ResourceModules
ResourceModules copied to clipboard
Azure
[CI Environment] [MAJOR/BREAKING] Introducing OIDC and dual environment support
Description
Adding support for 2 environments with separate subscriptions and Service Principals for:
-
[x] ADO:
- [x] Service connection for Validation and Publishing.
- [x] Variables for subscription IDs for validation and publishing.
- [x] Module pipelines now deploy:
- [x] Deploying validation to a validation service connection.
- [x] Publishing template specs and bicep registry using publishing service connection.
- [x] Deploying validation to a validation service connection.
- [x] Dependency pipeline use validation service connection.
- [x] Update publishing script to support specifying subscription when using a MG level SvcCon. (Should we support this?)
- [x] Service connection for Validation and Publishing.
-
[x] GH:
- [x] OIDC profiles for publishing and validation
- [x] Environments and secrets for publishing and validation
- [x] Module workflows now deploy:
- [x] Validation steps with
Validationenvironment.
- [x] Publishing steps with
Publishingenvironment.
- [x] Validation steps with
- [x] Dependency workflow uses
Validationenvironment.
- [x] OIDC profiles for publishing and validation
-
[ ] Update
Getting started - scenario 2documentation.
Pipeline references
| Pipeline |
|---|
 |
 |
 |
Type of Change
Please delete options that are not relevant.
- [ ] Bugfix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [x] Breaking change (fix or feature that would cause existing functionality to not work as expected)
- [x] Update to documentation
Checklist
- [x] I'm sure there are no other open Pull Requests for the same update/change
- [x] My corresponding pipelines / checks run clean and green without any errors or warnings
- [x] My code follows the style guidelines of this project
- [x] I have commented my code, particularly in hard-to-understand areas
- [x] I have made corresponding changes to the documentation (readme)
- [x] I did format my code
Unit Test Results
1 files ±0 1 suites ±0 16s :stopwatch: +3s 49 tests +4 49 :heavy_check_mark: +4 0 :zzz: ±0 0 :x: ±0 50 runs +5 50 :heavy_check_mark: +5 0 :zzz: ±0 0 :x: ±0
Results for commit 6393e1d1. ± Comparison against base commit 27b1952f.
This pull request removes 45 and adds 49 tests. Note that renamed tests count towards both.
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ API version tests [All apiVersions in the template should be 'recent'].In [Microsoft.DesktopVirtualization/scalingplans] used resource type [diagnosticsettings] should use one of the recent API version(s). Currently using [2021-05-01-preview]
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ API version tests [All apiVersions in the template should be 'recent'].In [Microsoft.DesktopVirtualization/scalingplans] used resource type [roleassignments] should use one of the recent API version(s). Currently using [2020-10-01-preview]
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ API version tests [All apiVersions in the template should be 'recent'].In [Microsoft.DesktopVirtualization/scalingplans] used resource type [scalingPlans] should use one of the recent API version(s). Currently using [2021-09-03-preview]
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Deployment template tests.Deployment template tests.[Microsoft.DesktopVirtualization/scalingplans] All apiVersion properties should be set to a static, hard-coded value
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Deployment template tests.Deployment template tests.[Microsoft.DesktopVirtualization/scalingplans] All parameters in parameters files exist in template file (deploy.json)
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Deployment template tests.Deployment template tests.[Microsoft.DesktopVirtualization/scalingplans] All required parameters in template file (deploy.json) should exist in parameters files
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Deployment template tests.Deployment template tests.[Microsoft.DesktopVirtualization/scalingplans] CUA ID deployment should be present in the template
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Deployment template tests.Deployment template tests.[Microsoft.DesktopVirtualization/scalingplans] Conditional parameters' description should contain 'Required if' followed by the condition making the parameter required.
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Deployment template tests.Deployment template tests.[Microsoft.DesktopVirtualization/scalingplans] If delete lock is implemented, the template should have a lock parameter with the default value of ['']
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Deployment template tests.Deployment template tests.[Microsoft.DesktopVirtualization/scalingplans] Location output should be returned for resources that use it
…
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ API version tests [All apiVersions in the template should be 'recent'].In [Microsoft.Batch/batchAccounts] used resource type [batchAccounts] should use one of the recent API version(s). Currently using [2022-01-01]
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ API version tests [All apiVersions in the template should be 'recent'].In [Microsoft.Batch/batchAccounts] used resource type [diagnosticsettings] should use one of the recent API version(s). Currently using [2021-05-01-preview]
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ API version tests [All apiVersions in the template should be 'recent'].In [Microsoft.Batch/batchAccounts] used resource type [locks] should use one of the recent API version(s). Currently using [2017-04-01]
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Deployment template tests.Deployment template tests.[Microsoft.Batch/batchAccounts] All apiVersion properties should be set to a static, hard-coded value
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Deployment template tests.Deployment template tests.[Microsoft.Batch/batchAccounts] All parameters in parameters files exist in template file (deploy.json)
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Deployment template tests.Deployment template tests.[Microsoft.Batch/batchAccounts] All required parameters in template file (deploy.json) should exist in parameters files
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Deployment template tests.Deployment template tests.[Microsoft.Batch/batchAccounts] CUA ID deployment should be present in the template
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Deployment template tests.Deployment template tests.[Microsoft.Batch/batchAccounts] Conditional parameters' description should contain 'Required if' followed by the condition making the parameter required.
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Deployment template tests.Deployment template tests.[Microsoft.Batch/batchAccounts] If delete lock is implemented, the template should have a lock parameter with the default value of ['']
/home/runner/work/ResourceModules/ResourceModules/arm/.global/global.module.tests.ps1 ‑ Deployment template tests.Deployment template tests.[Microsoft.Batch/batchAccounts] Location output should be returned for resources that use it
…
:recycle: This comment has been updated with latest results.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@MariusStorhaug great work! What I don't get: When you are using ARM_ and when Azure_ in variable names?
For example, you renamed env.ARM_SUBSCRIPTION_ID -> env.AZURE_SUBSCRIPTION_ID here
but did not change env.ARM_MGMTGROUP_ID here
Was it on purpose or is this just missing? I think we should stick to one pattern here. What do you think?
