-
Notifications
You must be signed in to change notification settings - Fork 459
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Modules] Added Public DNS Zone Module (#3102)
- Loading branch information
1 parent
6be8a82
commit 1406723
Showing
49 changed files
with
4,271 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
name: 'Network - Public DnsZones' | ||
|
||
parameters: | ||
- name: staticValidation | ||
displayName: Execute static validation | ||
type: boolean | ||
default: true | ||
- name: deploymentValidation | ||
displayName: Execute deployment validation | ||
type: boolean | ||
default: true | ||
- name: removeDeployment | ||
displayName: Remove deployed module | ||
type: boolean | ||
default: true | ||
- name: prerelease | ||
displayName: Publish prerelease module | ||
type: boolean | ||
default: false | ||
|
||
pr: none | ||
|
||
trigger: | ||
batch: true | ||
branches: | ||
include: | ||
- main | ||
paths: | ||
include: | ||
- '/.azuredevops/modulePipelines/ms.network.dnszones.yml' | ||
- '/.azuredevops/pipelineTemplates/*.yml' | ||
- '/modules/Microsoft.Network/dnsZones/*' | ||
- '/utilities/pipelines/*' | ||
exclude: | ||
- '/utilities/pipelines/deploymentRemoval/*' | ||
- '/**/*.md' | ||
|
||
variables: | ||
- template: '../../settings.yml' | ||
- group: 'PLATFORM_VARIABLES' | ||
- name: modulePath | ||
value: '/modules/Microsoft.Network/dnsZones' | ||
|
||
stages: | ||
- template: /.azuredevops/pipelineTemplates/stages.module.yml | ||
parameters: | ||
staticValidation: '${{ parameters.staticValidation }}' | ||
deploymentValidation: '${{ parameters.deploymentValidation }}' | ||
removeDeployment: '${{ parameters.removeDeployment }}' | ||
prerelease: '${{ parameters.prerelease }}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
name: 'Network - Public DnsZones' | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
staticValidation: | ||
type: boolean | ||
description: 'Execute static validation' | ||
required: false | ||
default: true | ||
deploymentValidation: | ||
type: boolean | ||
description: 'Execute deployment validation' | ||
required: false | ||
default: true | ||
removeDeployment: | ||
type: boolean | ||
description: 'Remove deployed module' | ||
required: false | ||
default: true | ||
prerelease: | ||
type: boolean | ||
description: 'Publish prerelease module' | ||
required: false | ||
default: false | ||
push: | ||
branches: | ||
- main | ||
paths: | ||
- '.github/actions/templates/**' | ||
- '.github/workflows/template.module.yml' | ||
- '.github/workflows/ms.network.dnszones.yml' | ||
- 'modules/Microsoft.Network/dnsZones/**' | ||
- 'utilities/pipelines/**' | ||
- '!utilities/pipelines/deploymentRemoval/**' | ||
- '!*/**/readme.md' | ||
|
||
env: | ||
modulePath: 'modules/Microsoft.Network/dnsZones' | ||
workflowPath: '.github/workflows/ms.network.dnszones.yml' | ||
|
||
concurrency: | ||
group: ${{ github.workflow }} | ||
|
||
jobs: | ||
########################### | ||
# Initialize pipeline # | ||
########################### | ||
job_initialize_pipeline: | ||
runs-on: ubuntu-20.04 | ||
name: 'Initialize pipeline' | ||
steps: | ||
- name: 'Checkout' | ||
uses: actions/checkout@v3 | ||
with: | ||
fetch-depth: 0 | ||
- name: 'Set input parameters to output variables' | ||
id: get-workflow-param | ||
uses: ./.github/actions/templates/getWorkflowInput | ||
with: | ||
workflowPath: '${{ env.workflowPath}}' | ||
- name: 'Get parameter file paths' | ||
id: get-module-test-file-paths | ||
uses: ./.github/actions/templates/getModuleTestFiles | ||
with: | ||
modulePath: '${{ env.modulePath }}' | ||
outputs: | ||
workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }} | ||
moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }} | ||
modulePath: '${{ env.modulePath }}' | ||
|
||
############################## | ||
# Call reusable workflow # | ||
############################## | ||
call-workflow-passing-data: | ||
name: 'Module' | ||
needs: | ||
- job_initialize_pipeline | ||
uses: ./.github/workflows/template.module.yml | ||
with: | ||
workflowInput: '${{ needs.job_initialize_pipeline.outputs.workflowInput }}' | ||
moduleTestFilePaths: '${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}' | ||
modulePath: '${{ needs.job_initialize_pipeline.outputs.modulePath}}' | ||
secrets: inherit |
97 changes: 97 additions & 0 deletions
97
modules/Microsoft.Network/dnsZones/.bicep/nested_roleAssignments.bicep
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
@sys.description('Required. The IDs of the principals to assign the role to.') | ||
param principalIds array | ||
|
||
@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') | ||
param roleDefinitionIdOrName string | ||
|
||
@sys.description('Required. The resource ID of the resource to apply the role assignment to.') | ||
param resourceId string | ||
|
||
@sys.description('Optional. The principal type of the assigned principal ID.') | ||
@allowed([ | ||
'ServicePrincipal' | ||
'Group' | ||
'User' | ||
'ForeignGroup' | ||
'Device' | ||
'' | ||
]) | ||
param principalType string = '' | ||
|
||
@sys.description('Optional. The description of the role assignment.') | ||
param description string = '' | ||
|
||
@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container".') | ||
param condition string = '' | ||
|
||
@sys.description('Optional. Version of the condition.') | ||
@allowed([ | ||
'2.0' | ||
]) | ||
param conditionVersion string = '2.0' | ||
|
||
@sys.description('Optional. Id of the delegated managed identity resource.') | ||
param delegatedManagedIdentityResourceId string = '' | ||
|
||
var builtInRoleNames = { | ||
'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') | ||
'Avere Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9') | ||
'Azure Center for SAP solutions administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7') | ||
'Azure Center for SAP solutions reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b') | ||
'Azure Center for SAP solutions service role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138') | ||
'Azure Kubernetes Service Policy Add-on Deployment': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064') | ||
'Backup Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b') | ||
'Backup Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324') | ||
Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') | ||
'Cosmos DB Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa') | ||
'Desktop Virtualization Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c') | ||
'DevTest Labs User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64') | ||
'DNS Resolver Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d') | ||
'DNS Zone Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314') | ||
'DocumentDB Account Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450') | ||
'Domain Services Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2') | ||
'Domain Services Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb') | ||
'LocalNGFirewallAdministrator role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2') | ||
'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') | ||
'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') | ||
'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') | ||
'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') | ||
'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') | ||
'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') | ||
'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') | ||
'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') | ||
Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') | ||
'Private DNS Zone Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f') | ||
Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') | ||
'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') | ||
'Role Based Access Control Administrator (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168') | ||
'Site Recovery Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567') | ||
'Site Recovery Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca') | ||
'SQL Managed Instance Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d') | ||
'SQL Security Manager': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3') | ||
'Storage Account Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab') | ||
'Traffic Manager Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7') | ||
'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') | ||
'Virtual Machine Administrator Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4') | ||
'Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c') | ||
'Virtual Machine User Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52') | ||
'Windows Admin Center Administrator Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f') | ||
} | ||
|
||
resource dnsZone 'Microsoft.Network/dnsZones@2018-05-01' existing = { | ||
name: last(split(resourceId, '/'))! | ||
} | ||
|
||
resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { | ||
name: guid(dnsZone.id, principalId, roleDefinitionIdOrName) | ||
properties: { | ||
description: description | ||
roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName | ||
principalId: principalId | ||
principalType: !empty(principalType) ? any(principalType) : null | ||
condition: !empty(condition) ? condition : null | ||
conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null | ||
delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null | ||
} | ||
scope: dnsZone | ||
}] |
37 changes: 37 additions & 0 deletions
37
modules/Microsoft.Network/dnsZones/.test/common/dependencies.bicep
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
@description('Optional. The location to deploy to.') | ||
param location string = resourceGroup().location | ||
|
||
@description('Required. The name of the Traffic Manager Profile to create.') | ||
param trafficManagerProfileName string | ||
|
||
@description('Required. The name of the Managed Identity to create.') | ||
param managedIdentityName string | ||
|
||
resource trafficManagerProfile 'Microsoft.Network/trafficmanagerprofiles@2022-04-01-preview' = { | ||
name: trafficManagerProfileName | ||
location: 'global' | ||
properties: { | ||
trafficRoutingMethod: 'Performance' | ||
maxReturn: 0 | ||
dnsConfig: { | ||
relativeName: trafficManagerProfileName | ||
ttl: 60 | ||
} | ||
monitorConfig: { | ||
protocol: 'HTTP' | ||
port: 80 | ||
path: '/' | ||
} | ||
} | ||
} | ||
|
||
resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { | ||
name: managedIdentityName | ||
location: location | ||
} | ||
|
||
@description('The resource ID of the created Traffic Manager Profile.') | ||
output trafficManagerProfileResourceId string = trafficManagerProfile.id | ||
|
||
@description('The principal ID of the created Managed Identity.') | ||
output managedIdentityPrincipalId string = managedIdentity.properties.principalId |
Oops, something went wrong.