Avm deployment script module and private network access #185
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Module Tests | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - "**.bicep" | |
| - "tests/pester/**.ps1" | |
| workflow_dispatch: {} | |
| env: | |
| ARM_BILLING_SCOPE_RID: "${{ secrets.ARM_BILLING_SCOPE_RID }}" | |
| ARM_LOCATION: "uksouth" | |
| ARM_TENANT_ID: "${{ secrets.ARM_TENANT_ID }}" | |
| ARM_CLIENT_ID: "${{ secrets.ARM_CLIENT_ID }}" | |
| GH_PR_NUMBER: "${{ github.event.number }}" | |
| SUB_HUB_ID: "${{ secrets.SUB_HUB_ID }}" | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| vending: | |
| name: Vending Subscription for Tests and Networking Scenarios | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Repo | |
| id: checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Azure Login | |
| id: login | |
| uses: azure/login@v1 | |
| with: | |
| client-id: ${{ secrets.ARM_CLIENT_ID }} | |
| tenant-id: ${{ secrets.ARM_TENANT_ID }} | |
| enable-AzPSSession: true | |
| allow-no-subscriptions: true | |
| - name: Vend Subscriptions & Networking Scenarios (What-If & Validate) | |
| id: vend-whatif | |
| uses: azure/powershell@v1 | |
| with: | |
| inlineScript: | | |
| $inputObject = @{ | |
| DeploymentName = 'pr-${{ env.GH_PR_NUMBER }}-lz-vend-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) | |
| ManagementGroupId = "bicep-lz-vending-automation" | |
| Location = "${{ env.ARM_LOCATION }}" | |
| TemplateFile = "./tests/lz-vending/full.test.bicep" | |
| TemplateParameterObject = @{ | |
| location = "${{ env.ARM_LOCATION }}" | |
| prNumber = "${{ env.GH_PR_NUMBER }}" | |
| subscriptionBillingScope = "${{ env.ARM_BILLING_SCOPE_RID }}" | |
| } | |
| } | |
| New-AzManagementGroupDeployment @inputObject -Whatif | |
| azPSVersion: "10.4.1" | |
| - name: Vend Subscriptions & Networking Scenarios (Deploy) | |
| id: vend | |
| uses: azure/powershell@v1 | |
| with: | |
| inlineScript: | | |
| $inputObject = @{ | |
| DeploymentName = 'pr-${{ env.GH_PR_NUMBER }}-lz-vend-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63]) | |
| ManagementGroupId = "bicep-lz-vending-automation" | |
| Location = "${{ env.ARM_LOCATION }}" | |
| TemplateFile = "./tests/lz-vending/full.test.bicep" | |
| TemplateParameterObject = @{ | |
| location = "${{ env.ARM_LOCATION }}" | |
| prNumber = "${{ env.GH_PR_NUMBER }}" | |
| subscriptionBillingScope = "${{ env.ARM_BILLING_SCOPE_RID }}" | |
| } | |
| } | |
| $bicepDeployment = New-AzManagementGroupDeployment @inputObject | |
| $outputValue = $bicepDeployment.Outputs.createdSubId.Value | |
| "SUBID=$outputValue" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append | |
| azPSVersion: "10.4.1" | |
| - name: Azure Login refresh | |
| id: loginRefresh | |
| uses: azure/login@v1 | |
| with: | |
| client-id: ${{ secrets.ARM_CLIENT_ID }} | |
| tenant-id: ${{ secrets.ARM_TENANT_ID }} | |
| enable-AzPSSession: true | |
| allow-no-subscriptions: true | |
| - name: Pester Tests | |
| id: pester | |
| uses: azure/powershell@v1 | |
| with: | |
| inlineScript: | | |
| Import-Module Pester -Force | |
| $pesterConfiguration = @{ | |
| Run = @{ | |
| Container = New-PesterContainer -Path "./tests/pester/full.tests.ps1" -Data @{ | |
| subId = "${{ env.SUBID }}" | |
| prNumber = "${{ env.GH_PR_NUMBER }}" | |
| location = "${{ env.ARM_LOCATION }}" | |
| } | |
| PassThru = $true | |
| } | |
| Output = @{ | |
| Verbosity = 'Detailed' | |
| } | |
| } | |
| $result = Invoke-Pester -Configuration $pesterConfiguration | |
| exit $result.FailedCount | |
| azPSVersion: "10.4.1" | |
| - name: Cleanup Vended Subscription & Networking Scenarios | |
| id: cleanup-vend | |
| if: always() | |
| uses: azure/powershell@v1 | |
| with: | |
| inlineScript: | | |
| # Resource Group Names | |
| $subId = "${{ env.SUBID }}" | |
| $rsgHsName = "rsg-${{ env.ARM_LOCATION }}-net-hs-pr-${{ env.GH_PR_NUMBER }}" | |
| $rsgVwanName = "rsg-${{ env.ARM_LOCATION }}-net-vwan-pr-${{ env.GH_PR_NUMBER }}" | |
| $rsgNetworkWatcherName = "NetworkWatcherRG" | |
| $guid = $subId.substring(0,6) | |
| $rsgDeploymentScriptName = "rsg-${{ env.ARM_LOCATION }}-ds-pr-${{ env.GH_PR_NUMBER }}-$guid" | |
| $allRoleAssignmentsSub = Get-AzRoleAssignment -Scope "/subscriptions/$subId" -ErrorAction SilentlyContinue | |
| $rbacIdentitiyNotFoundToCleanupContributor = $allRoleAssignmentsSub | Where-Object { $_.ObjectType -eq "Unknown" -and $_.RoleDefinitionName -eq "Contributor" } | |
| Write-Host "Cleanup Vended Subscription Resources & Resource Groups..." -ForegroundColor Yellow | |
| Select-AzSubscription -SubscriptionId "${{ env.SUBID }}" | |
| Remove-AzResourceGroup -Name $rsgHsName -Force | |
| Remove-AzResourceGroup -Name $rsgVwanName -Force | |
| Remove-AzResourceGroup -Name $rsgNetworkWatcherName -Force | |
| Remove-AzResourceGroup -Name $rsgDeploymentScriptName -Force | |
| Write-Host "Cleanup registered resource providers and features..." -ForegroundColor Yellow | |
| Unregister-AzProviderFeature -FeatureName "ArcServerPrivateLinkPreview" -ProviderNamespace "Microsoft.HybridCompute" | |
| Unregister-AzProviderFeature -FeatureName "AzureServicesVm" -ProviderNamespace "Microsoft.AVS" | |
| Unregister-AzResourceProvider -ProviderNamespace "Microsoft.HybridCompute" | |
| Unregister-AzResourceProvider -ProviderNamespace "Microsoft.AVS" | |
| Write-Host "Cleanup Hub Subscription Resources..." -ForegroundColor Yellow | |
| Select-AzSubscription -SubscriptionId "${{ env.SUB_HUB_ID }}" | |
| $vwanHubVhc = Get-AzVirtualHubVnetConnection -ResourceGroupName "rsg-blzv-perm-hubs-001" -VirtualHubName "vhub-uksouth-blzv" -Name * | |
| Remove-AzVirtualHubVnetConnection -ResourceId $vwanHubVhc[0].Id -Force | |
| $hubVnetPeering = Get-AzVirtualNetworkPeering -ResourceGroupName "rsg-blzv-perm-hubs-001" -VirtualNetworkName "vnet-uksouth-hub-blzv" -Name * | |
| Remove-AzVirtualNetworkPeering -ResourceGroupName "rsg-blzv-perm-hubs-001" -VirtualNetworkName "vnet-uksouth-hub-blzv" -Name "$($hubVnetPeering.Name)" -Force | |
| Write-Host "Cleanup Hub Subscription Resources... Complete!" -ForegroundColor Green | |
| Write-Host "Cleanup Unknown Contributor RBAC Assignments on Sub Scope..." -ForegroundColor Yellow | |
| foreach ($assignment in $rbacIdentitiyNotFoundToCleanupContributor) { | |
| Remove-AzRoleAssignment -objectId $assignment.ObjectId -Scope $assignment.Scope -RoleDefinitionName $assignment.RoleDefinitionName | |
| } | |
| Write-Host "Cleanup Unknown Contributor RBAC Assignments on Sub Scope... Complete!" -ForegroundColor Green | |
| azPSVersion: "10.4.1" |