fix: move os detection before first use and remove duplicate code in terraform-installer.yaml

.config/ALZ-Powershell.config.json

@@ -26,84 +26,19 @@
                 "release_artifact_name": "starter_modules.zip",
                 "release_artifact_root_path": ".",
                 "release_artifact_config_file": ".config/ALZ-Powershell.config.json"
-
             },
             "bicep": {
+                "url": "https://github.com/Azure/alz-bicep-accelerator",
+                "release_artifact_name": "starter_modules.zip",
+                "release_artifact_root_path": ".",
+                "release_artifact_config_file": ".config/ALZ-Powershell.config.json"
+            },
+            "bicep-classic": {
                 "url": "https://github.com/Azure/ALZ-Bicep",
                 "release_artifact_name": "accelerator.zip",
                 "release_artifact_root_path": ".",
                 "release_artifact_config_file": "accelerator/.config/ALZ-Powershell-Auto.config.json"
             }
         }
-    },
-    "validators": {
-        "auth_scheme": {
-            "Type": "AllowedValues",
-            "Description": "A valid authentication scheme e.g. 'WorkloadIdentityFederation'",
-            "AllowedValues": {
-                "Display": true,
-                "Values": [
-                    "WorkloadIdentityFederation",
-                    "ManagedServiceIdentity"
-                ]
-            }
-        },
-        "azure_subscription_id": {
-            "Type": "Valid",
-            "Description": "A valid subscription id GUID e.g. '12345678-1234-1234-1234-123456789012'",
-            "Valid": "^( {){0,1}[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}(}){0,1}$"
-        },
-        "azure_name": {
-            "Type": "Valid",
-            "Description": "A valid Azure name e.g. 'my-azure-name'",
-            "Valid": "^[a-zA-Z0-9]{2,10}(-[a-zA-Z0-9]{2,10}){0,1}(-[a-zA-Z0-9]{2,10})?$"
-        },
-        "azure_name_section": {
-            "Type": "Valid",
-            "Description": "A valid Azure name with no hyphens and limited length e.g. 'abcd'",
-            "Valid": "^[a-zA-Z0-9]{2,10}$"
-        },
-        "guid": {
-            "Type": "Valid",
-            "Description": "A valid GUID e.g. '12345678-1234-1234-1234-123456789012'",
-            "Valid": "^( {){0,1}[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}(}){0,1}$"
-        },
-        "cidr_range": {
-            "Type": "Valid",
-            "Description": "A valid CIDR range e.g '10.0.0.0/16'",
-            "Valid": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/(3[0-2]|[1-2][0-9]|[0-9]))$"
-        },
-        "configuration_file_path": {
-            "Type": "Valid",
-            "Description": "A valid yaml or json configuration file path e.g. './my-folder/my-config-file.yaml' or `c:\\my-folder\\my-config-file.yaml`",
-            "Valid": "^.+\\.(yaml|yml|json)$"
-        },
-        "network_type": {
-            "Type": "AllowedValues",
-            "Description": "Networking Type'",
-            "AllowedValues": {
-                "Display": true,
-                "Values": [
-                    "hubNetworking",
-                    "hubNetworkingMultiRegion",
-                    "vwanConnectivity",
-                    "vwanConnectivityMultiRegion",
-                    "none"
-                ]
-            }
-        },
-        "email": {
-            "Type": "Valid",
-            "Description": "A valid email address",
-            "Valid": "^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$"
-        },
-        "azure_location": {
-            "Type": "AllowedValues",
-            "Description": "An Azure deployment location e.g. 'uksouth'",
-            "AllowedValues": {
-                "Display": false,
-                "Values": [ "This is dynamically populated from Azure" ]
-            }
-        }
     }
 }

.github/linters/.yaml-lint.yml

@@ -4,8 +4,12 @@ extends: default
 ignore: |
   **/bicep/**/ci-template.yaml
   **/bicep/**/cd-template.yaml
+  **/bicep-classic/**/ci-template.yaml
+  **/bicep-classic/**/cd-template.yaml
   *bicep-templates.yaml
   **/bicep/**/cd.yaml
+  **/bicep-classic/**/cd.yaml
+  **/bicep-classic/**/ci.yaml
 
 rules:
   # 500 chars should be enough, but don't fail if a line is longer

.github/tests/cleanup-scripts/cleanup_azure_resouces.ps1

@@ -0,0 +1,112 @@
+# This file can be used to clean up Resource Groups if there has been an issue with the End to End tests.
+# CAUTION: Make sure you are connected to the correct subscription before running this script!
+
+# Check for and install the resource-graph extension if not already installed
+$installedExtensions = az extension list --query "[].name" -o tsv
+if ($installedExtensions -notcontains "resource-graph") {
+    Write-Host "Installing Azure CLI resource-graph extension..."
+    az extension add --name resource-graph
+} else {
+    Write-Host "Azure CLI resource-graph extension is already installed."
+}
+
+$managementGroupFilter = "alz-r"
+if($managementGroupFilter -eq "")
+{
+    throw "Please set a management group filter to avoid disaster!"
+}
+$subscriptionFilter = ""
+
+$managementGroups = @(
+    "dac8feee-8768-4fbd-9cf9-9d96d4718018",
+    "alz-accelerator-parent-test"
+)
+
+$subscriptions = @(
+    "6be58818-3390-4c43-a3bb-2666110eeb66",
+    "5331601a-985a-4f45-87d1-6b4156c8acf5",
+    "bceedecb-9f0b-4aa3-9778-1d1fa92f289e",
+    "9ebf45b8-555d-49c6-81fb-d27ca08f7c28",
+    "eac9acf5-0a34-4db8-ae56-cdbcc7e2cf4c",
+    "3a6bdc35-0830-41ac-b323-37a5a030e241",
+    "c4332eb2-f966-47db-aa47-5d71e239d8aa",
+    "0aeefd1c-62c7-4071-91ad-925899603976",
+    "0d754f66-65b4-4f64-97f5-221f0174ad48"
+)
+
+$roleDefinitionsFilter = "Azure Landing Zones"
+
+$subscriptions | ForEach-Object -Parallel {
+    $subscription = $_
+    $subscriptionDetails = az account show --subscription $subscription | ConvertFrom-Json
+    Write-Host "Processing subscription: $subscription - $($subscriptionDetails.name)"
+
+    $resourceGroups = @("")
+    while ($resourceGroups.Count -gt 0) {
+        if($subscriptionFilter -eq "")
+        {
+            $resourceGroups = az group list --subscription $subscription | ConvertFrom-Json
+        }
+        else
+        {
+            $resourceGroups = az group list --subscription $subscription --query "[?contains(name, '$subscriptionFilter')]" | ConvertFrom-Json
+        }
+
+        $resourceGroups | ForEach-Object -Parallel {
+            $subscription = $using:subscription
+            $subscriptionDetails = $using:subscriptionDetails
+            Write-Host "Deleting resource group: $($_.name) in subscription: $subscription - $($subscriptionDetails.name)"
+            az group delete --subscription $subscription --name $_.name --yes
+        } -ThrottleLimit 10
+    }
+} -ThrottleLimit 10
+
+$managementGroups | ForEach-Object -Parallel {
+    $managementGroupFilter = $using:managementGroupFilter
+    $managementGroup = $_
+    Write-Host "Processing management group: $managementGroup"
+
+    $managementGroupDetails = az account management-group show --name $managementGroup --expand | ConvertFrom-Json
+    $childManagementGroups = $managementGroupDetails.children | Where-Object { $_.type -eq "Microsoft.Management/managementGroups" }
+    if($managementGroupFilter -ne "") {
+        $childManagementGroups = $childManagementGroups | Where-Object { $_.name -like "*$managementGroupFilter*" }
+    }
+
+    $childManagementGroups | ForEach-Object -Parallel {
+        $managementGroup = $using:managementGroup
+        $childManagementGroup = $_
+        Write-Host "Deleting management group: $($childManagementGroup.name) under parent: $managementGroup"
+        az account management-group delete --name $childManagementGroup.name
+    } -ThrottleLimit 10
+
+    $roleDefinitionsFilter = $using:roleDefinitionsFilter
+
+    $roleDefinitions = az role definition list --custom-role-only true --scope "/providers/Microsoft.Management/managementGroups/$managementGroup" --query "[].{name:name,roleName:roleName,id:id,assignableScopes:assignableScopes}" -o json  | ConvertFrom-Json | Where-Object { $_.roleName -like "*$roleDefinitionsFilter*" -and $_.assignableScopes -contains "/providers/Microsoft.Management/managementGroups/$managementGroup" }
+    $roleDefinitions | ForEach-Object -Parallel {
+        $managementGroup = $using:managementGroup
+        $roleDefinition = $_
+
+        Write-Host "$($roleDefinition.roleName) - $($managementGroup): Querying role assignments using Resource Graph for role definition $($roleDefinition.name)"
+        $query = "authorizationresources | where type == 'microsoft.authorization/roleassignments' | where properties.roleDefinitionId == '/providers/Microsoft.Authorization/RoleDefinitions/$($roleDefinition.name)' | order by ['name'] asc"
+        $roleAssignments = az graph query -q $query --query "data[].{id:id,principalId:properties.principalId}" -o json | ConvertFrom-Json
+        $roleAssignments | ForEach-Object -Parallel {
+            $managementGroup = $using:managementGroup
+            $roleDefinition = $using:roleDefinition
+            $roleAssignment = $_
+            Write-Host "Deleting role assignment: $($roleAssignment.id) for role definition: $($roleDefinition.roleName) in management group: $managementGroup"
+            az role assignment delete --ids $roleAssignment.id
+        } -ThrottleLimit 10
+
+        Write-Host "Deleting custom role definition: $($roleDefinition.roleName) in management group: $managementGroup"
+        $result = az role definition delete --name $roleDefinition.name --scope "/providers/Microsoft.Management/managementGroups/$managementGroup" 2>&1
+        if($result -like "*ERROR*")
+        {
+            Write-Warning "Role definition $($roleDefinition.roleName) in management group: $managementGroup could not be deleted...$([Environment]::NewLine)$result"
+        } else {
+            Write-Host "Role definition $($roleDefinition.roleName) in management group: $managementGroup deleted successfully."
+        }
+
+    } -ThrottleLimit 10
+} -ThrottleLimit 10
+
+Write-Host "Cleanup complete. :)"

.github/tests/cleanup-scripts/cleanup_github-repositories.ps1

@@ -1,15 +1,19 @@
 # This file can be used to clean up GitHub repositories if there has been an issue with the End to End tests.
 # CAUTION: Make sure you are connected to the correct organization before running this script!
-$repos = gh repo list microsoft-azure-landing-zones-cd-tests --json name,owner | ConvertFrom-Json
+$filter = ""
 
-$repos | ForEach-Object -Parallel {
-    $match = "*229*"
-    $repoName = "$($_.owner.login)/$($_.name)"
-
-    if($repoName -like $match)
+$repos = @("")
+while ($repos.Count -gt 0) {
+    $repos = gh repo list microsoft-azure-landing-zones-cd-tests --json name,owner | ConvertFrom-Json
+    if($filter -ne "")
     {
+        $repos = $repos | Where-Object { $_.name -like "*$filter*" }
+    }
+
+    $repos | ForEach-Object -Parallel {
+        $repoName = "$($_.owner.login)/$($_.name)"
+
         Write-Host "Deleting repo: $repoName"
         gh repo delete $repoName --yes
-
-    }
-} -ThrottleLimit 10
+    } -ThrottleLimit 10
+}

.github/tests/scripts/azuredevops-pipeline-run.ps1

@@ -50,6 +50,18 @@ function Invoke-Pipeline {
         }
 
         if($iac -eq "bicep") {
+            $pipelineDispatchBody = @{
+                "resources" = @{
+                    "repositories" = @{
+                        "self" = @{
+                            "refName" = "refs/heads/main"
+                        }
+                    }
+                }
+            } | ConvertTo-Json -Depth 100
+        }
+
+        if($iac -eq "bicep-classic") {
             $pipelineDispatchBody = @{
                 "resources" = @{
                     "repositories" = @{