Major module update (#39)

* added diagnostic storage account

* added retrieval of sas token from an arm template

* added sas properties

* enabled azure security center deployment

* added solutions to log analytics plus datastores

* added storage account v2 template

* added storage account templates

* updated diagnostic storage account output parameters

* added IaaSDiagnostic wad settings

* enabled service endpoint on shared services network

* renamed module names

* updated archetype module versions

* updated archetype module versions

* fixed invalid parameters

* updated shared services archetype

* updated adds extension names

* added app rule and network rule collections to allow for log analytics egress access from VMs

* added virtual network module and updated app rule collection

* updated security center - workspace pricing tier

* enabled security center log analytics auto provisioning

* enabled update management

* added diagnostic settings to automation account

* added linux schedules

* modified shared services test archetype based on latest modifications

* added azure backup log analytics solution and whitelisted linux package managers

* updated palo alto module versions

* fixed bootstrap file encoding

* removed unused parameter

* added 1.0 version as default module version

* added cdn and made storage account template more generic

* modified templates to use common diagnostic storage account

* added diagnostic storage account

* updated ntier iaas deployment

* Added storage-account v2.0

* Added placeholders for policy,rbac and script folders in storage-account v2.0

* Updated the comments in the test scripts for storage-account module

* added v2 of storage account deployment

* added placeholder for scripts folder

* Changed the path logic to be os agnostic

* removed tokens from v2.0 storage parameters file

* Update to path concatenation logic applied

* updated sql server template

* added sql server cloudwitness service endpoint

* updated azure firewall rules and increase vmapp-lb size

* updated ntier iaas archetypes to use latest log analytics module

* updated ntier SQL Cluster IP

* updated aks, sap, cloud break and squid modules to use single diagnostic storage account

* modified sqldb to be ISO compliant

* fixed deployment of single diagnostic storage

* reduced number of integration tests. integration tests help test the python orchestration

* updated aks archetype file name

* added update management tag on linux jumpbox

* updated templates based on feedback

* fix deployment name, converted to string

* forced rebuild

Author: jorgecotillo

Diff for: .gitignore

@@ -41,6 +41,7 @@ legacy_mgmt_settings_real.py
 vdc_settings_real.py
 app_creds_real.py
 **/archetype.json
+**/archetypes.json
 
 # User-specific files
 *.suo
@@ -74,3 +75,4 @@ src/build
 # Azure deployment credentials
 *.pubxml
 archetypes/aks/archetypes.json
+archetypes/shared-services/archetype.test.devops.json

Diff for: archetypes/aks/archetypes.test.json renamed to archetypes/aks/archetype.test.json

@@ -17,12 +17,10 @@
         "shared-services": {
             "subscription-id": "00000000-0000-0000-0000-000000000000",
             "deployment-name": "ssvcs",
-            "adds": {
-                "vm-ip-address-start": "10.4.0.46"
-            },
             "active-directory": {
                 "domain-admin-user": "contoso",
-                "domain-name": "contoso.com"
+                "domain-name": "contoso.com",
+                "vm-ip-address-start": "10.4.0.46"
             },
             "network": {
                 "network-virtual-appliance": {
@@ -38,8 +36,8 @@
         },
         "workload": {
             "subscription-id": "00000000-0000-0000-0000-000000000000",       
-            "deployment-name": "iaas",
-            "region":"Central US",
+            "deployment-name": "ntier",
+            "region":"West US 2",
             "vm-configuration": {
                 "local-admin-user": "admin-user",
                 "enable-encryption": false,
@@ -60,20 +58,26 @@
             "log-analytics": {
                 "region": "West US 2"
             },
+            "automation-account": {
+                "region": "West US 2"
+            },
             "network": {
                 "enable-ddos-protection": false
             }
         }
     },
     "orchestration": {
         "modules-to-deploy":[
+            "diagnostic-storage-account",
             "la",
+            "automation-account",
+            "security-center",
             "nsg",
             "workload-net",
+            "enable-service-endpoint-on-diagnostic-storage-account",
             "kv",
             "vmapp-web-lb",
             "vmapp-biz-lb",
-            "app-gateway",
             "sqlserver-alwayson"
         ],
         "module-validation-dependencies": [
@@ -84,13 +88,44 @@
             "custom-scripts": "file(scripts)",
             "modules": [
                 {
-                    "module": "workload-net",
-                    "resource-group-name": "${general.organization-name}-${workload.deployment-name}-net-rg",
+                    "module": "diagnostic-storage-account",
+                    "resource-group-name": "${general.organization-name}-${workload.deployment-name}-diagnostics-rg",
+                    "source": {
+                        "version": "1.0",
+                        "template-path": "file(modules/storage-account/1.0)",
+                        "parameters-path": "file(modules/storage-account/1.0)"
+                    },
+                    "dependencies": []
+                },
+                {
+                    "module": "la",
+                    "resource-group-name": "${general.organization-name}-${workload.deployment-name}-diagnostics-rg",
                     "source": {
                         "version": "1.0"
                     },
                     "dependencies": [
-                        "nsg"
+                        "diagnostic-storage-account"
+                    ]
+                },
+                {
+                    "module": "automation-account",
+                    "resource-group-name": "${general.organization-name}-${workload.deployment-name}-diagnostics-rg",
+                    "source": {
+                        "version": "1.0"
+                    },
+                    "dependencies": [
+                        "la",
+                        "diagnostic-storage-account"
+                    ]
+                },
+                {
+                    "module": "security-center",
+                    "create-resource-group": false,
+                    "source": {
+                        "version": "1.0"
+                    },
+                    "dependencies": [
+                        "la"
                     ]
                 },
                 {
@@ -100,7 +135,31 @@
                         "version": "1.0"
                     },
                     "dependencies": [
-                        "la"
+                        "la",
+                        "diagnostic-storage-account"
+                    ]
+                },
+                {
+                    "module": "workload-net",
+                    "resource-group-name": "${general.organization-name}-${workload.deployment-name}-net-rg",
+                    "source": {
+                        "version": "1.0"
+                    },
+                    "dependencies": [
+                        "nsg"
+                    ]
+                },
+                {
+                    "module": "enable-service-endpoint-on-diagnostic-storage-account",
+                    "resource-group-name": "${general.organization-name}-${workload.deployment-name}-diagnostics-rg",
+                    "source": {
+                        "version": "1.0",
+                        "template-path": "file(modules/storage-account/1.0)",
+                        "parameters-path": "file(modules/storage-account/1.0/azureDeploy.enable-serviceEndpoint.parameters.json)"
+                    },
+                    "dependencies": [
+                        "workload-net",
+                        "diagnostic-storage-account"
                     ]
                 },
                 {
@@ -110,7 +169,9 @@
                         "version": "1.0"
                     },
                     "dependencies": [
-                        "la"
+                        "workload-net",
+                        "la",
+                        "diagnostic-storage-account"
                     ]
                 },
                 {
@@ -122,7 +183,8 @@
                     "dependencies": [
                         "kv",
                         "workload-net",
-                        "la"
+                        "la",
+                        "diagnostic-storage-account"
                     ]
                 },
                 {
@@ -134,7 +196,8 @@
                     "dependencies": [
                         "kv",
                         "workload-net",
-                        "la"
+                        "la",
+                        "diagnostic-storage-account"
                     ]
                 },
                 {
@@ -148,7 +211,8 @@
                     "dependencies": [
                         "kv",
                         "workload-net",
-                        "la"
+                        "la",
+                        "diagnostic-storage-account"
                     ]
                 },
                 {
@@ -162,7 +226,8 @@
                     "dependencies": [
                         "kv",
                         "workload-net",
-                        "la"
+                        "la",
+                        "diagnostic-storage-account"
                     ]
                 },
                 {
@@ -174,7 +239,8 @@
                     "dependencies": [
                         "kv",
                         "workload-net",
-                        "la"
+                        "la",
+                        "diagnostic-storage-account"
                     ]
                 },
                 {
@@ -202,10 +268,8 @@
     "shared-services":{
         "subscription-id": "${general.shared-services.subscription-id}",
         "deployment-name": "${general.shared-services.deployment-name}",
-        "adds": {
-            "vm-ip-address-start": "${general.shared-services.adds.vm-ip-address-start}"
-        },
         "active-directory": {
+            "vm-ip-address-start": "${general.shared-services.active-directory.vm-ip-address-start}",
             "domain-admin-user": "${general.shared-services.active-directory.domain-admin-user}",
             "domain-name": "${general.shared-services.active-directory.domain-name}"
         },
@@ -258,7 +322,34 @@
         "log-analytics": {
             "region": "${general.workload.log-analytics.region}"
         },
-        "keyvault": "${general.workload.keyvault}",
+        "automation-account": {
+            "region": "${general.workload.automation-account.region}"
+        },
+        "keyvault": {
+            "secrets": "${general.workload.keyvault.secrets}",
+            "network-acls": {
+                "bypass": "AzureServices",
+                "defaultAction": "Deny",
+                "virtualNetworkRules": [
+                    {
+                        "subnet": "${workload.network.subnets[0].name}"
+                    }
+                ],
+                "ipRules": []
+            }
+        },
+        "storage-account": {
+            "network-acls": {
+                "bypass": "AzureServices",
+                "defaultAction": "Deny",
+                "virtualNetworkRules": [
+                    {
+                        "subnet": "${workload.network.subnets[0].name}"
+                    }
+                ],
+                "ipRules": []
+            }
+        },
         "network": {
             "address-prefix": "10.4.2.0/24",
             "enable-ddos-protection": "${general.workload.network.enable-ddos-protection}",
@@ -496,11 +587,25 @@
                     "address-prefix": "10.4.2.0/27",
                     "network-security-group": "${workload.network.network-security-groups[0].name}",
                     "user-defined-route": "${workload.network.user-defined-routes[0].name}",
-                    "service-endpoints": []
+                    "service-endpoints": [
+                        {
+                            "service": "Microsoft.EventHub"
+                        },
+                        {
+                            "service": "Microsoft.Sql"
+                        },
+                        {
+                            "service": "Microsoft.KeyVault"
+                        },
+                        {
+                            "service": "Microsoft.Storage"
+                        }
+                    ]
                 }
             ],
             "dns-servers": [
-                "${shared-services.adds.vm-ip-address-start}"
+                "${shared-services.active-directory.vm-ip-address-start}",
+                "next-ip(${shared-services.active-directory.vm-ip-address-start}, 1)"
             ]
         }
     }

Diff for: archetypes/cloudbreak/archetype.test.json

@@ -8,7 +8,7 @@
         "on-premises": {
             "subscription-id": "00000000-0000-0000-0000-000000000000",
             "deployment-name": "onprem",
-            "region": "Central US",
+            "region": "West US 2",
             "active-directory": {
                 "AD-sitename": "Cloud-Site",
                 "cloud-zone": "contosocloud.com",
@@ -26,7 +26,7 @@
         },
         "shared-services": {
             "subscription-id": "00000000-0000-0000-0000-000000000000",
-            "deployment-name": "cus-ss"
+            "deployment-name": "ssvcs"
         }
     },
     "orchestration": {