diff --git a/config/config.msft.yaml b/config/config.msft.yaml index 752056f63..f48b6c9bc 100644 --- a/config/config.msft.yaml +++ b/config/config.msft.yaml @@ -8,7 +8,7 @@ defaults: global: rg: b-gerdo-global-shared-resources subscription: hcp-{{ .ctx.region }} - manageTokenCustomRole: false + manageTokenCustomRole: true region: uksouth # General AKS config diff --git a/dev-infrastructure/.gitignore b/dev-infrastructure/.gitignore index ba9a08f5b..5fc4a9807 100644 --- a/dev-infrastructure/.gitignore +++ b/dev-infrastructure/.gitignore @@ -9,4 +9,5 @@ configurations/dev-role-assignments.bicepparam configurations/cs-integ-msi.bicepparam configurations/mock-identities.bicepparam configurations/global.bicepparam +configurations/global-roles.bicepparam config.mk diff --git a/dev-infrastructure/configurations/global-roles.tmpl.bicepparam b/dev-infrastructure/configurations/global-roles.tmpl.bicepparam new file mode 100644 index 000000000..5dc1e3970 --- /dev/null +++ b/dev-infrastructure/configurations/global-roles.tmpl.bicepparam @@ -0,0 +1,3 @@ +using '../templates/global-roles.bicep' + +param manageTokenRole = {{ .global.manageTokenCustomRole }} diff --git a/dev-infrastructure/configurations/global.tmpl.bicepparam b/dev-infrastructure/configurations/global.tmpl.bicepparam index 36dc440be..e1e21c2d9 100644 --- a/dev-infrastructure/configurations/global.tmpl.bicepparam +++ b/dev-infrastructure/configurations/global.tmpl.bicepparam @@ -7,5 +7,3 @@ param ocpAcrName = '{{ .ocpAcrName }}' param ocpAcrSku = 'Premium' param location = '{{ .global.region }}' - -param manageTokenRole = {{ .global.manageTokenCustomRole }} diff --git a/dev-infrastructure/svc-pipeline.yaml b/dev-infrastructure/svc-pipeline.yaml index 8ed50fa32..b1876984f 100644 --- a/dev-infrastructure/svc-pipeline.yaml +++ b/dev-infrastructure/svc-pipeline.yaml @@ -30,7 +30,12 @@ resourceGroups: - name: {{ .global.rg }} subscription: {{ .global.subscription }} steps: - - name: acr-ocp + - name: acr-ocp # rename to global action: ARM template: templates/global.bicep parameters: configurations/global.tmpl.bicepparam + - name: global-roles + action: ARM + template: templates/global-roles.bicep + parameters: configurations/global-roles.tmpl.bicepparam + deploymentLevel: Subscription diff --git a/dev-infrastructure/templates/global-roles.bicep b/dev-infrastructure/templates/global-roles.bicep new file mode 100644 index 000000000..3f55ea137 --- /dev/null +++ b/dev-infrastructure/templates/global-roles.bicep @@ -0,0 +1,7 @@ +@description('Defines if the ACR token management role should be created') +param manageTokenRole bool + +module tokenMgmtRole '../modules/acr/token-mgmt-role.bicep' = if (manageTokenRole) { + name: 'acr-token-mgmt-role' + scope: subscription() +} diff --git a/dev-infrastructure/templates/global.bicep b/dev-infrastructure/templates/global.bicep index 8b67d75b1..dfb9a12de 100644 --- a/dev-infrastructure/templates/global.bicep +++ b/dev-infrastructure/templates/global.bicep @@ -6,8 +6,6 @@ param svcAcrSku string param location string -param manageTokenRole bool - module ocpAcr '../modules/acr/acr.bicep' = { name: '${deployment().name}-${ocpAcrName}' params: { @@ -25,8 +23,3 @@ module svcAcr '../modules/acr/acr.bicep' = { location: location } } - -module tokenMgmtRole '../modules/acr/token-mgmt-role.bicep' = if (manageTokenRole) { - name: 'acr-token-mgmt-role' - scope: subscription() -} diff --git a/tooling/templatize/pkg/pipeline/types.go b/tooling/templatize/pkg/pipeline/types.go index 6f8bf2b61..d5242badd 100644 --- a/tooling/templatize/pkg/pipeline/types.go +++ b/tooling/templatize/pkg/pipeline/types.go @@ -29,6 +29,7 @@ type Step struct { Parameters string `yaml:"parameters,omitempty"` DependsOn []string `yaml:"dependsOn,omitempty"` DryRun DryRun `yaml:"dryRun,omitempty"` + DeploymentLevel string `yaml:"deploymentLevel,omitempty"` outputFunc outPutHandler }