required: false
         default: true
+      customLocation:
+        type: string
+        description: "Default location overwrite (e.g., eastus)"
+        required: false
   push:
     branches:
       - main

diff --git a/.github/workflows/avm.res.api-management.service.yml b/.github/workflows/avm.res.api-management.service.yml
@@ -20,6 +20,10 @@ on:
         description: "Remove deployed module"
         required: false
         default: true
+      customLocation:
+        type: string
+        description: "Default location overwrite (e.g., eastus)"
+        required: false
   push:
     branches:
       - main

diff --git a/.github/workflows/avm.res.app-configuration.configuration-store.yml b/.github/workflows/avm.res.app-configuration.configuration-store.yml
@@ -20,6 +20,10 @@ on:
         description: "Remove deployed module"
         required: false
         default: true
+      customLocation:
+        type: string
+        description: "Default location overwrite (e.g., eastus)"
+        required: false
   push:
     branches:
       - main

diff --git a/.github/workflows/avm.res.app.container-app.yml b/.github/workflows/avm.res.app.container-app.yml
@@ -20,6 +20,10 @@ on:
         description: "Remove deployed module"
         required: false
         default: true
+      customLocation:
+        type: string
+        description: "Default location overwrite (e.g., eastus)"
+        required: false
   push:
     branches:
       - main