Azure Resource Group and Azure Key Vault implementation (#1)

src/_jobs/build-jobs.yml

@@ -0,0 +1,21 @@
+parameters:
+  - name: settings
+    type: object
+  - name: resources
+    type: object
+
+jobs:
+
+  - ${{ if eq(parameters.settings.azure.resourceGroup.new, 'true') }}:
+    - template: ../cloud/azure/resourceGroup/resourceGroup-build-jobs.yml
+      parameters:
+        settings: ${{ parameters.settings }}        
+
+  - ${{ each resource in parameters.resources }}:  
+
+    - ${{ if eq(resource.enabled, 'true') }}:
+
+      - ${{ if eq(resource.type, 'keyVault') }}:
+        - template: ../cloud/azure/keyVault/keyVault-build-jobs.yml
+          parameters:
+            settings: ${{ parameters.settings }}

src/_jobs/deploy-jobs.yml

@@ -0,0 +1,25 @@
+parameters:
+  - name: settings
+    type: object
+  - name: resources
+    type: object
+  - name: environment
+    type: string
+
+jobs:
+
+  - ${{ if eq(parameters.settings.azure.resourceGroup.new, 'true') }}:
+    - template: ../cloud/azure/resourceGroup/resourceGroup-deploy-jobs.yml
+      parameters:
+        settings: ${{ parameters.settings }}
+        environment: ${{ parameters.environment }}
+
+  - ${{ each resource in parameters.resources }}:
+    - ${{ if eq(resource.enabled, 'true') }}:          
+
+      - ${{ if eq(resource.type, 'keyVault') }}:
+        - template: ../cloud/azure/keyVault/keyVault-deploy-jobs.yml
+          parameters:
+            settings: ${{ parameters.settings }}                  
+            environment: ${{ parameters.environment }}
+            resource: ${{ resource }}

src/cloud/azure/bicep/bicep-build-tasks.yml

@@ -0,0 +1,16 @@
+parameters:
+  - name: bicepFilePath
+    type: string
+
+steps:
+
+  - powershell: |
+      Write-Host "##[section]Building bicep file: $env:bicepFilePath"
+      $file = $env:bicepFilePath
+      New-Item -ItemType Directory -Force -Path $(build.artifactstagingdirectory)/infrastructure
+      az bicep build --file $file --outdir $(build.artifactstagingdirectory)/infrastructure
+
+      Get-ChildItem $(build.artifactstagingdirectory)/infrastructure
+    displayName: 'Build bicep artifact' 
+    env:
+      bicepFilePath: ${{ parameters.bicepFilePath }}

src/cloud/azure/keyVault/examples/azure-pipelines.yml

@@ -0,0 +1,41 @@
+trigger:
+  branches:
+    include:
+    - main
+    - feature/v0.1
+  paths:
+    include:
+      - src/cloud/azure/keyVault/*
+
+pool:
+  # vmImage: 'windows-latest'
+  name: default
+
+extends: 
+  template: ../../../../main.yml
+  parameters:
+    settings:
+      build:
+        enabled: true
+      deploy:
+        enabled: true
+        variablesDirectory: ./cloud/azure/keyVault/examples/variables
+      azure:
+        subscription:
+          azureServiceConnection: $(azureServiceConnection)
+          subscriptionId: $(subscriptionId)
+        resourceGroup:
+          name: $(resourceGroupName)
+          location: $(location)
+          new: true
+      environments:
+        - dev
+        - uat
+        - prd
+    resources:
+      - name: $(keyVaultName)
+        type: keyVault
+        enabled: true
+        # infrastructure:
+        #   location: $(location)
+

src/cloud/azure/keyVault/examples/variables/dev-vars.yml

@@ -0,0 +1,7 @@
+variables:
+  azureServiceConnection: ServiceConnection
+  subscriptionId: 337ba254-3aa0-4551-ba8e-89debefaa373
+  location: northeurope
+  resourceGroupName: rg-kv-releaseengine-dev
+
+  keyVaultName: kv-releaseengine-dev

src/cloud/azure/keyVault/examples/variables/prd-vars.yml

@@ -0,0 +1,7 @@
+variables:
+  azureServiceConnection: ServiceConnection
+  subscriptionId: 337ba254-3aa0-4551-ba8e-89debefaa373
+  location: northeurope  
+  resourceGroupName: rg-kv-releaseengine-prd
+
+  keyVaultName: kv-releaseengine-prd

src/cloud/azure/keyVault/examples/variables/uat-vars.yml

@@ -0,0 +1,7 @@
+variables:
+  azureServiceConnection: ServiceConnection
+  subscriptionId: 337ba254-3aa0-4551-ba8e-89debefaa373
+  location: northeurope  
+  resourceGroupName: rg-kv-releaseengine-uat
+
+  keyVaultName: kv-releaseengine-uat

src/cloud/azure/keyVault/keyVault-build-jobs.yml

@@ -0,0 +1,18 @@
+parameters:
+  - name: settings
+    type: object
+
+jobs:
+  - job: keyVaultBuildJob
+    displayName: Key Vault Build Job
+    steps:
+
+      - template: ../bicep/bicep-build-tasks.yml
+        parameters:
+          bicepFilePath: $(Build.SourcesDirectory)/src/cloud/azure/keyVault/keyVault.bicep
+
+      - task: PublishPipelineArtifact@1
+        inputs:
+          targetPath: '$(build.artifactstagingdirectory)'
+          artifact: keyVault
+          publishLocation: 'pipeline'

src/cloud/azure/keyVault/keyVault-deploy-jobs.yml

@@ -0,0 +1,35 @@
+parameters:
+- name: settings
+  type: object
+- name: resource
+  type: object  
+- name: environment
+  type: string
+
+
+jobs:
+  - deployment: 
+    displayName: Azure Key Vault Deployment
+    environment: ${{ parameters.environment }}
+    dependsOn: resourceGroupDeploy
+
+    strategy:
+      runOnce:
+        deploy:
+          steps:
+
+            - task: AzureResourceManagerTemplateDeployment@3
+              displayName: Creating Key Vault '${{ parameters.resource.name }}' by IaC
+              inputs:
+                azureResourceManagerConnection: '${{ parameters.settings.azure.subscription.azureServiceConnection }}'
+                subscriptionId: ${{ parameters.settings.azure.subscription.subscriptionId }}
+                action: 'Create Or Update Resource Group'
+                resourceGroupName: ${{ parameters.settings.azure.resourceGroup.name }}
+                location: ${{ parameters.settings.azure.resourceGroup.location }}
+                templateLocation: 'Linked artifact'
+                csmFile: '$(Pipeline.Workspace)/${{ parameters.resource.type }}/infrastructure/${{ parameters.resource.type }}.json'
+                overrideParameters: >
+                  -keyVaultlocation ${{ parameters.settings.azure.resourceGroup.location }} 
+                  -keyVaultName ${{ parameters.resource.name }} 
+                deploymentMode: 'Incremental'
+                deploymentOutputs: 'ArmOutputs'

src/cloud/azure/keyVault/keyVault.bicep

@@ -0,0 +1,27 @@
+param keyVaultName string
+param keyVaultlocation string
+param softDeleteRetentionInDays int = 90
+param enabledForDiskEncryption bool = true
+param enabledForDeployment bool = true
+param enabledForTemplateDeployment bool = true
+param enableSoftDelete bool = true
+
+resource keyvault 'Microsoft.KeyVault/vaults@2021-06-01-preview' = {
+  name: keyVaultName
+  location: keyVaultlocation
+  properties: {
+    tenantId: tenant().tenantId
+    sku: {
+      family: 'A'
+      name: 'standard'
+    }
+    accessPolicies: []
+    enabledForDeployment: enabledForDeployment
+    enabledForDiskEncryption: enabledForDiskEncryption
+    enabledForTemplateDeployment: enabledForTemplateDeployment
+    enableSoftDelete: enableSoftDelete
+    softDeleteRetentionInDays: softDeleteRetentionInDays    
+  }
+}
+
+output keyvault string = keyvault.properties.vaultUri

src/cloud/azure/resourceGroup/examples/azure-pipelines.yml

@@ -0,0 +1,40 @@
+trigger:
+  branches:
+    include:
+    - main
+    - feature/v0.1
+  paths:
+    include:
+      - src/cloud/azure/resourceGroup/*
+pool:
+  vmImage: 'windows-latest'
+
+
+extends: 
+  template: ../../../../main.yml
+  parameters:
+    settings:
+      build:
+        enabled: true
+      deploy:
+        enabled: true
+        variablesDirectory: ./cloud/azure/keyVault/examples/variables
+      azure:
+        subscription:
+          azureServiceConnection: $(azureServiceConnection)
+          subscriptionId: $(subscriptionId)
+        resourceGroup:
+          name: $(resourceGroupName)
+          location: $(location)
+          new: true
+      environments:
+        - dev
+        - uat
+        - prd
+    resources:
+      - name: $(resourceGroupName)
+        type: resourceGroup
+        enabled: true
+        infrastructure:
+          location: $(location)
+

src/cloud/azure/resourceGroup/examples/variables/dev-vars.yml

@@ -0,0 +1,5 @@
+variables:
+  azureServiceConnection: ServiceConnection
+  subscriptionId: 337ba254-3aa0-4551-ba8e-89debefaa373
+  location: northeurope
+  resourceGroupName: rg-releaseengine-dev

src/cloud/azure/resourceGroup/examples/variables/prd-vars.yml

@@ -0,0 +1,5 @@
+variables:
+  azureServiceConnection: ServiceConnection
+  subscriptionId: 337ba254-3aa0-4551-ba8e-89debefaa373
+  location: northeurope  
+  resourceGroupName: rg-releaseengine-prd

src/cloud/azure/resourceGroup/examples/variables/uat-vars.yml

@@ -0,0 +1,5 @@
+variables:
+  azureServiceConnection: ServiceConnection
+  subscriptionId: 337ba254-3aa0-4551-ba8e-89debefaa373
+  location: northeurope  
+  resourceGroupName: rg-releaseengine-uat

src/cloud/azure/resourceGroup/resourceGroup-build-jobs.yml

@@ -0,0 +1,18 @@
+parameters:
+  - name: settings
+    type: object
+
+jobs:
+  - job: resourceGroupBuildJob
+    displayName: Resource Group Build Job
+    steps:
+
+      - template: ../bicep/bicep-build-tasks.yml
+        parameters:
+          bicepFilePath: $(Build.SourcesDirectory)/src/cloud/azure/resourceGroup/resourceGroup.bicep
+
+      - task: PublishPipelineArtifact@1
+        inputs:
+          targetPath: '$(build.artifactstagingdirectory)'
+          artifact: resourceGroup
+          publishLocation: 'pipeline'

src/cloud/azure/resourceGroup/resourceGroup-deploy-jobs.yml

@@ -0,0 +1,34 @@
+parameters:
+- name: settings
+  type: object
+- name: environment
+  type: string
+
+
+jobs:
+  - deployment: resourceGroupDeploy
+    displayName: Azure Resource Group Deployment
+    environment: ${{ parameters.environment }}
+    strategy:
+      runOnce:
+        deploy:
+          steps:
+
+            - task: AzureResourceManagerTemplateDeployment@3
+              displayName: Creating Resource Group '${{ parameters.settings.azure.resourceGroup.name }}' by IaC
+              inputs:
+                deploymentScope: 'Subscription'
+                azureResourceManagerConnection: '${{ parameters.settings.azure.subscription.azureServiceConnection }}'
+                subscriptionId: ${{ parameters.settings.azure.subscription.subscriptionId }}
+                action: 'Create Or Update Resource Group'
+                resourceGroupName: ${{ parameters.settings.azure.resourceGroup.name }}
+                location: ${{ parameters.settings.azure.resourceGroup.location }}
+                templateLocation: 'Linked artifact'
+                csmFile: '$(Pipeline.Workspace)/resourceGroup/infrastructure/resourceGroup.json'
+                overrideParameters: >
+                  -resourceGroupLocation ${{ parameters.settings.azure.resourceGroup.location }} 
+                  -resourceGroupName ${{ parameters.settings.azure.resourceGroup.name }} 
+                deploymentMode: 'Incremental'
+                deploymentOutputs: 'ArmOutputs'
+
+

src/cloud/azure/resourceGroup/resourceGroup.bicep

@@ -0,0 +1,9 @@
+param resourceGroupName string
+param resourceGroupLocation string
+
+targetScope = 'subscription'
+
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-01-01' = {
+  name: resourceGroupName
+  location: resourceGroupLocation
+}

src/main.yml

@@ -0,0 +1,35 @@
+parameters:
+  - name: settings
+    type: object
+  - name: resources
+    type: object
+
+variables:
+  - name: azureServiceConnection
+    value: ServiceConnection
+
+stages:
+
+  - ${{ if eq(parameters.settings.build.enabled, 'true') }}:
+    - stage: build
+
+      jobs:
+
+        - template: ./_jobs/build-jobs.yml
+          parameters:
+            settings: ${{ parameters.settings }}
+            resources: ${{ parameters.resources }}
+
+  - ${{ if eq(parameters.settings.deploy.enabled, 'true') }}:
+    - ${{ each env in parameters.settings.environments }}:
+      - stage: ${{ env }}
+
+        variables:
+          - template: ${{ parameters.settings.deploy.variablesDirectory }}/${{ env }}-vars.yml
+
+        jobs:
+          - template: ./_jobs/deploy-jobs.yml
+            parameters:
+              settings: ${{ parameters.settings }}
+              resources: ${{ parameters.resources }}
+              environment: ${{ env }}