From 5c9c058ec967a446cff651f1b4678225839ae0ca Mon Sep 17 00:00:00 2001 From: Sacha Narinx Date: Mon, 9 Dec 2024 16:49:24 +0400 Subject: [PATCH] . --- .../prerequisites/deployPrerequisites1.json | 354 +++++++++--------- 1 file changed, 178 insertions(+), 176 deletions(-) diff --git a/eslzArm/prerequisites/deployPrerequisites1.json b/eslzArm/prerequisites/deployPrerequisites1.json index 35a1101f9..03f2dffb1 100644 --- a/eslzArm/prerequisites/deployPrerequisites1.json +++ b/eslzArm/prerequisites/deployPrerequisites1.json @@ -42,186 +42,188 @@ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "resources": [ - { - "type": "Microsoft.Resources/resourceGroups", - "apiVersion": "2022-09-01", - "name": "[parameters('resourceGroupName')]", - "location": "[parameters('location')]" + { + "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2022-09-01", + "name": "[parameters('resourceGroupName')]", + "location": "[parameters('location')]" + } + ] + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "alz-prerequisites-uai", + "subscriptionId": "[parameters('managementSubscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "eslzRootName": { + "value": "[parameters('eslzRootName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string" + }, + "eslzRootName": { + "type": "string" + } + }, + "variables": {}, + "resources": [ + { + "type": "Microsoft.ManagedIdentity/userAssignedIdentities", + "apiVersion": "2022-01-31-preview", + "name": "[format('uai-prereq-{0}', parameters('location'))]", + "location": "[parameters('location')]", + "metadata": { + "description": "This user assigned identity is used by the Deployment Script resource to interact with Azure resources." + } + }, + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "name": "[guid(resourceGroup().id, format('uai-prereq-{0}', parameters('location')))]", + "properties": { + "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('uai-prereq-{0}', parameters('location'))), '2022-01-31-preview').principalId]", + "principalType": "ServicePrincipal" }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "alz-prerequisites-uai", - "resourceGroup": "[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('location')]" - }, - "eslzRootName": { - "value": "[parameters('eslzRootName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string" - }, - "eslzRootName": { - "type": "string" - } - }, - "variables": {}, - "resources": [ - { - "type": "Microsoft.ManagedIdentity/userAssignedIdentities", - "apiVersion": "2022-01-31-preview", - "name": "[format('uai-prereq-{0}', parameters('location'))]", - "location": "[parameters('location')]", - "metadata": { - "description": "This user assigned identity is used by the Deployment Script resource to interact with Azure resources." - } - }, - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "name": "[guid(resourceGroup().id, format('uai-prereq-{0}', parameters('location')))]", - "properties": { - "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('uai-prereq-{0}', parameters('location'))), '2022-01-31-preview').principalId]", - "principalType": "ServicePrincipal" - }, - "dependsOn": [ - "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('uai-prereq-{0}', parameters('location')))]" - ], - "metadata": { - "description": "This role assignment grants the user assigned identity the Contributor role on the resource group." - } - } - ], - "outputs": { - "userAssignedIdentityId": { - "type": "string", - "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('uai-prereq-{0}', parameters('location')))]" - } - } - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('resourceGroupName'))]", - "alz-prerequisites-createRG" - ] + "dependsOn": [ + "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('uai-prereq-{0}', parameters('location')))]" + ], + "metadata": { + "description": "This role assignment grants the user assigned identity the Contributor role on the resource group." + } + } + ], + "outputs": { + "userAssignedIdentityId": { + "type": "string", + "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('uai-prereq-{0}', parameters('location')))]" + } + } + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('resourceGroupName'))]", + "alz-prerequisites-createRG" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('ds-{0}-prereqs', parameters('location'))]", + "subscriptionId": "[parameters('managementSubscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "userAssignedIdentityId": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'alz-prerequisites-uai'), '2022-09-01').outputs.userAssignedIdentityId.value]" + }, + "eslzRootName": { + "value": "[parameters('eslzRootName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string" + }, + "eslzRootName":{ + "type": "string" + }, + "userAssignedIdentityId": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Resources/deploymentScripts", + "apiVersion": "2020-10-01", + "name": "alz-prereq-deploymentscript", + "location": "[parameters('location')]", + "kind": "AzurePowerShell", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "[format('{0}', parameters('userAssignedIdentityId'))]": {} + } }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('ds-{0}-prereqs', parameters('location'))]", - "resourceGroup": "[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('location')]" - }, - "userAssignedIdentityId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'alz-prerequisites-uai'), '2022-09-01').outputs.userAssignedIdentityId.value]" - }, - "eslzRootName": { - "value": "[parameters('eslzRootName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string" - }, - "eslzRootName":{ - "type": "string" - }, - "userAssignedIdentityId": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Resources/deploymentScripts", - "apiVersion": "2020-10-01", - "name": "alz-prereq-deploymentscript", - "location": "[parameters('location')]", - "kind": "AzurePowerShell", - "identity": { - "type": "UserAssigned", - "userAssignedIdentities": { - "[format('{0}', parameters('userAssignedIdentityId'))]": {} - } - }, - "properties": { - "azPowerShellVersion": "12.3", - "retentionInterval": "PT1H", - "timeout": "PT2H", - "arguments": "[format('-eslzRootName \"{0}\"', parameters('eslzRootName'))]", - "scriptContent": " - param( - [Parameter(Mandatory=$true, HelpMessage=\"Enter the ESLZ root name.\")] - [string] - $eslzRootName - ) - - #API call to register the Microsoft.Network provider against intermediate resource group for AVNM - Invoke-AzRestMethod -Method POST -Uri \"https://management.azure.com/providers/Microsoft.Management/managementGroups/$eslzRootName/providers/Microsoft.Network/register?api-version=2021-04-01\" - - #Sleep for XX minutes to wait for Management Groups to load to cache before assignments - Start-Sleep -Duration (New-TimeSpan -Minutes 10) - - $result = \"\" - $count = 0 - - do { - $result = Invoke-AzRestMethod -Method POST -Uri \"https://management.azure.com/providers/Microsoft.Management/managementGroups/$eslzRootName/providers/Microsoft.Network/register?api-version=2021-04-01\" - $count++ - Start-Sleep -Seconds 30 - Write-Host 'MG RP Register - Status Code: ' $result.StatusCode ' Count: ' $count - } while ($result.StatusCode -ne 200 -and $count -lt 10) - - #Register all resource providers - $subs = Search-AzGraph -Query \"ResourceContainers | where type =~ 'microsoft.resources/subscriptions'\" -ManagementGroup $eslzRootName - $rps = @('Microsoft.Insights','Microsoft.AlertsManagement','Microsoft.OperationalInsights','Microsoft.OperationsManagement','Microsoft.Automation','Microsoft.AlertsManagement','Microsoft.Security','Microsoft.Network','Microsoft.EventGrid','Microsoft.ManagedIdentity','Microsoft.GuestConfiguration','Microsoft.Advisor','Microsoft.PolicyInsights') - - foreach ($sub in $subs) { - Select-AzSubscription -SubscriptionId $sub.id - Write-Host 'Registering resource providers for subscription: ' $sub.id - Get-AzResourceProvider -ProviderNamespace $rps | where {$_.RegistrationState -ne \"Registered\"} | Register-AzResourceProvider - } - " - }, - "metadata": { - "description": "Create a Deployment Script resource to perform the prerequisites." - } - } - ], - "outputs": {} - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'alz-prerequisites-uai')]", - "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('resourceGroupName'))]", - "alz-prerequisites-createRG" - ] + "properties": { + "azPowerShellVersion": "12.3", + "retentionInterval": "PT1H", + "timeout": "PT2H", + "arguments": "[format('-eslzRootName \"{0}\"', parameters('eslzRootName'))]", + "scriptContent": " + param( + [Parameter(Mandatory=$true, HelpMessage=\"Enter the ESLZ root name.\")] + [string] + $eslzRootName + ) + + #API call to register the Microsoft.Network provider against intermediate resource group for AVNM + Invoke-AzRestMethod -Method POST -Uri \"https://management.azure.com/providers/Microsoft.Management/managementGroups/$eslzRootName/providers/Microsoft.Network/register?api-version=2021-04-01\" + + #Sleep for XX minutes to wait for Management Groups to load to cache before assignments + Start-Sleep -Duration (New-TimeSpan -Minutes 10) + + $result = \"\" + $count = 0 + + do { + $result = Invoke-AzRestMethod -Method POST -Uri \"https://management.azure.com/providers/Microsoft.Management/managementGroups/$eslzRootName/providers/Microsoft.Network/register?api-version=2021-04-01\" + $count++ + Start-Sleep -Seconds 30 + Write-Host 'MG RP Register - Status Code: ' $result.StatusCode ' Count: ' $count + } while ($result.StatusCode -ne 200 -and $count -lt 10) + + #Register all resource providers + $subs = Search-AzGraph -Query \"ResourceContainers | where type =~ 'microsoft.resources/subscriptions'\" -ManagementGroup $eslzRootName + $rps = @('Microsoft.Insights','Microsoft.AlertsManagement','Microsoft.OperationalInsights','Microsoft.OperationsManagement','Microsoft.Automation','Microsoft.AlertsManagement','Microsoft.Security','Microsoft.Network','Microsoft.EventGrid','Microsoft.ManagedIdentity','Microsoft.GuestConfiguration','Microsoft.Advisor','Microsoft.PolicyInsights') + + foreach ($sub in $subs) { + Select-AzSubscription -SubscriptionId $sub.id + Write-Host 'Registering resource providers for subscription: ' $sub.id + Get-AzResourceProvider -ProviderNamespace $rps | where {$_.RegistrationState -ne \"Registered\"} | Register-AzResourceProvider + } + " + }, + "metadata": { + "description": "Create a Deployment Script resource to perform the prerequisites." } - ] + } + ], + "outputs": {} } - } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'alz-prerequisites-uai')]", + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('resourceGroupName'))]", + "alz-prerequisites-createRG" + ] } ], "outputs": {}