Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consolidate spoke network module creation #493

Closed
glennmusa opened this issue Oct 27, 2021 · 1 comment · Fixed by #497
Closed

Consolidate spoke network module creation #493

glennmusa opened this issue Oct 27, 2021 · 1 comment · Fixed by #497
Assignees
@glennmusa

Comments

@glennmusa
Copy link
Contributor

Benefit/Result/Outcome

So that changes are applied universally to all spokes when changes are made and reduce the likelihood of introducing errors or variance between spokes.

Description

Today, we have a module declaration for each of the spoke resource groups, networks, policy assignments, logging activities, and security center enrollments, like this:

missionlz/src/bicep/mlz.bicep

Lines 18 to 46 in b74db11

module identityResourceGroup './modules/resourceGroup.bicep' = {
name: 'deploy-identity-rg-${nowUtc}'
scope: subscription(identitySubscriptionId)
params: {
name: identityResourceGroupName
location: identityLocation
tags: tags
}
}
module operationsResourceGroup './modules/resourceGroup.bicep' = {
name: 'deploy-operations-rg-${nowUtc}'
scope: subscription(operationsSubscriptionId)
params: {
name: operationsResourceGroupName
location: operationsLocation
tags: tags
}
}
module sharedServicesResourceGroup './modules/resourceGroup.bicep' = {
name: 'deploy-sharedServices-rg-${nowUtc}'
scope: subscription(sharedServicesSubscriptionId)
params: {
name: sharedServicesResourceGroupName
location: sharedServicesLocation
tags: tags
}
}

That's a lot of duplication and surface area and risk that changes could differ for each spoke.

Instead, we could use Bicep's loop function to declare those modules just once and provision them the same way for each spoke like this:

missionlz/src/bicep/mlz.bicep

Lines 17 to 25 in 78fe8c7

module spokeResourceGroups './modules/resourceGroup.bicep' = [for spoke in spokes: {
name: 'deploy-rg-${spoke.name}-${nowUtc}'
scope: subscription(spoke.subscriptionId)
params: {
name: spoke.resourceGroupName
location: spoke.location
tags: tags
}
}]

Acceptance Criteria

  • Use loops to declare modules a single time and deploy them for many spokes
  • The deployment should still take the same parameters and output the same information
  • Update any documentation where outputs have changed because of these new structures
@glennmusa
Copy link
Contributor Author

Proposed these changes in a branch here: main...glenn/consolidateSpokes

@glennmusa glennmusa mentioned this issue Oct 29, 2021
Merged
4 tasks
@glennmusa glennmusa self-assigned this Oct 29, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@glennmusa glennmusa

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

use Bicep loop syntax to create spoke resources the same way Azure/missionlz
1 participant
@glennmusa