initial push

.gitignore

@@ -0,0 +1,7 @@
+*.auto.tfvars
+.terraform
+*.tfstate
+.tfstate
+terraform.tfstate
+*.tfstate.backup
+.terraform.tfstate.lock.info

.pipelines/00_pipes/confirm_deployment.yml

@@ -0,0 +1,33 @@
+parameters:
+- name: module
+  displayName: "Module to Deploy"
+  type: string
+  default: ""
+  values:
+  - base
+
+- name: terraformDestroy
+  displayName: "Destroy!"
+  type: boolean
+  default: false
+
+name: "$(BuildID) $(Date:yyyy-MM-dd HH-mm) UTC ~ (${{ parameters.module }})"
+
+pr: none
+trigger: none
+variables:
+- template: /.pipelines/config/sub-b31e023c78b8.config.yml
+- template: /.pipelines/config/global.config.yml
+- ${{ if eq(parameters.terraformDestroy, true) }}:
+  - name: terraformDestroy
+    value: yes
+
+
+stages:
+- template: /.pipelines/01_stage/confirm_deployment.yml
+  parameters:
+    terraformVersion: $(TERRAFORM_VERSION)
+
+    ${{ if eq(parameters.module, 'base') }}:
+      module: base
+      pipelineJob: lz_base.yml

.pipelines/00_pipes/deploy_base.yml

@@ -0,0 +1,38 @@
+parameters:
+- name: base
+  displayName: "Base"
+  type: boolean
+  default: true
+
+- name: pester
+  displayName: "Pester"
+  type: boolean
+  default: true
+
+- name: planDeploy
+  displayName: "Plan Only"
+  type: boolean
+  default: true
+
+name: "$(BuildID) $(Date:yyyy-MM-dd HH-mm) UTC ~ "
+
+pr: none
+trigger: none
+variables:
+- template: /.pipelines/config/sub-b31e023c78b8.config.yml
+- template: /.pipelines/config/global.config.yml
+- ${{ if eq(parameters.base, true) }}:
+  - name: base
+    value: yes
+- ${{ if eq(parameters.pester, true) }}:
+  - name: pester
+    value: yes
+- ${{ if eq(parameters.planDeploy, true) }}:
+  - name: planDeploy
+    value: yes
+
+stages:
+- template: /.pipelines/01_stage/lz_deploy.yml
+  parameters:
+    pool: ${{ variables.SVC_CONNECTION }}
+    terraformVersion: $(TERRAFORM_VERSION)

.pipelines/00_pipes/destroy_base.yml

@@ -0,0 +1,38 @@
+parameters:
+- name: base
+  displayName: "Base"
+  type: boolean
+  default: true
+
+- name: planDeploy
+  displayName: "Plan Only"
+  type: boolean
+  default: true
+
+- name: terraformDestroy
+  displayName: "Destroy!"
+  type: boolean
+  default: true
+
+name: "$(BuildID) $(Date:yyyy-MM-dd HH-mm) UTC ~ "
+
+pr: none
+trigger: none
+variables:
+- template: /.pipelines/config/sub-b31e023c78b8.config.yml
+- template: /.pipelines/config/global.config.yml
+- ${{ if eq(parameters.base, true) }}:
+  - name: base
+    value: yes
+- ${{ if eq(parameters.planDeploy, true) }}:
+  - name: planDeploy
+    value: yes
+- ${{ if eq(parameters.terraformDestroy, true) }}:
+  - name: terraformDestroy
+    value: yes
+
+stages:
+- template: /.pipelines/01_stage/lz_destroy.yml
+  parameters:
+    pool: ${{ variables.SVC_CONNECTION }}
+    terraformVersion: $(TERRAFORM_VERSION)

.pipelines/00_pipes/pester_testing.yml

@@ -0,0 +1,83 @@
+parameters:
+- name: intFuncOnly
+  displayName: Run Functional Check Only
+  type: boolean
+  default: false
+
+- name: infraOnly
+  displayName: Run tfstate Check Only
+  type: boolean
+  default: false
+
+
+name: IntTest
+
+pr: none
+schedules:
+- cron: "30 7 * * *"
+  always: true
+  branches:
+    include:
+    - master
+  displayName: MorningTest
+trigger: none
+variables:
+- ${{ if eq(parameters.infraOnly, true) }}:
+  - name: infraOnly
+    value: yes
+- ${{ if eq(parameters.intFuncOnly, true) }}:
+  - name: intFuncOnly
+    value: yes
+
+stages:
+- stage: Hub
+  displayName: "Hub"
+  variables:
+  - template: /.pipelines/config/sub-b31e023c78b8.config.yml
+  - template: /.pipelines/config/global.config.yml
+  jobs:
+  - template: /.pipelines/02_jobs/pester_hub.yml
+    parameters:
+      pool:
+        name: myPool
+      vaultName: ${{ variables.VAULT_NAME }}
+      svcConnection: ${{ variables.SVC_CONNECTION }}
+
+# Wait for all other stages to run and then POST the results
+- stage: IntTestAPI
+  displayName: POST Pester Results
+  condition: always() # always run; stages are run for each subscription, so you want to POST the results of those that ran even if one fails
+  dependsOn:
+  - Hub # create a list for multiple hubs/spokes
+  variables:
+  - template: /.pipelines/config/sub-b31e023c78b8.config.yml
+  jobs:
+  - job: POST
+    pool:
+      name: myPool
+    workspace:
+      clean: all
+    steps:
+
+    - task: AzureKeyVault@1
+      inputs:
+        azureSubscription: ${{ variables.SVC_CONNECTION }}
+        KeyVaultName: ${{ variables.VAULT_NAME }}
+      displayName: "Download Azure Key Vault secrets"
+
+    - task: PowerShell@2
+      displayName: "Invoke API POST"
+      env:
+        ARMCLIENTSECRET: $(ARMCLIENTSECRET)
+      inputs:
+        arguments: >-
+          -clientId "$(ARMCLIENTID)"
+          -environment "$(TERRAFORM_ENVIRONMENT)"
+          -location "$(TERRAFORM_LOCATION)"
+          -pat "$(AZDOPATAPI)"
+          -subscriptionName "$(ENVIRONMENT_NAME)"
+          -tenantId "$(ARMTENANTID)"
+        filePath: $(System.DefaultWorkingDirectory)/scripts/pester/test-results.ps1
+        pwsh: true
+        targetType: filePath
+        workingDirectory: $(System.DefaultWorkingDirectory)/scripts/pester/

.pipelines/01_stage/confirm_deployment.yml

@@ -0,0 +1,37 @@
+parameters:
+  module: ""
+  pipelineJob: ""
+  pool: {}
+  prd: ""
+  terraformVersion: ""
+
+
+stages:
+- stage: Plan_${{ parameters.module }}
+  displayName: "Plan ${{ parameters.module }}"
+  jobs:
+  - template: /.pipelines/02_jobs/${{ parameters.pipelineJob }}
+    parameters:
+      extraVnet: ${{ parameters.extraVnet }}
+      module: plan_${{ parameters.module }}
+      pool: ${{ parameters.pool }}
+      terraformBackendContainerName: $(TERRAFORM_BACKEND_CONTAINER_NAME)
+      terraformBackendStorageName: $(TERRAFORM_BACKEND_STORAGE_NAME)
+      terraformVersion: ${{ parameters.terraformVersion }}
+      vaultName: $(VAULT_NAME)
+      svcConnection: $(SVC_CONNECTION)
+
+- stage: Apply_${{ parameters.module }}
+  dependsOn: Plan_${{ parameters.module }}
+  displayName: "Apply ${{ parameters.module }}"
+  jobs:
+  - template: /.pipelines/02_jobs/${{ parameters.pipelineJob }}
+    parameters:
+      extraVnet: ${{ parameters.extraVnet }}
+      module: apply_${{ parameters.module }}
+      pool: ${{ parameters.pool }}
+      terraformBackendContainerName: $(TERRAFORM_BACKEND_CONTAINER_NAME)
+      terraformBackendStorageName: $(TERRAFORM_BACKEND_STORAGE_NAME)
+      terraformVersion: ${{ parameters.terraformVersion }}
+      vaultName: $(VAULT_NAME)
+      svcConnection: $(SVC_CONNECTION)

.pipelines/01_stage/lz_deploy.yml

@@ -0,0 +1,44 @@
+parameters:
+  pool: {}
+  terraformVersion: ""
+
+
+stages:
+- stage: ProvisionLZ
+  displayName: "ProvisionLZ"
+  jobs:
+  - template: /.pipelines/02_jobs/lz_base.yml
+    parameters:
+      condition: |
+        and
+        (
+          ne(canceled(), true),
+          ne(failed(), true),
+          eq(variables.base, 'yes'),
+          ne(variables.terraformDestroy, 'yes')
+        )
+      dependsOn: ""
+      pool:
+        vmImage: Ubuntu 18.04
+      terraformBackendContainerName: $(TERRAFORM_BACKEND_CONTAINER_NAME)
+      terraformBackendStorageName: $(TERRAFORM_BACKEND_STORAGE_NAME)
+      terraformVersion: ${{ parameters.terraformVersion }}
+      vaultName: $(VAULT_NAME)
+      svcConnection: $(SVC_CONNECTION)
+
+  - template: /.pipelines/02_jobs/pester_infra.yml
+    parameters:
+      condition: |
+        and
+        (
+          ne(canceled(), true),
+          ne(failed(), true),
+          eq(variables.pester, 'yes'),
+          ne(variables.terraformDestroy, 'yes'),
+          in(dependencies.LZ_Base.result, 'Succeeded', 'Skipped')
+        )
+      dependsOn: LZ_Base
+      pool:
+        name: myPool
+      vaultName: $(VAULT_NAME)
+      svcConnection: $(SVC_CONNECTION)

.pipelines/01_stage/lz_destroy.yml

@@ -0,0 +1,27 @@
+parameters:
+  pool: {}
+  terraformVersion: ""
+
+
+stages:
+- stage: DestroyLZ
+  displayName: "DestroyLZ"
+  jobs:
+  - template: /.pipelines/02_jobs/lz_base.yml
+    parameters:
+      condition: |
+        and
+        (
+          ne(canceled(), true),
+          ne(failed(), true),
+          eq(variables.base, 'yes'),
+          eq(variables.terraformDestroy, 'yes')
+        )
+      dependsOn: ""
+      pool:
+        vmImage: Ubuntu 18.04
+      terraformBackendContainerName: $(TERRAFORM_BACKEND_CONTAINER_NAME)
+      terraformBackendStorageName: $(TERRAFORM_BACKEND_STORAGE_NAME)
+      terraformVersion: ${{ parameters.terraformVersion }}
+      vaultName: $(VAULT_NAME)
+      svcConnection: $(SVC_CONNECTION)