DevExp-DevBox/src/workload/project/project.bicep at main · Evilazaro/DevExp-DevBox · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
@description('Name of the DevCenter instance')
param devCenterName string

@description('Name of the project to be created')
param name string

@description('Log Analytics Workspace Resource ID')
@minLength(1)
param logAnalyticsId string

@description('Description for the DevCenter project')
param projectDescription string

@description('Catalog configuration for the project')
param catalogs ProjectCatalog[]

@description('Environment types to be associated with the project')
param projectEnvironmentTypes ProjectEnvironmentTypeConfig[]

@description('DevBox pool configurations for the project')
param projectPools PoolConfig[]

@description('Network connection name for the project')
param projectNetwork ProjectNetwork

@description('Secret identifier for Git repository authentication')
@secure()
param secretIdentifier string

@description('Resource group name for security resources')
param securityResourceGroupName string

@description('Managed identity configuration for the project')
param identity Identity

@description('Tags to be applied to all resources')
param tags Tags = {}

@description('Azure region for resource deployment')
param location string = resourceGroup().location

@description('Tags type for resource tagging')
type Tags = {
  @description('Wildcard property for any tag key-value pairs')
  *: string
}

@description('Network configuration for the project')
type ProjectNetwork = {
  @description('Name of the virtual network')
  name: string?

  @description('Flag indicating whether to create the network')
  create: bool?

  @description('Name of the resource group containing the network')
  resourceGroupName: string?

  @description('Type of virtual network (Managed or Unmanaged)')
  virtualNetworkType: string

  @description('Address prefixes for the virtual network')
  addressPrefixes: string[]?

  @description('Subnet configurations')
  subnets: Subnet[]?
}

@description('Subnet configuration')
type Subnet = {
  @description('Name of the subnet')
  name: string

  @description('Subnet properties')
  properties: SubnetProperties?
}

@description('Subnet properties configuration')
type SubnetProperties = {
  @description('Address prefix for the subnet')
  addressPrefix: string
}

@description('Identity configuration for the project')
type Identity = {
  @description('Type of managed identity (SystemAssigned or UserAssigned)')
  type: string

  @description('Role assignments for Azure AD groups')
  roleAssignments: RoleAssignment[]
}

@description('Azure RBAC role definition')
type AzureRBACRole = {
  @description('Role definition ID')
  id: string

  @description('Display name of the role')
  name: string
}

@description('Role assignment configuration')
type RoleAssignment = {
  @description('Azure AD group object ID')
  azureADGroupId: string

  @description('Azure AD group display name')
  azureADGroupName: string

  @description('Azure RBAC roles to assign')
  azureRBACRoles: AzureRBACRole[]
}

@description('Project catalog configuration')
type ProjectCatalog = {
  @description('Name of the catalog')
  name: string

  @description('Type of catalog (environment or image)')
  type: 'environmentDefinition' | 'imageDefinition'

  @description('Source control type')
  sourceControl: 'gitHub' | 'adoGit'

  @description('Visibility of the catalog')
  visibility: 'public' | 'private'

  @description('URI of the repository')
  uri: string

  @description('Branch to sync from')
  branch: string

  @description('Path within the repository to sync')
  path: string
}

@description('Project environment type configuration')
type ProjectEnvironmentTypeConfig = {
  @description('Name of the environment type')
  name: string

  @description('Resource ID of the deployment target subscription')
  deploymentTargetId: string
}

@description('Pool configuration for DevBox pools')
type PoolConfig = {
  @description('Name of the pool')
  name: string

  @description('Name of the image definition to use')
  imageDefinitionName: string

  @description('VM SKU for the pool')
  vmSku: string
}

@description('Reference to existing DevCenter')
resource devCenter 'Microsoft.DevCenter/devcenters@2026-01-01-preview' existing = {
  name: devCenterName
}

@description('DevCenter Project resource')
resource project 'Microsoft.DevCenter/projects@2026-01-01-preview' = {
  name: name
  location: location
  identity: {
    type: identity.type
  }
  properties: {
    description: projectDescription
    devCenterId: devCenter.id
    displayName: name
    catalogSettings: {
      catalogItemSyncTypes: [
        'EnvironmentDefinition'
        'ImageDefinition'
      ]
    }
  }
  tags: union(tags, {
    'ms-resource-usage': 'azure-cloud-devbox'
    project: name
  })
}

@description('Configure project identity role assignments')
module projectIdentity '../../identity/projectIdentityRoleAssignment.bicep' = [
  for (role, i) in identity.roleAssignments: {
    scope: resourceGroup()
    params: {
      projectName: project.name
      principalId: project.identity.principalId
      roles: role.azureRBACRoles
      principalType: 'ServicePrincipal'
    }
  }
]

@description('Configure project identity role assignments')
module projectIdentityRG '../../identity/projectIdentityRoleAssignmentRG.bicep' = [
  for (role, i) in identity.roleAssignments: {
    scope: resourceGroup(securityResourceGroupName)
    params: {
      projectName: project.name
      principalId: project.identity.principalId
      roles: role.azureRBACRoles
      principalType: 'ServicePrincipal'
    }
  }
]

@description('Add the AD Group to the DevCenter project')
module projectADGroup '../../identity/projectIdentityRoleAssignment.bicep' = [
  for (role, i) in identity.roleAssignments: {
    scope: resourceGroup()
    params: {
      projectName: project.name
      principalId: role.azureADGroupId
      principalType: 'Group'
      roles: role.azureRBACRoles
    }
  }
]

@description('Configure project catalogs')
module projectCatalogs 'projectCatalog.bicep' = [
  for (catalog, i) in catalogs: {
    scope: resourceGroup()
    params: {
      projectName: project.name
      catalogConfig: catalog
      secretIdentifier: secretIdentifier
    }
    dependsOn: [
      projectIdentity
      projectIdentityRG
      projectADGroup
    ]
  }
]

@description('Configure project environment types')
module environmentTypes 'projectEnvironmentType.bicep' = [
  for (envType, i) in projectEnvironmentTypes: {
    scope: resourceGroup()
    params: {
      projectName: project.name
      environmentConfig: envType
      location: location
    }
    dependsOn: [
      projectIdentity
      projectIdentityRG
      projectADGroup
    ]
  }
]

@description('Connectivity configuration for the project')
module connectivity '../../connectivity/connectivity.bicep' = {
  scope: resourceGroup()
  params: {
    devCenterName: devCenterName
    projectNetwork: projectNetwork
    logAnalyticsId: logAnalyticsId
    location: location
  }
  dependsOn: [
    project
  ]
}

@description('Configure DevBox pools for the project')
module pools 'projectPool.bicep' = [
  for (pool, i) in projectPools: {
    scope: resourceGroup()
    params: {
      name: pool.name
      projectName: project.name
      catalogs: catalogs
      imageDefinitionName: pool.imageDefinitionName
      vmSku: pool.vmSku
      networkConnectionName: connectivity.outputs.networkConnectionName
      networkType: connectivity.outputs.networkType
      location: location
    }
    dependsOn: [
      projectCatalogs
    ]
  }
]

@description('The name of the deployed project')
output AZURE_PROJECT_NAME string = project.name

@description('The resource ID of the deployed project')
output AZURE_PROJECT_ID string = project.id