├── img └── cae-logo-white-bg.png ├── infra ├── samples │ ├── deployment-scripts-property-check │ │ ├── img │ │ │ ├── bicep-visualizer.png │ │ │ ├── deployment-script-property-check.vsdx │ │ │ └── deployment-scripts-property-check.png │ │ ├── metadata.json │ │ ├── modules │ │ │ ├── vwan.bicep │ │ │ ├── vwanvhcs.bicep │ │ │ ├── vwanhub.bicep │ │ │ ├── vnet.bicep │ │ │ └── azResourceStateCheck.bicep │ │ ├── orchestration.parameters.json │ │ ├── scripts │ │ │ └── Invoke-AzResourceStateCheck.ps1 │ │ ├── README.md │ │ └── orchestration.bicep │ └── README.md └── README.md ├── .vscode └── extensions.json ├── .editorconfig ├── SUPPORT.md ├── CODE_OF_CONDUCT.md ├── LICENSE ├── schemas └── schema.metadata.json ├── SECURITY.md ├── README.md └── .gitignore /img/cae-logo-white-bg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/CAE-Bits/HEAD/img/cae-logo-white-bg.png -------------------------------------------------------------------------------- /infra/samples/deployment-scripts-property-check/img/bicep-visualizer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/CAE-Bits/HEAD/infra/samples/deployment-scripts-property-check/img/bicep-visualizer.png -------------------------------------------------------------------------------- /infra/samples/deployment-scripts-property-check/img/deployment-script-property-check.vsdx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/CAE-Bits/HEAD/infra/samples/deployment-scripts-property-check/img/deployment-script-property-check.vsdx -------------------------------------------------------------------------------- /infra/samples/deployment-scripts-property-check/img/deployment-scripts-property-check.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/CAE-Bits/HEAD/infra/samples/deployment-scripts-property-check/img/deployment-scripts-property-check.png -------------------------------------------------------------------------------- /.vscode/extensions.json: -------------------------------------------------------------------------------- 1 | { 2 | // Recommended extensions for CAE Bits 3 | "recommendations": [ 4 | "ms-azuretools.vscode-bicep", 5 | "vsls-contrib.codetour", 6 | "msazurermtools.azurerm-vscode-tools", 7 | "bencoleman.armview", 8 | "editorconfig.editorconfig" 9 | ] 10 | } 11 | -------------------------------------------------------------------------------- /infra/README.md: -------------------------------------------------------------------------------- 1 | # Area: Azure Infrastructure/Core 2 | 3 | In this directory are all the scripts, samples and other "bits" that relate to Azure Infrastructure/Core. 4 | 5 | ## Content 6 | 7 | Check out the below content in this area: 8 | 9 | - [Samples](samples/README.md) 10 | - Mote coming soon... 11 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | root = true 2 | 3 | [*] 4 | indent_size = 2 5 | charset = utf-8 6 | end_of_line = lf 7 | trim_trailing_whitespace = true 8 | insert_final_newline = true 9 | 10 | [*.{yml,yaml}] 11 | indent_size = 2 12 | charset = utf-8 13 | end_of_line = lf 14 | trim_trailing_whitespace = true 15 | insert_final_newline = true 16 | -------------------------------------------------------------------------------- /SUPPORT.md: -------------------------------------------------------------------------------- 1 | # Support 2 | 3 | ## How to file issues and get help 4 | 5 | This repo uses GitHub Issues to track bugs, feature requests, questions and anything else you need help with. Please search the existing issues before filing new issues to avoid duplicates. For new issues file your bugs, feature requests, questions and anything else you need help with as a new Issue. 👍 6 | -------------------------------------------------------------------------------- /infra/samples/deployment-scripts-property-check/metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://raw.githubusercontent.com/Azure/CAE-Bits/main/schemas/schema.metadata.json#", 3 | "name": "Sample: Check Resource Property with Deployment Scripts", 4 | "description": "Use Deployment Scripts in ARM Templates/Bicep to await a resource's property desired state to help you orchestrate end-to-end deployments", 5 | "owner.gh": "jtracey93", 6 | "owner.ms": "jatracey" 7 | } 8 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Microsoft Open Source Code of Conduct 2 | 3 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). 4 | 5 | Resources: 6 | 7 | - [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/) 8 | - [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) 9 | - Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns 10 | -------------------------------------------------------------------------------- /infra/samples/deployment-scripts-property-check/modules/vwan.bicep: -------------------------------------------------------------------------------- 1 | @description('Azure region to deploy to') 2 | param region string = 'uksouth' 3 | 4 | @description('Azure region naming prefix') 5 | param regionNamePrefix string = 'uks' 6 | 7 | @description('Tags to apply to applicable resources') 8 | param defaultTags object = { 9 | 'IaC-Source': 'Azure/CAE-Bits' 10 | } 11 | 12 | resource vwan 'Microsoft.Network/virtualWans@2021-02-01' = { 13 | name: 'vwan-${regionNamePrefix}' 14 | location: region 15 | tags: defaultTags 16 | properties: { 17 | allowBranchToBranchTraffic: true 18 | allowVnetToVnetTraffic: true 19 | disableVpnEncryption: false 20 | type: 'Standard' 21 | } 22 | } 23 | 24 | output vwanName string = vwan.name 25 | -------------------------------------------------------------------------------- /infra/samples/deployment-scripts-property-check/modules/vwanvhcs.bicep: -------------------------------------------------------------------------------- 1 | targetScope = 'resourceGroup' 2 | 3 | @description('Azure region naming prefix') 4 | param regionNamePrefix string = 'uks' 5 | 6 | @description('Array of VNET objects, including and array of Subnets. - should be provided from Orchestration template normally.') 7 | param vnets array = [] 8 | 9 | resource vwanHubExisting 'Microsoft.Network/virtualHubs@2021-02-01' existing = { 10 | name: 'vwan-hub-${regionNamePrefix}' 11 | } 12 | 13 | @batchSize(1) 14 | resource vwanSpokeVNetConnection 'Microsoft.Network/virtualHubs/hubVirtualNetworkConnections@2021-02-01' = [for (vnet, i) in vnets: { 15 | parent: vwanHubExisting 16 | name: 'vnet-${regionNamePrefix}-spoke-conn-${vnet.name}' 17 | properties: { 18 | remoteVirtualNetwork: { 19 | id: resourceId('Microsoft.Network/virtualNetworks', vnet.name) 20 | } 21 | allowHubToRemoteVnetTransit: true 22 | allowRemoteVnetToUseHubVnetGateways: true 23 | enableInternetSecurity: true 24 | } 25 | }] 26 | -------------------------------------------------------------------------------- /infra/samples/deployment-scripts-property-check/modules/vwanhub.bicep: -------------------------------------------------------------------------------- 1 | targetScope = 'resourceGroup' 2 | 3 | @description('Azure region to deploy to') 4 | param region string = 'uksouth' 5 | 6 | @description('Azure region naming prefix') 7 | param regionNamePrefix string = 'uks' 8 | 9 | @description('CIDR block for VWAN Hub') 10 | param vwanHubCIDR string = '10.0.0.0/23' 11 | 12 | @description('VWAN Name') 13 | param vwanName string 14 | 15 | @description('Tags to apply to applicable resources') 16 | param defaultTags object = { 17 | 'IaC-Source': 'Azure/CAE-Bits' 18 | } 19 | 20 | resource vwanExisting 'Microsoft.Network/virtualWans@2021-02-01' existing = { 21 | name: vwanName 22 | } 23 | 24 | resource vwanHub 'Microsoft.Network/virtualHubs@2021-02-01' = { 25 | name: 'vwan-hub-${regionNamePrefix}' 26 | location: region 27 | tags: defaultTags 28 | properties: { 29 | addressPrefix: vwanHubCIDR 30 | virtualWan: { 31 | id: vwanExisting.id 32 | } 33 | } 34 | } 35 | 36 | output outVwanVHubId string = vwanHub.id 37 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) Microsoft Corporation. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE 22 | -------------------------------------------------------------------------------- /schemas/schema.metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "properties": { 3 | "$schema": { 4 | "type": "string", 5 | "enum": [ 6 | "https://raw.githubusercontent.com/Azure/CAE-Bits/main/schemas/schema.metadata.json#" 7 | ], 8 | "description": "CAE Bits repo metadata file JSON schema reference." 9 | }, 10 | "name": { 11 | "type": "string", 12 | "minLength": 10, 13 | "maxLength": 100, 14 | "description": "The name of the artifact." 15 | }, 16 | "description": { 17 | "type": "string", 18 | "minLength": 10, 19 | "maxLength": 240, 20 | "description": "The description of the artifact." 21 | }, 22 | "owner.gh": { 23 | "type": "string", 24 | "pattern": "^(?:Azure\\/)?[a-zA-Z\\d](?:[a-zA-Z\\d]|-(?=[a-zA-Z\\d])){0,38}$", 25 | "description": "The owner of the module. Must be a GitHub username or team under the Azure organization." 26 | }, 27 | "owner.ms": { 28 | "type": "string", 29 | "description": "The owner of the module. Must be a Microsoft alias." 30 | } 31 | }, 32 | "required": [ 33 | "$schema", 34 | "name", 35 | "description", 36 | "owner.gh", 37 | "owner.ms" 38 | ], 39 | "additionalProperties": false 40 | } 41 | -------------------------------------------------------------------------------- /infra/samples/README.md: -------------------------------------------------------------------------------- 1 | # Samples: Azure Infrastructure/Core 2 | 3 | > ‼️ **IMPORTANT:** These samples are provided as inspiration and examples for the scenarios they address, these are not "production ready" samples that are "Microsoft approved and vetted" however, they are authored/reviewed by Microsoft employees and are shared with the community to assist ‼️ 4 | 5 | Here are sample end-to-end scenarios/deployments relating to Azure Infrastructure/Core that you can use and take as inspiration to address challenges or issues you may be facing yourself. 6 | 7 | ## Table of Samples 8 | 9 | | Sample Name | Description | Link | 10 | | ----------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------- | 11 | | Check Resource Property with Deployment Scripts | Use Deployment Scripts in ARM Templates/Bicep to await a resource's property desired state to help you orchestrate end-to-end deployments | [Here](deployment-scripts-property-check) | 12 | -------------------------------------------------------------------------------- /infra/samples/deployment-scripts-property-check/modules/vnet.bicep: -------------------------------------------------------------------------------- 1 | targetScope = 'resourceGroup' 2 | 3 | @description('Azure region to deploy to') 4 | param region string = 'uksouth' 5 | 6 | @description('Tags to apply to applicable resources') 7 | param defaultTags object = { 8 | 'IaC-Source': 'Azure/CAE-Bits' 9 | } 10 | 11 | @description('Array of VNET objects, including an array of Subnets.') 12 | param vnets array = [ 13 | { 14 | name: 'vnet-uks-1' 15 | cidr: '10.1.0.0/16' 16 | subnets: [ 17 | { 18 | name: 'AzureBastionSubnet' 19 | properties: { 20 | addressPrefix: '10.1.0.0/24' 21 | } 22 | } 23 | ] 24 | } 25 | { 26 | name: 'vnet-uks-2' 27 | cidr: '10.2.0.0/16' 28 | subnets: [ 29 | { 30 | name: 'subnet-1' 31 | properties: { 32 | addressPrefix: '10.2.0.0/24' 33 | } 34 | } 35 | { 36 | name: 'subnet-2' 37 | properties: { 38 | addressPrefix: '10.2.1.0/24' 39 | } 40 | } 41 | ] 42 | } 43 | { 44 | name: 'vnet-uks-3' 45 | cidr: '10.3.0.0/16' 46 | subnets: [] 47 | } 48 | ] 49 | 50 | resource resVNETs 'Microsoft.Network/virtualNetworks@2021-02-01' = [for vnet in vnets: { 51 | name: vnet.name 52 | location: region 53 | tags: defaultTags 54 | properties: { 55 | addressSpace: { 56 | addressPrefixes: [ 57 | vnet.cidr 58 | ] 59 | } 60 | subnets: vnet.subnets 61 | } 62 | }] 63 | -------------------------------------------------------------------------------- /infra/samples/deployment-scripts-property-check/orchestration.parameters.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "region": { 6 | "value": "uksouth" 7 | }, 8 | "regionNamePrefix": { 9 | "value": "uks" 10 | }, 11 | "defaultTags": { 12 | "value": { 13 | "IaC-Source": "Azure/CAE-Bits", 14 | "DemoOf": "Deployment Scripts Property Checker With VWAN, VWAN Hub & 3 Spokes" 15 | } 16 | }, 17 | "vwanHubCIDR": { 18 | "value": "10.0.0.0/23" 19 | }, 20 | "vnets": { 21 | "value": [ 22 | { 23 | "name": "vnet-uks-1", 24 | "cidr": "10.1.0.0/16", 25 | "subnets": [ 26 | { 27 | "name": "AzureBastionSubnet", 28 | "properties": { 29 | "addressPrefix": "10.1.0.0/24" 30 | } 31 | } 32 | ] 33 | }, 34 | { 35 | "name": "vnet-uks-2", 36 | "cidr": "10.2.0.0/16", 37 | "subnets": [ 38 | { 39 | "name": "subnet-1", 40 | "properties": { 41 | "addressPrefix": "10.2.0.0/24" 42 | } 43 | }, 44 | { 45 | "name": "subnet-2", 46 | "properties": { 47 | "addressPrefix": "10.2.1.0/24" 48 | } 49 | } 50 | ] 51 | }, 52 | { 53 | "name": "vnet-uks-3", 54 | "cidr": "10.3.0.0/16", 55 | "subnets": [] 56 | } 57 | ] 58 | }, 59 | "parAzResourceApiVersion": { 60 | "value": "2022-01-01" 61 | }, 62 | "parAzResourcePropertyToCheck": { 63 | "value": "routingState" 64 | }, 65 | "parAzResourceDesiredState": { 66 | "value": "Provisioned" 67 | }, 68 | "parWaitInSecondsBetweenIterations": { 69 | "value": 10 70 | }, 71 | "parMaxIterations": { 72 | "value": 100 73 | } 74 | } 75 | } 76 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security 2 | 3 | Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/). 4 | 5 | If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below. 6 | 7 | ## Reporting Security Issues 8 | 9 | **Please do not report security vulnerabilities through public GitHub issues.** 10 | 11 | Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report). 12 | 13 | If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey). 14 | 15 | You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc). 16 | 17 | Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: 18 | 19 | - Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) 20 | - Full paths of source file(s) related to the manifestation of the issue 21 | - The location of the affected source code (tag/branch/commit or direct URL) 22 | - Any special configuration required to reproduce the issue 23 | - Step-by-step instructions to reproduce the issue 24 | - Proof-of-concept or exploit code (if possible) 25 | - Impact of the issue, including how an attacker might exploit the issue 26 | 27 | This information will help us triage your report more quickly. 28 | 29 | If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs. 30 | 31 | ## Preferred Languages 32 | 33 | We prefer all communications to be in English. 34 | 35 | ## Policy 36 | 37 | Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd). 38 | -------------------------------------------------------------------------------- /infra/samples/deployment-scripts-property-check/scripts/Invoke-AzResourceStateCheck.ps1: -------------------------------------------------------------------------------- 1 | [CmdletBinding()] 2 | param ( 3 | [string] 4 | $azResourceResourceId, 5 | 6 | [string] 7 | $apiVersion = "2022-05-01", 8 | 9 | [string] 10 | $azResourcePropertyToCheck = "provisioningState", 11 | 12 | [string] 13 | $azResourceDesiredState = "Provisioned", 14 | 15 | [int] 16 | $waitInSecondsBetweenIterations = 30, 17 | 18 | [int] 19 | $maxIterations = 30 20 | ) 21 | 22 | $totalTimeoutCalculation = $waitInSecondsBetweenIterations * $maxIterations 23 | 24 | $azResourcePropertyExistenceCheck = Invoke-AzRestMethod -Method GET -Path "$($azResourceResourceId)?api-version=$($apiVersion)" 25 | 26 | if ($azResourcePropertyExistenceCheck.StatusCode -ne "200") { 27 | $DeploymentScriptOutputs["azResourcePropertyState"] = "Not Found" 28 | throw "Unable to get Azure Resource - $($azResourceResourceId). Likely it doesn't exist. Status code: $($azResourcePropertyExistenceCheck.StatusCode) Error: $($azResourcePropertyExistenceCheck.Content)" 29 | } 30 | 31 | $azResourcePropertyStateResult = "Unknown" 32 | $iterationCount = 0 33 | 34 | do { 35 | $azResourcePropertyStateGet = Invoke-AzRestMethod -Method GET -Path "$($azResourceResourceId)?api-version=$($apiVersion)" 36 | $azResourcePropertyStateJsonConverted = $azResourcePropertyStateGet.Content | ConvertFrom-Json -Depth 10 37 | $azResourcePropertyStateResult = $azResourcePropertyStateJsonConverted.properties.$($azResourcePropertyToCheck) 38 | 39 | if ($azResourcePropertyStateResult -ne $azResourceDesiredState) { 40 | Write-Host "Azure Resource Property ($($azResourcePropertyToCheck)) is not in $($azResourceDesiredState) state. Waiting $($waitInSecondsBetweenIterations) seconds before checking again. Iteration count: $($iterationCount)" 41 | Start-Sleep -Seconds $waitInSecondsBetweenIterations 42 | $iterationCount++ 43 | } 44 | } while ( 45 | $azResourcePropertyStateResult -ne $azResourceDesiredState -and $iterationCount -ne $maxIterations 46 | ) 47 | 48 | if ($azResourcePropertyStateResult -eq $azResourceDesiredState) { 49 | Write-Host "Azure Resource Property ($($azResourcePropertyToCheck)) is now in $($azResourceDesiredState) state." 50 | $DeploymentScriptOutputs["azResourcePropertyState"] = "$($azResourceDesiredState)" 51 | } 52 | 53 | if ($iterationCount -eq $maxIterations -and $azResourcePropertyStateResult -ne $azResourceDesiredState) { 54 | $DeploymentScriptOutputs["azResourcePropertyState"] = "Azure Resource Property ($($azResourcePropertyToCheck)) is still not in desired state of $($azResourceDesiredState). Timeout reached of $($totalTimeoutCalculation) seconds." 55 | throw "Azure Resource Property ($($azResourcePropertyToCheck)) is still not in $($azResourceDesiredState) state after $($totalTimeoutCalculation) seconds." 56 | } 57 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CAE Bits 2 | 3 | ![CAE Logo](img/cae-logo-white-bg.png) 4 | 5 | This repo has been curated by the CAE (Customer Architecture and Engineering) organization, that are part of Microsoft's CSU (Customer Success Unit). 6 | 7 | > The CAE team are the team behind initiatives like: 8 | > 9 | > - [ALZ (Azure Landing Zones)](https://aka.ms/alz) 10 | > - [AVD (Azure Virtual Desktop) Landing Zone Accelerator](https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/wvd/enterprise-scale-landing-zone) 11 | > - [AVS (Azure VWware Solution) Landing Zone Accelerator](https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/azure-vmware/enterprise-scale-landing-zone) 12 | > - Plus many more... 13 | 14 | The repo contains "bits" (samples, examples, scripts, guides, etc.) from members of the CAE organization that they wish to share with the wider community so everyone can benefit from them. 15 | 16 | ## Areas 17 | 18 | Checkout the below areas for samples, examples, scripts, guides and much more: 19 | 20 | - [Azure Infrastructure/Core](infra/README.md) 21 | - More areas coming soon... 22 | 23 | ## Support 24 | 25 | This repo is mainly samples, examples, scripts and other useful "bits" from the CAE organization within Microsoft's Customer Success Unit (CSU) that they want to share with the community to assist them with their cloud journeys. 26 | 27 | So these are not officially supported, but please raise an issue and we will do our best to assist and provide assistance if you find a bug or need a question answered about something in this repo 👍 28 | 29 | Please see the [`SUPPORT.md`](SUPPORT.md) for more info and also the [`SECURITY.md`](SECURITY.md) for any security related concerns. 30 | 31 | ## Contributing 32 | 33 | This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit [https://cla.opensource.microsoft.com](https://cla.opensource.microsoft.com). 34 | 35 | When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA. 36 | 37 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. 38 | 39 | ## Trademarks 40 | 41 | This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow [Microsoft's Trademark & Brand Guidelines](https://www.microsoft.com//legal/intellectualproperty/trademarks/usage/general). Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies. 42 | -------------------------------------------------------------------------------- /infra/samples/deployment-scripts-property-check/README.md: -------------------------------------------------------------------------------- 1 | # Sample: Check Resource Property with Deployment Scripts 2 | 3 | > 📄 This sample is documented in the Azure Architecture Center here: [Check Resource Property with Deployment Scripts](https://learn.microsoft.com/azure/architecture/guide/devops/deployment-scripts-property-check) 📄 4 | 5 | This sample could be used for many scenarios, like the one described below, to help orchestrate a single ARM/Bicep deployment that requires you to await the status of a resource to be in a desired state before progressing with other parts of the deployment. 6 | 7 | ## Details 8 | 9 | This sample deploys the following resources using Bicep: 10 | 11 | **Deployment Scope:** Subscription 12 | 13 | - 1 x Resource Group 14 | - 1 x Virtual WAN 15 | - 1 x Virtual WAN Hub 16 | - In the Virtual WAN 17 | - 3 x Virtual Networks 18 | - 1 x Deployment Script 19 | - This Deployment Script runs the PowerShell script [`Invoke-AzResourceStateCheck.ps1`](scripts/Invoke-AzResourceStateCheck.ps1) which polls the Virtual WAN Hub via a `GET` API call, every `X` seconds for `X` iterations (configurable via parameter input), to check the `routingState` (the status of the Virtual WAN Hub Router) is `Provisioned` (aka Ready). 20 | - This is the "magic" of this sample as the Virtual WAN Hub itself may be ready but if you were to try to create a Virtual Hub Connection before the Virtual WAN Hub Router is `Provisioned`, which can take around 10 minutes when a Virtual WAN Hub is created, the Virtual Hub Connections will fail as the router isn't ready. And that leaves you with a failed deployment via Bicep and you need to re-run the deployment again, by which time the Virtual WAN Hub Router is now in the `Provisioned State` 21 | - 3 x Virtual WAN Hub Connections 22 | - Connecting each of the Virtual Networks to the Virtual WAN Hub 23 | - **This is dependant on the Deployment Script running and returning a successful exit code.** 24 | 25 | ### Diagram 26 | 27 | #### Architectural 28 | 29 | ![Architecture Diagram](img/deployment-scripts-property-check.png) 30 | 31 | > *Download a [Visio file](https://github.com/Azure/CAE-Bits/raw/main/infra/samples/deployment-scripts-property-check/img/deployment-script-property-check.vsdx) of this architecture.* 32 | 33 | #### Bicep Visualizer 34 | 35 | ![Bicep Visualizer Output](img/bicep-visualizer.png) 36 | 37 | ### Usage Instructions 38 | 39 | #### Pre-Requisites 40 | 41 | 1. [PowerShell](https://learn.microsoft.com/powershell/scripting/install/installing-powershell) 42 | 2. [Azure `Az` PowerShell Modules](https://learn.microsoft.com/powershell/azure/install-az-ps) 43 | 3. An Azure Subscription 44 | 45 | #### Deployment Instructions 46 | 47 | 1. Open PowerShell 48 | 2. Login to Azure with `Connect-AzAccount` 49 | 3. Select the correct Azure Subscription to deploy to with `Select-AzSubscription -SubscriptionId 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx` 50 | 4. Amend the parameter values in the parameter file [`orchestration.parameters.json`](orchestration.parameters.json) and save the file with any changes 51 | 5. Deploy the [`orchestration.bicep`](orchestration.bicep) using the command `New-AzSubscriptionDeployment -TemplateFile .\orchestration.bicep -TemplateParameterFile .\orchestration.parameters.json -Location 'uksouth'` 52 | -------------------------------------------------------------------------------- /infra/samples/deployment-scripts-property-check/modules/azResourceStateCheck.bicep: -------------------------------------------------------------------------------- 1 | @description('The Resource ID of the Azure Resource you wish to check a properties state of.') 2 | param parAzResourceId string 3 | 4 | @description('The API Version of the Azure Resource you wish to use to check a properties state.') 5 | param parAzResourceApiVersion string 6 | 7 | @description('The property of the resource that you wish to check. This is a property inside the `properties` bag of the resource that is captured from a GET call to the Resource ID.') 8 | param parAzResourcePropertyToCheck string 9 | 10 | @description('The value of the property of the resource that you wish to check.') 11 | param parAzResourceDesiredState string 12 | 13 | @description('How long in seconds the deployment script should wait between check/polling requestes to check the property, and its state, if not in its desired state. Defaults to `30`') 14 | param parWaitInSecondsBetweenIterations int = 30 15 | 16 | @description('How many iterations/loops the deployment script should go through to check the property, and its state, if not in its desired state. After this amount of iterations the deployment script will throw an exception and fail and report back to the deployment. Defaults to `30`') 17 | param parMaxIterations int = 30 18 | 19 | @description('Deployment Script Resource Name. Defaults to `ds-az-resource-state-check`') 20 | param parDeploymentScriptName string = 'ds-az-resource-state-check' 21 | 22 | @description('Deployment Location/Region for resources. Defaults to same location/region as Resource Group being deployed to.') 23 | param parLocation string = resourceGroup().location 24 | 25 | @description('Built-in Role Definition ID to assign to the Deployment Script Managed Identity. Defaults to `acdd72a7-3385-48ef-bd42-f606fba81ae7` (Reader)') 26 | param parDeploymentScriptUamiRbacRoleDefinitionIdToAssign string = 'acdd72a7-3385-48ef-bd42-f606fba81ae7' 27 | 28 | var varDeploymentScriptUamiRbacAssignmentName = guid(resourceGroup().id) 29 | 30 | resource resDeploymentScriptUami 'Microsoft.ManagedIdentity/userAssignedIdentities@2022-01-31-preview' = { 31 | name: 'uami-${parDeploymentScriptName}' 32 | location: parLocation 33 | } 34 | 35 | resource resExistingRbacRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = { 36 | name: parDeploymentScriptUamiRbacRoleDefinitionIdToAssign 37 | scope: subscription() 38 | } 39 | 40 | resource resDeploymentScriptUamiRbac 'Microsoft.Authorization/roleAssignments@2022-04-01' = { 41 | name: varDeploymentScriptUamiRbacAssignmentName 42 | properties: { 43 | principalId: resDeploymentScriptUami.properties.principalId 44 | principalType: 'ServicePrincipal' 45 | roleDefinitionId: resExistingRbacRoleDefinition.id 46 | } 47 | } 48 | 49 | resource resDeploymentScriptAzResourceStateCheck 'Microsoft.Resources/deploymentScripts@2020-10-01' = { 50 | dependsOn: [ 51 | resDeploymentScriptUamiRbac 52 | ] 53 | name: parDeploymentScriptName 54 | location: parLocation 55 | identity: { 56 | type: 'UserAssigned' 57 | userAssignedIdentities: { 58 | '${resDeploymentScriptUami.id}': {} 59 | } 60 | } 61 | kind: 'AzurePowerShell' 62 | properties: { 63 | azPowerShellVersion: '8.3.0' 64 | retentionInterval: 'PT2H' 65 | scriptContent: loadTextContent('../scripts/Invoke-AzResourceStateCheck.ps1') 66 | arguments: '-azResourceResourceId \'${parAzResourceId}\' -apiVersion \'${parAzResourceApiVersion}\' -azResourcePropertyToCheck \'${parAzResourcePropertyToCheck}\' -azResourceDesiredState \'${parAzResourceDesiredState}\' -waitInSecondsBetweenIterations \'${parWaitInSecondsBetweenIterations}\' -maxIterations \'${parMaxIterations}\'' 67 | cleanupPreference: 'OnSuccess' 68 | timeout: 'PT1H' 69 | } 70 | } 71 | -------------------------------------------------------------------------------- /infra/samples/deployment-scripts-property-check/orchestration.bicep: -------------------------------------------------------------------------------- 1 | targetScope = 'subscription' 2 | 3 | @description('Azure region to deploy to') 4 | param region string = 'uksouth' 5 | 6 | @description('Azure region naming prefix') 7 | param regionNamePrefix string = 'uks' 8 | 9 | @description('Tags to apply to applicable resources') 10 | param defaultTags object = { 11 | 'IaC-Source': 'Azure/CAE-Bits' 12 | DemoOf: 'Deployment Scripts Property Checker With VWAN, VWAN Hub & 3 Spokes' 13 | } 14 | 15 | @description('CIDR block for VWAN Hub') 16 | param vwanHubCIDR string = '10.0.0.0/23' 17 | 18 | @description('Array of VNET objects, including an array of Subnets.') 19 | param vnets array = [ 20 | { 21 | name: 'vnet-uks-1' 22 | cidr: '10.1.0.0/16' 23 | subnets: [ 24 | { 25 | name: 'AzureBastionSubnet' 26 | properties: { 27 | addressPrefix: '10.1.0.0/24' 28 | } 29 | } 30 | ] 31 | } 32 | { 33 | name: 'vnet-uks-2' 34 | cidr: '10.2.0.0/16' 35 | subnets: [ 36 | { 37 | name: 'subnet-1' 38 | properties: { 39 | addressPrefix: '10.2.0.0/24' 40 | } 41 | } 42 | { 43 | name: 'subnet-2' 44 | properties: { 45 | addressPrefix: '10.2.1.0/24' 46 | } 47 | } 48 | ] 49 | } 50 | { 51 | name: 'vnet-uks-3' 52 | cidr: '10.3.0.0/16' 53 | subnets: [] 54 | } 55 | ] 56 | 57 | @description('The API Version of the Azure Resource you wish to use to check a properties state.') 58 | param parAzResourceApiVersion string = '2022-01-01' 59 | 60 | @description('The property of the resource that you wish to check. This is a property inside the `properties` bag of the resource that is captured from a GET call to the Resource ID.') 61 | param parAzResourcePropertyToCheck string = 'routingState' 62 | 63 | @description('The value of the property of the resource that you wish to check.') 64 | param parAzResourceDesiredState string = 'Provisioned' 65 | 66 | @description('How long in seconds the deployment script should wait between check/polling requestes to check the property, and its state, if not in its desired state. Defaults to `30`') 67 | param parWaitInSecondsBetweenIterations int = 30 68 | 69 | @description('How many iterations/loops the deployment script should go through to check the property, and its state, if not in its desired state. After this amount of iterations the deployment script will throw an exception and fail and report back to the deployment. Defaults to `30`') 70 | param parMaxIterations int = 30 71 | 72 | resource rsg 'Microsoft.Resources/resourceGroups@2021-04-01' = { 73 | name: 'rsg-${regionNamePrefix}-demo-deployment-scripts-property-checker' 74 | location: region 75 | tags: defaultTags 76 | } 77 | 78 | module modVNETs './modules/vnet.bicep' = { 79 | scope: rsg 80 | name: 'deployVNETs' 81 | params: { 82 | region: region 83 | defaultTags: defaultTags 84 | vnets: vnets 85 | } 86 | } 87 | 88 | module modVWAN './modules/vwan.bicep' = { 89 | scope: rsg 90 | name: 'deployVWAN' 91 | params: { 92 | region: region 93 | regionNamePrefix: regionNamePrefix 94 | defaultTags: defaultTags 95 | } 96 | } 97 | 98 | module modVWANHub 'modules/vwanHub.bicep' = { 99 | scope: rsg 100 | name: 'deployVWANHub' 101 | params: { 102 | region: region 103 | regionNamePrefix: regionNamePrefix 104 | defaultTags: defaultTags 105 | vwanHubCIDR: vwanHubCIDR 106 | vwanName: modVWAN.outputs.vwanName 107 | } 108 | } 109 | 110 | module modVWANHubRouterCheckerDeploymentScript 'modules/azResourceStateCheck.bicep' = { 111 | scope: rsg 112 | name: 'deployVWANHubRouterChecker' 113 | params: { 114 | parLocation: region 115 | parAzResourceId: modVWANHub.outputs.outVwanVHubId 116 | parAzResourceApiVersion: parAzResourceApiVersion 117 | parAzResourcePropertyToCheck: parAzResourcePropertyToCheck 118 | parAzResourceDesiredState: parAzResourceDesiredState 119 | parMaxIterations: parMaxIterations 120 | parWaitInSecondsBetweenIterations: parWaitInSecondsBetweenIterations 121 | } 122 | } 123 | 124 | module modVWanVhubVnetConnections 'modules/vwanVhcs.bicep' = { 125 | dependsOn: [ 126 | modVWANHubRouterCheckerDeploymentScript 127 | ] 128 | scope: rsg 129 | name: 'deployConnectVnetsToVWANVHub' 130 | params: { 131 | vnets: vnets 132 | regionNamePrefix: regionNamePrefix 133 | } 134 | } 135 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | ## 4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore 5 | 6 | # User-specific files 7 | *.rsuser 8 | *.suo 9 | *.user 10 | *.userosscache 11 | *.sln.docstates 12 | 13 | # User-specific files (MonoDevelop/Xamarin Studio) 14 | *.userprefs 15 | 16 | # Mono auto generated files 17 | mono_crash.* 18 | 19 | # Build results 20 | [Dd]ebug/ 21 | [Dd]ebugPublic/ 22 | [Rr]elease/ 23 | [Rr]eleases/ 24 | x64/ 25 | x86/ 26 | [Aa][Rr][Mm]/ 27 | [Aa][Rr][Mm]64/ 28 | bld/ 29 | [Bb]in/ 30 | [Oo]bj/ 31 | [Ll]og/ 32 | [Ll]ogs/ 33 | 34 | # Visual Studio 2015/2017 cache/options directory 35 | .vs/ 36 | # Uncomment if you have tasks that create the project's static files in wwwroot 37 | #wwwroot/ 38 | 39 | # Visual Studio 2017 auto generated files 40 | Generated\ Files/ 41 | 42 | # MSTest test Results 43 | [Tt]est[Rr]esult*/ 44 | [Bb]uild[Ll]og.* 45 | 46 | # NUnit 47 | *.VisualState.xml 48 | TestResult.xml 49 | nunit-*.xml 50 | 51 | # Build Results of an ATL Project 52 | [Dd]ebugPS/ 53 | [Rr]eleasePS/ 54 | dlldata.c 55 | 56 | # Benchmark Results 57 | BenchmarkDotNet.Artifacts/ 58 | 59 | # .NET Core 60 | project.lock.json 61 | project.fragment.lock.json 62 | artifacts/ 63 | 64 | # StyleCop 65 | StyleCopReport.xml 66 | 67 | # Files built by Visual Studio 68 | *_i.c 69 | *_p.c 70 | *_h.h 71 | *.ilk 72 | *.meta 73 | *.obj 74 | *.iobj 75 | *.pch 76 | *.pdb 77 | *.ipdb 78 | *.pgc 79 | *.pgd 80 | *.rsp 81 | *.sbr 82 | *.tlb 83 | *.tli 84 | *.tlh 85 | *.tmp 86 | *.tmp_proj 87 | *_wpftmp.csproj 88 | *.log 89 | *.vspscc 90 | *.vssscc 91 | .builds 92 | *.pidb 93 | *.svclog 94 | *.scc 95 | 96 | # Chutzpah Test files 97 | _Chutzpah* 98 | 99 | # Visual C++ cache files 100 | ipch/ 101 | *.aps 102 | *.ncb 103 | *.opendb 104 | *.opensdf 105 | *.sdf 106 | *.cachefile 107 | *.VC.db 108 | *.VC.VC.opendb 109 | 110 | # Visual Studio profiler 111 | *.psess 112 | *.vsp 113 | *.vspx 114 | *.sap 115 | 116 | # Visual Studio Trace Files 117 | *.e2e 118 | 119 | # TFS 2012 Local Workspace 120 | $tf/ 121 | 122 | # Guidance Automation Toolkit 123 | *.gpState 124 | 125 | # ReSharper is a .NET coding add-in 126 | _ReSharper*/ 127 | *.[Rr]e[Ss]harper 128 | *.DotSettings.user 129 | 130 | # TeamCity is a build add-in 131 | _TeamCity* 132 | 133 | # DotCover is a Code Coverage Tool 134 | *.dotCover 135 | 136 | # AxoCover is a Code Coverage Tool 137 | .axoCover/* 138 | !.axoCover/settings.json 139 | 140 | # Visual Studio code coverage results 141 | *.coverage 142 | *.coveragexml 143 | 144 | # NCrunch 145 | _NCrunch_* 146 | .*crunch*.local.xml 147 | nCrunchTemp_* 148 | 149 | # MightyMoose 150 | *.mm.* 151 | AutoTest.Net/ 152 | 153 | # Web workbench (sass) 154 | .sass-cache/ 155 | 156 | # Installshield output folder 157 | [Ee]xpress/ 158 | 159 | # DocProject is a documentation generator add-in 160 | DocProject/buildhelp/ 161 | DocProject/Help/*.HxT 162 | DocProject/Help/*.HxC 163 | DocProject/Help/*.hhc 164 | DocProject/Help/*.hhk 165 | DocProject/Help/*.hhp 166 | DocProject/Help/Html2 167 | DocProject/Help/html 168 | 169 | # Click-Once directory 170 | publish/ 171 | 172 | # Publish Web Output 173 | *.[Pp]ublish.xml 174 | *.azurePubxml 175 | # Note: Comment the next line if you want to checkin your web deploy settings, 176 | # but database connection strings (with potential passwords) will be unencrypted 177 | *.pubxml 178 | *.publishproj 179 | 180 | # Microsoft Azure Web App publish settings. Comment the next line if you want to 181 | # checkin your Azure Web App publish settings, but sensitive information contained 182 | # in these scripts will be unencrypted 183 | PublishScripts/ 184 | 185 | # NuGet Packages 186 | *.nupkg 187 | # NuGet Symbol Packages 188 | *.snupkg 189 | # The packages folder can be ignored because of Package Restore 190 | **/[Pp]ackages/* 191 | # except build/, which is used as an MSBuild target. 192 | !**/[Pp]ackages/build/ 193 | # Uncomment if necessary however generally it will be regenerated when needed 194 | #!**/[Pp]ackages/repositories.config 195 | # NuGet v3's project.json files produces more ignorable files 196 | *.nuget.props 197 | *.nuget.targets 198 | 199 | # Microsoft Azure Build Output 200 | csx/ 201 | *.build.csdef 202 | 203 | # Microsoft Azure Emulator 204 | ecf/ 205 | rcf/ 206 | 207 | # Windows Store app package directories and files 208 | AppPackages/ 209 | BundleArtifacts/ 210 | Package.StoreAssociation.xml 211 | _pkginfo.txt 212 | *.appx 213 | *.appxbundle 214 | *.appxupload 215 | 216 | # Visual Studio cache files 217 | # files ending in .cache can be ignored 218 | *.[Cc]ache 219 | # but keep track of directories ending in .cache 220 | !?*.[Cc]ache/ 221 | 222 | # Others 223 | ClientBin/ 224 | ~$* 225 | *~ 226 | *.dbmdl 227 | *.dbproj.schemaview 228 | *.jfm 229 | *.pfx 230 | *.publishsettings 231 | orleans.codegen.cs 232 | 233 | # Including strong name files can present a security risk 234 | # (https://github.com/github/gitignore/pull/2483#issue-259490424) 235 | #*.snk 236 | 237 | # Since there are multiple workflows, uncomment next line to ignore bower_components 238 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) 239 | #bower_components/ 240 | 241 | # RIA/Silverlight projects 242 | Generated_Code/ 243 | 244 | # Backup & report files from converting an old project file 245 | # to a newer Visual Studio version. Backup files are not needed, 246 | # because we have git ;-) 247 | _UpgradeReport_Files/ 248 | Backup*/ 249 | UpgradeLog*.XML 250 | UpgradeLog*.htm 251 | ServiceFabricBackup/ 252 | *.rptproj.bak 253 | 254 | # SQL Server files 255 | *.mdf 256 | *.ldf 257 | *.ndf 258 | 259 | # Business Intelligence projects 260 | *.rdl.data 261 | *.bim.layout 262 | *.bim_*.settings 263 | *.rptproj.rsuser 264 | *- [Bb]ackup.rdl 265 | *- [Bb]ackup ([0-9]).rdl 266 | *- [Bb]ackup ([0-9][0-9]).rdl 267 | 268 | # Microsoft Fakes 269 | FakesAssemblies/ 270 | 271 | # GhostDoc plugin setting file 272 | *.GhostDoc.xml 273 | 274 | # Node.js Tools for Visual Studio 275 | .ntvs_analysis.dat 276 | node_modules/ 277 | 278 | # Visual Studio 6 build log 279 | *.plg 280 | 281 | # Visual Studio 6 workspace options file 282 | *.opt 283 | 284 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.) 285 | *.vbw 286 | 287 | # Visual Studio LightSwitch build output 288 | **/*.HTMLClient/GeneratedArtifacts 289 | **/*.DesktopClient/GeneratedArtifacts 290 | **/*.DesktopClient/ModelManifest.xml 291 | **/*.Server/GeneratedArtifacts 292 | **/*.Server/ModelManifest.xml 293 | _Pvt_Extensions 294 | 295 | # Paket dependency manager 296 | .paket/paket.exe 297 | paket-files/ 298 | 299 | # FAKE - F# Make 300 | .fake/ 301 | 302 | # CodeRush personal settings 303 | .cr/personal 304 | 305 | # Python Tools for Visual Studio (PTVS) 306 | __pycache__/ 307 | *.pyc 308 | 309 | # Cake - Uncomment if you are using it 310 | # tools/** 311 | # !tools/packages.config 312 | 313 | # Tabs Studio 314 | *.tss 315 | 316 | # Telerik's JustMock configuration file 317 | *.jmconfig 318 | 319 | # BizTalk build output 320 | *.btp.cs 321 | *.btm.cs 322 | *.odx.cs 323 | *.xsd.cs 324 | 325 | # OpenCover UI analysis results 326 | OpenCover/ 327 | 328 | # Azure Stream Analytics local run output 329 | ASALocalRun/ 330 | 331 | # MSBuild Binary and Structured Log 332 | *.binlog 333 | 334 | # NVidia Nsight GPU debugger configuration file 335 | *.nvuser 336 | 337 | # MFractors (Xamarin productivity tool) working folder 338 | .mfractor/ 339 | 340 | # Local History for Visual Studio 341 | .localhistory/ 342 | 343 | # BeatPulse healthcheck temp database 344 | healthchecksdb 345 | 346 | # Backup folder for Package Reference Convert tool in Visual Studio 2017 347 | MigrationBackup/ 348 | 349 | # Ionide (cross platform F# VS Code tools) working folder 350 | .ionide/ 351 | --------------------------------------------------------------------------------