Skip to content

Commit e08e85b

Browse files
jaredfholgatejaredfholgate
committed
fix composite keys and bicep mg
1 parent b2bd82b commit e08e85b

10 files changed

Lines changed: 23 additions & 60 deletions

File tree

alz/azuredevops/pipelines/bicep/templates/cd-template.yaml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,6 @@ stages:
6767
serviceConnection: '${service_connection_name_plan}'
6868
templateFilePath: '${script_file.templateFilePath}'
6969
templateParametersFilePath: '${script_file.templateParametersFilePath}'
70-
managementGroupId: '${script_file.managementGroupIdVariable}'
7170
subscriptionId: '${script_file.subscriptionIdVariable}'
7271
resourceGroupName: '${script_file.resourceGroupNameVariable}'
7372
location: '$(LOCATION)'
@@ -128,7 +127,6 @@ stages:
128127
serviceConnection: '${service_connection_name_apply}'
129128
templateFilePath: '${script_file.templateFilePath}'
130129
templateParametersFilePath: '${script_file.templateParametersFilePath}'
131-
managementGroupId: '${script_file.managementGroupIdVariable}'
132130
subscriptionId: '${script_file.subscriptionIdVariable}'
133131
resourceGroupName: '${script_file.resourceGroupNameVariable}'
134132
location: '$(LOCATION)'

alz/azuredevops/pipelines/bicep/templates/ci-template.yaml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -82,7 +82,6 @@ stages:
8282
serviceConnection: '${service_connection_name_plan}'
8383
templateFilePath: '${script_file.templateFilePath}'
8484
templateParametersFilePath: '${script_file.templateParametersFilePath}'
85-
managementGroupId: '${script_file.managementGroupIdVariable}'
8685
subscriptionId: '${script_file.subscriptionIdVariable}'
8786
resourceGroupName: '${script_file.resourceGroupNameVariable}'
8887
location: '$(LOCATION)'

alz/azuredevops/pipelines/bicep/templates/helpers/bicep-deploy.yaml

Lines changed: 7 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -10,9 +10,6 @@ parameters:
1010
type: string
1111
- name: templateParametersFilePath
1212
type: string
13-
- name: managementGroupId
14-
type: string
15-
default: ''
1613
- name: subscriptionId
1714
type: string
1815
default: ''
@@ -71,7 +68,8 @@ steps:
7168
}
7269
7370
# Generate deployment stack name
74-
$deploymentPrefix = $env:MANAGEMENT_GROUP_ID_PREFIX + $env:INTERMEDIATE_ROOT_MANAGEMENT_GROUP_ID + $env:MANAGEMENT_GROUP_ID_POSTFIX
71+
$intRootMgId = $env:MANAGEMENT_GROUP_ID_PREFIX + $env:INTERMEDIATE_ROOT_MANAGEMENT_GROUP_ID + $env:MANAGEMENT_GROUP_ID_POSTFIX
72+
$deploymentPrefix = $intRootMgId
7573
$deploymentNameBase = "$${{ parameters.name }}".Replace(" ", "-")
7674
$deploymentNameMaxLength = 64 - $deploymentPrefix.Length - 1
7775
if ($deploymentNameBase.Length -gt $deploymentNameMaxLength) {
@@ -89,7 +87,7 @@ steps:
8987
Write-Host "Deployment Name: $deploymentName" -ForegroundColor DarkGray
9088
Write-Host "Template File Path: $${{ parameters.templateFilePath }}" -ForegroundColor DarkGray
9189
Write-Host "Template Parameters File Path: $${{ parameters.templateParametersFilePath }}" -ForegroundColor DarkGray
92-
Write-Host "Management Group Id: $${{ parameters.managementGroupId }}" -ForegroundColor DarkGray
90+
Write-Host "Management Group Id: $intRootMgId" -ForegroundColor DarkGray
9391
Write-Host "Subscription Id: $${{ parameters.subscriptionId }}" -ForegroundColor DarkGray
9492
Write-Host "Resource Group Name: $${{ parameters.resourceGroupName }}" -ForegroundColor DarkGray
9593
Write-Host "Location: $${{ parameters.location }}" -ForegroundColor DarkGray
@@ -128,14 +126,9 @@ steps:
128126
try {
129127
switch ($deploymentType) {
130128
"managementGroup" {
131-
$targetManagementGroupId = "$${{ parameters.managementGroupId }}"
132-
if ([string]::IsNullOrWhiteSpace($targetManagementGroupId)) {
133-
$targetManagementGroupId = (Get-AzContext).Tenant.TenantId
134-
}
135-
136129
Write-Host "Running Management Group What-If: $deploymentName" -ForegroundColor Cyan
137130
$whatIfParameters.Location = "$${{ parameters.location }}"
138-
$whatIfParameters.ManagementGroupId = $targetManagementGroupId
131+
$whatIfParameters.ManagementGroupId = $intRootMgId
139132
$result = New-AzManagementGroupDeployment @whatIfParameters
140133
}
141134
"subscription" {
@@ -191,23 +184,18 @@ steps:
191184
try {
192185
switch ($deploymentType) {
193186
"managementGroup" {
194-
$targetManagementGroupId = "$${{ parameters.managementGroupId }}"
195-
if ([string]::IsNullOrWhiteSpace($targetManagementGroupId)) {
196-
$targetManagementGroupId = (Get-AzContext).Tenant.TenantId
197-
}
198-
199187
# Clean up all deployments before each deployment to avoid quota issues
200188
try {
201189
Write-Host "Cleaning up existing deployments in management group..." -ForegroundColor Cyan
202-
$allDeployments = Get-AzManagementGroupDeployment -ManagementGroupId $targetManagementGroupId -ErrorAction SilentlyContinue
190+
$allDeployments = Get-AzManagementGroupDeployment -ManagementGroupId $intRootMgId -ErrorAction SilentlyContinue
203191
if ($allDeployments -and $allDeployments.Count -gt 0) {
204192
Write-Host "Found $($allDeployments.Count) deployment(s) to clean up" -ForegroundColor Yellow
205193
$batchSize = 200
206194
for ($i = 0; $i -lt $allDeployments.Count; $i += $batchSize) {
207195
$batch = $allDeployments | Select-Object -Skip $i -First $batchSize
208196
Write-Host " Deleting batch of $($batch.Count) deployments..." -ForegroundColor Gray
209197
$batch | ForEach-Object -Parallel {
210-
Remove-AzManagementGroupDeployment -ManagementGroupId $using:targetManagementGroupId -Name $_.DeploymentName -ErrorAction SilentlyContinue
198+
Remove-AzManagementGroupDeployment -ManagementGroupId $using:intRootMgId -Name $_.DeploymentName -ErrorAction SilentlyContinue
211199
} -ThrottleLimit 100
212200
}
213201
Write-Host "✓ All deployments cleaned up" -ForegroundColor Green
@@ -219,7 +207,7 @@ steps:
219207
}
220208
221209
Write-Host "Creating Management Group Deployment Stack: $deploymentName" -ForegroundColor Cyan
222-
$result = New-AzManagementGroupDeploymentStack @stackParameters -ManagementGroupId $targetManagementGroupId -Location "$${{ parameters.location }}"
210+
$result = New-AzManagementGroupDeploymentStack @stackParameters -ManagementGroupId $intRootMgId -Location "$${{ parameters.location }}"
223211
}
224212
"subscription" {
225213
if (-not [string]::IsNullOrWhiteSpace("$${{ parameters.subscriptionId }}")) {

alz/github/actions/bicep/templates/actions/bicep-deploy/action.yaml

Lines changed: 7 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -14,9 +14,6 @@ inputs:
1414
templateParametersFilePath:
1515
description: 'The path to the parameters file'
1616
required: true
17-
managementGroupId:
18-
description: 'The root parent management group id'
19-
required: true
2017
subscriptionId:
2118
description: 'The subscription id'
2219
required: true
@@ -66,7 +63,8 @@ runs:
6663
}
6764
6865
# Generate deployment stack name
69-
$deploymentPrefix = $env:MANAGEMENT_GROUP_ID_PREFIX + $env:INTERMEDIATE_ROOT_MANAGEMENT_GROUP_ID + $env:MANAGEMENT_GROUP_ID_POSTFIX
66+
$intRootMgId = $env:MANAGEMENT_GROUP_ID_PREFIX + $env:INTERMEDIATE_ROOT_MANAGEMENT_GROUP_ID + $env:MANAGEMENT_GROUP_ID_POSTFIX
67+
$deploymentPrefix = $intRootMgId
7068
$deploymentNameBase = ($env:NAME).Replace(" ", "-")
7169
$deploymentNameMaxLength = 64 - $deploymentPrefix.Length - 1
7270
if ($deploymentNameBase.Length -gt $deploymentNameMaxLength) {
@@ -84,7 +82,7 @@ runs:
8482
Write-Host "Deployment Name: $deploymentName" -ForegroundColor DarkGray
8583
Write-Host "Template File Path: $env:TEMPLATE_FILE_PATH" -ForegroundColor DarkGray
8684
Write-Host "Template Parameters File Path: $env:TEMPLATE_PARAMETERS_FILE_PATH" -ForegroundColor DarkGray
87-
Write-Host "Management Group Id: $env:MANAGEMENT_GROUP_ID" -ForegroundColor DarkGray
85+
Write-Host "Management Group Id: $intRootMgId" -ForegroundColor DarkGray
8886
Write-Host "Subscription Id: $env:SUBSCRIPTION_ID" -ForegroundColor DarkGray
8987
Write-Host "Resource Group Name: $env:RESOURCE_GROUP_NAME" -ForegroundColor DarkGray
9088
Write-Host "Location: $env:LOCATION" -ForegroundColor DarkGray
@@ -123,14 +121,9 @@ runs:
123121
try {
124122
switch ($deploymentType) {
125123
"managementGroup" {
126-
$targetManagementGroupId = $env:MANAGEMENT_GROUP_ID
127-
if ([string]::IsNullOrWhiteSpace($targetManagementGroupId)) {
128-
$targetManagementGroupId = (Get-AzContext).Tenant.TenantId
129-
}
130-
131124
Write-Host "Running Management Group What-If: $deploymentName" -ForegroundColor Cyan
132125
$whatIfParameters.Location = $env:LOCATION
133-
$whatIfParameters.ManagementGroupId = $targetManagementGroupId
126+
$whatIfParameters.ManagementGroupId = $intRootMgId
134127
$result = New-AzManagementGroupDeployment @whatIfParameters
135128
}
136129
"subscription" {
@@ -209,23 +202,18 @@ runs:
209202
try {
210203
switch ($deploymentType) {
211204
"managementGroup" {
212-
$targetManagementGroupId = $env:MANAGEMENT_GROUP_ID
213-
if ([string]::IsNullOrWhiteSpace($targetManagementGroupId)) {
214-
$targetManagementGroupId = (Get-AzContext).Tenant.TenantId
215-
}
216-
217205
# Clean up all deployments before each deployment to avoid quota issues
218206
try {
219207
Write-Host "Cleaning up existing deployments in management group..." -ForegroundColor Cyan
220-
$allDeployments = Get-AzManagementGroupDeployment -ManagementGroupId $targetManagementGroupId -ErrorAction SilentlyContinue
208+
$allDeployments = Get-AzManagementGroupDeployment -ManagementGroupId $intRootMgId -ErrorAction SilentlyContinue
221209
if ($allDeployments -and $allDeployments.Count -gt 0) {
222210
Write-Host "Found $($allDeployments.Count) deployment(s) to clean up" -ForegroundColor Yellow
223211
$batchSize = 200
224212
for ($i = 0; $i -lt $allDeployments.Count; $i += $batchSize) {
225213
$batch = $allDeployments | Select-Object -Skip $i -First $batchSize
226214
Write-Host " Deleting batch of $($batch.Count) deployments..." -ForegroundColor Gray
227215
$batch | ForEach-Object -Parallel {
228-
Remove-AzManagementGroupDeployment -ManagementGroupId $using:targetManagementGroupId -Name $_.DeploymentName -ErrorAction SilentlyContinue
216+
Remove-AzManagementGroupDeployment -ManagementGroupId $using:intRootMgId -Name $_.DeploymentName -ErrorAction SilentlyContinue
229217
} -ThrottleLimit 100
230218
}
231219
Write-Host "✓ All deployments cleaned up" -ForegroundColor Green
@@ -237,7 +225,7 @@ runs:
237225
}
238226
239227
Write-Host "Creating Management Group Deployment Stack: $deploymentName" -ForegroundColor Cyan
240-
$result = New-AzManagementGroupDeploymentStack @stackParameters -ManagementGroupId $targetManagementGroupId -Location $env:LOCATION
228+
$result = New-AzManagementGroupDeploymentStack @stackParameters -ManagementGroupId $intRootMgId -Location $env:LOCATION
241229
}
242230
"subscription" {
243231
if (-not [string]::IsNullOrWhiteSpace($env:SUBSCRIPTION_ID)) {
@@ -340,7 +328,6 @@ runs:
340328
DISPLAY_NAME: $${{ inputs.displayName }}
341329
TEMPLATE_FILE_PATH: $${{ inputs.templateFilePath }}
342330
TEMPLATE_PARAMETERS_FILE_PATH: $${{ inputs.templateParametersFilePath }}
343-
MANAGEMENT_GROUP_ID: $${{ inputs.managementGroupId }}
344331
SUBSCRIPTION_ID: $${{ inputs.subscriptionId }}
345332
RESOURCE_GROUP_NAME: $${{ inputs.resourceGroupName }}
346333
LOCATION: $${{ inputs.location }}

alz/github/actions/bicep/templates/workflows/cd-template.yaml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,6 @@ jobs:
6565
displayName: '${script_file.displayName}'
6666
templateFilePath: '${script_file.templateFilePath}'
6767
templateParametersFilePath: '${script_file.templateParametersFilePath}'
68-
managementGroupId: '${script_file.managementGroupIdVariable}'
6968
subscriptionId: '${script_file.subscriptionIdVariable}'
7069
resourceGroupName: '${script_file.resourceGroupNameVariable}'
7170
location: '$${{ env.LOCATION }}'
@@ -123,7 +122,6 @@ jobs:
123122
displayName: '${script_file.displayName}'
124123
templateFilePath: '${script_file.templateFilePath}'
125124
templateParametersFilePath: '${script_file.templateParametersFilePath}'
126-
managementGroupId: '${script_file.managementGroupIdVariable}'
127125
subscriptionId: '${script_file.subscriptionIdVariable}'
128126
resourceGroupName: '${script_file.resourceGroupNameVariable}'
129127
location: '$${{ env.LOCATION }}'

alz/github/actions/bicep/templates/workflows/ci-template.yaml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,6 @@ jobs:
8585
displayName: '${script_file.displayName}'
8686
templateFilePath: '${script_file.templateFilePath}'
8787
templateParametersFilePath: '${script_file.templateParametersFilePath}'
88-
managementGroupId: '${script_file.managementGroupIdVariable}'
8988
subscriptionId: '${script_file.subscriptionIdVariable}'
9089
resourceGroupName: '${script_file.resourceGroupNameVariable}'
9190
location: '$${{ env.LOCATION }}'

alz/local/scripts-bicep/bicep-deploy.ps1

Lines changed: 6 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@ param(
33
[string]$displayName,
44
[string]$templateFilePath,
55
[string]$templateParametersFilePath,
6-
[string]$managementGroupId,
76
[string]$subscriptionId,
87
[string]$resourceGroupName,
98
[string]$location,
@@ -16,6 +15,8 @@ $templateRoot = Split-Path -Parent $scriptRoot
1615
$templateFilePath = Join-Path $templateRoot $templateFilePath
1716
$templateParametersFilePath = Join-Path $templateRoot $templateParametersFilePath
1817

18+
$intRootMgId = $env:MANAGEMENT_GROUP_ID_PREFIX + $env:INTERMEDIATE_ROOT_MANAGEMENT_GROUP_ID + $env:MANAGEMENT_GROUP_ID_POSTFIX
19+
1920
Write-Host "<---------------------------------------------------------------------------->" -ForegroundColor Blue
2021
Write-Host "Starting deployment stack for $displayName..." -ForegroundColor Blue
2122
Write-Host "<---------------------------------------------------------------------------->" -ForegroundColor Blue
@@ -24,7 +25,7 @@ Write-Host ""
2425
Write-Host "Display Name: $displayName" -ForegroundColor DarkGray
2526
Write-Host "Template File Path: $templateFilePath" -ForegroundColor DarkGray
2627
Write-Host "Template Parameters File Path: $templateParametersFilePath" -ForegroundColor DarkGray
27-
Write-Host "Management Group Id: $managementGroupId" -ForegroundColor DarkGray
28+
Write-Host "Management Group Id: $intRootMgId" -ForegroundColor DarkGray
2829
Write-Host "Subscription Id: $subscriptionId" -ForegroundColor DarkGray
2930
Write-Host "Resource Group Name: $resourceGroupName" -ForegroundColor DarkGray
3031
Write-Host "Location: $location" -ForegroundColor DarkGray
@@ -85,23 +86,18 @@ while ($retryCount -lt $retryMax) {
8586
try {
8687
switch ($deploymentType) {
8788
"managementGroup" {
88-
$targetManagementGroupId = $managementGroupId
89-
if ([string]::IsNullOrWhiteSpace($targetManagementGroupId)) {
90-
$targetManagementGroupId = (Get-AzContext).Tenant.TenantId
91-
}
92-
9389
# Clean up all deployments before each deployment to avoid quota issues
9490
try {
9591
Write-Host "Cleaning up existing deployments in management group..." -ForegroundColor Cyan
96-
$allDeployments = Get-AzManagementGroupDeployment -ManagementGroupId $targetManagementGroupId -ErrorAction SilentlyContinue
92+
$allDeployments = Get-AzManagementGroupDeployment -ManagementGroupId $intRootMgId -ErrorAction SilentlyContinue
9793
if ($allDeployments -and $allDeployments.Count -gt 0) {
9894
Write-Host "Found $($allDeployments.Count) deployment(s) to clean up" -ForegroundColor Yellow
9995
$batchSize = 200
10096
for ($i = 0; $i -lt $allDeployments.Count; $i += $batchSize) {
10197
$batch = $allDeployments | Select-Object -Skip $i -First $batchSize
10298
Write-Host " Deleting batch of $($batch.Count) deployments..." -ForegroundColor Gray
10399
$batch | ForEach-Object -Parallel {
104-
Remove-AzManagementGroupDeployment -ManagementGroupId $using:targetManagementGroupId -Name $_.DeploymentName -ErrorAction SilentlyContinue
100+
Remove-AzManagementGroupDeployment -ManagementGroupId $using:intRootMgId -Name $_.DeploymentName -ErrorAction SilentlyContinue
105101
} -ThrottleLimit 100
106102
}
107103
Write-Host "✓ All deployments cleaned up" -ForegroundColor Green
@@ -112,7 +108,7 @@ while ($retryCount -lt $retryMax) {
112108
Write-Warning "Could not clean up deployments: $($_.Exception.Message)"
113109
}
114110

115-
$result = New-AzManagementGroupDeploymentStack @stackParameters -ManagementGroupId $targetManagementGroupId -Location $location -Verbose
111+
$result = New-AzManagementGroupDeploymentStack @stackParameters -ManagementGroupId $intRootMgId -Location $location -Verbose
116112
}
117113
"subscription" {
118114
if (-not [string]::IsNullOrWhiteSpace($subscriptionId)) {

alz/local/scripts-bicep/deploy-local.ps1

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,6 @@ if ($deployApproved -ne "yes") {
2525
-displayName "${script_file.displayName}" `
2626
-templateFilePath "${script_file.templateFilePath}" `
2727
-templateParametersFilePath "${script_file.templateParametersFilePath}" `
28-
-managementGroupId ${script_file.managementGroupIdVariable} `
2928
-subscriptionId ${script_file.subscriptionIdVariable} `
3029
-resourceGroupName ${script_file.resourceGroupNameVariable} `
3130
-location $env:LOCATION `

modules/azure/role_assignments.tf

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -10,8 +10,8 @@ locals {
1010
additional_role_assignments = { for assignment in flatten([
1111
for key, value in var.role_assignments : [
1212
for princial_key, principal_value in var.additional_role_assignment_principal_ids : {
13-
composite_key = "${value.scope}-${value.custom_role_definition_key}-${princial_key}"
14-
user_assigned_managed_identity_key = "${value.scope}-${value.custom_role_definition_key}-${princial_key}"
13+
composite_key = "${value.scope}-${coalesce(value.custom_role_definition_key, value.built_in_role_definition_name)}-${princial_key}"
14+
user_assigned_managed_identity_key = "${value.scope}-${coalesce(value.custom_role_definition_key, value.built_in_role_definition_name)}-${princial_key}"
1515
built_in_role_definition_name = value.built_in_role_definition_name
1616
custom_role_definition_key = value.custom_role_definition_key
1717
scope = value.scope
@@ -30,7 +30,7 @@ locals {
3030
subscription_role_assignments = { for assignment in flatten([
3131
for key, value in local.combined_role_assignments : [
3232
for subscription_id, subscription in data.azurerm_subscription.alz : {
33-
key = "${value.user_assigned_managed_identity_key}-${value.custom_role_definition_key}-${subscription_id}"
33+
key = "${value.user_assigned_managed_identity_key}-${coalesce(value.custom_role_definition_key, value.built_in_role_definition_name)}-${subscription_id}"
3434
scope = subscription.id
3535
role_definition_id = value.built_in_role_definition_name == null ? "${subscription.id}${azurerm_role_definition.alz[value.custom_role_definition_key].role_definition_resource_id}" : null
3636
role_definition_name = value.built_in_role_definition_name

0 commit comments

Comments
 (0)