Refactor/200/tf scenarios updated

.github/workflows/.template.terraform.yml

@@ -7,7 +7,7 @@ on:
         type: string
         description: 'Terraform version'
         required: true
-        default: '1.3.9'
+        default: '1.9.7'
       modulePath:
         type: string
         description: 'Path to the Terraform module'

.github/workflows/scenario1.terraform.yml

@@ -1,5 +1,91 @@
 name: 'Scenario 1: Terraform Multi-Tenant ASEv3 Secure Baseline'
 
+concurrency:
+  group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
+  cancel-in-progress: false
+
+on:
+  workflow_dispatch:
+    inputs:
+      destroy:
+        description: 'Destroy resources?'
+        required: true
+        type: boolean
+        default: false
+
+  push:
+    branches:
+      - main
+    paths:
+      - '.github/workflows/scenario1.terraform.yml'
+      - '.github/workflows/_template.terraform.yml'
+      - 'scenarios/secure-baseline-multitenant/terraform/**.tf'
+      - 'scenarios/secure-baseline-multitenant/terraform/**/parameters/ase-multitenant.parameters.tfvars'
+      - '!scenarios/secure-baseline-multitenant/terraform/**.md'
+
+  pull_request:
+    branches:
+      - main
+    paths:
+      - '.github/workflows/scenario1.terraform.yml'
+      - '.github/workflows/_template.terraform.yml'
+      - 'scenarios/secure-baseline-multitenant/terraform/**'
+      - 'scenarios/secure-baseline-multitenant/terraform/**/parameters/ase-multitenant.parameters.tfvars'
+      - '!scenarios/secure-baseline-multitenant/terraform/**.md'
+
+permissions:
+  id-token: write
+  contents: read
+  pull-requests: write
+
+env:
+  modulePath: 'scenarios/secure-baseline-multitenant/terraform'
+  terraformVersion: 1.5.2 # must be greater than or equal to 1.2 for OIDC
+  backendStateKey: 'scenario1.hub.tfstate'
+  tfvarPath: 'parameters/ase-multitenant.parameters.tfvars'
+
+jobs:
+  prepare-environment:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout the code
+      uses: actions/checkout@main
+    outputs:
+      modulePath: ${{ env.modulePath }}
+      terraformVersion: ${{ env.terraformVersion }}
+      backendStateKey: ${{ env.backendStateKey }}
+      tfvarPath: ${{ env.tfvarPath }}
+
+  terraform-deploy-hub:
+    name: 'Terraform CICD (Hub Multi-tenant Secure Baseline)'
+    needs: 
+    - prepare-environment
+    uses: ./.github/workflows/.template.terraform.yml
+    with:
+      modulePath: ${{ needs.prepare-environment.outputs.modulePath }}/hub
+      terraformVersion: ${{ needs.prepare-environment.outputs.terraformVersion }}
+      backendStateKey: 'scenario1.hub.tfstate'
+      tfvarPath: ${{ needs.prepare-environment.outputs.tfvarPath }}
+      # Ensure this value is a boolean
+      destroy: ${{ github.event.inputs.destroy == 'true' }}
+    secrets: inherit
+
+  terraform-deploy-spoke:
+    name: 'Terraform CICD (Spoke Multi-tenant Secure Baseline)'
+    needs: 
+    - prepare-environment
+    - terraform-deploy-hub
+    uses: ./.github/workflows/.template.terraform.yml
+    with:
+      modulePath: ${{ needs.prepare-environment.outputs.modulePath }}/spoke
+      terraformVersion: ${{ needs.prepare-environment.outputs.terraformVersion }}
+      backendStateKey: 'scenario1.spoke.tfstate'
+      tfvarPath: ${{ needs.prepare-environment.outputs.tfvarPath }}
+      # Ensure this value is a boolean
+      destroy: ${{ github.event.inputs.destroy == 'true' }}
+    secrets: inherit
+name: 'Scenario 1: Terraform Multi-Tenant ASEv3 Secure Baseline'
+
 concurrency:
   group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
   cancel-in-progress: false

.pre-commit-config.yaml

@@ -1,9 +1,13 @@
 repos:
 - repo: https://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.74.1 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
+  rev: v1.96.1 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
   hooks:
     - id: terraform_fmt
-    - id: terraform_validate
+    ## Commenting out due to provider mismatch throwing false-positive errors on expected parameters
+    # - id: terraform_validate
+    #   args:
+    #   - --tf-init-args=-upgrade
+    #   - --hook-config=--retry-once-with-cleanup=true     # Boolean. true or false
     - id: terraform_docs
       args:
       - --hook-config=--path-to-file=README.md        # Valid UNIX path. I.e. ../TFDOC.md or docs/README.md etc.

deployment/bicep/main.bicep

@@ -0,0 +1,100 @@
+targetScope='subscription'
+param workloadName string
+param location string =  deployment().location
+@description('The-- environment for which the deployment is being executed')
+@allowed([
+  'dev'
+  'uat'
+  'prod'
+  'dr'
+])
+param environment string
+
+// parameters for azure devops agent 
+param vmazdevopsUsername string
+param vmazdevopsPassword string
+param azureDevOpsAccount string
+param personalAccessToken string
+
+// Variables
+var resourceSuffix = '${workloadName}-${environment}-${location}-001'
+var vmSuffix=environment
+// RG Names Declaration
+var sharedResourceGroupName = 'rg-shared-${resourceSuffix}'
+var aseResourceGroupName = 'rg-ase-${resourceSuffix}'
+// Create resources name using these objects and pass it as a params in module
+var sharedResourceGroupResources = {
+  'appInsightsName':'appin-${resourceSuffix}'
+  'logAnalyticsWorkspaceName': 'logananalyticsws-${resourceSuffix}'
+   'environmentName': environment
+   'resourceSuffix' : resourceSuffix
+   'vmSuffix' : vmSuffix
+}
+
+
+
+resource aseResourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: aseResourceGroupName
+  location: location
+}
+
+
+
+// shared resource group 
+
+
+//  for testing -- need a subnet
+
+var NetworkResourceGroupName = 'rg-network-${resourceSuffix}'
+
+resource networkRg 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: NetworkResourceGroupName
+  location: location
+}
+
+module vnet_generic './vnettest/vnetWithOutBastian.bicep' = {
+  name: 'vnet'
+  scope: resourceGroup(networkRg.name)
+  params: {
+    namePrefix: 'test-vnet'
+  }
+}
+
+var subnetId=vnet_generic.outputs.subnetId
+
+// end testing subnet
+
+
+resource sharedRG 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: sharedResourceGroupName
+  location: location
+}
+
+
+module shared './shared/shared.bicep' = {
+  name: 'sharedresources'
+  scope: resourceGroup(sharedRG.name)
+  params: {
+    location: location
+    sharedResourceGroupResources : sharedResourceGroupResources
+    subnetId: subnetId
+    vmazdevopsPassword:vmazdevopsPassword
+    vmazdevopsUsername: vmazdevopsUsername
+    personalAccessToken: personalAccessToken
+    azureDevOpsAccount: azureDevOpsAccount
+    resourceGroupName: sharedRG.name
+  }
+}
+
+module ase 'ase.bicep' = {
+  dependsOn: [
+    shared
+  ]
+  scope: resourceGroup(aseResourceGroup.name)
+  name: 'aseresources'
+  params: {
+    location: location
+    workloadName: workloadName
+    environment: environment
+  }
+}