forked from Azure/Mission-Critical-Connected
-
Notifications
You must be signed in to change notification settings - Fork 0
/
steps-get-or-create-vnet.yaml
158 lines (128 loc) · 6.02 KB
/
steps-get-or-create-vnet.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
parameters:
prefix: ''
suffix: ''
steps:
- task: AzureCLI@2
displayName: 'Select VNets for stamps'
inputs:
azureSubscription: '$(azureServiceConnection)'
scriptType: pscore
scriptLocation: inlineScript
inlineScript: |
$prefix = "${{ parameters.prefix }}"
$suffix = "${{ parameters.suffix }}"
# Hashtable of VNet IDs per stamp location
$vnets = @{}
$stampLocations = '$(stampLocations)' | ConvertFrom-Json -NoEnumerate
$vnetFile = "$(System.DefaultWorkingDirectory)/.ado/pipelines/config/vnets-$(environment).json"
# Check if any pre-provisioned VNets have been specified for this enviroment by checking the existence of the file
if(Test-Path $vnetFile)
{
echo "*** Using pre-provided VNets from file $vnetFile"
# Load available pre-provided VNets
$availableVnets = Get-Content $vnetFile | ConvertFrom-JSON
foreach($location in $stampLocations)
{
# Pick list of regional VNets
$vnetsInLocation = $availableVnets.$location
if(-not $vnetsInLocation)
{
throw "*** ERROR: List of VNets in $vnetFile does not contain desired stamp region $location"
}
$earmarkTagName = "AlwaysOnVnetUsedBy"
$earmarkTagValue = "$prefix$suffix-$location"
echo "*** Attempting to find a VNet for deployment $earmarkTagValue"
# check if any VNet was already earmarked earlier. Then we can skip the other search
$vnet = az network vnet list --query "[?tags.$earmarkTagName == '$earmarkTagValue']" | ConvertFrom-Json
if($vnet)
{
echo "*** VNet $($vnet.name) was already used before be this same deployment ($earmarkTagValue). Will use this VNet again"
$vnets[$location] = $vnet.id
}
else
{
foreach($vnetId in $vnetsInLocation)
{
echo "*** Checking if VNet is in use: $vnetId"
$vnet = az network vnet show --ids $vnetId | ConvertFrom-Json
if(-not $vnet)
{
throw "*** ERROR $vnetId not found"
}
if(-not $vnet.tags.$earmarkTagName)
{
# Use this VNet as it was not earmarked yet by any other release
echo "*** VNet $($vnet.name) not earmarked. Will use this VNet"
$vnets[$location] = $vnetId
$tagKeyVaule = "$earmarkTagName=$earmarkTagValue"
echo "*** Adding earmark tag to VNet: $tagKeyVaule"
# Add a tag to mark this VNet being used by this deployment
az tag update --operation merge --resource-id $vnetId --tags $tagKeyVaule
break
}
else
{
echo "*** VNet $($vnet.name) not available as it is earmarked by release $($vnet.tags.$earmarkTagName)"
}
}
}
if(-not $vnets[$location])
{
throw "*** ERROR no available VNet found for location $location"
}
# Check DNS settings on each VNet. They need to be set to Default (Azure-provided)
foreach($vnetId in $vnets.Values)
{
$dns = az network vnet show --ids $vnetId --query "dhcpOptions.dnsServers" | convertfrom-json # If DNS is set to Default, this call will come back empty
if($dns)
{
throw "*** VNet $vnetId has custom DNS servers set ($dns)! DNS settings must use 'Default (Azure-provided)' in order to work correctly with Private Endpoints. If you need custom DNS resolution, you need to set up Azure DNS Private resolver (https://learn.microsoft.com/azure/dns/dns-private-resolver-overview)"
}
}
}
}
else
{
echo "*** No pre-provided VNets defined (file not found: $vnetFile). Creating temporary VNets..."
# This is usually the case for E2E: we do not have pre-provided VNets here, so we need to create them first
$rgName = "$prefix$suffix-networks-rg"
# Since the VNets are not connected, we can use the same address space for all.
# This value can be adjusted as needed
$addressSpace = "10.1.0.0/18"
foreach($location in $stampLocations)
{
$vnetName = "$prefix$suffix-$location-vnet"
# check if the VNet already exists (from a previous run of this job)
$vnet = az network vnet list --query "[?name=='$vnetName']" | ConvertFrom-JSON
if($LastExitCode -ne 0)
{
throw "*** Error on checking existing VNet $vnetName"
}
if($vnet)
{
echo "*** VNEt $vnetName already exists"
$vnets[$location] = $vnet.id
}
else
{
# We use a dedicated resource group for all the VNets for this deployment
echo "*** Check if Resource Group $rgName exists"
$checkRg = az group exists --name $rgName | ConvertFrom-Json
if (!$checkRg) {
Write-Warning "*** Resource Group $rgName does not exist. Creating..."
# get the stamp locations and use the first one to create the resource group there.
az group create --name $rgName --location $location
if ($LastExitCode -eq 1) {
Write-Error "*** Error - could not create resource group"
}
}
echo "*** Creating new VNet $vnetName for E2E environment..."
$vnet = $(az network vnet create -n $vnetName -g $rgName -l $location --address-prefixes $addressSpace) | ConvertFrom-JSON
$vnets[$location] = $vnet.newVnet.id
}
}
}
$vnetsJson = $vnets | ConvertTo-Json -Compress
echo "*** List of VNets per location: $vnetsJson"
# Write map of VNet Resource IDs per stamp location which when then be used for Terraform input
echo "##vso[task.setvariable variable=tfParameterVnetResourceIds]$vnetsJson"