Skip to content

Commit

Permalink
977 mlz optional deploy a different flavor of linux for bastion jump …
Browse files Browse the repository at this point in the history 
…host (Azure#1072)

* linux flavor

* added linux flavors, vm size selector for linux and windows VMs

* automated publisher to offer for linux distributions

* GitHub Action: Build Bicep to JSON

---------

Co-authored-by: Jason Masten <[email protected]>
Co-authored-by: github-actions <[email protected]>
  • Loading branch information
@tsweatman1 @jamasten
3 people authored Aug 9, 2024
1 parent fea49c2 commit afc9b68
Show file tree
Hide file tree
Showing 5 changed files with 330 additions and 192 deletions.
159 changes: 153 additions & 6 deletions src/bicep/form/mlz.portal.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,13 @@
}
]
},
{
"name": "resourceScope",
"type": "Microsoft.Common.ResourceScope",
"location": {
"resourceTypes": []
}
},
{
"name": "selectSubscriptions",
"label": "Select Subscription(s)",
Expand Down Expand Up @@ -453,7 +460,9 @@
"type": "Microsoft.Common.DropDown",
"label": "Firewall SKU",
"placeholder": "",
"defaultValue": ["Premium"],
"defaultValue": [
"Premium"
],
"toolTip": "Selecting a value other than Premium will reduce the security of the MLZ environment and your environment no longer be SCCA compliant. The Premium SKU is recommended for all production environments that require TLS inspection and SCCA.",
"multiselect": false,
"selectAll": false,
Expand Down Expand Up @@ -721,7 +730,7 @@
"options": {
"text": "Enabling the additional paid features of Microsoft Defender for Cloud is recommended. If you have previously enabled any paid workload protection plans, you must select the checkbox and relevant plans on the dropdown list, to ensure protection is maintained through any deployment(s) of MLZ.",
"uri": "https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction#protect-cloud-workloads"
}
}
},
{
"name": "deployDefender",
Expand Down Expand Up @@ -1120,6 +1129,49 @@
"text": "Provide an administrator username and password for the Windows virtual machine."
}
},
{
"name": "windowsVmSku",
"type": "Microsoft.Common.DropDown",
"label": "Windows Server Version",
"toolTip": "Select the desired Windows Server Version.",
"placeholder": "",
"multiselect": false,
"selectAll": false,
"multiLine": true,
"constraints": {
"allowedValues": [
{
"label": "2019",
"value": "2019-datacenter-gensecond"
},
{
"label": "2022",
"value": "2022-datacenter-g2"
}
]
},
"visible": "[steps('remoteAccess').windowsVmSection.deployWindowsVirtualMachine]"
},
{
"name": "windowsVmSize",
"type": "Microsoft.Compute.SizeSelector",
"label": "Size",
"toolTip": "Select an appropriate VM Size",
"recommendedSizes": [
"Standard_D2s_v3",
"Standard_E2s_v3"
],
"options": {
"hideDiskTypeFilter": false
},
"osPlatform": "Windows",
"imageReference": {
"publisher": "MicrosoftWindowsServer",
"offer": "WindowsServer",
"sku": "[steps('remoteAccess').windowsVmSection.windowsVmSku]"
},
"visible": "[steps('remoteAccess').windowsVmSection.deployWindowsVirtualMachine]"
},
{
"name": "windowsVmAdminUsername",
"type": "Microsoft.Compute.UserNameTextBox",
Expand Down Expand Up @@ -1180,10 +1232,91 @@
}
},
{
"name": "linuxVmDescriptionTextblock",
"type": "Microsoft.Common.TextBlock",
"name": "linuxVmImagePublisher",
"type": "Microsoft.Common.DropDown",
"label": "Linux Image Publisher",
"toolTip": "Select your preferred Linux Distribution Publisher.",
"placeholder": "",
"defaultValue": "Canonical for Ubuntu",
"multiselect": false,
"selectAll": false,
"multiLine": true,
"filter": false,
"constraints": {
"allowedValues": [
{
"label": "Canonical for Ubuntu",
"value": "Canonical"
},
{
"label": "RedHat",
"value": "RedHat"
},
{
"label": "Debian",
"value": "Debian"
}
],
"required": true
},
"visible": "[steps('remoteAccess').linuxVmSection.deployLinuxVirtualMachine]"
},
{
"name": "linuxVmImageOffer",
"type": "Microsoft.Common.DropDown",
"label": "Linux Image Offer",
"toolTip": "Select your preferred Linux Distribution Offer.",
"placeholder": "",
"multiselect": false,
"selectAll": false,
"multiLine": true,
"constraints": {
"required": true,
"allowedValues": "[if(equals(steps('remoteAccess').linuxVmSection.linuxVmImagePublisher, 'Canonical'), parse('[{\"label\": \"Ubuntu\",\"value\": \"ubuntu\"}]'), if(equals(steps('remoteAccess').linuxVmSection.linuxVmImagePublisher, 'RedHat'), parse('[{\"label\": \"RHEL\",\"value\": \"RHEL\"}]'), parse('[{\"label\": \"Debian\",\"value\": \"debian-12\"}]')))]"
},
"visible": "[steps('remoteAccess').linuxVmSection.deployLinuxVirtualMachine]"
},
{
"name": "skuApi",
"type": "Microsoft.Solutions.ArmApiControl",
"request": {
"method": "GET",
"path": "[concat(steps('basics').hubSection.hubSubscriptionId, '/providers/Microsoft.Compute/locations/', steps('basics').locationSection.location.name, '/publishers/', steps('remoteAccess').linuxVmSection.linuxVmImagePublisher, '/artifactTypes/vmImage/offers/', steps('remoteAccess').linuxVmSection.linuxVmImageOffer, '/skus?api-version=2024-03-01')]"
},
"visible": false
},
{
"name": "linuxVmImageSku",
"type": "Microsoft.Common.DropDown",
"label": "Linux Image SKU",
"toolTip": "Select the desired marketplace image SKU.",
"placeholder": "",
"multiselect": false,
"selectAll": false,
"multiLine": true,
"constraints": {
"required": true,
"allowedValues": "[map(filter(steps('remoteAccess').linuxVmSection.skuApi, (item) => contains(item.name, 'gen2')), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]"
},
"visible": "[steps('remoteAccess').linuxVmSection.deployLinuxVirtualMachine]"
},
{
"name": "linuxVmSize",
"type": "Microsoft.Compute.SizeSelector",
"label": "Size",
"toolTip": "Select an appropriate VM Size",
"recommendedSizes": [
"Standard_D2s_v3",
"Standard_E2s_v3"
],
"options": {
"text": "Provide an administrator username and password for the Linux virtual machine."
"hideDiskTypeFilter": false
},
"osPlatform": "Linux",
"imageReference": {
"publisher": "[steps('remoteAccess').linuxVmSection.linuxVmImagePublisher]",
"offer": "[steps('remoteAccess').linuxVmSection.linuxVmImageOffer]",
"sku": "[steps('remoteAccess').linuxVmSection.linuxVmImageSku]"
},
"visible": "[steps('remoteAccess').linuxVmSection.deployLinuxVirtualMachine]"
},
Expand Down Expand Up @@ -1218,6 +1351,14 @@
"hideConfirmation": false
},
"visible": "[steps('remoteAccess').linuxVmSection.deployLinuxVirtualMachine]"
},
{
"name": "policyWarning",
"type": "Microsoft.Common.InfoBox",
"options": {
"style": "Warning",
"text": "Please validate the desired Linux distribution is available, as there can be differences between clouds."
}
}
]
}
Expand Down Expand Up @@ -1289,8 +1430,12 @@
"identitySubscriptionId": "[if(steps('basics').identitySection.deployIdentity, replace(steps('basics').identitySection.identitySubscriptionId, '/subscriptions/', ''), replace(steps('basics').hubSection.hubSubscriptionId, '/subscriptions/', ''))]",
"identityVirtualNetworkAddressPrefix": "[steps('networking').identityVirtualNetwork.virtualNetworkAddressCidrRange]",
"linuxVmAdminPasswordOrKey": "[if(equals(steps('remoteAccess').linuxVmSection.linuxVmAdminPasswordOrKey.authenticationType, 'password'), steps('remoteAccess').linuxVmSection.linuxVmAdminPasswordOrKey.password, steps('remoteAccess').linuxVmSection.linuxVmAdminPasswordOrKey.sshPublicKey)]",
"linuxVmAdminUsername": "[steps('remoteAccess').linuxVmSection.linuxVmAdminUsername]",
"linuxVmAuthenticationType": "password",
"linuxVmAdminUsername": "[steps('remoteAccess').linuxVmSection.linuxVmAdminUsername]",
"linuxVmImagePublisher": "[steps('remoteAccess').linuxVmSection.linuxVmImagePublisher]",
"linuxVmImageOffer": "[steps('remoteAccess').linuxVmSection.linuxVmImageOffer]",
"linuxVmImageSku": "[steps('remoteAccess').linuxVmSection.linuxVmImageSku]",
"linuxVmSize": "[steps('remoteAccess').linuxVmSection.linuxVmSize]",
"location": "[steps('basics').locationSection.location.name]",
"operationsSubnetAddressPrefix": "[steps('networking').operationsVirtualNetwork.subnetAddressCidrRange]",
"operationsSubscriptionId": "[replace(steps('basics').operationsSection.operationsSubscriptionId, '/subscriptions/', '')]",
Expand All @@ -1302,6 +1447,8 @@
"sharedServicesSubscriptionId": "[replace(steps('basics').sharedServicesSection.sharedServicesSubscriptionId, '/subscriptions/', '')]",
"sharedServicesVirtualNetworkAddressPrefix": "[steps('networking').sharedServicesVirtualNetwork.virtualNetworkAddressCidrRange]",
"tags": "[steps('tags').tags]",
"windowsVmSku": "[steps('remoteAccess').windowsVmSection.windowsVmSku]",
"windowsVmSize": "[steps('remoteAccess').windowsVmSection.windowsVmSize]",
"windowsVmAdminPassword": "[steps('remoteAccess').windowsVmSection.windowsVmAdminPassword.password]",
"windowsVmAdminUsername": "[steps('remoteAccess').windowsVmSection.windowsVmAdminUsername]"
}
Expand Down
41 changes: 23 additions & 18 deletions src/bicep/mlz.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -364,26 +364,28 @@ param linuxVmAuthenticationType string = 'password'
@minLength(12)
param linuxVmAdminPasswordOrKey string = deployLinuxVirtualMachine ? '' : newGuid()

@description('The size of the Linux Virtual Machine to Azure Bastion remote into. It defaults to "Standard_B2s".')
param linuxVmSize string = 'Standard_B2s'

@description('The disk creation option of the Linux Virtual Machine to Azure Bastion remote into. It defaults to "FromImage".')
param linuxVmOsDiskCreateOption string = 'FromImage'

@description('The disk type of the Linux Virtual Machine to Azure Bastion remote into. It defaults to "Standard_LRS".')
param linuxVmOsDiskType string = 'Standard_LRS'

@description('The image publisher of the Linux Virtual Machine to Azure Bastion remote into. It defaults to "Canonical".')
@allowed([
'Canonical'
'RedHat'
'Debian'
])
@description('[Canonical for Ubuntu/RedHat/Debian] The available Linux Publishers')
param linuxVmImagePublisher string = 'Canonical'

@description('The image offer of the Linux Virtual Machine to Azure Bastion remote into. It defaults to "UbuntuServer".')
param linuxVmImageOffer string = '0001-com-ubuntu-server-focal'

@description('The image SKU of the Linux Virtual Machine to Azure Bastion remote into. It defaults to "18.04-LTS".')
param linuxVmImageSku string = '20_04-lts-gen2'

@description('The image version of the Linux Virtual Machine to Azure Bastion remote into. It defaults to "latest".')
param linuxVmImageVersion string = 'latest'
@allowed([
'Ubuntu'
'RHEL'
'Debian-12'
])
@description('[Ubuntu/RHEL/Debian-12] The available Linux Offers')
param linuxVmImageOffer string = 'Ubuntu'
param linuxVmImageSku string = '18_04-lts-gen2'
param linuxVmSize string = 'Standard_D2s_v3'

@allowed([
'Static'
Expand Down Expand Up @@ -411,7 +413,11 @@ param windowsVmPublisher string = 'MicrosoftWindowsServer'
@description('The offer of the Windows Virtual Machine to Azure Bastion remote into. It defaults to "WindowsServer".')
param windowsVmOffer string = 'WindowsServer'

@description('The SKU of the Windows Virtual Machine to Azure Bastion remote into. It defaults to "2019-datacenter".')
@allowed([
'2019-datacenter-gensecond'
'2022-datacenter-g2'
])
@description('The SKU of the Windows Virtual Machines to Azure Bastion remote into. It defaults to "2019-datacenter".')
param windowsVmSku string = '2019-datacenter-gensecond'

@description('The version of the Windows Virtual Machine to Azure Bastion remote into. It defaults to "latest".')
Expand Down Expand Up @@ -666,14 +672,13 @@ module remoteAccess 'modules/remote-access.bicep' = {
linuxNetworkInterfacePrivateIPAddressAllocationMethod: linuxNetworkInterfacePrivateIPAddressAllocationMethod
linuxVmAdminPasswordOrKey: linuxVmAdminPasswordOrKey
linuxVmAdminUsername: linuxVmAdminUsername
linuxVmAuthenticationType: linuxVmAuthenticationType
linuxVmImageOffer: linuxVmImageOffer
linuxVmImagePublisher: linuxVmImagePublisher
linuxVmImageOffer: linuxVmImageOffer
linuxVmImageSku: linuxVmImageSku
linuxVmImageVersion: linuxVmImageVersion
linuxVmSize: linuxVmSize
linuxVmAuthenticationType: linuxVmAuthenticationType
linuxVmOsDiskCreateOption: linuxVmOsDiskCreateOption
linuxVmOsDiskType: linuxVmOsDiskType
linuxVmSize: linuxVmSize
location: location
logAnalyticsWorkspaceId: monitoring.outputs.logAnalyticsWorkspaceResourceId
mlzTags: logic.outputs.mlzTags
Expand Down
Loading

0 comments on commit afc9b68

Please sign in to comment.