Migrate Networking configuration to JSON parameters file (Azure#250)

16Rookie16 · Apr 20, 2022 · 3d9c60d · 3d9c60d
1 parent 38fc344
commit 3d9c60d
Show file tree

Hide file tree

Showing 33 changed files with 5,630 additions and 852 deletions.
diff --git a/.github/workflows/consistency-check.yml b/.github/workflows/consistency-check.yml
@@ -8,6 +8,7 @@ on:
 env:
   SCHEMA_FOLDER: schemas/latest/landingzones
   LOGGING_PATH_FROM_ROOT: config/logging
+  NETWORKING_PATH_FROM_ROOT: config/networking
   SUBSCRIPTIONS_PATH_FROM_ROOT: config/subscriptions
 
 jobs:
@@ -57,6 +58,30 @@ jobs:
               Get-Content -Raw $_ | Test-Json -SchemaFile $LoggingSchemaFile
           }
 
+          $HubNetworkWithAzureFirewallFileFilter="*.json"
+          $HubNetworkWithAzureFirewallSchemaFile="${{env.SCHEMA_FOLDER}}/lz-platform-connectivity-hub-azfw.json"
+
+          Get-ChildItem -Recurse -Filter $HubNetworkWithAzureFirewallFileFilter -Path "${{env.NETWORKING_PATH_FROM_ROOT}}/*/hub-azfw/" | ForEach-Object {
+              Write-Host "Validating: $_ with $HubNetworkWithAzureFirewallSchemaFile"
+              Get-Content -Raw $_ | Test-Json -SchemaFile $HubNetworkWithAzureFirewallSchemaFile
+          }
+
+          $HubNetworkWithAzureFirewallPolicyFileFilter="*.json"
+          $HubNetworkWithAzureFirewallPolicySchemaFile="${{env.SCHEMA_FOLDER}}/lz-platform-connectivity-hub-azfw-policy.json"
+
+          Get-ChildItem -Recurse -Filter $HubNetworkWithAzureFirewallPolicyFileFilter -Path "${{env.NETWORKING_PATH_FROM_ROOT}}/*/hub-azfw-policy/" | ForEach-Object {
+              Write-Host "Validating: $_ with $HubNetworkWithAzureFirewallPolicySchemaFile"
+              Get-Content -Raw $_ | Test-Json -SchemaFile $HubNetworkWithAzureFirewallPolicySchemaFile
+          }
+
+          $HubNetworkWithNVAFileFilter="*.json"
+          $HubNetworkWithNVASchemaFile="${{env.SCHEMA_FOLDER}}/lz-platform-connectivity-hub-nva.json"
+
+          Get-ChildItem -Recurse -Filter $HubNetworkWithNVAFileFilter -Path "${{env.NETWORKING_PATH_FROM_ROOT}}/*/hub-nva/" | ForEach-Object {
+              Write-Host "Validating: $_ with $HubNetworkWithNVASchemaFile"
+              Get-Content -Raw $_ | Test-Json -SchemaFile $HubNetworkWithNVASchemaFile
+          }
+
           $GenericSubscriptionFileFilter="*generic-subscription*.json"
           $GenericSubscriptionSchemaFile="${{env.SCHEMA_FOLDER}}/lz-generic-subscription.json"
 

diff --git a/.github/workflows/pull-request-check.yml b/.github/workflows/pull-request-check.yml
@@ -11,6 +11,7 @@ on:
 env:
   SCHEMA_FOLDER: schemas/latest/landingzones
   LOGGING_PATH_FROM_ROOT: config/logging
+  NETWORKING_PATH_FROM_ROOT: config/networking
   SUBSCRIPTIONS_PATH_FROM_ROOT: config/subscriptions
 
 jobs:
@@ -60,6 +61,30 @@ jobs:
               Get-Content -Raw $_ | Test-Json -SchemaFile $LoggingSchemaFile
           }
 
+          $HubNetworkWithAzureFirewallFileFilter="*.json"
+          $HubNetworkWithAzureFirewallSchemaFile="${{env.SCHEMA_FOLDER}}/lz-platform-connectivity-hub-azfw.json"
+
+          Get-ChildItem -Recurse -Filter $HubNetworkWithAzureFirewallFileFilter -Path "${{env.NETWORKING_PATH_FROM_ROOT}}/*/hub-azfw/" | ForEach-Object {
+              Write-Host "Validating: $_ with $HubNetworkWithAzureFirewallSchemaFile"
+              Get-Content -Raw $_ | Test-Json -SchemaFile $HubNetworkWithAzureFirewallSchemaFile
+          }
+
+          $HubNetworkWithAzureFirewallPolicyFileFilter="*.json"
+          $HubNetworkWithAzureFirewallPolicySchemaFile="${{env.SCHEMA_FOLDER}}/lz-platform-connectivity-hub-azfw-policy.json"
+
+          Get-ChildItem -Recurse -Filter $HubNetworkWithAzureFirewallPolicyFileFilter -Path "${{env.NETWORKING_PATH_FROM_ROOT}}/*/hub-azfw-policy/" | ForEach-Object {
+              Write-Host "Validating: $_ with $HubNetworkWithAzureFirewallPolicySchemaFile"
+              Get-Content -Raw $_ | Test-Json -SchemaFile $HubNetworkWithAzureFirewallPolicySchemaFile
+          }
+
+          $HubNetworkWithNVAFileFilter="*.json"
+          $HubNetworkWithNVASchemaFile="${{env.SCHEMA_FOLDER}}/lz-platform-connectivity-hub-nva.json"
+
+          Get-ChildItem -Recurse -Filter $HubNetworkWithNVAFileFilter -Path "${{env.NETWORKING_PATH_FROM_ROOT}}/*/hub-nva/" | ForEach-Object {
+              Write-Host "Validating: $_ with $HubNetworkWithNVASchemaFile"
+              Get-Content -Raw $_ | Test-Json -SchemaFile $HubNetworkWithNVASchemaFile
+          }
+          
           $GenericSubscriptionFileFilter="*generic-subscription*.json"
           $GenericSubscriptionSchemaFile="${{env.SCHEMA_FOLDER}}/lz-generic-subscription.json"
 

diff --git a/.pipelines/platform-connectivity-hub-azfw-policy.yml b/.pipelines/platform-connectivity-hub-azfw-policy.yml
@@ -12,6 +12,8 @@ trigger: none
 variables:
 - name: devops-org-name
   value: ${{ replace(replace(variables['System.CollectionUri'], 'https://dev.azure.com/' , ''), '/', '') }}
+- name: networking-config-directory
+  value: $(System.DefaultWorkingDirectory)/$(networkPathFromRoot)/${{ variables['devops-org-name'] }}-${{ variables['Build.SourceBranchName'] }}
 - name: variable-template-file
   value: ${{ variables['devops-org-name'] }}-${{ variables['Build.SourceBranchName'] }}.yml
 - template: ../config/variables/common.yml
@@ -46,7 +48,8 @@ stages:
 
           - template: templates/steps/deploy-platform-connectivity-hub-azfw-policy.yml
             parameters:
-              description: 'Deploy Azure Firewall Policy'
-              templateFile: main-azfw-policy.bicep
               deployOperation: ${{ variables['deployOperation'] }}
+              networkingSubscriptionId: $(var-hubnetwork-subscriptionId)
+              azureFirewallPolicyConfigurationPath: ${{ variables['networking-config-directory'] }}/$(var-hubnetwork-azfwPolicy-configurationFileName)
+              networkingRegion: $(var-hubnetwork-region)
               workingDir: $(System.DefaultWorkingDirectory)/landingzones
diff --git a/.pipelines/platform-connectivity-hub-azfw.yml b/.pipelines/platform-connectivity-hub-azfw.yml
@@ -25,6 +25,8 @@ variables:
   value: ${{ replace(replace(variables['System.CollectionUri'], 'https://dev.azure.com/' , ''), '/', '') }}
 - name: logging-config-directory
   value: $(System.DefaultWorkingDirectory)/$(loggingPathFromRoot)/${{ variables['devops-org-name'] }}-${{ variables['Build.SourceBranchName'] }}
+- name: networking-config-directory
+  value: $(System.DefaultWorkingDirectory)/$(networkPathFromRoot)/${{ variables['devops-org-name'] }}-${{ variables['Build.SourceBranchName'] }}
 - name: variable-template-file
   value: ${{ variables['devops-org-name'] }}-${{ variables['Build.SourceBranchName'] }}.yml
 - template: ../config/variables/common.yml
@@ -62,8 +64,11 @@ stages:
 
           - template: templates/steps/deploy-platform-connectivity-hub-azfw.yml
             parameters:
-              description: 'Deploy Networking'
-              moveTemplate: move-subscription.bicep
-              templateFile: main.bicep
-              deployOperation: ${{ variables['deployOperation'] }}
               workingDir: $(System.DefaultWorkingDirectory)/landingzones
+              deployOperation: ${{ variables['deployOperation'] }}
+              networkingManagementGroupId: $(var-hubnetwork-managementGroupId)
+              networkingSubscriptionId: $(var-hubnetwork-subscriptionId)
+              networkingRegion: $(var-hubnetwork-region)
+              networkingConfigurationPath: ${{ variables['networking-config-directory'] }}/$(var-hubnetwork-azfw-configurationFileName)
+              azureFirewallPolicyConfigurationPath: ${{ variables['networking-config-directory'] }}/$(var-hubnetwork-azfwPolicy-configurationFileName)
+
diff --git a/.pipelines/platform-connectivity-hub-nva.yml b/.pipelines/platform-connectivity-hub-nva.yml
@@ -25,6 +25,8 @@ variables:
   value: ${{ replace(replace(variables['System.CollectionUri'], 'https://dev.azure.com/' , ''), '/', '') }}
 - name: logging-config-directory
   value: $(System.DefaultWorkingDirectory)/$(loggingPathFromRoot)/${{ variables['devops-org-name'] }}-${{ variables['Build.SourceBranchName'] }}
+- name: networking-config-directory
+  value: $(System.DefaultWorkingDirectory)/$(networkPathFromRoot)/${{ variables['devops-org-name'] }}-${{ variables['Build.SourceBranchName'] }}
 - name: variable-template-file
   value: ${{ variables['devops-org-name'] }}-${{ variables['Build.SourceBranchName'] }}.yml
 - template: ../config/variables/common.yml
@@ -63,8 +65,9 @@ stages:
 
           - template: templates/steps/deploy-platform-connectivity-hub-nva.yml
             parameters:
-              description: 'Deploy Networking'
-              moveTemplate: move-subscription.bicep
-              templateFile: main.bicep
-              deployOperation: ${{ variables['deployOperation'] }}
               workingDir: $(System.DefaultWorkingDirectory)/landingzones
+              deployOperation: ${{ variables['deployOperation'] }}
+              networkingManagementGroupId: $(var-hubnetwork-managementGroupId)
+              networkingSubscriptionId: $(var-hubnetwork-subscriptionId)
+              networkingRegion: $(var-hubnetwork-region)
+              networkingConfigurationPath: ${{ variables['networking-config-directory'] }}/$(var-hubnetwork-nva-configurationFileName)
diff --git a/.pipelines/templates/steps/deploy-platform-connectivity-hub-azfw-policy.yml b/.pipelines/templates/steps/deploy-platform-connectivity-hub-azfw-policy.yml
@@ -8,21 +8,35 @@
 # ----------------------------------------------------------------------------------
 
 parameters:
-  - name: description
-    type: string
-  - name: templateFile
-    type: string
-  - name: workingDir
-    type: string
   - name: deployOperation
     type: string
     default: create
     values:
       - create
       - what-if
+  - name: networkingSubscriptionId
+    type: string
+  - name: azureFirewallPolicyConfigurationPath
+    type: string
+  - name: networkingRegion
+    type: string
+  - name: workingDir
+    type: string
 
 steps:
 
+- task: PowerShell@2
+  displayName: Validate Azure Firewall Policy Parameters
+  inputs:
+    targetType: 'inline'
+    script: |
+      $schemaFile="$(Build.SourcesDirectory)/schemas/latest/landingzones/lz-platform-connectivity-hub-azfw-policy.json"
+
+      Write-Host "Parameters File: ${{ parameters.azureFirewallPolicyConfigurationPath }}"
+      Write-Host "Schema File: ${schemaFile}"
+
+      Get-Content -Raw "${{ parameters.azureFirewallPolicyConfigurationPath }}" | Test-Json -SchemaFile "${schemaFile}"
+
 - task: AzureCLI@2
   displayName: Configure Azure Firewall Policy
   inputs:
@@ -32,16 +46,13 @@ steps:
     inlineScript: |
       $(var-bashPreInjectScript)
 
-      echo "Deploying ${{ parameters.templateFile }} using ${{ parameters.deployOperation}} operation..."
+      echo "Deploying main-azfw-policy.bicep using ${{ parameters.deployOperation}} operation using ${{ parameters.azureFirewallPolicyConfigurationPath }}..."
       
       az deployment sub ${{ parameters.deployOperation }} \
-      --location $(deploymentRegion) \
-      --subscription $(var-hubnetwork-subscriptionId) \
-      --template-file ${{ parameters.templateFile }} \
-      --parameters \
-          resourceTags='$(var-hubnetwork-resourceTags)' \
-          resourceGroupName='$(var-hubnetwork-azfw-rgPolicyName)' \
-          policyName='$(var-hubnetwork-azfw-policyName)'
+      --location ${{ parameters.networkingRegion }} \
+      --subscription ${{ parameters.networkingSubscriptionId }} \
+      --template-file main-azfw-policy.bicep \
+      --parameters @${{ parameters.azureFirewallPolicyConfigurationPath }}
           
       $(var-bashPostInjectScript)
     workingDirectory: '${{ parameters.workingDir }}/lz-platform-connectivity-hub-azfw'