feat: improve deployment stack names (#124)

* feat: improve deployment stack names

* ensure MG name uniqueness

* fix what if check

* fix what if

* white space

Author: jaredfholgate

alz/azuredevops/locals.tf

@@ -34,8 +34,7 @@ locals {
 }
 
 locals {
-  target_subscriptions_legacy = distinct([var.subscription_id_connectivity, var.subscription_id_identity, var.subscription_id_management])
-  target_subscriptions        = length(var.subscription_ids) > 0 ? distinct(values(var.subscription_ids)) : local.target_subscriptions_legacy
+  target_subscriptions = distinct(values(var.subscription_ids))
 }
 
 locals {

alz/azuredevops/pipelines/bicep/templates/cd-template.yaml

@@ -54,34 +54,15 @@ stages:
                   parameters:
                     serviceConnection: '${service_connection_name_plan}'
 
-                - task: AzurePowerShell@5
-                  displayName: 'Check for First Deployment'
-                  inputs:
-                    azureSubscription: '${service_connection_name_plan}'
-                    pwsh: true
-                    azurePowerShellVersion: LatestVersion
-                    ScriptType: "InlineScript"
-                    Inline: |
-                      $intRootMgId = "$(INTERMEDIATE_ROOT_MANAGEMENT_GROUP_ID)"
-
-                      $managementGroups = Get-AzManagementGroup
-                      $intRootMg = $managementGroups | Where-Object { $_.Name -eq $intRootMgId }
-
-                      $firstDeployment = $true
-
-                      if($intRootMg -eq $null) {
-                        Write-Warning "Cannot find the $intRootMgId Management Group, so assuming this is the first deployment. We must skip what-if for some deployments since their dependent resources do not exist yet."
-                      } else {
-                        Write-Host "Found the $intRootMgId Management Group, so assuming this is not the first deployment."
-                        $firstDeployment = $false
-                      }
-
-                      Write-Host "##vso[task.setvariable variable=FIRST_DEPLOYMENT;]$firstDeployment"
+                - template: ./helpers/bicep-first-deployment-check.yaml
+                  parameters:
+                    serviceConnection: '${service_connection_name_plan}'
 
 %{ for script_file in script_files ~}
                 - $${{ if eq(parameters['${script_file.name}'], true) }}:
                   - template: ./helpers/bicep-deploy.yaml
                     parameters:
+                      name: '${script_file.name}'
                       displayName: '${script_file.displayName}'
                       serviceConnection: '${service_connection_name_plan}'
                       templateFilePath: '${script_file.templateFilePath}'
@@ -130,38 +111,19 @@ stages:
                   parameters:
                     parametersFileName: $(PARAMETERS_FILE_NAME)
 
-                - task: AzurePowerShell@5
-                  displayName: 'Check for First Deployment'
-                  inputs:
-                    azureSubscription: '${service_connection_name_apply}'
-                    pwsh: true
-                    azurePowerShellVersion: LatestVersion
-                    ScriptType: "InlineScript"
-                    Inline: |
-                      $intRootMgId = "$(INTERMEDIATE_ROOT_MANAGEMENT_GROUP_ID)"
-
-                      $managementGroups = Get-AzManagementGroup
-                      $intRootMg = $managementGroups | Where-Object { $_.Name -eq $intRootMgId }
-
-                      $firstDeployment = $true
-
-                      if($intRootMg -eq $null) {
-                        Write-Warning "Cannot find the $intRootMgId Management Group, so assuming this is the first deployment."
-                      } else {
-                        Write-Host "Found the $intRootMgId Management Group, so assuming this is not the first deployment."
-                        $firstDeployment = $false
-                      }
-
-                      Write-Host "##vso[task.setvariable variable=FIRST_DEPLOYMENT;]$firstDeployment"
-
                 - template: ./helpers/bicep-installer.yaml
                   parameters:
                     serviceConnection: '${service_connection_name_apply}'
 
+                - template: ./helpers/bicep-first-deployment-check.yaml
+                  parameters:
+                    serviceConnection: '${service_connection_name_apply}'
+
 %{ for script_file in script_files ~}
                 - $${{ if eq(parameters['${script_file.name}'], true) }}:
                   - template: ./helpers/bicep-deploy.yaml
                     parameters:
+                      name: '${script_file.name}'
                       displayName: '${script_file.displayName}'
                       serviceConnection: '${service_connection_name_apply}'
                       templateFilePath: '${script_file.templateFilePath}'

alz/azuredevops/pipelines/bicep/templates/ci-template.yaml

@@ -70,33 +70,14 @@ stages:
                   parameters:
                     serviceConnection: '${service_connection_name_plan}'
 
-                - task: AzurePowerShell@5
-                  displayName: 'Check for First Deployment'
-                  inputs:
-                    azureSubscription: '${service_connection_name_plan}'
-                    pwsh: true
-                    azurePowerShellVersion: LatestVersion
-                    ScriptType: "InlineScript"
-                    Inline: |
-                      $intRootMgId = "$(INTERMEDIATE_ROOT_MANAGEMENT_GROUP_ID)"
-
-                      $managementGroups = Get-AzManagementGroup
-                      $intRootMg = $managementGroups | Where-Object { $_.Name -eq $intRootMgId }
-
-                      $firstDeployment = $true
-
-                      if($intRootMg -eq $null) {
-                        Write-Warning "Cannot find the $intRootMgId Management Group, so assuming this is the first deployment. We must skip what-if for some deployments since their dependent resources do not exist yet."
-                      } else {
-                        Write-Host "Found the $intRootMgId Management Group, so assuming this is not the first deployment."
-                        $firstDeployment = $false
-                      }
-
-                      Write-Host "##vso[task.setvariable variable=FIRST_DEPLOYMENT;]$firstDeployment"
+                - template: ./helpers/bicep-first-deployment-check.yaml
+                  parameters:
+                    serviceConnection: '${service_connection_name_plan}'
 
 %{ for script_file in script_files ~}
                 - template: ./helpers/bicep-deploy.yaml
                   parameters:
+                    name: '${script_file.name}'
                     displayName: '${script_file.displayName}'
                     serviceConnection: '${service_connection_name_plan}'
                     templateFilePath: '${script_file.templateFilePath}'

alz/azuredevops/pipelines/bicep/templates/helpers/bicep-deploy.yaml

@@ -1,5 +1,7 @@
 ---
 parameters:
+  - name: name
+    type: string
   - name: displayName
     type: string
   - name: serviceConnection
@@ -68,18 +70,13 @@ steps:
           Write-Host ""
         }
 
-        # Generate deployment name without timestamp for consistent deployment stack names
-        $deploymentPrefix = "alz"
-
-        $deploymentNameBase = "$${{ parameters.displayName }}".Replace(" ", "-")
-        $deploymentNameBase = "$deploymentNameBase-$($env:TIME_STAMP)"
-
+        # Generate deployment stack name
+        $deploymentPrefix = $env:MANAGEMENT_GROUP_ID_PREFIX + $env:INTERMEDIATE_ROOT_MANAGEMENT_GROUP_ID + $env:MANAGEMENT_GROUP_ID_POSTFIX
+        $deploymentNameBase = "$${{ parameters.name }}".Replace(" ", "-")
         $deploymentNameMaxLength = 64 - $deploymentPrefix.Length - 1
-
         if ($deploymentNameBase.Length -gt $deploymentNameMaxLength) {
           $deploymentNameBase = $deploymentNameBase.Substring(0, $deploymentNameMaxLength)
         }
-
         $deploymentName = "$deploymentPrefix-$deploymentNameBase"
 
         $modeText = if ($whatIfEnabled) { "What-If" } else { "Deployment Stack" }

alz/azuredevops/pipelines/bicep/templates/helpers/bicep-first-deployment-check.yaml

@@ -0,0 +1,29 @@
+---
+parameters:
+  - name: serviceConnection
+    type: string
+
+steps:
+  - task: AzurePowerShell@5
+    displayName: 'Check for First Deployment'
+    inputs:
+      azureSubscription: $${{ parameters.serviceConnection }}
+      pwsh: true
+      azurePowerShellVersion: LatestVersion
+      ScriptType: "InlineScript"
+      Inline: |
+        $intRootMgId = "$(MANAGEMENT_GROUP_ID_PREFIX)$(INTERMEDIATE_ROOT_MANAGEMENT_GROUP_ID)$(MANAGEMENT_GROUP_ID_POSTFIX)"
+
+        $managementGroups = Get-AzManagementGroup
+        $intRootMg = $managementGroups | Where-Object { $_.Name -eq $intRootMgId }
+
+        $firstDeployment = $true
+
+        if($intRootMg -eq $null) {
+          Write-Warning "Cannot find the $intRootMgId Management Group, so assuming this is the first deployment."
+        } else {
+          Write-Host "Found the $intRootMgId Management Group, so assuming this is not the first deployment."
+          $firstDeployment = $false
+        }
+
+        Write-Host "##vso[task.setvariable variable=FIRST_DEPLOYMENT;]$firstDeployment"

alz/azuredevops/variables.tf

@@ -45,54 +45,16 @@ variable "subscription_ids" {
   default     = {}
   nullable    = false
   validation {
-    condition     = length(var.subscription_ids) == 0 || alltrue([for id in values(var.subscription_ids) : can(regex("^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$", id))])
+    condition     = alltrue([for id in values(var.subscription_ids) : can(regex("^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$", id))])
     error_message = "All subscription IDs must be valid GUIDs"
   }
   validation {
-    condition     = length(var.subscription_ids) == 0 || alltrue([for id in keys(var.subscription_ids) : contains(["management", "connectivity", "identity", "security"], id)])
+    condition     = alltrue([for id in keys(var.subscription_ids) : contains(["management", "connectivity", "identity", "security"], id)])
     error_message = "The keys of the subscription_ids map must be one of 'management', 'connectivity', 'identity' or 'security'"
   }
-}
-
-variable "subscription_id_connectivity" {
-  description = <<-EOT
-    **(Optional, default: `null`)** **DEPRECATED** (use subscription_ids instead)
-
-    The identifier of the Connectivity Subscription.
-  EOT
-  type        = string
-  default     = null
-  validation {
-    condition     = var.subscription_id_connectivity == null || can(regex("^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$", var.subscription_id_connectivity))
-    error_message = "The subscription ID must be a valid GUID"
-  }
-}
-
-variable "subscription_id_identity" {
-  description = <<-EOT
-    **(Optional, default: `null`)** **DEPRECATED** (use subscription_ids instead)
-
-    The identifier of the Identity Subscription.
-  EOT
-  type        = string
-  default     = null
-  validation {
-    condition     = var.subscription_id_identity == null || can(regex("^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$", var.subscription_id_identity))
-    error_message = "The subscription ID must be a valid GUID"
-  }
-}
-
-variable "subscription_id_management" {
-  description = <<-EOT
-    **(Optional, default: `null`)** **DEPRECATED** (use subscription_ids instead)
-
-    The identifier of the Management Subscription.
-  EOT
-  type        = string
-  default     = null
   validation {
-    condition     = var.subscription_id_management == null || can(regex("^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$", var.subscription_id_management))
-    error_message = "The subscription ID must be a valid GUID"
+    condition     = contains(keys(var.subscription_ids), "management") && contains(keys(var.subscription_ids), "connectivity") && contains(keys(var.subscription_ids), "identity")
+    error_message = "You must provide subscription IDs for: 'management', 'connectivity', and 'identity'"
   }
 }
 

alz/github/actions/bicep/templates/actions/bicep-deploy/action.yaml

@@ -2,6 +2,9 @@
 name: Run Bicep Deploy with Deployment Stack
 description: Run Bicep Deployment using Azure Deployment Stacks
 inputs:
+  name:
+    description: 'Name'
+    required: true
   displayName:
     description: 'Display Name'
     required: true
@@ -62,16 +65,13 @@ runs:
             exit 0
           }
 
-          # Generate deployment name without timestamp for consistent deployment stack names
-          $deploymentPrefix = "alz"
-          $deploymentNameBase = "$($env:DISPLAY_NAME.Replace(" ", "-"))-$($env:TIME_STAMP)"
-
+          # Generate deployment stack name
+          $deploymentPrefix = $env:MANAGEMENT_GROUP_ID_PREFIX + $env:INTERMEDIATE_ROOT_MANAGEMENT_GROUP_ID + $env:MANAGEMENT_GROUP_ID_POSTFIX
+          $deploymentNameBase = ($env:NAME).Replace(" ", "-")
           $deploymentNameMaxLength = 64 - $deploymentPrefix.Length - 1
-
           if ($deploymentNameBase.Length -gt $deploymentNameMaxLength) {
             $deploymentNameBase = $deploymentNameBase.Substring(0, $deploymentNameMaxLength)
           }
-
           $deploymentName = "$deploymentPrefix-$deploymentNameBase"
 
           $modeText = if ($whatIfEnabled) { "What-If" } else { "Deployment Stack" }
@@ -336,6 +336,7 @@ runs:
             }
           }
       env:
+        NAME: $${{ inputs.name }}
         DISPLAY_NAME: $${{ inputs.displayName }}
         TEMPLATE_FILE_PATH: $${{ inputs.templateFilePath }}
         TEMPLATE_PARAMETERS_FILE_PATH: $${{ inputs.templateParametersFilePath }}

alz/github/actions/bicep/templates/actions/bicep-first-deployment-check/action.yaml

@@ -15,21 +15,7 @@ runs:
       with:
         azPSVersion: 'latest'
         inlineScript: |
-          # Read the int-root management group name from the bicepparam file
-          $intRootParamFile = "templates/core/governance/mgmt-groups/int-root/main.bicepparam"
-          if (Test-Path $intRootParamFile) {
-            $paramContent = Get-Content $intRootParamFile -Raw
-            if ($paramContent -match 'managementGroupName:\s*[''"](\w+)[''"]+') {
-              $intRootMgId = $matches[1]
-              Write-Host "Found int-root management group name in param file: $intRootMgId"
-            } else {
-              Write-Warning "Could not parse managementGroupName from $intRootParamFile, using default 'alz'"
-              $intRootMgId = "alz"
-            }
-          } else {
-            Write-Warning "Int-root param file not found at $intRootParamFile, using default 'alz'"
-            $intRootMgId = "alz"
-          }
+          $intRootMgId = $env:MANAGEMENT_GROUP_ID_PREFIX + $env:INTERMEDIATE_ROOT_MANAGEMENT_GROUP_ID + $env:MANAGEMENT_GROUP_ID_POSTFIX
 
           $managementGroups = Get-AzManagementGroup
           $intRootMg = $managementGroups | Where-Object { $_.Name -eq $intRootMgId }

alz/github/actions/bicep/templates/workflows/cd-template.yaml

@@ -61,6 +61,7 @@ jobs:
         uses: ${project_or_organization_name}/${repository_name_templates}/.github/actions/bicep-deploy@main
         if: $${{ inputs.${script_file.name} }}
         with:
+          name: '${script_file.name}'
           displayName: '${script_file.displayName}'
           templateFilePath: '${script_file.templateFilePath}'
           templateParametersFilePath: '${script_file.templateParametersFilePath}'
@@ -118,6 +119,7 @@ jobs:
         uses: ${project_or_organization_name}/${repository_name_templates}/.github/actions/bicep-deploy@main
         if: $${{ inputs.${script_file.name} }}
         with:
+          name: '${script_file.name}'
           displayName: '${script_file.displayName}'
           templateFilePath: '${script_file.templateFilePath}'
           templateParametersFilePath: '${script_file.templateParametersFilePath}'

alz/github/actions/bicep/templates/workflows/ci-template.yaml

@@ -81,6 +81,7 @@ jobs:
       - name: 'What If: ${script_file.displayName}'
         uses: ${project_or_organization_name}/${repository_name_templates}/.github/actions/bicep-deploy@main
         with:
+          name: '${script_file.name}'
           displayName: '${script_file.displayName}'
           templateFilePath: '${script_file.templateFilePath}'
           templateParametersFilePath: '${script_file.templateParametersFilePath}'