riosengineer

using './azbastion-recording.bicep'

// Bicep params change as necessary - Password overriden at CLI runtime so can be ignored
param parvNetName = 'vnet-bastion-demo'
param parBastionName = 'bastion-demo'
param parLocation = 'uksouth'
param parWinVmName = 'win-vm-demo'
param parAdminUsername = 'riosengineer'
param parContainerName = 'recordings'
param parPipName = 'pip-bastion-demo'

riosengineer

// az login 
// az account set -s "subGuid"
// az group create --name rg-bastion-demo --location uksouth
// az deployment group create -g 'rg-bastion-demo' -f '.\bastion.bicep' -p '.\bastion.bicepparam' -p parAdminPassword=Some-Password-Here

targetScope = 'resourceGroup'

metadata name = 'Quickstart Template Azure Bastion Session Recording'
metadata description = 'Azure Bastion Premium SKU with Session Recording demo with Windows and Linux VMs.'

riosengineer

trigger:
  branches:
    include:
    - main
  paths:
    include:
# amend folder name / structure path to suit your repository
    - bicep/connectivity-sub

variables:

riosengineer

trigger:
  branches:
    include:
    - main
  paths:
    include:
# amend folder name / structure path to suit your repository
    - Bicep/* 

variables:

riosengineer

trigger: none

variables:
  vmImageName: ubuntu-latest
  azureServiceConnection: YOUR_ARM_CONNECTION

pool:
  vmImage: $(vmImageName)

stages:

riosengineer

# Create Pester container https://pester.dev/docs/commands/New-PesterContainer
# Location of the Pester Unit test script location (example)
$container = New-PesterContainer -Path './.scripts/bicep-module-tests.ps1'

# Set config values and results 
$config = New-PesterConfiguration
$config.TestResult.OutputFormat = "NUnitXML"
$config.TestResult.OutputPath = "test-Pester.xml"
$config.TestResult.Enabled = $True
$config.Run.Container = $container

riosengineer

---
trigger:
  branches:
    include:
    - main
  paths:
    exclude: 
    - '**/*.yaml'

variables:

riosengineer

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "mspOfferName": {
            "value": "Contoso Cloud Services"
        },
        "mspOfferDescription": {
            "value": "Contoso Managed Services"
        },

riosengineer

// SQL MI NSG and Route table with mandatory subnet service-aided config: https://learn.microsoft.com/en-gb/azure/azure-sql/managed-instance/connectivity-architecture-overview?view=azuresql&tabs=current#mandatory-security-rules-with-service-aided-subnet-configuration
//
// where modules defined are copied locally from CARML/Azure Verified Modules GitHub Repositories. https://github.com/Azure/ResourceModules/tree/main/modules/network/network-security-group & https://github.com/Azure/ResourceModules/tree/main/modules/network/route-table
//
//
// Azure Bicep with complete list of current Azure SQL MI mandatory security rules & routes for repeatable template deployments without template violations
// Insert this to your Azure SQL MI Bicep templates to avoid Network Intent Policy errors when redeploying Bicep templates for Azure SQL MI and avoid erorrs like: https://github.com/Azure/azure-quickstart-templates/issues/6670
@description('Enter Azure SQL MI subnet address prefix.')
param subnetPrefix string = '10.1.2.

riosengineer

# Connect to Key Vault with MI and get secret values
Connect-AzAccount -Identity
$tenantId = Get-AzKeyVaultSecret -VaultName "kv-rios-example" -Name "tenantId" -AsPlainText
$appId = Get-AzKeyVaultSecret -VaultName "kv-rios-example" -Name "appId" -AsPlainText
$spnsecret = Get-AzKeyVaultSecret -VaultName "kv-rios-example" -Name "secret" -AsPlainText


# Login to Sandbox Tenant via SPN
$secret = ConvertTo-SecureString -String $spnsecret -AsPlainText -Force
$pscredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $appId, $secret