Add Complete Starter Module

bootstrap/.config/ALZ-Powershell.config.json

@@ -1,5 +1,5 @@
 {
-    "parameters": { },
+    "parameters": {},
     "validators": {
         "starter_module": {
             "Type": "AllowedValues",
@@ -9,11 +9,12 @@
                 "Values": [
                     ".test",
                     "basic",
-                    "hubnetworking"
+                    "hubnetworking",
+                    "complete"
                 ]
             }
         },
-        "auth_scheme" : {
+        "auth_scheme": {
             "Type": "AllowedValues",
             "Description": "A valid authentication scheme e.g. 'WorkloadIdentityFederation'",
             "AllowedValues": {
@@ -24,7 +25,7 @@
                 ]
             }
         },
-        "azure_location" : {
+        "azure_location": {
             "Type": "AllowedValues",
             "Description": "An Azure deployment location e.g. 'uksouth'",
             "AllowedValues": {
@@ -82,27 +83,27 @@
                 ]
             }
         },
-        "azure_subscription_id" : {
+        "azure_subscription_id": {
             "Type": "Valid",
             "Description": "A valid subscription id GUID e.g. '12345678-1234-1234-1234-123456789012'",
             "Valid": "^( {){0,1}[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}(}){0,1}$"
         },
-        "azure_name" : {
+        "azure_name": {
             "Type": "Valid",
             "Description": "A valid Azure name e.g. 'my-azure-name'",
             "Valid": "^[a-zA-Z0-9]{2,10}(-[a-zA-Z0-9]{2,10}){0,1}(-[a-zA-Z0-9]{2,10})?$"
         },
-        "azure_name_section" : {
+        "azure_name_section": {
             "Type": "Valid",
             "Description": "A valid Azure name with no hyphens and limited length e.g. 'mgmt'",
             "Valid": "^[a-zA-Z0-9]{2,10}$"
         },
-        "guid" : {
+        "guid": {
             "Type": "Valid",
             "Description": "A valid GUID e.g. '12345678-1234-1234-1234-123456789012'",
             "Valid": "^( {){0,1}[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}(}){0,1}$"
         },
-        "bool" : {
+        "bool": {
             "Type": "AllowedValues",
             "Description": "A boolean value e.g. 'true'",
             "AllowedValues": {
@@ -113,7 +114,7 @@
                 ]
             }
         },
-        "number" : {
+        "number": {
             "Type": "Valid",
             "Description": "A number e.g. '123'",
             "Valid": "^(0|[1-9][0-9]*)$"
@@ -129,7 +130,7 @@
                 ]
             }
         },
-        "cidr_range" : {
+        "cidr_range": {
             "Type": "Valid",
             "Description": "A valid CIDR range e.g '10.0.0.0/16'",
             "Valid": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/(3[0-2]|[1-2][0-9]|[0-9]))$"

bootstrap/azuredevops/main.tf

@@ -61,6 +61,16 @@ module "ci_cd_module_files" {
   flag        = "cicd"
 }
 
+locals {
+  starter_module_repo_files = merge(module.starter_module_files.files, module.ci_cd_module_files.files)
+  additional_repo_files = { for file in var.additional_files : basename(file) => {
+    path = file
+    flag = "additional"
+    }
+  }
+  all_repo_files = merge(local.starter_module_repo_files, local.additional_repo_files)
+}
+
 module "azure_devops" {
   source                                       = "./../modules/azure_devops"
   use_legacy_organization_url                  = var.azure_devops_use_organisation_legacy_url
@@ -71,7 +81,7 @@ module "azure_devops" {
   environment_name_plan                        = local.resource_names.version_control_system_environment_plan
   environment_name_apply                       = local.resource_names.version_control_system_environment_apply
   repository_name                              = local.resource_names.version_control_system_repository
-  repository_files                             = merge(module.starter_module_files.files, module.ci_cd_module_files.files)
+  repository_files                             = local.all_repo_files
   service_connection_name                      = local.resource_names.version_control_system_service_connection
   variable_group_name                          = local.resource_names.version_control_system_variable_group
   managed_identity_client_id                   = module.azure.user_assigned_managed_identity_client_id

bootstrap/azuredevops/variables.tf

@@ -77,6 +77,12 @@ variable "root_management_group_display_name" {
   default     = "Tenant Root Group"
 }
 
+variable "additional_files" {
+  description = "Additional files to upload to the repository. This must be specified as a comma-separated list of absolute file paths (e.g. c:\\config\\config.yaml or /home/user/config/config.yaml)|14"
+  type        = list(string)
+  default     = []
+}
+
 variable "agent_container_image" {
   description = "The container image to use for Azure DevOps Agents|hidden"
   type        = string

bootstrap/github/main.tf

@@ -42,14 +42,24 @@ module "ci_cd_module_files" {
   flag        = "cicd"
 }
 
+locals {
+  starter_module_repo_files = merge(module.starter_module_files.files, module.ci_cd_module_files.files)
+  additional_repo_files = { for file in var.additional_files : basename(file) => {
+    path = file
+    flag = "additional"
+    }
+  }
+  all_repo_files = merge(local.starter_module_repo_files, local.additional_repo_files)
+}
+
 module "github" {
   source                                       = "./../modules/github"
   organization_name                            = var.version_control_system_organization
   environment_name_plan                        = local.resource_names.version_control_system_environment_plan
   environment_name_apply                       = local.resource_names.version_control_system_environment_apply
   repository_name                              = local.resource_names.version_control_system_repository
   repository_visibility                        = var.repository_visibility
-  repository_files                             = merge(module.starter_module_files.files, module.ci_cd_module_files.files)
+  repository_files                             = local.all_repo_files
   managed_identity_client_id                   = module.azure.user_assigned_managed_identity_client_id
   azure_tenant_id                              = data.azurerm_client_config.current.tenant_id
   azure_subscription_id                        = data.azurerm_client_config.current.subscription_id

bootstrap/github/variables.tf

@@ -56,6 +56,12 @@ variable "root_management_group_display_name" {
   default     = "Tenant Root Group"
 }
 
+variable "additional_files" {
+  description = "Additional files to upload to the repository. This must be specified as a comma-separated list of absolute file paths (e.g. c:\\config\\config.yaml or /home/user/config/config.yaml)|11"
+  type        = list(string)
+  default     = []
+}
+
 variable "target_subscriptions" {
   description = "The target subscriptions to apply onwer permissions to|hidden_azure_subscription_ids"
   type        = list(string)

bootstrap/modules/azure_devops/repository.tf

@@ -28,7 +28,7 @@ locals {
   module_files = { for key, value in var.repository_files : key =>
     {
       content = replace((file(value.path)), "# backend \"azurerm\" {}", "backend \"azurerm\" {}")
-    } if value.flag == "module"
+    } if value.flag == "module" || value.flag == "additional"
   }
   repository_files = merge(local.cicd_file, local.module_files)
 }

bootstrap/modules/github/repository.tf

@@ -20,7 +20,7 @@ locals {
   module_files = { for key, value in var.repository_files : key =>
     {
       content = replace((file(value.path)), "# backend \"azurerm\" {}", "backend \"azurerm\" {}")
-    } if value.flag == "module"
+    } if value.flag == "module" || value.flag == "additional"
   }
   repository_files = merge(local.cicd_file, local.module_files)
 }

docs/wiki/[User-Guide]-Quick-Start-Phase-2.md

@@ -30,6 +30,7 @@ The inputs differ depending on the VCS you have chosen:
     1. `azure_devops_authentication_scheme`: Enter the authentication scheme that your pipeline will use to authenticate to Azure. `WorkloadIdentityFederation` uses OpenId Connect and is the recommended approach. `ManagedServiceIdentity` requires the deployment of self-hosted agents are part of the bootstrap setup.
     1. `apply_approvers`: This is a list of service principal names (SPN) of people you wish to be in the group that approves apply of the Azure landing zone module. This is a comma-separated list like `[email protected],[email protected],[email protected]`. You may need to check what the SPN is prior to filling this out as it can vary based on identity provider.
     1. `root_management_group_display_name`: The is the name of the root management group that you applied permissions to in a previous step. This defaults to `Tenant Root Group`, but if you organization has changed it you'll need to enter the new display name.
+    1. `additional_files`: This is a method to supply additional files to your starter module. This is specifically used when using the `complete` starter module to supply the `config.yaml` file. This must be specified as a comma-separated list of absolute file paths (e.g. c:\\config\\config.yaml or /home/user/config/config.yaml). If you don't supply an absolute path, it will fail.
 1. You will now see a green message telling you that the next section is specigic to the starter module you choose. Navigate to the documentation for the relevant starter module to get details of the specific inputs.
 1. Once you have entered the starter module input, you see that a Terraform `init` and `apply` happen.
 1. There will be a pause after the `plan` phase you allow you to validate what is going to be deployed.
@@ -51,6 +52,7 @@ The inputs differ depending on the VCS you have chosen:
     1. `apply_approvers`: This is a list of service principal names (SPN) of people you wish to be in the group that approves apply of the Azure landing zone module. This is a comma-separated list like `[email protected],[email protected],[email protected]`. You may need to check what the SPN is prior to filling this out as it can vary based on identity provider.
     1. `repository_visibility`: This determines whether the repository is `public` or `private`. We recommend you choose `private`, but if you are testing and don't have a licensed GitHub organization, you will need to choose `public` or the boostrapping will fail due to missing functionality.
     1. `root_management_group_display_name`: The is the name of the root management group that you applied permissions to in a previous step. This defaults to `Tenant Root Group`, but if you organization has changed it you'll need to enter the new display name.
+    1. `additional_files`: This is a method to supply additional files to your starter module. This is specifically used when using the `complete` starter module to supply the `config.yaml` file. This must be specified as a comma-separated list of absolute file paths (e.g. c:\\config\\config.yaml or /home/user/config/config.yaml). If you don't supply an absolute path, it will fail.
 1. You will now see a green message telling you that the next section is specigic to the starter module you choose. Navigate to the documentation for the relevant starter module to get details of the specific inputs.
 1. Once you have entered the starter module input, you see that a Terraform `init` and `apply` happen.
 1. There will be a pause after the `plan` phase you allow you to validate what is going to be deployed.

templates/complete/config.yaml

@@ -0,0 +1,44 @@
+archetypes: # `caf-enterprise-scale` module, add inputs as listed on the module registry where necessary.
+  root_name: es
+  root_id: Enterprise-Scale
+  deploy_corp_landing_zones: true
+  deploy_online_landing_zones: true
+  default_location: uksouth
+  deploy_management_resources: true
+  configure_management_resources:
+    location: uksouth
+    settings:
+      security_center:
+        config:
+          email_security_contact: "security_contact@replace_me"
+    advanced:
+      asc_export_resource_group_name: rg-asc-export
+      custom_settings_by_resource_type:
+        azurerm_resource_group:
+          management:
+            name: rg-management
+        azurerm_log_analytics_workspace:
+          management:
+            name: log-management
+        azurerm_automation_account:
+          management:
+            name: aa-management
+connectivity:
+  hubnetworking: # `hubnetworking` module, add inputs as listed on the module registry where necessary.
+    hub_virtual_networks:
+      primary:
+        name: vnet-hub
+        resource_group_name: rg-connectivity
+        location: uksouth
+        address_space:
+          - 10.0.0.0/16
+        firewall:
+          name: fw-hub
+          sku_name: AZFW_VNet
+          sku_tier: Standard
+          subnet_address_prefix: 10.0.1.0/24
+        virtual_network_gateway: # `vnet-gateway` module, add inputs as listed on the module registry where necessary.
+          name: vgw-hub
+          sku: VpnGw1
+          type: Vpn
+          subnet_address_prefix: 10.0.2.0/24

templates/complete/data.tf

@@ -0,0 +1 @@
+data "azurerm_client_config" "core" {}

templates/complete/locals.tf

@@ -0,0 +1,27 @@
+locals {
+  config     = yamldecode(file("${path.module}/config.yaml"))
+  archetypes = local.config.archetypes
+  hub_virtual_networks = {
+    for k, v in local.config.connectivity.hubnetworking.hub_virtual_networks : k => {
+      for k2, v2 in v : k2 => v2 if k2 != "virtual_network_gateway"
+    }
+  }
+  vritual_network_gateways = {
+    for k, v in local.config.connectivity.hubnetworking.hub_virtual_networks : k => merge(
+      v.virtual_network_gateway,
+      {
+        location                            = v.location
+        virtual_network_name                = v.name
+        virtual_network_resource_group_name = v.resource_group_name
+      }
+    )
+  }
+  dummy_hub_virtual_network = {
+    hub = {
+      name                = "dummy"
+      address_space       = ["0.0.0.0/0"]
+      location            = "dummy"
+      resource_group_name = "dummy"
+    }
+  }
+}