Skip to content

Instantly share code, notes, and snippets.

View riosengineer's full-sized avatar
🦾

Dan Rios riosengineer

🦾
25 followers · 13 following
View GitHub Profile
@riosengineer
riosengineer / bicep-deploy-sub.yaml
Created March 28, 2024 16:18
bicep-deploy-sub.yaml
trigger:
branches:
include:
- main
paths:
include:
# amend folder name / structure path to suit your repository
- bicep/connectivity-sub
variables:
@riosengineer
riosengineer / bicep-deploy.yaml
Last active March 12, 2024 17:19
Bicep Deploy Pipeline
trigger:
branches:
include:
- main
paths:
include:
# amend folder name / structure path to suit your repository
- Bicep/*
variables:
@riosengineer
riosengineer / pr-pipeline.yaml
Created January 30, 2024 10:48
Azure Bicep Module Pester - PR Pipeline Example
trigger: none
variables:
vmImageName: ubuntu-latest
azureServiceConnection: YOUR_ARM_CONNECTION
pool:
vmImage: $(vmImageName)
stages:
@riosengineer
riosengineer / bicep-module-pester.ps1
Last active January 30, 2024 10:38
Bicep Module Pester Unit Tests
# Create Pester container https://pester.dev/docs/commands/New-PesterContainer
# Location of the Pester Unit test script location (example)
$container = New-PesterContainer -Path './.scripts/bicep-module-tests.ps1'
# Set config values and results
$config = New-PesterConfiguration
$config.TestResult.OutputFormat = "NUnitXML"
$config.TestResult.OutputPath = "test-Pester.xml"
$config.TestResult.Enabled = $True
$config.Run.Container = $container
@riosengineer
riosengineer / aca-deploy-pipeline.yaml
Created January 16, 2024 12:59
Azure Container Apps ADO Pipeline Example
---
trigger:
branches:
include:
- main
paths:
exclude:
- '**/*.yaml'
variables:
@riosengineer
riosengineer / azure-lighthouse-example.json
Last active January 8, 2024 12:33
Azure Lighthouse Params Example (ARM)
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"mspOfferName": {
"value": "Contoso Cloud Services"
},
"mspOfferDescription": {
"value": "Contoso Managed Services"
},
@riosengineer
riosengineer / main.bicep
Last active November 19, 2023 20:10
Mandatory security rules & routes required for Azure SQL Managed Instance in Bicep to enable repeatable template deployments without Network Intent policy violations.
// SQL MI NSG and Route table with mandatory subnet service-aided config: https://learn.microsoft.com/en-gb/azure/azure-sql/managed-instance/connectivity-architecture-overview?view=azuresql&tabs=current#mandatory-security-rules-with-service-aided-subnet-configuration
//
// where modules defined are copied locally from CARML/Azure Verified Modules GitHub Repositories. https://github.com/Azure/ResourceModules/tree/main/modules/network/network-security-group & https://github.com/Azure/ResourceModules/tree/main/modules/network/route-table
//
//
// Azure Bicep with complete list of current Azure SQL MI mandatory security rules & routes for repeatable template deployments without template violations
// Insert this to your Azure SQL MI Bicep templates to avoid Network Intent Policy errors when redeploying Bicep templates for Azure SQL MI and avoid erorrs like: https://github.com/Azure/azure-quickstart-templates/issues/6670
@description('Enter Azure SQL MI subnet address prefix.')
param subnetPrefix string = '10.1.2.
@riosengineer
riosengineer / azure-sandbox-destroy.ps1
Created September 6, 2023 14:28
Azure Sandbox Destroy
# Connect to Key Vault with MI and get secret values
Connect-AzAccount -Identity
$tenantId = Get-AzKeyVaultSecret -VaultName "kv-rios-example" -Name "tenantId" -AsPlainText
$appId = Get-AzKeyVaultSecret -VaultName "kv-rios-example" -Name "appId" -AsPlainText
$spnsecret = Get-AzKeyVaultSecret -VaultName "kv-rios-example" -Name "secret" -AsPlainText
# Login to Sandbox Tenant via SPN
$secret = ConvertTo-SecureString -String $spnsecret -AsPlainText -Force
$pscredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $appId, $secret