From 1e3a9d9b1e119d15d53de3c9e8d940a5f3770c21 Mon Sep 17 00:00:00 2001 From: galiacheng Date: Sun, 29 Sep 2024 15:46:25 +0800 Subject: [PATCH 01/14] modify aks offer to support tag --- resources/azure-common.properties | 4 ++ .../doc/guidance-for-tagging-resource.md | 10 +++++ .../src/main/arm/createUiDefinition.json | 30 ++++++++++++++- .../src/main/bicep/mainTemplate.bicep | 37 ++++++++++++++++++- .../src/main/bicep/modules/_appGateway.bicep | 8 ++++ .../bicep/modules/_azure-resoruces/_acr.bicep | 4 +- .../bicep/modules/_azure-resoruces/_aks.bicep | 4 ++ .../_azure-resoruces/_appgateway.bicep | 10 +++-- .../modules/_azure-resoruces/_dnsZones.bicep | 3 ++ .../_keyvaultForGatewayBackendCert.bicep | 12 ++++-- .../_keyvault/_keyvaultForWLSSSLCert.bicep | 17 +++++++-- .../_keyvault/_keyvaultWithExistingCert.bicep | 13 +++++-- .../_keyvault/_keyvaultWithNewCert.bicep | 10 +++-- .../_keyvaultForGateway.bicep | 6 +++ .../modules/_azure-resoruces/_storage.bicep | 11 ++++-- .../_azure-resoruces/_vnetAppGateway.bicep | 4 ++ .../_ds-create-networking.bicep | 3 ++ .../_ds-create-wls-cluster.bicep | 3 ++ .../_ds-datasource-connection.bicep | 3 ++ .../_ds-output-domain-configurations.bicep | 3 ++ .../_ds-query-storage-account.bicep | 2 + .../_ds-validate-applications.bicep | 3 ++ .../_ds-validate-parameters.bicep | 2 + .../_deployment-scripts/_ds_enable_hpa.bicep | 3 ++ .../_ds_enable_prometheus_metrics.bicep | 3 ++ .../_ds_install_agic.bicep | 3 ++ ...ery_available_private_ip_from_subnet.bicep | 3 ++ .../_ds_validate_agic.bicep | 3 ++ .../bicep/modules/_enableAutoScaling.bicep | 4 ++ .../bicep/modules/_enablePromethuesKeda.bicep | 5 +++ .../modules/_preDeployedAzureResources.bicep | 2 + .../bicep/modules/_setupDBConnection.bicep | 3 ++ .../_setupPasswordlessDBConnection.bicep | 3 ++ .../main/bicep/modules/_uamiAndRoles.bicep | 2 + .../src/main/bicep/modules/networking.bicep | 9 ++++- .../bicep/modules/setupWebLogicCluster.bicep | 5 +++ 36 files changed, 226 insertions(+), 24 deletions(-) diff --git a/resources/azure-common.properties b/resources/azure-common.properties index 1c4a8a808..3be0fa60e 100644 --- a/resources/azure-common.properties +++ b/resources/azure-common.properties @@ -52,18 +52,22 @@ azure.powershell.version=11.5 # These filters are used to implement tags for resources. Other occurrences of these resource type identifiers # are intentionally not filtered because doing so would unnecessarily complicate the code. +identifier.accounts=Microsoft.Monitor/accounts identifier.applicationGateways=Microsoft.Network/applicationGateways identifier.availabilitySets=Microsoft.Compute/availabilitySets identifier.dnszones=Microsoft.Network/dnszones +identifier.managedClusters=Microsoft.ContainerService/managedClusters identifier.networkInterfaces=Microsoft.Network/networkInterfaces identifier.networkSecurityGroups=Microsoft.Network/networkSecurityGroups identifier.publicIPAddresses=Microsoft.Network/publicIPAddresses identifier.privateEndpoints=Microsoft.Network/privateEndpoints +identifier.registries=Microsoft.ContainerRegistry/registries identifier.storageAccounts=Microsoft.Storage/storageAccounts identifier.vaults=Microsoft.KeyVault/vaults identifier.virtualNetworks=Microsoft.Network/virtualNetworks identifier.virtualMachines=Microsoft.Compute/virtualMachines identifier.virtualMachinesExtensions=Virtual machine extension +identifier.workspaces=Microsoft.OperationalInsights/workspaces identifier.deploymentScripts=Microsoft.Resources/deploymentScripts identifier.userAssignedIdentities=Microsoft.ManagedIdentity/userAssignedIdentities identifier.resourcesDeployment=Microsoft resources deployment diff --git a/resources/doc/guidance-for-tagging-resource.md b/resources/doc/guidance-for-tagging-resource.md index b12e83204..96a4b26a7 100644 --- a/resources/doc/guidance-for-tagging-resource.md +++ b/resources/doc/guidance-for-tagging-resource.md @@ -156,3 +156,13 @@ Refer to this [pull request](https://github.com/oracle/weblogic-azure/pull/327/) } ] ``` + +## Step 4: Known issues + +The tag is not applied to resources that are not deployed through our template, so we cannot apply tags to them from the template. + +Known resources: + +- Microsoft.Compute/virtualMachines/extensions + - OmsAgentForLinux + - MDE.Linux diff --git a/weblogic-azure-aks/src/main/arm/createUiDefinition.json b/weblogic-azure-aks/src/main/arm/createUiDefinition.json index f00102162..158a87160 100644 --- a/weblogic-azure-aks/src/main/arm/createUiDefinition.json +++ b/weblogic-azure-aks/src/main/arm/createUiDefinition.json @@ -2326,6 +2326,33 @@ "visible": "[bool(steps('section_autoScaling').enableAutoscaling)]" } ] + }, + { + "name": "tags", + "label": "Tags", + "elements": [ + { + "name": "tagsByResource", + "type": "Microsoft.Common.TagsByResource", + "resources": [ + "${identifier.managedClusters}", + "${identifier.applicationGateways}", + "${identifier.registries}", + "${identifier.virtualMachines}", + "${identifier.virtualMachinesExtensions}", + "${identifier.virtualNetworks}", + "${identifier.networkInterfaces}", + "${identifier.networkSecurityGroups}", + "${identifier.publicIPAddresses}", + "${identifier.storageAccounts}", + "${identifier.vaults}", + "${identifier.userAssignedIdentities}", + "${identifier.dnszones}", + "${identifier.deploymentScripts}" + ], + "toolTip": "Tags help you organize your resources and categorize them for billing or management purposes. You can apply tags to resources deployed by the offer." + } + ] } ], "outputs": { @@ -2425,7 +2452,8 @@ "wlsImageTag": "[if(equals(steps('section_aks').imageInfo.oracleImageSelector, 'others'), steps('section_aks').imageInfo.fromOracleImage, steps('section_aks').imageInfo.oracleImageSelector)]", "wlsJavaOption": "[basics('basicsOptional').wlsJavaOption]", "wlsPassword": "[basics('basicsRequired').wlsPassword]", - "wlsUserName": "[basics('basicsRequired').wlsUserName]" + "wlsUserName": "[basics('basicsRequired').wlsUserName]", + "tagsByResource": "[steps('tags').tagsByResource]" } } } diff --git a/weblogic-azure-aks/src/main/bicep/mainTemplate.bicep b/weblogic-azure-aks/src/main/bicep/mainTemplate.bicep index 28dad9643..496e0414b 100644 --- a/weblogic-azure-aks/src/main/bicep/mainTemplate.bicep +++ b/weblogic-azure-aks/src/main/bicep/mainTemplate.bicep @@ -248,6 +248,8 @@ param sslUploadedPrivateKeyAlias string = newGuid() @secure() @description('Password of the private key') param sslUploadedPrivateKeyPassPhrase string = newGuid() +@description('${label.tagsLabel}') +param tagsByResource object = {} @description('Public port of the custom T3 channel in admin server') param t3ChannelAdminPort int = 7005 @description('Public port of the custom T3 channel in WebLoigc cluster') @@ -311,6 +313,22 @@ param wlsUserName string = 'weblogic' // To mitigate arm-ttk error: Type Mismatch: Parameter in nested template is defined as string, but the parent template defines it as bool. var _enableCustomSSL = enableCustomSSL var _enableAppGWIngress = enableAppGWIngress +var _objTagsByResource = { + '${identifier.managedClusters}': tagsFilter(tagsByResource, '${identifier.managedClusters}') + '${identifier.applicationGateways}': tagsFilter(tagsByResource, '${identifier.applicationGateways}') + '${identifier.registries}': tagsFilter(tagsByResource, '${identifier.registries}') + '${identifier.virtualMachines}': tagsFilter(tagsByResource, '${identifier.virtualMachines}') + '${identifier.virtualMachinesExtensions}': tagsFilter(tagsByResource, '${identifier.virtualMachinesExtensions}') + '${identifier.virtualNetworks}': tagsFilter(tagsByResource, '${identifier.virtualNetworks}') + '${identifier.networkInterfaces}': tagsFilter(tagsByResource, '${identifier.networkInterfaces}') + '${identifier.networkSecurityGroups}': tagsFilter(tagsByResource, '${identifier.networkSecurityGroups}') + '${identifier.publicIPAddresses}': tagsFilter(tagsByResource, '${identifier.publicIPAddresses}') + '${identifier.storageAccounts}': tagsFilter(tagsByResource, '${identifier.storageAccounts}') + '${identifier.vaults}': tagsFilter(tagsByResource, '${identifier.vaults}') + '${identifier.userAssignedIdentities}': tagsFilter(tagsByResource, '${identifier.userAssignedIdentities}') + '${identifier.dnszones}': tagsFilter(tagsByResource, '${identifier.dnszones}') + '${identifier.deploymentScripts}': tagsFilter(tagsByResource, '${identifier.deploymentScripts}') +} var _useExistingAppGatewaySSLCertificate = (appGatewayCertificateOption == const_appGatewaySSLCertOptionHaveCert) ? true : false var const_appGatewaySSLCertOptionHaveCert = 'haveCert' @@ -357,6 +375,8 @@ var obj_uamiForDeploymentScript = { } } +func tagsFilter(tagsByResource object, resourceIdentifier string) object => contains(tagsByResource, resourceIdentifier) ? tagsByResource[resourceIdentifier] : json('{}') + /* * Beginning of the offer deployment */ @@ -374,6 +394,7 @@ module uamiDeployment 'modules/_uamiAndRoles.bicep' = { name: 'uami-deployment' params: { location: location + tagsByResource: _objTagsByResource } } @@ -387,6 +408,7 @@ module preAzureResourceDeployment './modules/_preDeployedAzureResources.bicep' = acrResourceGroupName: acrResourceGroupName createNewAcr: const_createNewAcr location: location + tagsByResource: _objTagsByResource } } @@ -440,6 +462,7 @@ module validateInputs 'modules/_deployment-scripts/_ds-validate-parameters.bicep sslUploadedCustomTrustKeyStoreType: sslUploadedCustomTrustKeyStoreType sslUploadedPrivateKeyAlias: sslUploadedPrivateKeyAlias sslUploadedPrivateKeyPassPhrase: sslUploadedPrivateKeyPassPhrase + tagsByResource: _objTagsByResource useAksWellTestedVersion: useLatestSupportedAksVersion userProvidedAcr: userProvidedAcr // used in user provided images userProvidedAcrRgName: userProvidedAcrRgName @@ -461,6 +484,7 @@ module wlsSSLCertSecretsDeployment 'modules/_azure-resoruces/_keyvault/_keyvault keyVaultName: name_keyVaultName location: location sku: keyVaultSku + tagsByResource: _objTagsByResource wlsIdentityKeyStoreData: sslUploadedCustomIdentityKeyStoreData wlsIdentityKeyStoreDataSecretName: name_identityKeyStoreDataSecret wlsIdentityKeyStorePassphrase: sslUploadedCustomIdentityKeyStorePassphrase @@ -495,6 +519,7 @@ module queryStorageAccount 'modules/_deployment-scripts/_ds-query-storage-accoun azCliVersion: const_azcliVersion identity: obj_uamiForDeploymentScript location: location + tagsByResource: _objTagsByResource } } @@ -511,6 +536,7 @@ module appgwSecretDeployment 'modules/_azure-resoruces/_keyvaultForGateway.bicep subjectName: format('CN={0}', enableDNSConfiguration ? format('{0}.{1}', dnsNameforApplicationGateway, dnszoneName) : const_azureSubjectName) useExistingAppGatewaySSLCertificate: _useExistingAppGatewaySSLCertificate keyVaultName: name_keyVaultName + tagsByResource: _objTagsByResource } dependsOn: [ wlsSSLCertSecretsDeployment @@ -541,6 +567,7 @@ module appgatewayDeployment 'modules/_appGateway.bicep' = if (enableAppGWIngress newOrExistingVnetForApplicationGateway: newOrExistingVnetForApplicationGateway vnetForApplicationGateway: vnetForApplicationGateway vnetRGNameForApplicationGateway: vnetRGNameForApplicationGateway + tagsByResource: _objTagsByResource } dependsOn: [ appgwSecretDeployment @@ -593,6 +620,7 @@ module wlsDomainDeployment 'modules/setupWebLogicCluster.bicep' = if (!enableCus storageAccountName: name_storageAccountName t3ChannelAdminPort: t3ChannelAdminPort t3ChannelClusterPort: t3ChannelClusterPort + tagsByResource: _objTagsByResource wdtRuntimePassword: wdtRuntimePassword userProvidedAcr: userProvidedAcr userProvidedAcrRgName: userProvidedAcrRgName @@ -670,6 +698,7 @@ module wlsDomainWithCustomSSLDeployment 'modules/setupWebLogicCluster.bicep' = i userProvidedAcrRgName: userProvidedAcrRgName userProvidedImagePath: userProvidedImagePath useOracleImage: useOracleImage + tagsByResource: _objTagsByResource wdtRuntimePassword: wdtRuntimePassword wlsClusterSize: wlsClusterSize wlsCPU: wlsCPU @@ -729,9 +758,10 @@ module networkingDeployment 'modules/networking.bicep' = if (const_enableNetwork identity: obj_uamiForDeploymentScript location: location lbSvcValues: lbSvcValues + tagsByResource: _objTagsByResource useInternalLB: useInternalLB wlsDomainName: wlsDomainName - wlsDomainUID: wlsDomainUID + wlsDomainUID: wlsDomainUID } dependsOn: [ appgatewayDeployment @@ -761,6 +791,7 @@ module datasourceDeployment 'modules/_setupDBConnection.bicep' = if (enableDB && identity: obj_uamiForDeploymentScript jdbcDataSourceName: jdbcDataSourceName location: location + tagsByResource: _objTagsByResource wlsDomainUID: wlsDomainUID wlsPassword: wlsPassword wlsUserName: wlsUserName @@ -790,6 +821,7 @@ module passwordlessDatasourceDeployment 'modules/_setupPasswordlessDBConnection. identity: obj_uamiForDeploymentScript jdbcDataSourceName: jdbcDataSourceName location: location + tagsByResource: _objTagsByResource wlsDomainUID: wlsDomainUID wlsPassword: wlsPassword wlsUserName: wlsUserName @@ -813,6 +845,7 @@ module validateApplciations 'modules/_deployment-scripts/_ds-validate-applicatio azCliVersion: const_azcliVersion identity: obj_uamiForDeploymentScript location: location + tagsByResource: _objTagsByResource wlsDomainUID: wlsDomainUID wlsPassword: wlsPassword wlsUserName: wlsUserName @@ -837,6 +870,7 @@ module horizontalAutoscaling 'modules/_enableAutoScaling.bicep' = if (enableAuto hpaScaleType: hpaScaleType identity: obj_uamiForDeploymentScript location: location + tagsByResource: _objTagsByResource useHpa: useHpa utilizationPercentage: hpaScaleType == 'cpu' ? averageCpuUtilization : averageMemoryUtilization wlsClusterSize: wlsClusterSize @@ -864,6 +898,7 @@ module queryWLSDomainConfig 'modules/_deployment-scripts/_ds-output-domain-confi azCliVersion: const_azcliVersion identity: obj_uamiForDeploymentScript location: location + tagsByResource: _objTagsByResource wlsClusterName: const_wlsClusterName wlsDomainUID: wlsDomainUID } diff --git a/weblogic-azure-aks/src/main/bicep/modules/_appGateway.bicep b/weblogic-azure-aks/src/main/bicep/modules/_appGateway.bicep index a9ae7161e..c00bedeaf 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_appGateway.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_appGateway.bicep @@ -21,6 +21,8 @@ param location string param newOrExistingVnetForApplicationGateway string param vnetForApplicationGateway object param vnetRGNameForApplicationGateway string +@description('${label.tagsLabel}') +param tagsByResource object // To mitigate arm-ttk error: Type Mismatch: Parameter in nested template is defined as string, but the parent template defines it as bool. var _appgwUsePrivateIP = appgwUsePrivateIP @@ -56,6 +58,7 @@ module networkDeployment '_azure-resoruces/_vnetAppGateway.bicep' = { params: { location: location vnetForApplicationGateway: vnetForApplicationGateway + tagsByResource: tagsByResource } dependsOn: [ pidAppgwStart @@ -70,6 +73,7 @@ module queryPrivateIPFromSubnet '_deployment-scripts/_ds_query_available_private location: location subnetId: networkDeployment.outputs.subIdForApplicationGateway knownIP: networkDeployment.outputs.knownIPAddress + tagsByResource: tagsByResource } dependsOn: [ networkDeployment @@ -92,6 +96,7 @@ module appgwDeployment1 '_azure-resoruces/_appgateway.bicep' = if (_selfSignedFr staticPrivateFrontentIP: _appgwUsePrivateIP ? queryPrivateIPFromSubnet.outputs.privateIP : '' trustedRootCertData: const_null usePrivateIP: appgwUsePrivateIP + tagsByResource: tagsByResource } dependsOn: [ queryPrivateIPFromSubnet @@ -114,6 +119,7 @@ module appgwDeployment2 '_azure-resoruces/_appgateway.bicep' = if (_selfSignedFr staticPrivateFrontentIP: _appgwUsePrivateIP ? queryPrivateIPFromSubnet.outputs.privateIP : '' trustedRootCertData: existingKeyvault.getSecret(keyvaultBackendCertDataSecretName) usePrivateIP: appgwUsePrivateIP + tagsByResource: tagsByResource } dependsOn: [ queryPrivateIPFromSubnet @@ -135,6 +141,7 @@ module appgwDeployment3 '_azure-resoruces/_appgateway.bicep' = if (_signedFronte staticPrivateFrontentIP: _appgwUsePrivateIP ? queryPrivateIPFromSubnet.outputs.privateIP : '' trustedRootCertData: const_null usePrivateIP: appgwUsePrivateIP + tagsByResource: tagsByResource } dependsOn: [ queryPrivateIPFromSubnet @@ -156,6 +163,7 @@ module appgwDeployment4 '_azure-resoruces/_appgateway.bicep' = if (_signedFronte staticPrivateFrontentIP: _appgwUsePrivateIP ? queryPrivateIPFromSubnet.outputs.privateIP : '' trustedRootCertData: existingKeyvault.getSecret(keyvaultBackendCertDataSecretName) usePrivateIP: appgwUsePrivateIP + tagsByResource: tagsByResource } dependsOn: [ queryPrivateIPFromSubnet diff --git a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_acr.bicep b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_acr.bicep index f7310f170..6f4fe9abe 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_acr.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_acr.bicep @@ -3,9 +3,10 @@ param acrNamePrefix string = 'wlsaksacr' param location string +param tagsByResource object param utcValue string = utcNow() -var name_acr= '${acrNamePrefix}${uniqueString(utcValue)}' +var name_acr = '${acrNamePrefix}${uniqueString(utcValue)}' resource registries 'Microsoft.ContainerRegistry/registries@${azure.apiVersionForContainerRegistries}' = { name: name_acr @@ -38,6 +39,7 @@ resource registries 'Microsoft.ContainerRegistry/registries@${azure.apiVersionFo zoneRedundancy: 'Disabled' anonymousPullEnabled: false } + tags: tagsByResource['${identifier.registries}'] } output acrName string = name_acr diff --git a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_aks.bicep b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_aks.bicep index 0f494cfc8..1f1abccfe 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_aks.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_aks.bicep @@ -25,6 +25,8 @@ param aksVersion string = 'default' @description('In addition to the CPU and memory metrics included in AKS by default, you can enable Container Insights for more comprehensive data on the overall performance and health of your cluster. Billing is based on data ingestion and retention settings.') param enableAzureMonitoring bool = false param location string +@description('${label.tagsLabel}') +param tagsByResource object param utcValue string = utcNow() var const_aksAgentPoolOSDiskSizeGB = 128 @@ -44,6 +46,7 @@ var obj_aciEnableOmsAgent = { resource azureMonitoringWorkspace 'Microsoft.OperationalInsights/workspaces@${azure.apiVersionForInsightsWorkspaces}' = if (enableAzureMonitoring) { name: name_aciWorkspace location: location + tags: tagsByResource['${identifier.workspaces}'] properties: { sku: { name: aciWorkspaceSku @@ -60,6 +63,7 @@ resource azureMonitoringWorkspace 'Microsoft.OperationalInsights/workspaces@${az resource aksCluster 'Microsoft.ContainerService/managedClusters@${azure.apiVersionForManagedClusters}' = { name: name_aksClusterNameForSV location: location + tags: tagsByResource['${identifier.managedClusters}'] properties: { kubernetesVersion: aksVersion dnsPrefix: '${name_aksClusterNameForSV}-dns' diff --git a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_appgateway.bicep b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_appgateway.bicep index 984036e59..7ae834587 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_appgateway.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_appgateway.bicep @@ -19,6 +19,7 @@ param staticPrivateFrontentIP string = '10.0.0.1' @secure() param trustedRootCertData string = newGuid() param usePrivateIP bool = false +param tagsByResource object param utcValue string = utcNow() var const_sslCertPsw = (noSslCertPsw) ? '' : sslCertPswData @@ -74,12 +75,17 @@ var obj_frontendIPConfigurations2 = [ } ] +var tagIngress = { + 'managed-by-k8s-ingress': 'true' +} + resource gatewayPublicIP 'Microsoft.Network/publicIPAddresses@${azure.apiVersionForPublicIPAddresses}' = { name: gatewayPublicIPAddressName sku: { name: 'Standard' } location: location + tags: tagsByResource['identifier.publicIPAddresses'] properties: { publicIPAllocationMethod: 'Static' dnsSettings: { @@ -91,9 +97,7 @@ resource gatewayPublicIP 'Microsoft.Network/publicIPAddresses@${azure.apiVersion resource wafv2AppGateway 'Microsoft.Network/applicationGateways@${azure.apiVersionForApplicationGateways}' = { name: name_appGateway location: location - tags: { - 'managed-by-k8s-ingress': 'true' - } + tags: union(tagsByResource['identifier.applicationGateways'], tagIngress) properties: { sku: { name: 'WAF_v2' diff --git a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_dnsZones.bicep b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_dnsZones.bicep index 7cf83d3b2..18f740809 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_dnsZones.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_dnsZones.bicep @@ -1,9 +1,12 @@ @description('Azure DNS Zone name.') param dnszoneName string +@description('${label.tagsLabel}') +param tagsByResource object resource dnszoneName_resource 'Microsoft.Network/dnszones@${azure.apiVersionForDNSZone}' = { name: dnszoneName location: 'global' + tags: tagsByResource['${identifier.dnszones}'] properties: { zoneType: 'Public' } diff --git a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_keyvault/_keyvaultForGatewayBackendCert.bicep b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_keyvault/_keyvaultForGatewayBackendCert.bicep index 91b721611..77e495329 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_keyvault/_keyvaultForGatewayBackendCert.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_keyvault/_keyvaultForGatewayBackendCert.bicep @@ -18,8 +18,15 @@ param location string @description('Price tier for Key Vault.') param sku string = 'Standard' +@description('${label.tagsLabel}') +param tagsByResource object + param utcValue string = utcNow() +var obj_extraTag= { + 'created-by-azure-weblogic': utcValue +} + resource keyvault 'Microsoft.KeyVault/vaults@${azure.apiVersionForKeyVault}' = { name: keyVaultName location: location @@ -32,9 +39,7 @@ resource keyvault 'Microsoft.KeyVault/vaults@${azure.apiVersionForKeyVault}' = { } tenantId: subscription().tenantId } - tags:{ - 'managed-by-azure-weblogic': utcValue - } + tags: union(tagsByResource['${identifier.vaults}'], obj_extraTag) } resource secretForCertificate 'Microsoft.KeyVault/vaults/secrets@${azure.apiVersionForKeyVaultSecrets}' = { @@ -42,6 +47,7 @@ resource secretForCertificate 'Microsoft.KeyVault/vaults/secrets@${azure.apiVers properties: { value: certificateDataValue } + tags: union(tagsByResource['${identifier.vaults}'], obj_extraTag) dependsOn: [ keyvault ] diff --git a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_keyvault/_keyvaultForWLSSSLCert.bicep b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_keyvault/_keyvaultForWLSSSLCert.bicep index d553f63d0..a8878c19e 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_keyvault/_keyvaultForWLSSSLCert.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_keyvault/_keyvaultForWLSSSLCert.bicep @@ -8,6 +8,7 @@ param keyVaultName string param location string @description('Price tier for Key Vault.') param sku string = 'Standard' +param tagsByResource object param utcValue string = utcNow() @secure() param wlsIdentityKeyStoreData string = newGuid() @@ -28,9 +29,13 @@ param wlsTrustKeyStoreDataSecretName string = 'myTrustKeyStoreData' param wlsTrustKeyStorePassPhrase string = newGuid() param wlsTrustKeyStorePassPhraseSecretName string = 'myTrustKeyStorePsw' +var obj_extraTag= { + 'created-by-azure-weblogic': utcValue +} + resource keyvault 'Microsoft.KeyVault/vaults@${azure.apiVersionForKeyVault}' = { name: keyVaultName - location: location + location: location properties: { accessPolicies: [] enabledForTemplateDeployment: enabledForTemplateDeployment @@ -40,13 +45,12 @@ resource keyvault 'Microsoft.KeyVault/vaults@${azure.apiVersionForKeyVault}' = { } tenantId: subscription().tenantId } - tags: { - 'managed-by-azure-weblogic': utcValue - } + tags: union(tagsByResource['${identifier.vaults}'],obj_extraTag) } resource identityKeyStoreDataSecret 'Microsoft.KeyVault/vaults/secrets@${azure.apiVersionForKeyVaultSecrets}' = { name: '${keyVaultName}/${wlsIdentityKeyStoreDataSecretName}' + tags: tagsByResource['${identifier.vaults}'] properties: { value: wlsIdentityKeyStoreData } @@ -57,6 +61,7 @@ resource identityKeyStoreDataSecret 'Microsoft.KeyVault/vaults/secrets@${azure.a resource identityKeyStorePswSecret 'Microsoft.KeyVault/vaults/secrets@${azure.apiVersionForKeyVaultSecrets}' = { name: '${keyVaultName}/${wlsIdentityKeyStorePassphraseSecretName}' + tags: tagsByResource['${identifier.vaults}'] properties: { value: wlsIdentityKeyStorePassphrase } @@ -67,6 +72,7 @@ resource identityKeyStorePswSecret 'Microsoft.KeyVault/vaults/secrets@${azure.ap resource privateKeyAliasSecret 'Microsoft.KeyVault/vaults/secrets@${azure.apiVersionForKeyVaultSecrets}' = { name: '${keyVaultName}/${wlsPrivateKeyAliasSecretName}' + tags: tagsByResource['${identifier.vaults}'] properties: { value: wlsPrivateKeyAlias } @@ -77,6 +83,7 @@ resource privateKeyAliasSecret 'Microsoft.KeyVault/vaults/secrets@${azure.apiVer resource privateKeyPswSecret 'Microsoft.KeyVault/vaults/secrets@${azure.apiVersionForKeyVaultSecrets}' = { name: '${keyVaultName}/${wlsPrivateKeyPassPhraseSecretName}' + tags: tagsByResource['${identifier.vaults}'] properties: { value: wlsPrivateKeyPassPhrase } @@ -87,6 +94,7 @@ resource privateKeyPswSecret 'Microsoft.KeyVault/vaults/secrets@${azure.apiVersi resource trustKeyStoreDataSecret 'Microsoft.KeyVault/vaults/secrets@${azure.apiVersionForKeyVaultSecrets}' = { name: '${keyVaultName}/${wlsTrustKeyStoreDataSecretName}' + tags: tagsByResource['${identifier.vaults}'] properties: { value: wlsTrustKeyStoreData } @@ -97,6 +105,7 @@ resource trustKeyStoreDataSecret 'Microsoft.KeyVault/vaults/secrets@${azure.apiV resource trustKeyStorePswSecret 'Microsoft.KeyVault/vaults/secrets@${azure.apiVersionForKeyVaultSecrets}' = { name: '${keyVaultName}/${wlsTrustKeyStorePassPhraseSecretName}' + tags: tagsByResource['${identifier.vaults}'] properties: { value: wlsTrustKeyStorePassPhrase } diff --git a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_keyvault/_keyvaultWithExistingCert.bicep b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_keyvault/_keyvaultWithExistingCert.bicep index e8bee9ebe..155c97432 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_keyvault/_keyvaultWithExistingCert.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_keyvault/_keyvaultWithExistingCert.bicep @@ -25,8 +25,15 @@ param location string @description('Price tier for Key Vault.') param sku string = 'Standard' +@description('${label.tagsLabel}') +param tagsByResource object + param utcValue string = utcNow() +var obj_extraTag= { + 'created-by-azure-weblogic': utcValue +} + resource keyvault 'Microsoft.KeyVault/vaults@${azure.apiVersionForKeyVault}' = { name: keyVaultName location: location @@ -39,9 +46,7 @@ resource keyvault 'Microsoft.KeyVault/vaults@${azure.apiVersionForKeyVault}' = { } tenantId: subscription().tenantId } - tags:{ - 'managed-by-azure-weblogic': utcValue - } + tags: union(tagsByResource['${identifier.vaults}'], obj_extraTag) } resource secretForCertificate 'Microsoft.KeyVault/vaults/secrets@${azure.apiVersionForKeyVault}' = { @@ -49,6 +54,7 @@ resource secretForCertificate 'Microsoft.KeyVault/vaults/secrets@${azure.apiVers properties: { value: certificateDataValue } + tags: union(tagsByResource['${identifier.vaults}'], obj_extraTag) dependsOn: [ keyvault ] @@ -59,6 +65,7 @@ resource secretForCertPassword 'Microsoft.KeyVault/vaults/secrets@${azure.apiVer properties: { value: certificatePasswordValue } + tags: union(tagsByResource['${identifier.vaults}'], obj_extraTag) dependsOn: [ keyvault ] diff --git a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_keyvault/_keyvaultWithNewCert.bicep b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_keyvault/_keyvaultWithNewCert.bicep index 412ab66f1..e785e12d2 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_keyvault/_keyvaultWithNewCert.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_keyvault/_keyvaultWithNewCert.bicep @@ -27,13 +27,19 @@ param sku string = 'Standard' @description('Subject name to create a new certificate, example: \'CN=contoso.com\'.') param subjectName string = 'contoso.xyz' +@description('${label.tagsLabel}') +param tagsByResource object param utcValue string = utcNow() +var obj_extraTag= { + 'created-by-azure-weblogic': utcValue +} var const_identityId = '${substring(string(identity.userAssignedIdentities), indexOf(string(identity.userAssignedIdentities), '"') + 1, lastIndexOf(string(identity.userAssignedIdentities), '"') - (indexOf(string(identity.userAssignedIdentities), '"') + 1))}' resource keyvault 'Microsoft.KeyVault/vaults@${azure.apiVersionForKeyVault}' = { name: keyVaultName location: location + tags: union(tagsByResource['${identifier.vaults}'], obj_extraTag) properties: { sku: { family: 'A' @@ -53,9 +59,6 @@ resource keyvault 'Microsoft.KeyVault/vaults@${azure.apiVersionForKeyVault}' = { enabledForTemplateDeployment: true enableSoftDelete: true } - tags:{ - 'managed-by-azure-weblogic': utcValue - } } resource createAddCertificate 'Microsoft.Resources/deploymentScripts@${azure.apiVersionForDeploymentScript}' = { @@ -63,6 +66,7 @@ resource createAddCertificate 'Microsoft.Resources/deploymentScripts@${azure.api location: location identity: identity kind: 'AzurePowerShell' + tags: tagsByResource['${identifier.deploymentScripts}'] properties: { forceUpdateTag: utcValue azPowerShellVersion: '${azure.powershell.version}' diff --git a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_keyvaultForGateway.bicep b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_keyvaultForGateway.bicep index a86629de6..153b93f38 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_keyvaultForGateway.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_keyvaultForGateway.bicep @@ -41,6 +41,9 @@ param useExistingAppGatewaySSLCertificate bool = false @description('Current deployment time. Used as a tag in deployment script.') param keyVaultName string = 'GEN_UNIQUE' +@description('${label.tagsLabel}') +param tagsByResource object + var name_sslBackendCertSercretName= 'myAppGatewaySSLBackendRootCert' var name_sslCertSecretName = 'myAppGatewaySSLCert' var name_sslCertPasswordSecretName = 'myAppGatewaySSLCertPassword' @@ -54,6 +57,7 @@ module keyVaultwithSelfSignedAppGatewaySSLCert '_keyvault/_keyvaultWithNewCert.b permission: permission subjectName: subjectName sku: sku + tagsByResource: tagsByResource } } @@ -68,6 +72,7 @@ module keyVaultwithExistingAppGatewaySSLCert '_keyvault/_keyvaultWithExistingCer keyVaultName: keyVaultName location: location sku: sku + tagsByResource: tagsByResource } } @@ -80,6 +85,7 @@ module keyvaultBackendRootCert '_keyvault/_keyvaultForGatewayBackendCert.bicep' keyVaultName: keyVaultName location: location sku: sku + tagsByResource: tagsByResource } dependsOn:[ keyVaultwithSelfSignedAppGatewaySSLCert diff --git a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_storage.bicep b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_storage.bicep index 4d543cfde..443ec25cf 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_storage.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_storage.bicep @@ -4,15 +4,21 @@ param fileShareName string param location string param storageAccountName string = 'stg-contoso' +@description('${label.tagsLabel}') +param tagsByResource object param utcValue string = utcNow() var const_shareQuota = 5120 var const_sku = 'Standard_LRS' +var objExtraTag = { + 'created-by-azure-weblogic': utcValue +} resource storageAccount 'Microsoft.Storage/storageAccounts@${azure.apiVersionForStorage}' = { name: storageAccountName location: location kind: 'StorageV2' + tags: union(tagsByResource['${identifier.storageAccounts}'], objExtraTag) sku: { name: const_sku tier: 'Standard' @@ -33,10 +39,7 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@${azure.apiVersionFor keySource: 'Microsoft.Storage' } accessTier: 'Hot' - } - tags:{ - 'managed-by-azure-weblogic': utcValue - } + } } resource fileService 'Microsoft.Storage/storageAccounts/fileServices/shares@${azure.apiVersionForStorageFileService}' = { diff --git a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_vnetAppGateway.bicep b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_vnetAppGateway.bicep index ffe050227..015998942 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_vnetAppGateway.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_vnetAppGateway.bicep @@ -18,6 +18,8 @@ param vnetForApplicationGateway object = { } } } +@description('${label.tagsLabel}') +param tagsByResource object param utcValue string = utcNow() var const_subnetAddressPrefixes = vnetForApplicationGateway.subnets.gatewaySubnet.addressPrefix @@ -43,6 +45,7 @@ resource existingSubnet 'Microsoft.Network/virtualNetworks/subnets@${azure.apiVe resource nsg 'Microsoft.Network/networkSecurityGroups@${azure.apiVersionForNetworkSecurityGroups}' = if (const_newVnet) { name: name_nsg location: location + tags: tagsByResource['${identifier.networkSecurityGroups}'] properties: { securityRules: [ { @@ -82,6 +85,7 @@ resource nsg 'Microsoft.Network/networkSecurityGroups@${azure.apiVersionForNetwo resource newVnet 'Microsoft.Network/virtualNetworks@${azure.apiVersionForVirtualNetworks}' = if (const_newVnet) { name: name_vnet location: location + tags: tagsByResource['${identifier.virtualNetworks}'] properties: { addressSpace: { addressPrefixes: const_vnetAddressPrefixes diff --git a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-networking.bicep b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-networking.bicep index fd85b75ae..79b4d6c8b 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-networking.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-networking.bicep @@ -34,6 +34,8 @@ param useInternalLB bool = false param utcValue string = utcNow() param wlsDomainName string = 'domain1' param wlsDomainUID string = 'sample-domain1' +@description('${label.tagsLabel}') +param tagsByResource object var const_commonScript = 'common.sh' var const_createDnsRecordScript = 'createDnsRecord.sh' @@ -48,6 +50,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers location: location kind: 'AzureCLI' identity: identity + tags: tagsByResource['${identifier.deploymentScripts}'] properties: { azCliVersion: azCliVersion environmentVariables: [ diff --git a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-wls-cluster.bicep b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-wls-cluster.bicep index 810b4b10e..3a407ed19 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-wls-cluster.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-wls-cluster.bicep @@ -29,6 +29,8 @@ param managedServerPrefix string = 'managed-server' param ocrSSOPSW string param ocrSSOUser string param storageAccountName string = 'null' +@description('${label.tagsLabel}') +param tagsByResource object param t3ChannelAdminPort int = 7005 param t3ChannelClusterPort int = 8011 param utcValue string = utcNow() @@ -84,6 +86,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers location: location kind: 'AzureCLI' identity: identity + tags: tagsByResource['${identifier.deploymentScripts}'] properties: { azCliVersion: azCliVersion environmentVariables: [ diff --git a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-datasource-connection.bicep b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-datasource-connection.bicep index 39ec4f321..4d01b280a 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-datasource-connection.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-datasource-connection.bicep @@ -21,6 +21,8 @@ param enablePswlessConnection bool = false param identity object = {} param jdbcDataSourceName string param location string +@description('${label.tagsLabel}') +param tagsByResource object param utcValue string = utcNow() param wlsDomainUID string = 'sample-domain1' @secure() @@ -40,6 +42,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers location: location kind: 'AzureCLI' identity: identity + tags: tagsByResource['${identifier.deploymentScripts}'] properties: { azCliVersion: azCliVersion environmentVariables: [ diff --git a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-output-domain-configurations.bicep b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-output-domain-configurations.bicep index 5ede45003..0b6602183 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-output-domain-configurations.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-output-domain-configurations.bicep @@ -6,6 +6,8 @@ param aksClusterName string = '' param azCliVersion string = '' param identity object = {} param location string +@description('${label.tagsLabel}') +param tagsByResource object param utcValue string = utcNow() param wlsClusterName string = 'cluster-1' param wlsDomainUID string = 'sample-domain1' @@ -20,6 +22,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers location: location kind: 'AzureCLI' identity: identity + tags: tagsByResource['${identifier.deploymentScripts}'] properties: { azCliVersion: azCliVersion environmentVariables: [ diff --git a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-query-storage-account.bicep b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-query-storage-account.bicep index 88ca9ed37..64b9238d3 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-query-storage-account.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-query-storage-account.bicep @@ -7,6 +7,7 @@ param azCliVersion string = '' param identity object = {} param location string +param tagsByResource object param utcValue string = utcNow() // To mitigate arm-ttk error: Unreferenced variable: $fxv#0 @@ -20,6 +21,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers location: location kind: 'AzureCLI' identity: identity + tags: tagsByResource['${identifier.deploymentScripts}'] properties: { azCliVersion: azCliVersion environmentVariables: [ diff --git a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-validate-applications.bicep b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-validate-applications.bicep index 3ead9f3ae..8b4c61ba6 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-validate-applications.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-validate-applications.bicep @@ -10,6 +10,8 @@ param aksClusterName string = '' param azCliVersion string = '' param identity object = {} param location string +@description('${label.tagsLabel}') +param tagsByResource object param utcValue string = utcNow() param wlsDomainUID string = 'sample-domain1' @secure() @@ -28,6 +30,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers location: location kind: 'AzureCLI' identity: identity + tags: tagsByResource['${identifier.deploymentScripts}'] properties: { azCliVersion: azCliVersion environmentVariables: [ diff --git a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-validate-parameters.bicep b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-validate-parameters.bicep index 209666eaf..55f0f89f7 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-validate-parameters.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-validate-parameters.bicep @@ -56,6 +56,7 @@ param sslUploadedCustomTrustKeyStoreType string param sslUploadedPrivateKeyAlias string @secure() param sslUploadedPrivateKeyPassPhrase string +param tagsByResource object param useAksWellTestedVersion bool = true param userProvidedAcr string param userProvidedAcrRgName string @@ -78,6 +79,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers location: location kind: 'AzureCLI' identity: identity + tags: tagsByResource['${identifier.deploymentScripts}'] properties: { azCliVersion: azCliVersion arguments: const_arguments diff --git a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_enable_hpa.bicep b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_enable_hpa.bicep index 0b2c9c233..e22d6f80a 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_enable_hpa.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_enable_hpa.bicep @@ -11,6 +11,8 @@ param azCliVersion string param hpaScaleType string = 'cpu' param identity object = {} param location string +@description('${label.tagsLabel}') +param tagsByResource object param utcValue string = utcNow() param utilizationPercentage int param wlsClusterSize int @@ -27,6 +29,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers location: location kind: 'AzureCLI' identity: identity + tags: tagsByResource['${identifier.deploymentScripts}'] properties: { azCliVersion: azCliVersion scriptContent: format('{0}\r\n\r\n{1}\r\n\r\n{2}',base64ToString(base64_common), base64ToString(base64_utility), base64ToString(base64_enableHpa)) diff --git a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_enable_prometheus_metrics.bicep b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_enable_prometheus_metrics.bicep index 5f9f93892..a721a9573 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_enable_prometheus_metrics.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_enable_prometheus_metrics.bicep @@ -8,6 +8,8 @@ param azCliVersion string param identity object = {} param kedaUamiName string param location string +@description('${label.tagsLabel}') +param tagsByResource object param utcValue string = utcNow() param wlsClusterSize int param wlsDomainUID string @@ -30,6 +32,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers location: location kind: 'AzureCLI' identity: identity + tags: tagsByResource['${identifier.deploymentScripts}'] properties: { azCliVersion: azCliVersion scriptContent: format('{0}\r\n\r\n{1}\r\n\r\n{2}', base64ToString(base64_common), base64ToString(base64_utility), base64ToString(base64_enableHpa)) diff --git a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_install_agic.bicep b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_install_agic.bicep index 586326083..a61e5e86d 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_install_agic.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_install_agic.bicep @@ -7,6 +7,8 @@ param appgwName string = 'appgw-contoso' param azCliVersion string = '' param identity object = {} param location string +@description('${label.tagsLabel}') +param tagsByResource object param utcValue string = utcNow() // To mitigate arm-ttk error: Unreferenced variable: $fxv#0 @@ -20,6 +22,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers location: location kind: 'AzureCLI' identity: identity + tags: tagsByResource['${identifier.deploymentScripts}'] properties: { azCliVersion: azCliVersion scriptContent: format('{0}\r\n\r\n{1}\r\n\r\n{2}',base64ToString(base64_common), base64ToString(base64_utility), base64ToString(base64_enableAgic)) diff --git a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_query_available_private_ip_from_subnet.bicep b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_query_available_private_ip_from_subnet.bicep index 930f36025..5fe795928 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_query_available_private_ip_from_subnet.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_query_available_private_ip_from_subnet.bicep @@ -7,6 +7,8 @@ param knownIP string = '10.0.0.1' param identity object = {} param location string +@description('${label.tagsLabel}') +param tagsByResource object param utcValue string = utcNow() // To mitigate arm-ttk error: Unreferenced variable: $fxv#0 @@ -19,6 +21,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers location: location kind: 'AzureCLI' identity: identity + tags: tagsByResource['${identifier.deploymentScripts}'] properties: { azCliVersion: azCliVersion scriptContent: format('{0}\r\n\r\n{1}', base64ToString(base64_common), base64ToString(base64_queryPrivateIPForAppGateway)) diff --git a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_validate_agic.bicep b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_validate_agic.bicep index 5318e37db..93d792e1f 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_validate_agic.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_validate_agic.bicep @@ -6,6 +6,8 @@ param aksClusterRGName string param azCliVersion string = '' param identity object = {} param location string +@description('${label.tagsLabel}') +param tagsByResource object param utcValue string = utcNow() // To mitigate arm-ttk error: Unreferenced variable: $fxv#0 @@ -19,6 +21,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers location: location kind: 'AzureCLI' identity: identity + tags: tagsByResource['${identifier.deploymentScripts}'] properties: { azCliVersion: azCliVersion scriptContent: format('{0}\r\n\r\n{1}\r\n\r\n{2}',base64ToString(base64_common), base64ToString(base64_utility), base64ToString(base64_enableAgic)) diff --git a/weblogic-azure-aks/src/main/bicep/modules/_enableAutoScaling.bicep b/weblogic-azure-aks/src/main/bicep/modules/_enableAutoScaling.bicep index dd178a25b..9e5abf06b 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_enableAutoScaling.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_enableAutoScaling.bicep @@ -20,6 +20,8 @@ param azCliVersion string param hpaScaleType string = 'cpu' param identity object = {} param location string +@description('${label.tagsLabel}') +param tagsByResource object param useHpa bool param utilizationPercentage int param wlsClusterSize int @@ -76,6 +78,7 @@ module hapDeployment '_deployment-scripts/_ds_enable_hpa.bicep' = if(useHpa) { hpaScaleType: hpaScaleType identity: identity location: location + tagsByResource: tagsByResource utilizationPercentage: utilizationPercentage wlsClusterSize: wlsClusterSize wlsNamespace: const_namespace @@ -93,6 +96,7 @@ module promethuesKedaDeployment '_enablePromethuesKeda.bicep' = if (!useHpa) { azCliVersion: azCliVersion identity: identity location: location + tagsByResource: tagsByResource wlsClusterSize: wlsClusterSize wlsDomainUID: wlsDomainUID wlsPassword: wlsPassword diff --git a/weblogic-azure-aks/src/main/bicep/modules/_enablePromethuesKeda.bicep b/weblogic-azure-aks/src/main/bicep/modules/_enablePromethuesKeda.bicep index 12c6b791d..86f5ab7b8 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_enablePromethuesKeda.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_enablePromethuesKeda.bicep @@ -7,6 +7,8 @@ param aksClusterRGName string param azCliVersion string param identity object = {} param location string +@description('${label.tagsLabel}') +param tagsByResource object param utcValue string = utcNow() param wlsClusterSize int param wlsDomainUID string @@ -25,12 +27,14 @@ resource monitorAccount 'Microsoft.Monitor/accounts@${azure.apiVersionForMonitor name: name_azureMonitorAccountName location: location properties: {} + tags: tagsByResource['${identifier.accounts}'] } // UAMI for KEDA resource uamiForKeda 'Microsoft.ManagedIdentity/userAssignedIdentities@${azure.apiVersionForIdentity}' = { name: name_kedaUserDefinedManagedIdentity location: location + tags: tagsByResource['${identifier.userAssignedIdentities}'] } // Get role resource id @@ -64,6 +68,7 @@ module azureMonitorIntegrationDeployment '_deployment-scripts/_ds_enable_prometh identity: identity kedaUamiName: name_kedaUserDefinedManagedIdentity location: location + tagsByResource: tagsByResource wlsClusterSize: wlsClusterSize wlsDomainUID: wlsDomainUID wlsNamespace: const_namespace diff --git a/weblogic-azure-aks/src/main/bicep/modules/_preDeployedAzureResources.bicep b/weblogic-azure-aks/src/main/bicep/modules/_preDeployedAzureResources.bicep index 6420b7d7f..bb12bcf4e 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_preDeployedAzureResources.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_preDeployedAzureResources.bicep @@ -6,6 +6,7 @@ Licensed under the Universal Permissive License v 1.0 as shown at https://oss.or param acrName string = 'acr-contoso' param acrResourceGroupName string = 'acr-contoso-rg' param createNewAcr bool = false +param tagsByResource object param location string @@ -13,6 +14,7 @@ module acrDeployment './_azure-resoruces/_acr.bicep' = if (createNewAcr) { name: 'acr-deployment' params: { location: location + tagsByResource: tagsByResource } } diff --git a/weblogic-azure-aks/src/main/bicep/modules/_setupDBConnection.bicep b/weblogic-azure-aks/src/main/bicep/modules/_setupDBConnection.bicep index 49f69c602..1a865cab1 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_setupDBConnection.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_setupDBConnection.bicep @@ -40,6 +40,8 @@ param identity object = {} @description('JNDI Name for JDBC Datasource') param jdbcDataSourceName string = 'jdbc/contoso' param location string +@description('${label.tagsLabel}') +param tagsByResource object @description('UID of WebLogic domain, used in WebLogic Operator.') param wlsDomainUID string = 'sample-domain1' @secure() @@ -80,6 +82,7 @@ module configDataSource '_deployment-scripts/_ds-datasource-connection.bicep' = identity: identity jdbcDataSourceName: jdbcDataSourceName location: location + tagsByResource: tagsByResource wlsDomainUID: wlsDomainUID wlsPassword: wlsPassword wlsUserName: wlsUserName diff --git a/weblogic-azure-aks/src/main/bicep/modules/_setupPasswordlessDBConnection.bicep b/weblogic-azure-aks/src/main/bicep/modules/_setupPasswordlessDBConnection.bicep index 3fed53d0e..75aa170ca 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_setupPasswordlessDBConnection.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_setupPasswordlessDBConnection.bicep @@ -34,6 +34,8 @@ param identity object = {} @description('JNDI Name for JDBC Datasource') param jdbcDataSourceName string = 'jdbc/contoso' param location string +@description('${label.tagsLabel}') +param tagsByResource object param utcValue string = utcNow() @description('UID of WebLogic domain, used in WebLogic Operator.') param wlsDomainUID string = 'sample-domain1' @@ -136,6 +138,7 @@ module configDataSource '_deployment-scripts/_ds-datasource-connection.bicep' = identity: identity jdbcDataSourceName: jdbcDataSourceName location: location + tagsByResource: tagsByResource wlsDomainUID: wlsDomainUID wlsPassword: wlsPassword wlsUserName: wlsUserName diff --git a/weblogic-azure-aks/src/main/bicep/modules/_uamiAndRoles.bicep b/weblogic-azure-aks/src/main/bicep/modules/_uamiAndRoles.bicep index 8d506a7c1..2c025efaa 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_uamiAndRoles.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_uamiAndRoles.bicep @@ -4,6 +4,7 @@ Licensed under the Universal Permissive License v 1.0 as shown at https://oss.or */ param location string +param tagsByResource object param name_deploymentScriptContributorRoleAssignmentName string = newGuid() // https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles @@ -15,6 +16,7 @@ var name_deploymentScriptUserDefinedManagedIdentity = 'wls-aks-deployment-script resource uamiForDeploymentScript 'Microsoft.ManagedIdentity/userAssignedIdentities@${azure.apiVersionForIdentity}' = { name: name_deploymentScriptUserDefinedManagedIdentity location: location + tags: tagsByResource['${identifier.userAssignedIdentities}'] } // Assign Contributor role in subscription scope, we need the permission to get/update resource cross resource group. diff --git a/weblogic-azure-aks/src/main/bicep/modules/networking.bicep b/weblogic-azure-aks/src/main/bicep/modules/networking.bicep index cd0e56f94..ed8e687de 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/networking.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/networking.bicep @@ -46,6 +46,8 @@ param identity object = {} param location string @description('Object array to define Load Balancer service, each object must include service name, service target[admin-server or cluster-1], port.') param lbSvcValues array = [] +@description('${label.tagsLabel}') +param tagsByResource object @description('True to set up internal load balancer service.') param useInternalLB bool = false @description('Name of WebLogic domain to create.') @@ -85,6 +87,7 @@ module dnsZoneDeployment '_azure-resoruces/_dnsZones.bicep' = if (enableDNSConfi name: 'dnszone-deployment' params: { dnszoneName: dnszoneName + tagsByResource: tagsByResource } dependsOn: [ pidNetworkingStart @@ -101,6 +104,7 @@ module installAgic '_deployment-scripts/_ds_install_agic.bicep' = if (enableAppG appgwName: appGatewayName aksClusterName: aksClusterName azCliVersion: azCliVersion + tagsByResource: tagsByResource } dependsOn: [ pidNetworkingStart @@ -126,6 +130,7 @@ module validateAgic '_deployment-scripts/_ds_validate_agic.bicep' = if (enableAp aksClusterRGName: aksClusterRGName aksClusterName: aksClusterName azCliVersion: azCliVersion + tagsByResource: tagsByResource } dependsOn: [ agicRoleAssignment @@ -161,9 +166,10 @@ module networkingDeploymentYesAppGW '_deployment-scripts/_ds-create-networking.b identity: identity lbSvcValues: lbSvcValues location: location + tagsByResource: tagsByResource useInternalLB: useInternalLB wlsDomainName: wlsDomainName - wlsDomainUID: wlsDomainUID + wlsDomainUID: wlsDomainUID } dependsOn: [ dnsZoneDeployment @@ -200,6 +206,7 @@ module networkingDeploymentNoAppGW '_deployment-scripts/_ds-create-networking.bi identity: identity lbSvcValues: lbSvcValues location: location + tagsByResource: tagsByResource useInternalLB: useInternalLB wlsDomainName: wlsDomainName wlsDomainUID: wlsDomainUID diff --git a/weblogic-azure-aks/src/main/bicep/modules/setupWebLogicCluster.bicep b/weblogic-azure-aks/src/main/bicep/modules/setupWebLogicCluster.bicep index 1fbeab1cc..d2481d86e 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/setupWebLogicCluster.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/setupWebLogicCluster.bicep @@ -86,6 +86,8 @@ param ocrSSOUser string param storageAccountName string = 'stg-contoso' param t3ChannelAdminPort int = 7005 param t3ChannelClusterPort int = 8011 +@description('${label.tagsLabel}') +param tagsByResource object param userProvidedAcr string = 'null' param userProvidedAcrRgName string = 'null' param userProvidedImagePath string = 'null' @@ -172,6 +174,7 @@ module aksClusterDeployment './_azure-resoruces/_aks.bicep' = if (createAKSClust aksVersion: aksVersion enableAzureMonitoring: enableAzureMonitoring location: location + tagsByResource: tagsByResource } dependsOn: [ pidStart @@ -185,6 +188,7 @@ module storageDeployment './_azure-resoruces/_storage.bicep' = if (createStorage fileShareName: fileShareName location: location storageAccountName: storageAccountName + tagsByResource: tagsByResource } dependsOn: [ pidStart @@ -224,6 +228,7 @@ module wlsDomainDeployment './_deployment-scripts/_ds-create-wls-cluster.bicep' storageAccountName: storageAccountName t3ChannelAdminPort: t3ChannelAdminPort t3ChannelClusterPort: t3ChannelClusterPort + tagsByResource: tagsByResource userProvidedImagePath: userProvidedImagePath useOracleImage: useOracleImage wdtRuntimePassword: wdtRuntimePassword From b51cd848d5b8ce32e21a6791fc7b105a8956066c Mon Sep 17 00:00:00 2001 From: galiacheng Date: Mon, 30 Sep 2024 08:50:56 +0800 Subject: [PATCH 02/14] debug template --- .github/workflows/testWlsAksWithDependencyCreation.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/testWlsAksWithDependencyCreation.yml b/.github/workflows/testWlsAksWithDependencyCreation.yml index b0d5582c0..180ed39f1 100644 --- a/.github/workflows/testWlsAksWithDependencyCreation.yml +++ b/.github/workflows/testWlsAksWithDependencyCreation.yml @@ -290,6 +290,10 @@ jobs: with: azcliversion: ${{ env.azCliVersion }} inlineScript: | + + ls -l + ls ${artifactName} -l + artifactName=${{ needs.preflight.outputs.artifactName }} az deployment group create \ From 5e7a9ee4f4c38204e4cff31a43165067a07fff9b Mon Sep 17 00:00:00 2001 From: galiacheng Date: Mon, 30 Sep 2024 09:16:48 +0800 Subject: [PATCH 03/14] specify download path --- .github/workflows/testWlsAksWithDependencyCreation.yml | 6 ++++-- .github/workflows/testWlsAksWithoutDependencyCreation.yml | 8 +++++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/.github/workflows/testWlsAksWithDependencyCreation.yml b/.github/workflows/testWlsAksWithDependencyCreation.yml index 180ed39f1..4670fa86b 100644 --- a/.github/workflows/testWlsAksWithDependencyCreation.yml +++ b/.github/workflows/testWlsAksWithDependencyCreation.yml @@ -229,6 +229,7 @@ jobs: uses: actions/download-artifact@v4 with: name: ${{needs.preflight.outputs.artifactName}} + path: ${{needs.preflight.outputs.artifactName}} - uses: azure/login@v1 id: azure-login with: @@ -292,9 +293,10 @@ jobs: inlineScript: | ls -l - ls ${artifactName} -l - + artifactName=${{ needs.preflight.outputs.artifactName }} + + ls ${artifactName} -l az deployment group create \ --verbose \ diff --git a/.github/workflows/testWlsAksWithoutDependencyCreation.yml b/.github/workflows/testWlsAksWithoutDependencyCreation.yml index 97acc8212..1fe5dc75a 100644 --- a/.github/workflows/testWlsAksWithoutDependencyCreation.yml +++ b/.github/workflows/testWlsAksWithoutDependencyCreation.yml @@ -27,6 +27,10 @@ on: dbName: description: 'Name of the database. Get from another pipeline run' required: true + vmSize: + description: 'The VM size for the AKS pool' + required: true + default: Standard_D2s_v3 # sample cURL # curl --verbose -X POST https://api.github.com/repos//weblogic-azure/dispatches -H 'Accept: application/vnd.github.everest-preview+json' -H 'Authorization: token ' --data '' # sample @@ -40,6 +44,7 @@ env: location: eastus dbAdminUser: weblogic dbPassword: ${{ secrets.DB_PASSWORD }} + dbServerName: weblogicdb ocrSSOPSW: ${{ secrets.ORC_SSOPSW }} ocrSSOUser: ${{ secrets.ORC_SSOUSER }} wdtRuntimePassword: ${{ secrets.WDT_RUNTIMEPSW}} @@ -192,6 +197,7 @@ jobs: uses: actions/download-artifact@v4 with: name: ${{needs.preflight.outputs.artifactName}} + path: ${{needs.preflight.outputs.artifactName}} - uses: azure/login@v1 id: azure-login with: @@ -238,7 +244,7 @@ jobs: "${cargoTrackerBlobUrl}" \ ${dbPassword} \ ${dbAdminUser} \ - jdbc:postgresql:\/\/${{ needs.preflight.outputs.dbName }}.postgres.database.azure.com:5432\/postgres \ + jdbc:postgresql:\/\/${{ needs.preflight.outputs.dbName }}.postgres.database.azure.com:5432\/${{ env.dbServerName }} \ ${location} \ ${ocrSSOPSW} \ ${ocrSSOUser} \ From 6a81ed66b8b9d9275ce0984058ad37fa77cd0abd Mon Sep 17 00:00:00 2001 From: galiacheng Date: Mon, 30 Sep 2024 10:50:11 +0800 Subject: [PATCH 04/14] add identifier.workspaces --- weblogic-azure-aks/src/main/arm/createUiDefinition.json | 1 + weblogic-azure-aks/src/main/bicep/mainTemplate.bicep | 1 + .../src/main/bicep/modules/_azure-resoruces/_appgateway.bicep | 4 ++-- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/weblogic-azure-aks/src/main/arm/createUiDefinition.json b/weblogic-azure-aks/src/main/arm/createUiDefinition.json index 158a87160..f26f0fce8 100644 --- a/weblogic-azure-aks/src/main/arm/createUiDefinition.json +++ b/weblogic-azure-aks/src/main/arm/createUiDefinition.json @@ -2348,6 +2348,7 @@ "${identifier.vaults}", "${identifier.userAssignedIdentities}", "${identifier.dnszones}", + "${identifier.workspaces}", "${identifier.deploymentScripts}" ], "toolTip": "Tags help you organize your resources and categorize them for billing or management purposes. You can apply tags to resources deployed by the offer." diff --git a/weblogic-azure-aks/src/main/bicep/mainTemplate.bicep b/weblogic-azure-aks/src/main/bicep/mainTemplate.bicep index 496e0414b..df60db972 100644 --- a/weblogic-azure-aks/src/main/bicep/mainTemplate.bicep +++ b/weblogic-azure-aks/src/main/bicep/mainTemplate.bicep @@ -327,6 +327,7 @@ var _objTagsByResource = { '${identifier.vaults}': tagsFilter(tagsByResource, '${identifier.vaults}') '${identifier.userAssignedIdentities}': tagsFilter(tagsByResource, '${identifier.userAssignedIdentities}') '${identifier.dnszones}': tagsFilter(tagsByResource, '${identifier.dnszones}') + '${identifier.workspaces}': tagsFilter(tagsByResource, '${identifier.workspaces}') '${identifier.deploymentScripts}': tagsFilter(tagsByResource, '${identifier.deploymentScripts}') } var _useExistingAppGatewaySSLCertificate = (appGatewayCertificateOption == const_appGatewaySSLCertOptionHaveCert) ? true : false diff --git a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_appgateway.bicep b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_appgateway.bicep index 7ae834587..f7dd455d2 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_appgateway.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_appgateway.bicep @@ -85,7 +85,7 @@ resource gatewayPublicIP 'Microsoft.Network/publicIPAddresses@${azure.apiVersion name: 'Standard' } location: location - tags: tagsByResource['identifier.publicIPAddresses'] + tags: tagsByResource['${identifier.publicIPAddresses}'] properties: { publicIPAllocationMethod: 'Static' dnsSettings: { @@ -97,7 +97,7 @@ resource gatewayPublicIP 'Microsoft.Network/publicIPAddresses@${azure.apiVersion resource wafv2AppGateway 'Microsoft.Network/applicationGateways@${azure.apiVersionForApplicationGateways}' = { name: name_appGateway location: location - tags: union(tagsByResource['identifier.applicationGateways'], tagIngress) + tags: union(tagsByResource['${identifier.applicationGateways}'], tagIngress) properties: { sku: { name: 'WAF_v2' From 172582164cf53e6cd7cbb053b7303a0607d33bc9 Mon Sep 17 00:00:00 2001 From: galiacheng Date: Mon, 30 Sep 2024 14:32:50 +0800 Subject: [PATCH 05/14] tag vm and vm extension that are created with cli --- .../src/main/arm/scripts/createVMAndBuildImage.sh | 12 ++++++++++-- .../_deployment-scripts/_ds-create-wls-cluster.bicep | 8 ++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/weblogic-azure-aks/src/main/arm/scripts/createVMAndBuildImage.sh b/weblogic-azure-aks/src/main/arm/scripts/createVMAndBuildImage.sh index c0efe811a..c03a1c6e7 100644 --- a/weblogic-azure-aks/src/main/arm/scripts/createVMAndBuildImage.sh +++ b/weblogic-azure-aks/src/main/arm/scripts/createVMAndBuildImage.sh @@ -115,6 +115,10 @@ function build_docker_image() { exit 1 fi + echo_stdout "TAG_VM: ${TAG_VM}" + TAG_VM=$(echo "${TAG_VM}" \ + | jq -r 'to_entries | map("\"" + .key + "\"=" + (if .value|type == "string" then "\"\(.value)\"" else "\(.value)" end)) | join(" ")') + # MICROSOFT_INTERNAL # Specify tag 'SkipASMAzSecPack' to skip policy 'linuxazuresecuritypackautodeployiaas_1.6' # Specify tag 'SkipNRMS*' to skip Microsoft internal NRMS policy, which causes vm-redeployed issue @@ -130,7 +134,7 @@ function build_docker_image() { --enable-auto-update false \ --public-ip-address "" \ --size ${vmSize} \ - --tags SkipASMAzSecPack=true SkipNRMSCorp=true SkipNRMSDatabricks=true SkipNRMSDB=true SkipNRMSHigh=true SkipNRMSMedium=true SkipNRMSRDPSSH=true SkipNRMSSAW=true SkipNRMSMgmt=true --verbose + --tags ${TAG_VM} SkipASMAzSecPack=true SkipNRMSCorp=true SkipNRMSDatabricks=true SkipNRMSDB=true SkipNRMSHigh=true SkipNRMSMedium=true SkipNRMSRDPSSH=true SkipNRMSSAW=true SkipNRMSMgmt=true --verbose if [[ "${USE_ORACLE_IMAGE,,}" == "${constTrue}" ]]; then get_ocr_image_full_path @@ -138,15 +142,19 @@ function build_docker_image() { wlsImagePath="${USER_PROVIDED_IMAGE_PATH}" fi - echo "wlsImagePath: ${wlsImagePath}" + echo_stdout "wlsImagePath: ${wlsImagePath}" URL_3RD_DATASOURCE=$(echo $URL_3RD_DATASOURCE | tr -d "\"") # remove " from the string URL_3RD_DATASOURCE=$(echo $URL_3RD_DATASOURCE | base64 -w0) + echo_stdout "TAG_VM_EXTENSION: ${TAG_VM_EXTENSION}" + TAG_VM_EXTENSION=$(echo "${TAG_VM_EXTENSION}" \ + | jq -r 'to_entries | map("\"" + .key + "\"=" + (if .value|type == "string" then "\"\(.value)\"" else "\(.value)" end)) | join(" ")') az vm extension set --name CustomScript \ --extension-instance-name wls-image-script \ --resource-group ${CURRENT_RESOURCEGROUP_NAME} \ --vm-name ${vmName} \ --publisher Microsoft.Azure.Extensions \ --version 2.0 \ + --tags ${TAG_VM_EXTENSION} \ --settings "{ \"fileUris\": [\"${SCRIPT_LOCATION}model.properties\",\"${SCRIPT_LOCATION}genImageModel.sh\",\"${SCRIPT_LOCATION}buildWLSDockerImage.sh\",\"${SCRIPT_LOCATION}common.sh\"]}" \ --protected-settings "{\"commandToExecute\":\"echo ${acrPassword} ${ORACLE_ACCOUNT_PASSWORD} | bash buildWLSDockerImage.sh ${wlsImagePath} ${acrLoginServer} ${acrUser} ${newImageTag} ${WLS_APP_PACKAGE_URLS} ${ORACLE_ACCOUNT_NAME} ${WLS_CLUSTER_SIZE} ${ENABLE_CUSTOM_SSL} ${ENABLE_ADMIN_CUSTOM_T3} ${ENABLE_CLUSTER_CUSTOM_T3} ${USE_ORACLE_IMAGE} ${URL_3RD_DATASOURCE} ${ENABLE_PASSWORDLESS_DB_CONNECTION} ${DB_TYPE} ${CPU_PLATFORM} \"}" diff --git a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-wls-cluster.bicep b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-wls-cluster.bicep index 3a407ed19..5169ff6d1 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-wls-cluster.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-wls-cluster.bicep @@ -162,6 +162,14 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers name: 'STORAGE_ACCOUNT_NAME' value: storageAccountName } + { + name: 'TAG_VM' + value: string(tagsByResource['${identifier.virtualMachines}']) + } + { + name: 'TAG_VM_EXTENSION' + value: string(tagsByResource['${identifier.virtualMachinesExtensions}']) + } { name: 'URL_3RD_DATASOURCE' value: string(dbDriverLibrariesUrls) From 7b31568225e10912043d9afee3e069666a9013f3 Mon Sep 17 00:00:00 2001 From: galiacheng Date: Mon, 30 Sep 2024 15:20:56 +0800 Subject: [PATCH 06/14] test bicep 0.26.54 --- .github/workflows/buildWlsAksArtifact.yml | 2 +- .../src/main/bicep/mainTemplate.bicep | 32 +++++++++---------- 2 files changed, 16 insertions(+), 18 deletions(-) diff --git a/.github/workflows/buildWlsAksArtifact.yml b/.github/workflows/buildWlsAksArtifact.yml index fe14bc687..de9de8ba2 100644 --- a/.github/workflows/buildWlsAksArtifact.yml +++ b/.github/workflows/buildWlsAksArtifact.yml @@ -21,7 +21,7 @@ jobs: curl -Lo external-deps-versions.properties https://raw.githubusercontent.com/Azure/azure-javaee-iaas/main/external-deps-versions.properties source external-deps-versions.properties echo "azCliVersion=${AZ_CLI_VERSION}" >> $GITHUB_ENV - echo "bicepVersion=${BICEP_VERSION}" >> $GITHUB_ENV + echo "bicepVersion=v0.26.54" >> $GITHUB_ENV - name: Set up bicep run: | curl -Lo bicep https://github.com/Azure/bicep/releases/download/${bicepVersion}/bicep-linux-x64 diff --git a/weblogic-azure-aks/src/main/bicep/mainTemplate.bicep b/weblogic-azure-aks/src/main/bicep/mainTemplate.bicep index df60db972..7d60aae25 100644 --- a/weblogic-azure-aks/src/main/bicep/mainTemplate.bicep +++ b/weblogic-azure-aks/src/main/bicep/mainTemplate.bicep @@ -314,21 +314,21 @@ param wlsUserName string = 'weblogic' var _enableCustomSSL = enableCustomSSL var _enableAppGWIngress = enableAppGWIngress var _objTagsByResource = { - '${identifier.managedClusters}': tagsFilter(tagsByResource, '${identifier.managedClusters}') - '${identifier.applicationGateways}': tagsFilter(tagsByResource, '${identifier.applicationGateways}') - '${identifier.registries}': tagsFilter(tagsByResource, '${identifier.registries}') - '${identifier.virtualMachines}': tagsFilter(tagsByResource, '${identifier.virtualMachines}') - '${identifier.virtualMachinesExtensions}': tagsFilter(tagsByResource, '${identifier.virtualMachinesExtensions}') - '${identifier.virtualNetworks}': tagsFilter(tagsByResource, '${identifier.virtualNetworks}') - '${identifier.networkInterfaces}': tagsFilter(tagsByResource, '${identifier.networkInterfaces}') - '${identifier.networkSecurityGroups}': tagsFilter(tagsByResource, '${identifier.networkSecurityGroups}') - '${identifier.publicIPAddresses}': tagsFilter(tagsByResource, '${identifier.publicIPAddresses}') - '${identifier.storageAccounts}': tagsFilter(tagsByResource, '${identifier.storageAccounts}') - '${identifier.vaults}': tagsFilter(tagsByResource, '${identifier.vaults}') - '${identifier.userAssignedIdentities}': tagsFilter(tagsByResource, '${identifier.userAssignedIdentities}') - '${identifier.dnszones}': tagsFilter(tagsByResource, '${identifier.dnszones}') - '${identifier.workspaces}': tagsFilter(tagsByResource, '${identifier.workspaces}') - '${identifier.deploymentScripts}': tagsFilter(tagsByResource, '${identifier.deploymentScripts}') + '${identifier.managedClusters}': contains(tagsByResource, '${identifier.managedClusters}') ? tagsByResource['${identifier.managedClusters}'] : json('{}') + '${identifier.applicationGateways}': contains(tagsByResource, '${identifier.applicationGateways}') ? tagsByResource['${identifier.applicationGateways}'] : json('{}') + '${identifier.registries}': contains(tagsByResource, '${identifier.registries}') ? tagsByResource['${identifier.registries}'] : json('{}') + '${identifier.virtualMachines}': contains(tagsByResource, '${identifier.virtualMachines}') ? tagsByResource['${identifier.virtualMachines}'] : json('{}') + '${identifier.virtualMachinesExtensions}': contains(tagsByResource, '${identifier.virtualMachinesExtensions}') ? tagsByResource['${identifier.virtualMachinesExtensions}'] : json('{}') + '${identifier.virtualNetworks}': contains(tagsByResource, '${identifier.virtualNetworks}') ? tagsByResource['${identifier.virtualNetworks}'] : json('{}') + '${identifier.networkInterfaces}': contains(tagsByResource, '${identifier.networkInterfaces}') ? tagsByResource['${identifier.networkInterfaces}'] : json('{}') + '${identifier.networkSecurityGroups}': contains(tagsByResource, '${identifier.networkSecurityGroups}') ? tagsByResource['${identifier.networkSecurityGroups}'] : json('{}') + '${identifier.publicIPAddresses}': contains(tagsByResource, '${identifier.publicIPAddresses}') ? tagsByResource['${identifier.publicIPAddresses}'] : json('{}') + '${identifier.storageAccounts}': contains(tagsByResource, '${identifier.storageAccounts}') ? tagsByResource['${identifier.storageAccounts}'] : json('{}') + '${identifier.vaults}': contains(tagsByResource, '${identifier.vaults}') ? tagsByResource['${identifier.vaults}'] : json('{}') + '${identifier.userAssignedIdentities}': contains(tagsByResource, '${identifier.userAssignedIdentities}') ? tagsByResource['${identifier.userAssignedIdentities}'] : json('{}') + '${identifier.dnszones}': contains(tagsByResource, '${identifier.dnszones}') ? tagsByResource['${identifier.dnszones}'] : json('{}') + '${identifier.workspaces}': contains(tagsByResource, '${identifier.workspaces}') ? tagsByResource['${identifier.workspaces}'] : json('{}') + '${identifier.deploymentScripts}': contains(tagsByResource, '${identifier.deploymentScripts}') ? tagsByResource['${identifier.deploymentScripts}'] : json('{}') } var _useExistingAppGatewaySSLCertificate = (appGatewayCertificateOption == const_appGatewaySSLCertOptionHaveCert) ? true : false @@ -376,8 +376,6 @@ var obj_uamiForDeploymentScript = { } } -func tagsFilter(tagsByResource object, resourceIdentifier string) object => contains(tagsByResource, resourceIdentifier) ? tagsByResource[resourceIdentifier] : json('{}') - /* * Beginning of the offer deployment */ From 151e6fd2aee8d8219caff29ab8c0828a52186698 Mon Sep 17 00:00:00 2001 From: galiacheng Date: Wed, 9 Oct 2024 10:26:11 +0800 Subject: [PATCH 07/14] fix empty vm tags --- .../src/main/arm/scripts/createVMAndBuildImage.sh | 8 +++----- .../_deployment-scripts/_ds-create-wls-cluster.bicep | 4 ---- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/weblogic-azure-aks/src/main/arm/scripts/createVMAndBuildImage.sh b/weblogic-azure-aks/src/main/arm/scripts/createVMAndBuildImage.sh index c03a1c6e7..1394adad6 100644 --- a/weblogic-azure-aks/src/main/arm/scripts/createVMAndBuildImage.sh +++ b/weblogic-azure-aks/src/main/arm/scripts/createVMAndBuildImage.sh @@ -116,7 +116,7 @@ function build_docker_image() { fi echo_stdout "TAG_VM: ${TAG_VM}" - TAG_VM=$(echo "${TAG_VM}" \ + export TAG_VM=$(echo "${TAG_VM}" \ | jq -r 'to_entries | map("\"" + .key + "\"=" + (if .value|type == "string" then "\"\(.value)\"" else "\(.value)" end)) | join(" ")') # MICROSOFT_INTERNAL @@ -145,16 +145,13 @@ function build_docker_image() { echo_stdout "wlsImagePath: ${wlsImagePath}" URL_3RD_DATASOURCE=$(echo $URL_3RD_DATASOURCE | tr -d "\"") # remove " from the string URL_3RD_DATASOURCE=$(echo $URL_3RD_DATASOURCE | base64 -w0) - echo_stdout "TAG_VM_EXTENSION: ${TAG_VM_EXTENSION}" - TAG_VM_EXTENSION=$(echo "${TAG_VM_EXTENSION}" \ - | jq -r 'to_entries | map("\"" + .key + "\"=" + (if .value|type == "string" then "\"\(.value)\"" else "\(.value)" end)) | join(" ")') + # Tag for VM extension is not supported yet, see https://github.com/Azure/azure-cli/issues/14341 az vm extension set --name CustomScript \ --extension-instance-name wls-image-script \ --resource-group ${CURRENT_RESOURCEGROUP_NAME} \ --vm-name ${vmName} \ --publisher Microsoft.Azure.Extensions \ --version 2.0 \ - --tags ${TAG_VM_EXTENSION} \ --settings "{ \"fileUris\": [\"${SCRIPT_LOCATION}model.properties\",\"${SCRIPT_LOCATION}genImageModel.sh\",\"${SCRIPT_LOCATION}buildWLSDockerImage.sh\",\"${SCRIPT_LOCATION}common.sh\"]}" \ --protected-settings "{\"commandToExecute\":\"echo ${acrPassword} ${ORACLE_ACCOUNT_PASSWORD} | bash buildWLSDockerImage.sh ${wlsImagePath} ${acrLoginServer} ${acrUser} ${newImageTag} ${WLS_APP_PACKAGE_URLS} ${ORACLE_ACCOUNT_NAME} ${WLS_CLUSTER_SIZE} ${ENABLE_CUSTOM_SSL} ${ENABLE_ADMIN_CUSTOM_T3} ${ENABLE_CLUSTER_CUSTOM_T3} ${USE_ORACLE_IMAGE} ${URL_3RD_DATASOURCE} ${ENABLE_PASSWORDLESS_DB_CONNECTION} ${DB_TYPE} ${CPU_PLATFORM} \"}" @@ -169,6 +166,7 @@ export script="${BASH_SOURCE[0]}" export scriptDir="$(cd "$(dirname "${script}")" && pwd)" source ${scriptDir}/common.sh +source ${scriptDir}/utility.sh export newImageTag=$1 export acrLoginServer=$2 diff --git a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-wls-cluster.bicep b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-wls-cluster.bicep index 5169ff6d1..0f5ee2734 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-wls-cluster.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-wls-cluster.bicep @@ -166,10 +166,6 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers name: 'TAG_VM' value: string(tagsByResource['${identifier.virtualMachines}']) } - { - name: 'TAG_VM_EXTENSION' - value: string(tagsByResource['${identifier.virtualMachinesExtensions}']) - } { name: 'URL_3RD_DATASOURCE' value: string(dbDriverLibrariesUrls) From 948801f8b885a3d8922c169c9a0fdd1200633281 Mon Sep 17 00:00:00 2001 From: galiacheng Date: Thu, 10 Oct 2024 16:05:51 +0800 Subject: [PATCH 08/14] fix file share name --- weblogic-azure-aks/src/main/arm/scripts/setupWLSDomain.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/weblogic-azure-aks/src/main/arm/scripts/setupWLSDomain.sh b/weblogic-azure-aks/src/main/arm/scripts/setupWLSDomain.sh index 9e5df87da..7462fc65a 100644 --- a/weblogic-azure-aks/src/main/arm/scripts/setupWLSDomain.sh +++ b/weblogic-azure-aks/src/main/arm/scripts/setupWLSDomain.sh @@ -736,7 +736,7 @@ source ${scriptDir}/common.sh source ${scriptDir}/utility.sh export adminServerName="admin-server" -export azFileShareName="weblogic" +export azFileShareName=${FILE_SHARE_NAME} export exitCode=0 export kubectlSecretForACR="regsecret" export kubectlWDTEncryptionSecret="${WLS_DOMAIN_UID}-runtime-encryption-secret" @@ -746,7 +746,6 @@ export newImageTag=$(date +%s) export operatorName="weblogic-operator" # seconds export sasTokenValidTime=3600 -export storageFileShareName="weblogic" export storageResourceGroup=${CURRENT_RESOURCEGROUP_NAME} export sharedPath="/shared" export wlsDomainNS="${WLS_DOMAIN_UID}-ns" From e1656b002654979b94640783a6116c4f66de43e4 Mon Sep 17 00:00:00 2001 From: galiacheng Date: Thu, 10 Oct 2024 17:13:49 +0800 Subject: [PATCH 09/14] apply tags to agent pool --- .../src/main/bicep/modules/_azure-resoruces/_aks.bicep | 1 + 1 file changed, 1 insertion(+) diff --git a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_aks.bicep b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_aks.bicep index 1f1abccfe..8eb08964d 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_aks.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_aks.bicep @@ -82,6 +82,7 @@ resource aksCluster 'Microsoft.ContainerService/managedClusters@${azure.apiVersi availabilityZones: agentAvailabilityZones mode: 'System' osType: 'Linux' + tags: tagsByResource['${identifier.managedClusters}'] } ] addonProfiles: { From 5f09c2c6f668bc171713d76557f74265f5947549 Mon Sep 17 00:00:00 2001 From: galiacheng Date: Fri, 11 Oct 2024 10:50:16 +0800 Subject: [PATCH 10/14] Tag for Microsoft.Monitor/accounts --- weblogic-azure-aks/src/main/arm/createUiDefinition.json | 1 + weblogic-azure-aks/src/main/bicep/mainTemplate.bicep | 1 + 2 files changed, 2 insertions(+) diff --git a/weblogic-azure-aks/src/main/arm/createUiDefinition.json b/weblogic-azure-aks/src/main/arm/createUiDefinition.json index f26f0fce8..023c5a8b7 100644 --- a/weblogic-azure-aks/src/main/arm/createUiDefinition.json +++ b/weblogic-azure-aks/src/main/arm/createUiDefinition.json @@ -2349,6 +2349,7 @@ "${identifier.userAssignedIdentities}", "${identifier.dnszones}", "${identifier.workspaces}", + "${identifier.accounts}", "${identifier.deploymentScripts}" ], "toolTip": "Tags help you organize your resources and categorize them for billing or management purposes. You can apply tags to resources deployed by the offer." diff --git a/weblogic-azure-aks/src/main/bicep/mainTemplate.bicep b/weblogic-azure-aks/src/main/bicep/mainTemplate.bicep index 7d60aae25..8d018b278 100644 --- a/weblogic-azure-aks/src/main/bicep/mainTemplate.bicep +++ b/weblogic-azure-aks/src/main/bicep/mainTemplate.bicep @@ -314,6 +314,7 @@ param wlsUserName string = 'weblogic' var _enableCustomSSL = enableCustomSSL var _enableAppGWIngress = enableAppGWIngress var _objTagsByResource = { + '${identifier.accounts}': contains(tagsByResource, '${identifier.accounts}') ? tagsByResource['${identifier.accounts}'] : json('{}') '${identifier.managedClusters}': contains(tagsByResource, '${identifier.managedClusters}') ? tagsByResource['${identifier.managedClusters}'] : json('{}') '${identifier.applicationGateways}': contains(tagsByResource, '${identifier.applicationGateways}') ? tagsByResource['${identifier.applicationGateways}'] : json('{}') '${identifier.registries}': contains(tagsByResource, '${identifier.registries}') ? tagsByResource['${identifier.registries}'] : json('{}') From c8a78731671552aceab161e1f9bfee864fd284cf Mon Sep 17 00:00:00 2001 From: galiacheng Date: Fri, 11 Oct 2024 10:53:38 +0800 Subject: [PATCH 11/14] doc for aks tag --- .../doc/guidance-for-tagging-resource.md | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/resources/doc/guidance-for-tagging-resource.md b/resources/doc/guidance-for-tagging-resource.md index 96a4b26a7..52b9309da 100644 --- a/resources/doc/guidance-for-tagging-resource.md +++ b/resources/doc/guidance-for-tagging-resource.md @@ -77,6 +77,36 @@ Incorporate the [Microsoft.Common.TagsByResource UI element](https://learn.micro Refer to this [pull request](https://github.com/oracle/weblogic-azure/pull/327/) as a guide for how to apply tags to the resource deployments. +Notes: + +For AKS, make sure the tag is applied to agent pool and node pool. The whole structure looks like: + +```bicep +resource symbolicname 'Microsoft.ContainerService/managedClusters@2024-06-02-preview' = { + name: 'string' + location: 'string' + tags: { + tagName1: 'tagValue1' + tagName2: 'tagValue2' + } + + ... + + agentPoolProfiles: { + + ... + + tags: { + tagName1: 'tagValue1' + tagName2: 'tagValue2' + } + } +} + +``` + +See [Microsoft.ContainerService managedClusters - Bicep](https://learn.microsoft.com/en-us/azure/templates/microsoft.containerservice/managedclusters?pivots=deployment-language-bicep) for more information. + ## Step 4: Testing 1. **Create a Test Offer:** Set up a test offer to validate the tagging process. From 82139771367dd85182bc917d1cb69b4c5d6c8d45 Mon Sep 17 00:00:00 2001 From: galiacheng Date: Mon, 14 Oct 2024 13:14:17 +0800 Subject: [PATCH 12/14] clean up source code for tagging resources in aks offer. --- .github/workflows/buildWlsAksArtifact.yml | 2 +- .github/workflows/testWlsAksWithDependencyCreation.yml | 10 ++-------- resources/doc/guidance-for-tagging-resource.md | 3 +++ .../src/main/bicep/modules/_azure-resoruces/_acr.bicep | 1 + .../bicep/modules/_azure-resoruces/_appgateway.bicep | 5 +++-- .../_keyvault/_keyvaultForWLSSSLCert.bicep | 1 + .../main/bicep/modules/_azure-resoruces/_storage.bicep | 4 ++-- .../_ds-query-storage-account.bicep | 1 + .../_deployment-scripts/_ds-validate-parameters.bicep | 1 + .../bicep/modules/_preDeployedAzureResources.bicep | 1 + .../src/main/bicep/modules/_uamiAndRoles.bicep | 1 + 11 files changed, 17 insertions(+), 13 deletions(-) diff --git a/.github/workflows/buildWlsAksArtifact.yml b/.github/workflows/buildWlsAksArtifact.yml index de9de8ba2..fe14bc687 100644 --- a/.github/workflows/buildWlsAksArtifact.yml +++ b/.github/workflows/buildWlsAksArtifact.yml @@ -21,7 +21,7 @@ jobs: curl -Lo external-deps-versions.properties https://raw.githubusercontent.com/Azure/azure-javaee-iaas/main/external-deps-versions.properties source external-deps-versions.properties echo "azCliVersion=${AZ_CLI_VERSION}" >> $GITHUB_ENV - echo "bicepVersion=v0.26.54" >> $GITHUB_ENV + echo "bicepVersion=${BICEP_VERSION}" >> $GITHUB_ENV - name: Set up bicep run: | curl -Lo bicep https://github.com/Azure/bicep/releases/download/${bicepVersion}/bicep-linux-x64 diff --git a/.github/workflows/testWlsAksWithDependencyCreation.yml b/.github/workflows/testWlsAksWithDependencyCreation.yml index 4670fa86b..a31d3c338 100644 --- a/.github/workflows/testWlsAksWithDependencyCreation.yml +++ b/.github/workflows/testWlsAksWithDependencyCreation.yml @@ -290,14 +290,8 @@ jobs: uses: azure/CLI@v1 with: azcliversion: ${{ env.azCliVersion }} - inlineScript: | - - ls -l - - artifactName=${{ needs.preflight.outputs.artifactName }} - - ls ${artifactName} -l - + inlineScript: | + artifactName=${{ needs.preflight.outputs.artifactName }} az deployment group create \ --verbose \ --resource-group ${{ env.resourceGroupForWlsAks }} \ diff --git a/resources/doc/guidance-for-tagging-resource.md b/resources/doc/guidance-for-tagging-resource.md index 52b9309da..ab2ec4c1c 100644 --- a/resources/doc/guidance-for-tagging-resource.md +++ b/resources/doc/guidance-for-tagging-resource.md @@ -196,3 +196,6 @@ Known resources: - Microsoft.Compute/virtualMachines/extensions - OmsAgentForLinux - MDE.Linux +- Microsoft.AlertsManagement/prometheusRuleGroups +- Microsoft.Insights/dataCollectionEndpoints +- Microsoft.Insights/dataCollectionRules diff --git a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_acr.bicep b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_acr.bicep index 6f4fe9abe..6a329db5f 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_acr.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_acr.bicep @@ -3,6 +3,7 @@ param acrNamePrefix string = 'wlsaksacr' param location string +@description('${label.tagsLabel}') param tagsByResource object param utcValue string = utcNow() diff --git a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_appgateway.bicep b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_appgateway.bicep index f7dd455d2..f0672f62c 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_appgateway.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_appgateway.bicep @@ -19,6 +19,7 @@ param staticPrivateFrontentIP string = '10.0.0.1' @secure() param trustedRootCertData string = newGuid() param usePrivateIP bool = false +@description('${label.tagsLabel}') param tagsByResource object param utcValue string = utcNow() @@ -75,7 +76,7 @@ var obj_frontendIPConfigurations2 = [ } ] -var tagIngress = { +var obj_tagIngress = { 'managed-by-k8s-ingress': 'true' } @@ -97,7 +98,7 @@ resource gatewayPublicIP 'Microsoft.Network/publicIPAddresses@${azure.apiVersion resource wafv2AppGateway 'Microsoft.Network/applicationGateways@${azure.apiVersionForApplicationGateways}' = { name: name_appGateway location: location - tags: union(tagsByResource['${identifier.applicationGateways}'], tagIngress) + tags: union(tagsByResource['${identifier.applicationGateways}'], obj_tagIngress) properties: { sku: { name: 'WAF_v2' diff --git a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_keyvault/_keyvaultForWLSSSLCert.bicep b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_keyvault/_keyvaultForWLSSSLCert.bicep index a8878c19e..93893d289 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_keyvault/_keyvaultForWLSSSLCert.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_keyvault/_keyvaultForWLSSSLCert.bicep @@ -8,6 +8,7 @@ param keyVaultName string param location string @description('Price tier for Key Vault.') param sku string = 'Standard' +@description('${label.tagsLabel}') param tagsByResource object param utcValue string = utcNow() @secure() diff --git a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_storage.bicep b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_storage.bicep index 443ec25cf..009b1a669 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_storage.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_azure-resoruces/_storage.bicep @@ -10,7 +10,7 @@ param utcValue string = utcNow() var const_shareQuota = 5120 var const_sku = 'Standard_LRS' -var objExtraTag = { +var obj_extraTag = { 'created-by-azure-weblogic': utcValue } @@ -18,7 +18,7 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@${azure.apiVersionFor name: storageAccountName location: location kind: 'StorageV2' - tags: union(tagsByResource['${identifier.storageAccounts}'], objExtraTag) + tags: union(tagsByResource['${identifier.storageAccounts}'], obj_extraTag) sku: { name: const_sku tier: 'Standard' diff --git a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-query-storage-account.bicep b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-query-storage-account.bicep index 64b9238d3..14169e422 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-query-storage-account.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-query-storage-account.bicep @@ -7,6 +7,7 @@ param azCliVersion string = '' param identity object = {} param location string +@description('${label.tagsLabel}') param tagsByResource object param utcValue string = utcNow() diff --git a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-validate-parameters.bicep b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-validate-parameters.bicep index 55f0f89f7..e2fe320bb 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-validate-parameters.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-validate-parameters.bicep @@ -56,6 +56,7 @@ param sslUploadedCustomTrustKeyStoreType string param sslUploadedPrivateKeyAlias string @secure() param sslUploadedPrivateKeyPassPhrase string +@description('${label.tagsLabel}') param tagsByResource object param useAksWellTestedVersion bool = true param userProvidedAcr string diff --git a/weblogic-azure-aks/src/main/bicep/modules/_preDeployedAzureResources.bicep b/weblogic-azure-aks/src/main/bicep/modules/_preDeployedAzureResources.bicep index bb12bcf4e..2960e3216 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_preDeployedAzureResources.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_preDeployedAzureResources.bicep @@ -6,6 +6,7 @@ Licensed under the Universal Permissive License v 1.0 as shown at https://oss.or param acrName string = 'acr-contoso' param acrResourceGroupName string = 'acr-contoso-rg' param createNewAcr bool = false +@description('${label.tagsLabel}') param tagsByResource object param location string diff --git a/weblogic-azure-aks/src/main/bicep/modules/_uamiAndRoles.bicep b/weblogic-azure-aks/src/main/bicep/modules/_uamiAndRoles.bicep index 2c025efaa..1bb159faf 100644 --- a/weblogic-azure-aks/src/main/bicep/modules/_uamiAndRoles.bicep +++ b/weblogic-azure-aks/src/main/bicep/modules/_uamiAndRoles.bicep @@ -4,6 +4,7 @@ Licensed under the Universal Permissive License v 1.0 as shown at https://oss.or */ param location string +@description('${label.tagsLabel}') param tagsByResource object param name_deploymentScriptContributorRoleAssignmentName string = newGuid() From 928aced1eb0fdb534a90100dc9a5b6710406afd7 Mon Sep 17 00:00:00 2001 From: galiacheng Date: Mon, 14 Oct 2024 13:26:06 +0800 Subject: [PATCH 13/14] increase pom version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 1a0817464..af4ae57e2 100644 --- a/pom.xml +++ b/pom.xml @@ -40,7 +40,7 @@ - 1.0.81 + 1.0.82 1.0.29 1.0.54 From b7c1808b0e907fba589d28690fa4056ab3c1fd07 Mon Sep 17 00:00:00 2001 From: galiacheng Date: Tue, 15 Oct 2024 11:00:47 +0800 Subject: [PATCH 14/14] add comment for bicep user defined function. --- weblogic-azure-aks/src/main/bicep/mainTemplate.bicep | 2 ++ 1 file changed, 2 insertions(+) diff --git a/weblogic-azure-aks/src/main/bicep/mainTemplate.bicep b/weblogic-azure-aks/src/main/bicep/mainTemplate.bicep index 8d018b278..d119658f2 100644 --- a/weblogic-azure-aks/src/main/bicep/mainTemplate.bicep +++ b/weblogic-azure-aks/src/main/bicep/mainTemplate.bicep @@ -313,6 +313,8 @@ param wlsUserName string = 'weblogic' // To mitigate arm-ttk error: Type Mismatch: Parameter in nested template is defined as string, but the parent template defines it as bool. var _enableCustomSSL = enableCustomSSL var _enableAppGWIngress = enableAppGWIngress +// We can streamline the following code with a user-defined function, but it is not supported in Partner Center. +// For status, see https://dev.azure.com/edburns-msft/Open%20Standard%20Enterprise%20Java%20(Java%20EE)%20on%20Azure/_workitems/edit/6219 var _objTagsByResource = { '${identifier.accounts}': contains(tagsByResource, '${identifier.accounts}') ? tagsByResource['${identifier.accounts}'] : json('{}') '${identifier.managedClusters}': contains(tagsByResource, '${identifier.managedClusters}') ? tagsByResource['${identifier.managedClusters}'] : json('{}')