From eca9e53096922ae7afc609a0712669012d5a183d Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 11 Oct 2024 23:41:18 +0200 Subject: [PATCH 01/10] Refactored implementation to use latest ManagedDevOpsPool module version --- .../deploymentFiles/sbx.pool.bicep | 12 +- .../templates/devCenter.bicep | 28 ++ .../templates/nestedPool.bicep | 290 ------------------ .../templates/pool.deploy.bicep | 100 ++++-- 4 files changed, 118 insertions(+), 312 deletions(-) create mode 100644 constructs/managedDevOpsPool/templates/devCenter.bicep delete mode 100644 constructs/managedDevOpsPool/templates/nestedPool.bicep diff --git a/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep b/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep index 0812e385..fc10d5c7 100644 --- a/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep +++ b/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep @@ -11,6 +11,15 @@ param resourceLocation string = 'NorthEurope' // Deployment Properties // /////////////////////////////// +resource computeGallery 'Microsoft.Compute/galleries@2022-03-03' existing = { + name: '' + scope: resourceGroup('rg-ado-agents') + + resource imageDefinition 'images@2022-03-03' existing = { + name: 'sid-linux' + } +} + ///////////////////////////// // Template Deployment // ///////////////////////////// @@ -18,8 +27,7 @@ module managedDevOpsPoolDeployment '../templates/pool.deploy.bicep' = { name: '${uniqueString(deployment().name)}-managedPool-sbx' params: { resourceLocation: resourceLocation - computeGalleryName: '' - computeGalleryImageDefinitionName: 'sid-linux' + computeGalleryImageDefinitionResourceId: computeGallery::imageDefinition.id devCenterName: 'my-center' devCenterProjectName: 'my-project' organizationName: '' diff --git a/constructs/managedDevOpsPool/templates/devCenter.bicep b/constructs/managedDevOpsPool/templates/devCenter.bicep new file mode 100644 index 00000000..cc36b39b --- /dev/null +++ b/constructs/managedDevOpsPool/templates/devCenter.bicep @@ -0,0 +1,28 @@ +@description('Required. ') +param location string + +@description('Required. The name of the Dev Center to use for the DevOps Infrastructure Pool. Must be lower case and may contain hyphens.') +@minLength(3) +@maxLength(26) +param devCenterName string + +@description('Required. The name of the Dev Center project to use for the DevOps Infrastructure Pool.') +@minLength(3) +@maxLength(63) +param devCenterProjectName string + +resource devCenter 'Microsoft.DevCenter/devcenters@2024-02-01' = { + name: devCenterName + location: location +} + +resource devCenterProject 'Microsoft.DevCenter/projects@2024-02-01' = { + name: devCenterProjectName + location: location + properties: { + devCenterId: devCenter.id + } +} + +@description('The resource ID of the Dev Center project.') +output devCenterProjectResourceId string = devCenterProject.id diff --git a/constructs/managedDevOpsPool/templates/nestedPool.bicep b/constructs/managedDevOpsPool/templates/nestedPool.bicep deleted file mode 100644 index 867f191e..00000000 --- a/constructs/managedDevOpsPool/templates/nestedPool.bicep +++ /dev/null @@ -1,290 +0,0 @@ -@description('Required. ') -param location string - -@description('Required. Defines how many resources can there be created at any given time.') -@minValue(1) -@maxValue(10000) -param maximumConcurrency int - -@description('Required. The name of the subnet the agents should be deployed into.') -param subnetName string - -@description('Required. The resource Id of the Virtual Network the agents should be deployed into.') -param virtualNetworkResourceId string - -@description('Required. The name of the Azure DevOps agent pool to create.') -param poolName string - -@description('Required. The name of the Azure DevOps organization to register the agent pools in.') -param organizationName string - -@description('Optional. The Azure DevOps projects to register the agent pools in. In none is provided, the pool is only registered in the organization.') -param projectNames string[]? - -@description('Required. The name of the Dev Center to use for the DevOps Infrastructure Pool. Must be lower case and may contain hyphens.') -@minLength(3) -@maxLength(26) -param devCenterName string - -@description('Required. The name of the Dev Center project to use for the DevOps Infrastructure Pool.') -@minLength(3) -@maxLength(63) -param devCenterProjectName string - -@description('Optional. The Azure SKU name of the machines in the pool.') -param poolSize string = 'Standard_B1ms' - -@description('Optional. Defines how the machine will be handled once it executed a job.') -param agentProfile agentProfileType = { - kind: 'Stateless' -} - -@description('Required. The object ID (principal id) of the \'DevOpsInfrastructure\' Enterprise Application in your tenant.') -param devOpsInfrastructureEnterpriseApplicationObjectId string - -@description('Required. The name of the Azure Compute Gallery that hosts the image of the Managed DevOps Pool.') -param computeGalleryName string - -@description('Required. The name of Image Definition of the Azure Compute Gallery that hosts the image of the Managed DevOps Pool.') -param computeGalleryImageDefinitionName string - -@description('Optional. The version of the image to use in the Managed DevOps Pool.') -param imageVersion string = 'latest' // Note, 'latest' is not supported by resource type - -@description('Optional. The managed identity definition for the Managed DevOps Pool.') -param poolManagedIdentities managedIdentitiesType? - -var formattedUserAssignedIdentities = reduce( - map((poolManagedIdentities.?userAssignedResourceIds ?? []), (id) => { '${id}': {} }), - {}, - (cur, next) => union(cur, next) -) // Converts the flat array to an object like { '${id1}': {}, '${id2}': {} } - -var poolIdentity = !empty(poolManagedIdentities) - ? { - type: !empty(poolManagedIdentities.?userAssignedResourceIds ?? {}) ? 'UserAssigned' : 'None' - userAssignedIdentities: !empty(formattedUserAssignedIdentities) ? formattedUserAssignedIdentities : null - } - : null - -resource computeGallery 'Microsoft.Compute/galleries@2022-03-03' existing = { - name: computeGalleryName - - resource imageDefinition 'images@2022-03-03' existing = { - name: computeGalleryImageDefinitionName - - resource version 'versions@2022-03-03' existing = { - name: imageVersion - } - } -} - -resource vnet 'Microsoft.Network/virtualNetworks@2024-01-01' existing = { - name: last(split(virtualNetworkResourceId, '/')) - - resource subnet 'subnets@2024-01-01' existing = { - name: subnetName - } -} - -resource imageVersionPermission 'Microsoft.Authorization/roleAssignments@2022-04-01' = { - name: guid( - computeGallery::imageDefinition.id, - devOpsInfrastructureEnterpriseApplicationObjectId, - subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - ) - properties: { - principalId: devOpsInfrastructureEnterpriseApplicationObjectId - roleDefinitionId: subscriptionResourceId( - 'Microsoft.Authorization/roleDefinitions', - 'acdd72a7-3385-48ef-bd42-f606fba81ae7' - ) // Reader - principalType: 'ServicePrincipal' - } - scope: computeGallery::imageDefinition // ::imageVersion Not using imageVersion as scope to enable to principal to find 'latest'. A role assignment on 'latest' is not possible -} - -resource vnetPermission 'Microsoft.Authorization/roleAssignments@2022-04-01' = { - name: guid( - vnet.id, - devOpsInfrastructureEnterpriseApplicationObjectId, - subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - ) - properties: { - principalId: devOpsInfrastructureEnterpriseApplicationObjectId - roleDefinitionId: subscriptionResourceId( - 'Microsoft.Authorization/roleDefinitions', - '4d97b98b-1d4f-4787-a291-c67834d212e7' - ) // Network Contributor - principalType: 'ServicePrincipal' - } - scope: vnet -} - -resource devCenter 'Microsoft.DevCenter/devcenters@2024-02-01' = { - name: devCenterName - location: location -} - -resource devCenterProject 'Microsoft.DevCenter/projects@2024-02-01' = { - name: devCenterProjectName - location: location - properties: { - devCenterId: devCenter.id - } -} - -// Requires: https://github.com/Azure/bicep-registry-modules/pull/3401 -// module pool 'br/public:avm/res/dev-ops-infrastructure/pool:0.1.0' = { -// name: -// params: { -// name: poolName -// agentProfile: agentProfile -// concurrency: maximumConcurrency -// devCenterProjectResourceId: devCenterProject.id -// fabricProfileSkuName: devOpsInfrastructurePoolSize -// images: [ -// { -// resourceId: computeGallery::imageDefinition::imageVersion.id -// } -// ] -// organizationProfile: { -// kind: 'AzureDevOps' -// organizations: [ -// { -// url: 'https://dev.azure.com/${organizationName}' -// projects: projectNames -// } -// ] -// } -// } -// } - -resource name 'Microsoft.DevOpsInfrastructure/pools@2024-04-04-preview' = { - name: poolName - location: location - identity: poolIdentity - properties: { - maximumConcurrency: maximumConcurrency - agentProfile: agentProfile - organizationProfile: { - kind: 'AzureDevOps' - organizations: [ - { - url: 'https://dev.azure.com/${organizationName}' - projects: projectNames - } - ] - } - devCenterProjectResourceId: devCenterProject.id - fabricProfile: { - sku: { - name: poolSize - } - kind: 'Vmss' - images: [ - { - resourceId: computeGallery::imageDefinition::version.id - } - ] - networkProfile: { - subnetId: vnet::subnet.id - } - } - } - dependsOn: [ - imageVersionPermission - vnetPermission - ] -} - -///////////////////// -// Definitions // -///////////////////// - -@export() -@discriminator('kind') -type agentProfileType = agentStatefulType | agentStatelessType - -type agentStatefulType = { - @description('Required. Stateful profile meaning that the machines will be returned to the pool after running a job.') - kind: 'Stateful' - - @description('Required. How long should stateful machines be kept around. The maximum is one week.') - maxAgentLifetime: string - - @description('Required. How long should the machine be kept around after it ran a workload when there are no stand-by agents. The maximum is one week.') - gracePeriodTimeSpan: string - - @description('Optional. Defines pool buffer/stand-by agents.') - resourcePredictions: object? - - @discriminator('kind') - @description('Optional. Determines how the stand-by scheme should be provided.') - resourcePredictionsProfile: (resourcePredictionsProfileAutomaticType | resourcePredictionsProfileManualType)? -} - -type agentStatelessType = { - @description('Required. Stateless profile meaning that the machines will be cleaned up after running a job.') - kind: 'Stateless' - - @description('Optional. Defines pool buffer/stand-by agents.') - resourcePredictions: { - @description('Required. The time zone in which the daysData is provided. To see the list of available time zones, see: https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/default-time-zones?view=windows-11#time-zones or via PowerShell command `(Get-TimeZone -ListAvailable).StandardName`.') - timeZone: string - - @description('Optional. The number of agents needed at a specific time.') - @metadata({ - example: ''' - [ - {} // Sunday - { // Monday - '09:00:00': 1 - '17:00:00': 0 - } - { // Tuesday - '09:00:00': 1 - '17:00:00': 0 - } - { // Wednesday - '09:00:00': 1 - '17:00:00': 0 - } - { // Thursday - '09:00:00': 1 - '17:00:00': 0 - } - { // Friday - '09:00:00': 1 - '17:00:00': 0 - } - {} // Saturday - ] - ''' - }) - daysData: object[]? - }? - - @discriminator('kind') - @description('Optional. Determines how the stand-by scheme should be provided.') - resourcePredictionsProfile: (resourcePredictionsProfileAutomaticType | resourcePredictionsProfileManualType)? -} - -type resourcePredictionsProfileAutomaticType = { - @description('Required. The stand-by agent scheme is determined based on historical demand.') - kind: 'Automatic' - - @description('Required. Determines the balance between cost and performance.') - predictionPreference: 'Balanced' | 'MostCostEffective' | 'MoreCostEffective' | 'MorePerformance' | 'BestPerformance' -} - -type resourcePredictionsProfileManualType = { - @description('Required. Customer provides the stand-by agent scheme.') - kind: 'Manual' -} - -@export() -type managedIdentitiesType = { - @description('Optional. The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption.') - userAssignedResourceIds: string[]? -} diff --git a/constructs/managedDevOpsPool/templates/pool.deploy.bicep b/constructs/managedDevOpsPool/templates/pool.deploy.bicep index fe9cec4b..d52fded5 100644 --- a/constructs/managedDevOpsPool/templates/pool.deploy.bicep +++ b/constructs/managedDevOpsPool/templates/pool.deploy.bicep @@ -28,11 +28,8 @@ param virtualNetworkSubnets array = [ } ] -@description('Required. The name of the Azure Compute Gallery that hosts the image of the Managed DevOps Pool.') -param computeGalleryName string - -@description('Required. The name of Image Definition of the Azure Compute Gallery that hosts the image of the Managed DevOps Pool.') -param computeGalleryImageDefinitionName string +@description('Required. The resource Id of Image Definition of the Azure Compute Gallery that hosts the image of the Managed DevOps Pool.') +param computeGalleryImageDefinitionResourceId string @description('Optional. The version of the image to use in the Managed DevOps Pool.') param imageVersion string = 'latest' @@ -49,11 +46,11 @@ param poolMaximumConcurrency int = 1 param poolSize string = 'Standard_B1ms' @description('Optional. The managed identity definition for the Managed DevOps Pool.') -import { managedIdentitiesType } from './nestedPool.bicep' +import { managedIdentitiesType } from 'br/public:avm/res/dev-ops-infrastructure/pool:0.1.1' param poolManagedIdentities managedIdentitiesType? @description('Optional. Defines how the machine will be handled once it executed a job.') -import { agentProfileType } from './nestedPool.bicep' +import { agentProfileType } from 'br/public:avm/res/dev-ops-infrastructure/pool:0.1.1' param poolAgentProfile agentProfileType = { kind: 'Stateless' } @@ -115,25 +112,88 @@ module vnet 'br/public:avm/res/network/virtual-network:0.4.0' = { } } -module pool 'nestedPool.bicep' = { +module devCenter 'devCenter.bicep' = { scope: rg name: '${deployment().name}-pool' params: { location: resourceLocation devCenterName: devCenterName devCenterProjectName: devCenterProjectName - maximumConcurrency: poolMaximumConcurrency - poolName: poolName - poolSize: poolSize - poolManagedIdentities: poolManagedIdentities + } +} + +resource computeGallery 'Microsoft.Compute/galleries@2022-03-03' existing = { + name: split(computeGalleryImageDefinitionResourceId, '/')[8] + scope: resourceGroup( + split(computeGalleryImageDefinitionResourceId, '/')[2], + split(computeGalleryImageDefinitionResourceId, '/')[4] + ) + + resource imageDefinition 'images@2022-03-03' existing = { + name: last(split(computeGalleryImageDefinitionResourceId, '/')) + + resource version 'versions@2022-03-03' existing = { + name: imageVersion + } + } +} + +module imagePermission 'br/public:avm/ptn/authorization/resource-role-assignment:0.1.1' = { + scope: resourceGroup( + split(computeGalleryImageDefinitionResourceId, '/')[2], + split(computeGalleryImageDefinitionResourceId, '/')[4] + ) + name: 'devOpsInfrastructureEnterpriseApplicationObjectId-permission-image' + params: { + principalId: devOpsInfrastructureEnterpriseApplicationObjectId + resourceId: computeGalleryImageDefinitionResourceId + roleDefinitionId: subscriptionResourceId( + 'Microsoft.Authorization/roleDefinitions', + 'acdd72a7-3385-48ef-bd42-f606fba81ae7' + ) // Reader + } +} +module vnetPermission 'br/public:avm/ptn/authorization/resource-role-assignment:0.1.1' = { + scope: rg + name: 'devOpsInfrastructureEnterpriseApplicationObjectId-permission-vnet' + params: { + principalId: devOpsInfrastructureEnterpriseApplicationObjectId + resourceId: vnet.outputs.resourceId + roleDefinitionId: subscriptionResourceId( + 'Microsoft.Authorization/roleDefinitions', + '4d97b98b-1d4f-4787-a291-c67834d212e7' + ) // Network Contributor + } +} + +module pool 'br/public:avm/res/dev-ops-infrastructure/pool:0.1.1' = { + name: '${deployment().name}-pool' + scope: rg + params: { + name: poolName + managedIdentities: poolManagedIdentities agentProfile: poolAgentProfile - organizationName: organizationName - projectNames: projectNames - virtualNetworkResourceId: vnet.outputs.resourceId - subnetName: vnet.outputs.subnetNames[0] - computeGalleryImageDefinitionName: computeGalleryImageDefinitionName - computeGalleryName: computeGalleryName - imageVersion: imageVersion - devOpsInfrastructureEnterpriseApplicationObjectId: devOpsInfrastructureEnterpriseApplicationObjectId + concurrency: poolMaximumConcurrency + devCenterProjectResourceId: devCenter.outputs.devCenterProjectResourceId + fabricProfileSkuName: poolSize + images: [ + { + resourceId: computeGallery::imageDefinition::version.id + } + ] + organizationProfile: { + kind: 'AzureDevOps' + organizations: [ + { + url: 'https://dev.azure.com/${organizationName}' + projects: projectNames + } + ] + } + subnetResourceId: vnet.outputs.subnetResourceIds[0] } + dependsOn: [ + imagePermission + vnetPermission + ] } From e5af99268765e93f03d856bcea8316181d82cbc9 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 11 Oct 2024 23:45:35 +0200 Subject: [PATCH 02/10] Moved gallery ref into tempalte --- .../deploymentFiles/sbx.pool.bicep | 16 ++---------- .../templates/pool.deploy.bicep | 26 +++++++++---------- 2 files changed, 15 insertions(+), 27 deletions(-) diff --git a/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep b/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep index fc10d5c7..b05fa6f0 100644 --- a/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep +++ b/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep @@ -7,19 +7,6 @@ targetScope = 'subscription' @description('Optional. Specifies the location for resources.') param resourceLocation string = 'NorthEurope' -/////////////////////////////// -// Deployment Properties // -/////////////////////////////// - -resource computeGallery 'Microsoft.Compute/galleries@2022-03-03' existing = { - name: '' - scope: resourceGroup('rg-ado-agents') - - resource imageDefinition 'images@2022-03-03' existing = { - name: 'sid-linux' - } -} - ///////////////////////////// // Template Deployment // ///////////////////////////// @@ -27,7 +14,8 @@ module managedDevOpsPoolDeployment '../templates/pool.deploy.bicep' = { name: '${uniqueString(deployment().name)}-managedPool-sbx' params: { resourceLocation: resourceLocation - computeGalleryImageDefinitionResourceId: computeGallery::imageDefinition.id + computeGalleryName: '' + computeGalleryImageDefinitionName: 'sid-linux' devCenterName: 'my-center' devCenterProjectName: 'my-project' organizationName: '' diff --git a/constructs/managedDevOpsPool/templates/pool.deploy.bicep b/constructs/managedDevOpsPool/templates/pool.deploy.bicep index d52fded5..ca45af54 100644 --- a/constructs/managedDevOpsPool/templates/pool.deploy.bicep +++ b/constructs/managedDevOpsPool/templates/pool.deploy.bicep @@ -28,8 +28,14 @@ param virtualNetworkSubnets array = [ } ] -@description('Required. The resource Id of Image Definition of the Azure Compute Gallery that hosts the image of the Managed DevOps Pool.') -param computeGalleryImageDefinitionResourceId string +@description('Required. The name of the Resource Group containing the Azure Compute Gallery that hosts the image of the Managed DevOps Pool.') +param computeGalleryResourceGroupName string = resourceGroupName + +@description('Required. The name of the Azure Compute Gallery that hosts the image of the Managed DevOps Pool.') +param computeGalleryName string + +@description('Required. The name of Image Definition of the Azure Compute Gallery that hosts the image of the Managed DevOps Pool.') +param computeGalleryImageDefinitionName string @description('Optional. The version of the image to use in the Managed DevOps Pool.') param imageVersion string = 'latest' @@ -123,14 +129,11 @@ module devCenter 'devCenter.bicep' = { } resource computeGallery 'Microsoft.Compute/galleries@2022-03-03' existing = { - name: split(computeGalleryImageDefinitionResourceId, '/')[8] - scope: resourceGroup( - split(computeGalleryImageDefinitionResourceId, '/')[2], - split(computeGalleryImageDefinitionResourceId, '/')[4] - ) + name: computeGalleryName + scope: resourceGroup(computeGalleryResourceGroupName) resource imageDefinition 'images@2022-03-03' existing = { - name: last(split(computeGalleryImageDefinitionResourceId, '/')) + name: computeGalleryImageDefinitionName resource version 'versions@2022-03-03' existing = { name: imageVersion @@ -139,14 +142,11 @@ resource computeGallery 'Microsoft.Compute/galleries@2022-03-03' existing = { } module imagePermission 'br/public:avm/ptn/authorization/resource-role-assignment:0.1.1' = { - scope: resourceGroup( - split(computeGalleryImageDefinitionResourceId, '/')[2], - split(computeGalleryImageDefinitionResourceId, '/')[4] - ) + scope: resourceGroup(computeGalleryResourceGroupName) name: 'devOpsInfrastructureEnterpriseApplicationObjectId-permission-image' params: { principalId: devOpsInfrastructureEnterpriseApplicationObjectId - resourceId: computeGalleryImageDefinitionResourceId + resourceId: computeGallery::imageDefinition.id roleDefinitionId: subscriptionResourceId( 'Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7' From bc7b00a5a4642eb8f8150bd710bfb6bb9ceebe16 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 11 Oct 2024 23:48:27 +0200 Subject: [PATCH 03/10] Set test values --- .../deploymentFiles/sbx.pool.bicep | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep b/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep index b05fa6f0..bc88e7c9 100644 --- a/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep +++ b/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep @@ -14,16 +14,17 @@ module managedDevOpsPoolDeployment '../templates/pool.deploy.bicep' = { name: '${uniqueString(deployment().name)}-managedPool-sbx' params: { resourceLocation: resourceLocation - computeGalleryName: '' - computeGalleryImageDefinitionName: 'sid-linux' + computeGalleryResourceGroupName: 'core-rg' + computeGalleryName: 'coregallery' // '' + computeGalleryImageDefinitionName: 'core-linux-sid' // 'sid-linux' devCenterName: 'my-center' devCenterProjectName: 'my-project' - organizationName: '' - projectNames: [''] - poolName: '' + organizationName: 'asehr' // '' + projectNames: ['Onyx'] // [''] + poolName: 'onyx-pool' // '' poolMaximumConcurrency: 5 // Tenant-specific 'DevOpsInfrastructure' Enterprise Application objectId. // Can be fetched by running `(Get-AzAdServicePrincipal -DisplayName 'DevOpsInfrastructure').Id` while logged into the tenant to deploy into. - devOpsInfrastructureEnterpriseApplicationObjectId: '' + devOpsInfrastructureEnterpriseApplicationObjectId: 'a67e26cd-08dc-47be-8217-df02edb89ba8' // '' } } From c343b27e9753afd176748b5173b11c124f62af56 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 11 Oct 2024 23:50:09 +0200 Subject: [PATCH 04/10] Set test values --- .azuredevops/managedDevOpsPool/variables.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.azuredevops/managedDevOpsPool/variables.yml b/.azuredevops/managedDevOpsPool/variables.yml index 524b86c8..f53d1117 100644 --- a/.azuredevops/managedDevOpsPool/variables.yml +++ b/.azuredevops/managedDevOpsPool/variables.yml @@ -20,9 +20,9 @@ variables: poolName_dev: 'core-vmss' # Use this for self-hosted agents poolName_prd: 'core-vmss' # Use this for self-hosted agents - serviceConnection_sbx: '' - serviceConnection_dev: '' - serviceConnection_prd: '' + serviceConnection_sbx: 'PrivateConnection' # '' + serviceConnection_dev: 'PrivateConnection' # '' + serviceConnection_prd: 'PrivateConnection' # '' #endregion #region specific From 255cee3627d3fbc369c351f4b92d9f894d781ea6 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 12 Oct 2024 00:00:02 +0200 Subject: [PATCH 05/10] Fixed dpeloyment names --- constructs/managedDevOpsPool/templates/pool.deploy.bicep | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/constructs/managedDevOpsPool/templates/pool.deploy.bicep b/constructs/managedDevOpsPool/templates/pool.deploy.bicep index ca45af54..ff7c4068 100644 --- a/constructs/managedDevOpsPool/templates/pool.deploy.bicep +++ b/constructs/managedDevOpsPool/templates/pool.deploy.bicep @@ -120,7 +120,7 @@ module vnet 'br/public:avm/res/network/virtual-network:0.4.0' = { module devCenter 'devCenter.bicep' = { scope: rg - name: '${deployment().name}-pool' + name: '${deployment().name}-devCenter' params: { location: resourceLocation devCenterName: devCenterName @@ -143,7 +143,7 @@ resource computeGallery 'Microsoft.Compute/galleries@2022-03-03' existing = { module imagePermission 'br/public:avm/ptn/authorization/resource-role-assignment:0.1.1' = { scope: resourceGroup(computeGalleryResourceGroupName) - name: 'devOpsInfrastructureEnterpriseApplicationObjectId-permission-image' + name: '${deployment().name}-devOpsInfrastructureEAObjectId-permission-image' params: { principalId: devOpsInfrastructureEnterpriseApplicationObjectId resourceId: computeGallery::imageDefinition.id @@ -155,7 +155,7 @@ module imagePermission 'br/public:avm/ptn/authorization/resource-role-assignment } module vnetPermission 'br/public:avm/ptn/authorization/resource-role-assignment:0.1.1' = { scope: rg - name: 'devOpsInfrastructureEnterpriseApplicationObjectId-permission-vnet' + name: '${deployment().name}-devOpsInfrastructureEAObjectId-permission-vnet' params: { principalId: devOpsInfrastructureEnterpriseApplicationObjectId resourceId: vnet.outputs.resourceId From ba39cc3819f8a11b3bc8b91f384f3046b3411c2a Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 12 Oct 2024 00:05:43 +0200 Subject: [PATCH 06/10] Update to latest --- .../deploymentFiles/sbx.image.bicep | 2 +- .../azureImageBuilder/templates/image.deploy.bicep | 2 +- .../managedDevOpsPool/deploymentFiles/sbx.pool.bicep | 2 +- .../managedDevOpsPool/templates/pool.deploy.bicep | 12 ++++++------ 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/constructs/azureImageBuilder/deploymentFiles/sbx.image.bicep b/constructs/azureImageBuilder/deploymentFiles/sbx.image.bicep index 01f8aa25..cf778781 100644 --- a/constructs/azureImageBuilder/deploymentFiles/sbx.image.bicep +++ b/constructs/azureImageBuilder/deploymentFiles/sbx.image.bicep @@ -23,7 +23,7 @@ param waitForImageBuild bool = true ///////////////////////////// module imageDeployment '../templates/image.deploy.bicep' = { - name: '${uniqueString(deployment().name)}-image-sbx' + name: '${uniqueString(deployment().name, resourceLocation)}-image-sbx' params: { resourceLocation: resourceLocation deploymentsToPerform: deploymentsToPerform diff --git a/constructs/azureImageBuilder/templates/image.deploy.bicep b/constructs/azureImageBuilder/templates/image.deploy.bicep index 001f3c52..d08460dd 100644 --- a/constructs/azureImageBuilder/templates/image.deploy.bicep +++ b/constructs/azureImageBuilder/templates/image.deploy.bicep @@ -107,7 +107,7 @@ param deploymentsToPerform string = 'Only assets & image' // =========== // module imageConstruct 'br/public:avm/ptn/virtual-machine-images/azure-image-builder:0.1.1' = { - name: '${deployment().name}-image-construct' + name: '${uniqueString(deployment().name, resourceLocation)}-image-construct' params: { deploymentsToPerform: deploymentsToPerform resourceGroupName: resourceGroupName diff --git a/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep b/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep index bc88e7c9..9f99dc4e 100644 --- a/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep +++ b/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep @@ -11,7 +11,7 @@ param resourceLocation string = 'NorthEurope' // Template Deployment // ///////////////////////////// module managedDevOpsPoolDeployment '../templates/pool.deploy.bicep' = { - name: '${uniqueString(deployment().name)}-managedPool-sbx' + name: '${uniqueString(deployment().name, resourceLocation)}-managedPool-sbx' params: { resourceLocation: resourceLocation computeGalleryResourceGroupName: 'core-rg' diff --git a/constructs/managedDevOpsPool/templates/pool.deploy.bicep b/constructs/managedDevOpsPool/templates/pool.deploy.bicep index ff7c4068..949d049c 100644 --- a/constructs/managedDevOpsPool/templates/pool.deploy.bicep +++ b/constructs/managedDevOpsPool/templates/pool.deploy.bicep @@ -96,7 +96,7 @@ resource rg 'Microsoft.Resources/resourceGroups@2024-03-01' = { // Network Security Group module nsg 'br/public:avm/res/network/network-security-group:0.3.0' = { - name: '${deployment().name}-nsg' + name: '${uniqueString(deployment().name, resourceLocation)}-nsg' scope: rg params: { name: networkSecurityGroupName @@ -106,7 +106,7 @@ module nsg 'br/public:avm/res/network/network-security-group:0.3.0' = { // Virtual Network module vnet 'br/public:avm/res/network/virtual-network:0.4.0' = { - name: '${deployment().name}-vnet' + name: '${uniqueString(deployment().name, resourceLocation)}-vnet' scope: rg params: { name: virtualNetworkName @@ -120,7 +120,7 @@ module vnet 'br/public:avm/res/network/virtual-network:0.4.0' = { module devCenter 'devCenter.bicep' = { scope: rg - name: '${deployment().name}-devCenter' + name: '${uniqueString(deployment().name, resourceLocation)}-devCenter' params: { location: resourceLocation devCenterName: devCenterName @@ -143,7 +143,7 @@ resource computeGallery 'Microsoft.Compute/galleries@2022-03-03' existing = { module imagePermission 'br/public:avm/ptn/authorization/resource-role-assignment:0.1.1' = { scope: resourceGroup(computeGalleryResourceGroupName) - name: '${deployment().name}-devOpsInfrastructureEAObjectId-permission-image' + name: '${uniqueString(deployment().name, resourceLocation)}-devOpsInfrastructureEAObjectId-permission-image' params: { principalId: devOpsInfrastructureEnterpriseApplicationObjectId resourceId: computeGallery::imageDefinition.id @@ -155,7 +155,7 @@ module imagePermission 'br/public:avm/ptn/authorization/resource-role-assignment } module vnetPermission 'br/public:avm/ptn/authorization/resource-role-assignment:0.1.1' = { scope: rg - name: '${deployment().name}-devOpsInfrastructureEAObjectId-permission-vnet' + name: '${uniqueString(deployment().name, resourceLocation)}-devOpsInfrastructureEAObjectId-permission-vnet' params: { principalId: devOpsInfrastructureEnterpriseApplicationObjectId resourceId: vnet.outputs.resourceId @@ -167,7 +167,7 @@ module vnetPermission 'br/public:avm/ptn/authorization/resource-role-assignment: } module pool 'br/public:avm/res/dev-ops-infrastructure/pool:0.1.1' = { - name: '${deployment().name}-pool' + name: '${uniqueString(deployment().name, resourceLocation)}-pool' scope: rg params: { name: poolName From c4743372e32eaf6fa2cdbfdea1bd0acd3cd5c372 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 12 Oct 2024 00:13:56 +0200 Subject: [PATCH 07/10] Rollback of test values --- .azuredevops/managedDevOpsPool/variables.yml | 18 +++++++++--------- .../deploymentFiles/sbx.pool.bicep | 13 ++++++------- 2 files changed, 15 insertions(+), 16 deletions(-) diff --git a/.azuredevops/managedDevOpsPool/variables.yml b/.azuredevops/managedDevOpsPool/variables.yml index f53d1117..3e1e28c0 100644 --- a/.azuredevops/managedDevOpsPool/variables.yml +++ b/.azuredevops/managedDevOpsPool/variables.yml @@ -12,17 +12,17 @@ variables: ## GENERAL ## ############# #region shared - vmImage_sbx: '' # 'ubuntu-latest' # Use this for microsoft-hosted agents - vmImage_dev: '' # 'ubuntu-latest' # Use this for microsoft-hosted agents - vmImage_prd: '' # 'ubuntu-latest' # Use this for microsoft-hosted agents + vmImage_sbx: 'ubuntu-latest' # Use this for microsoft-hosted agents + vmImage_dev: 'ubuntu-latest' # Use this for microsoft-hosted agents + vmImage_prd: 'ubuntu-latest' # Use this for microsoft-hosted agents - poolName_sbx: 'core-vmss' # Use this for self-hosted agents - poolName_dev: 'core-vmss' # Use this for self-hosted agents - poolName_prd: 'core-vmss' # Use this for self-hosted agents + poolName_sbx: '' # Use this for self-hosted agents + poolName_dev: '' # Use this for self-hosted agents + poolName_prd: '' # Use this for self-hosted agents - serviceConnection_sbx: 'PrivateConnection' # '' - serviceConnection_dev: 'PrivateConnection' # '' - serviceConnection_prd: 'PrivateConnection' # '' + serviceConnection_sbx: '' + serviceConnection_dev: '' + serviceConnection_prd: '' #endregion #region specific diff --git a/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep b/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep index 9f99dc4e..29f8b764 100644 --- a/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep +++ b/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep @@ -14,17 +14,16 @@ module managedDevOpsPoolDeployment '../templates/pool.deploy.bicep' = { name: '${uniqueString(deployment().name, resourceLocation)}-managedPool-sbx' params: { resourceLocation: resourceLocation - computeGalleryResourceGroupName: 'core-rg' - computeGalleryName: 'coregallery' // '' - computeGalleryImageDefinitionName: 'core-linux-sid' // 'sid-linux' + computeGalleryName: '' + computeGalleryImageDefinitionName: 'sid-linux' devCenterName: 'my-center' devCenterProjectName: 'my-project' - organizationName: 'asehr' // '' - projectNames: ['Onyx'] // [''] - poolName: 'onyx-pool' // '' + organizationName: '' + projectNames: [''] + poolName: '' poolMaximumConcurrency: 5 // Tenant-specific 'DevOpsInfrastructure' Enterprise Application objectId. // Can be fetched by running `(Get-AzAdServicePrincipal -DisplayName 'DevOpsInfrastructure').Id` while logged into the tenant to deploy into. - devOpsInfrastructureEnterpriseApplicationObjectId: 'a67e26cd-08dc-47be-8217-df02edb89ba8' // '' + devOpsInfrastructureEnterpriseApplicationObjectId: '' } } From 696f577ce362cb00fd3d651cc6f6d19f960fa79a Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 12 Oct 2024 00:25:05 +0200 Subject: [PATCH 08/10] Added UAI test --- .azuredevops/managedDevOpsPool/variables.yml | 18 +++++++++--------- .../deploymentFiles/sbx.pool.bicep | 18 ++++++++++++------ .../templates/pool.deploy.bicep | 5 ++++- 3 files changed, 25 insertions(+), 16 deletions(-) diff --git a/.azuredevops/managedDevOpsPool/variables.yml b/.azuredevops/managedDevOpsPool/variables.yml index 3e1e28c0..f53d1117 100644 --- a/.azuredevops/managedDevOpsPool/variables.yml +++ b/.azuredevops/managedDevOpsPool/variables.yml @@ -12,17 +12,17 @@ variables: ## GENERAL ## ############# #region shared - vmImage_sbx: 'ubuntu-latest' # Use this for microsoft-hosted agents - vmImage_dev: 'ubuntu-latest' # Use this for microsoft-hosted agents - vmImage_prd: 'ubuntu-latest' # Use this for microsoft-hosted agents + vmImage_sbx: '' # 'ubuntu-latest' # Use this for microsoft-hosted agents + vmImage_dev: '' # 'ubuntu-latest' # Use this for microsoft-hosted agents + vmImage_prd: '' # 'ubuntu-latest' # Use this for microsoft-hosted agents - poolName_sbx: '' # Use this for self-hosted agents - poolName_dev: '' # Use this for self-hosted agents - poolName_prd: '' # Use this for self-hosted agents + poolName_sbx: 'core-vmss' # Use this for self-hosted agents + poolName_dev: 'core-vmss' # Use this for self-hosted agents + poolName_prd: 'core-vmss' # Use this for self-hosted agents - serviceConnection_sbx: '' - serviceConnection_dev: '' - serviceConnection_prd: '' + serviceConnection_sbx: 'PrivateConnection' # '' + serviceConnection_dev: 'PrivateConnection' # '' + serviceConnection_prd: 'PrivateConnection' # '' #endregion #region specific diff --git a/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep b/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep index 29f8b764..22cd78d6 100644 --- a/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep +++ b/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep @@ -14,16 +14,22 @@ module managedDevOpsPoolDeployment '../templates/pool.deploy.bicep' = { name: '${uniqueString(deployment().name, resourceLocation)}-managedPool-sbx' params: { resourceLocation: resourceLocation - computeGalleryName: '' - computeGalleryImageDefinitionName: 'sid-linux' + poolManagedIdentities: { + userAssignedResourceIds: [ + '/subscriptions/b765c5e5-ae60-4724-9b59-36fbcf56795b/resourceGroups/core-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/temp-test-uai' + ] + } + computeGalleryResourceGroupName: 'core-rg' + computeGalleryName: 'coregallery' // '' + computeGalleryImageDefinitionName: 'core-linux-sid' // 'sid-linux' devCenterName: 'my-center' devCenterProjectName: 'my-project' - organizationName: '' - projectNames: [''] - poolName: '' + organizationName: 'asehr' // '' + projectNames: ['Onyx'] // [''] + poolName: 'onyx-pool' // '' poolMaximumConcurrency: 5 // Tenant-specific 'DevOpsInfrastructure' Enterprise Application objectId. // Can be fetched by running `(Get-AzAdServicePrincipal -DisplayName 'DevOpsInfrastructure').Id` while logged into the tenant to deploy into. - devOpsInfrastructureEnterpriseApplicationObjectId: '' + devOpsInfrastructureEnterpriseApplicationObjectId: 'a67e26cd-08dc-47be-8217-df02edb89ba8' // '' } } diff --git a/constructs/managedDevOpsPool/templates/pool.deploy.bicep b/constructs/managedDevOpsPool/templates/pool.deploy.bicep index 949d049c..10e969d0 100644 --- a/constructs/managedDevOpsPool/templates/pool.deploy.bicep +++ b/constructs/managedDevOpsPool/templates/pool.deploy.bicep @@ -53,7 +53,10 @@ param poolSize string = 'Standard_B1ms' @description('Optional. The managed identity definition for the Managed DevOps Pool.') import { managedIdentitiesType } from 'br/public:avm/res/dev-ops-infrastructure/pool:0.1.1' -param poolManagedIdentities managedIdentitiesType? +param poolManagedIdentities managedIdentitiesType + +// import { managedIdentityOnlyUserAssignedType } from 'br/public:avm/utl/types/avm-common-types:0.1.0' +// param poolManagedIdentities managedIdentityOnlyUserAssignedType? @description('Optional. Defines how the machine will be handled once it executed a job.') import { agentProfileType } from 'br/public:avm/res/dev-ops-infrastructure/pool:0.1.1' From 36ca2f38eb1f74af78457daf03836889b7eb0079 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 12 Oct 2024 10:54:48 +0200 Subject: [PATCH 09/10] Release-ready parameters --- .azuredevops/managedDevOpsPool/variables.yml | 18 +++++++++--------- .../deploymentFiles/sbx.pool.bicep | 17 ++++++----------- 2 files changed, 15 insertions(+), 20 deletions(-) diff --git a/.azuredevops/managedDevOpsPool/variables.yml b/.azuredevops/managedDevOpsPool/variables.yml index f53d1117..3e1e28c0 100644 --- a/.azuredevops/managedDevOpsPool/variables.yml +++ b/.azuredevops/managedDevOpsPool/variables.yml @@ -12,17 +12,17 @@ variables: ## GENERAL ## ############# #region shared - vmImage_sbx: '' # 'ubuntu-latest' # Use this for microsoft-hosted agents - vmImage_dev: '' # 'ubuntu-latest' # Use this for microsoft-hosted agents - vmImage_prd: '' # 'ubuntu-latest' # Use this for microsoft-hosted agents + vmImage_sbx: 'ubuntu-latest' # Use this for microsoft-hosted agents + vmImage_dev: 'ubuntu-latest' # Use this for microsoft-hosted agents + vmImage_prd: 'ubuntu-latest' # Use this for microsoft-hosted agents - poolName_sbx: 'core-vmss' # Use this for self-hosted agents - poolName_dev: 'core-vmss' # Use this for self-hosted agents - poolName_prd: 'core-vmss' # Use this for self-hosted agents + poolName_sbx: '' # Use this for self-hosted agents + poolName_dev: '' # Use this for self-hosted agents + poolName_prd: '' # Use this for self-hosted agents - serviceConnection_sbx: 'PrivateConnection' # '' - serviceConnection_dev: 'PrivateConnection' # '' - serviceConnection_prd: 'PrivateConnection' # '' + serviceConnection_sbx: '' + serviceConnection_dev: '' + serviceConnection_prd: '' #endregion #region specific diff --git a/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep b/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep index 22cd78d6..d02e2a0b 100644 --- a/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep +++ b/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep @@ -14,22 +14,17 @@ module managedDevOpsPoolDeployment '../templates/pool.deploy.bicep' = { name: '${uniqueString(deployment().name, resourceLocation)}-managedPool-sbx' params: { resourceLocation: resourceLocation - poolManagedIdentities: { - userAssignedResourceIds: [ - '/subscriptions/b765c5e5-ae60-4724-9b59-36fbcf56795b/resourceGroups/core-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/temp-test-uai' - ] - } computeGalleryResourceGroupName: 'core-rg' - computeGalleryName: 'coregallery' // '' - computeGalleryImageDefinitionName: 'core-linux-sid' // 'sid-linux' + computeGalleryName: '' + computeGalleryImageDefinitionName: 'sid-linux' devCenterName: 'my-center' devCenterProjectName: 'my-project' - organizationName: 'asehr' // '' - projectNames: ['Onyx'] // [''] - poolName: 'onyx-pool' // '' + organizationName: '' + projectNames: [''] + poolName: '' poolMaximumConcurrency: 5 // Tenant-specific 'DevOpsInfrastructure' Enterprise Application objectId. // Can be fetched by running `(Get-AzAdServicePrincipal -DisplayName 'DevOpsInfrastructure').Id` while logged into the tenant to deploy into. - devOpsInfrastructureEnterpriseApplicationObjectId: 'a67e26cd-08dc-47be-8217-df02edb89ba8' // '' + devOpsInfrastructureEnterpriseApplicationObjectId: '' } } From 9fe814d3eb289b62fc77079519b5e30097bc03fc Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 12 Oct 2024 10:55:27 +0200 Subject: [PATCH 10/10] Update to latest --- constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep | 1 - 1 file changed, 1 deletion(-) diff --git a/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep b/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep index d02e2a0b..29f8b764 100644 --- a/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep +++ b/constructs/managedDevOpsPool/deploymentFiles/sbx.pool.bicep @@ -14,7 +14,6 @@ module managedDevOpsPoolDeployment '../templates/pool.deploy.bicep' = { name: '${uniqueString(deployment().name, resourceLocation)}-managedPool-sbx' params: { resourceLocation: resourceLocation - computeGalleryResourceGroupName: 'core-rg' computeGalleryName: '' computeGalleryImageDefinitionName: 'sid-linux' devCenterName: 'my-center'