fix: Correct deployment YAML file paths in Azure pipeline

- Updated the Azure pipeline configuration to ensure deployment YAML files are copied from the correct directory, aligning with recent structural changes in the project.

Author: Nieze-BenMansour

deployments/bicep/.gitignore

@@ -0,0 +1,2 @@
+# Compiled output from: az bicep build
+main.json

deployments/bicep/README.md

@@ -0,0 +1,85 @@
+# AKS Hub-Spoke Infrastructure (Bicep)
+
+This folder contains Bicep templates to provision an AKS cluster in a Hub and Spoke network topology:
+- **Hub VNet**: Azure Firewall, Private DNS Zones for SQL and Blob
+- **Compute spoke**: AKS cluster (system + user node pools)
+- **Data spoke**: Azure SQL Database, Storage Account, each with Private Endpoints
+
+## Prerequisites
+
+- Azure CLI with Bicep (`az bicep version`)
+- Contributor (or higher) on target subscription/resource group
+- Sufficient quota for AKS, Firewall, SQL in the region
+
+## Deployment
+
+1. Create a resource group:
+   ```bash
+   az group create --name rg-silkroad-hubspoke-dev --location eastus
+   ```
+
+2. Deploy using the parameters file (provide `sqlAdministratorPassword` at deploy time):
+   ```bash
+   az deployment group create \
+     --resource-group rg-silkroad-hubspoke-dev \
+     --template-file main.bicep \
+     --parameters main.parameters.json \
+     --parameters sqlAdministratorPassword='YourSecurePassword123!'
+   ```
+
+   Or deploy without a parameters file, passing all required params:
+   ```bash
+   az deployment group create \
+     --resource-group rg-silkroad-hubspoke-dev \
+     --template-file main.bicep \
+     --parameters sqlAdministratorLogin=sqladmin \
+     --parameters sqlAdministratorPassword='YourSecurePassword123!'
+   ```
+
+3. Get AKS credentials after deployment:
+   ```bash
+   az aks get-credentials --resource-group rg-silkroad-hubspoke-dev --name silkroad-aks-dev
+   ```
+
+## Parameters
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| location | Azure region | resourceGroup().location |
+| environment | dev or prod | dev |
+| hubAddressPrefix | Hub VNet CIDR | 10.0.0.0/16 |
+| computeSpokeAddressPrefix | Compute spoke CIDR | 10.1.0.0/16 |
+| dataSpokeAddressPrefix | Data spoke CIDR | 10.2.0.0/16 |
+| aksNodeCount | User pool node count | 2 |
+| aksVmSize | Node VM size | Standard_D2s_v3 |
+| aksKubernetesVersion | Kubernetes version | 1.28 |
+| sqlAdministratorLogin | SQL admin login | (required) |
+| sqlAdministratorPassword | SQL admin password | (required, secure) |
+| enableAzureFirewall | Deploy Azure Firewall | true |
+| enablePrivateCluster | Private AKS API | false |
+| projectName | Resource naming prefix | silkroad |
+
+## File Structure
+
+```
+bicep/
+├── main.bicep              # Entry point
+├── parameters.bicep        # (Inlined in main.bicep)
+├── main.parameters.json    # Default parameter values
+├── modules/
+│   ├── hub-network.bicep   # Hub VNet, Firewall, Private DNS Zones
+│   ├── spoke-compute.bicep # Compute spoke VNet, AKS, DNS links
+│   ├── spoke-data.bicep    # Data spoke VNet, SQL, Storage, PEs
+│   ├── peering.bicep       # VNet peering (Hub ↔ Compute, Hub ↔ Data)
+│   └── aks-cluster.bicep   # AKS cluster resource
+└── README.md
+```
+
+## Outputs
+
+- `hubVNetId`: Hub VNet resource ID
+- `aksClusterId`: AKS cluster resource ID
+- `aksClusterName`: AKS cluster name (for `az aks get-credentials`)
+- `aksClusterFqdn`: AKS API FQDN
+- `sqlServerFqdn`: SQL Server FQDN (for connection string)
+- `storageAccountName`: Storage account name

deployments/bicep/main.bicep

@@ -0,0 +1,103 @@
+targetScope = 'resourceGroup'
+
+@description('Azure region for all resources')
+param location string = resourceGroup().location
+
+@description('Environment (dev | prod)')
+@allowed(['dev', 'prod'])
+param environment string = 'dev'
+
+@description('Hub VNet address prefix')
+param hubAddressPrefix string = '10.0.0.0/16'
+
+@description('Compute spoke VNet address prefix')
+param computeSpokeAddressPrefix string = '10.1.0.0/16'
+
+@description('Data spoke VNet address prefix')
+param dataSpokeAddressPrefix string = '10.2.0.0/16'
+
+@description('Number of AKS agent nodes in user pool')
+param aksNodeCount int = 2
+
+@description('AKS agent node VM size')
+param aksVmSize string = 'Standard_D2s_v3'
+
+@description('AKS Kubernetes version')
+param aksKubernetesVersion string = '1.28'
+
+@description('SQL administrator login')
+param sqlAdministratorLogin string
+
+@description('SQL administrator password')
+@secure()
+param sqlAdministratorPassword string
+
+@description('Enable Azure Firewall in Hub')
+param enableAzureFirewall bool = true
+
+@description('Enable private AKS cluster')
+param enablePrivateCluster bool = false
+
+@description('Project/app name for resource naming')
+param projectName string = 'silkroad'
+
+module hub 'modules/hub-network.bicep' = {
+  name: 'hub-network-deployment'
+  params: {
+    location: location
+    hubAddressPrefix: hubAddressPrefix
+    enableAzureFirewall: enableAzureFirewall
+    projectName: projectName
+    environment: environment
+  }
+}
+
+module spokeData 'modules/spoke-data.bicep' = {
+  name: 'spoke-data-deployment'
+  params: {
+    location: location
+    dataSpokeAddressPrefix: dataSpokeAddressPrefix
+    projectName: projectName
+    environment: environment
+    sqlAdministratorLogin: sqlAdministratorLogin
+    sqlAdministratorPassword: sqlAdministratorPassword
+    dnsZoneSqlId: hub.outputs.dnsZoneSqlId
+    dnsZoneBlobId: hub.outputs.dnsZoneBlobId
+  }
+}
+
+module spokeCompute 'modules/spoke-compute.bicep' = {
+  name: 'spoke-compute-deployment'
+  dependsOn: [hub]
+  params: {
+    location: location
+    computeSpokeAddressPrefix: computeSpokeAddressPrefix
+    projectName: projectName
+    environment: environment
+    aksNodeCount: aksNodeCount
+    aksVmSize: aksVmSize
+    aksKubernetesVersion: aksKubernetesVersion
+    enablePrivateCluster: enablePrivateCluster
+  }
+}
+
+module peering 'modules/peering.bicep' = {
+  name: 'peering-deployment'
+  params: {
+    projectName: projectName
+    environment: environment
+    hubVNetId: hub.outputs.hubVNetId
+    hubVNetName: hub.outputs.hubVNetName
+    computeSpokeVNetId: spokeCompute.outputs.computeSpokeVNetId
+    computeSpokeVNetName: spokeCompute.outputs.computeSpokeVNetName
+    dataSpokeVNetId: spokeData.outputs.dataSpokeVNetId
+    dataSpokeVNetName: spokeData.outputs.dataSpokeVNetName
+  }
+}
+
+output hubVNetId string = hub.outputs.hubVNetId
+output aksClusterId string = spokeCompute.outputs.aksClusterId
+output aksClusterName string = spokeCompute.outputs.aksClusterName
+output aksClusterFqdn string = spokeCompute.outputs.aksClusterFqdn
+output sqlServerFqdn string = spokeData.outputs.sqlServerFqdn
+output storageAccountName string = spokeData.outputs.storageAccountName

deployments/bicep/main.parameters.json

@@ -0,0 +1,45 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "location": {
+      "value": "eastus"
+    },
+    "environment": {
+      "value": "dev"
+    },
+    "hubAddressPrefix": {
+      "value": "10.0.0.0/16"
+    },
+    "computeSpokeAddressPrefix": {
+      "value": "10.1.0.0/16"
+    },
+    "dataSpokeAddressPrefix": {
+      "value": "10.2.0.0/16"
+    },
+    "aksNodeCount": {
+      "value": 2
+    },
+    "aksVmSize": {
+      "value": "Standard_D2s_v3"
+    },
+    "aksKubernetesVersion": {
+      "value": "1.28"
+    },
+    "sqlAdministratorLogin": {
+      "value": "sqladmin"
+    },
+    "sqlAdministratorPassword": {
+      "value": "CHANGE_ME_AT_DEPLOY_TIME"
+    },
+    "enableAzureFirewall": {
+      "value": true
+    },
+    "enablePrivateCluster": {
+      "value": false
+    },
+    "projectName": {
+      "value": "silkroad"
+    }
+  }
+}

deployments/bicep/modules/aks-cluster.bicep

@@ -0,0 +1,67 @@
+param location string = resourceGroup().location
+param projectName string = 'silkroad'
+param environment string = 'dev'
+param aksSubnetId string
+param aksNodeCount int = 2
+param aksVmSize string = 'Standard_D2s_v3'
+param aksKubernetesVersion string = '1.28'
+param enablePrivateCluster bool = false
+
+var aksClusterName = '${projectName}-aks-${environment}'
+
+resource aksCluster 'Microsoft.ContainerService/managedClusters@2023-11-01' = {
+  name: aksClusterName
+  location: location
+  identity: {
+    type: 'SystemAssigned'
+  }
+  properties: {
+    dnsPrefix: '${projectName}-${environment}'
+    agentPoolProfiles: [
+      {
+        name: 'systempool'
+        count: 2
+        vmSize: aksVmSize
+        osType: 'Linux'
+        osDiskSizeGB: 30
+        type: 'VirtualMachineScaleSets'
+        mode: 'System'
+        orchestratorVersion: aksKubernetesVersion
+        enableNodePublicIP: false
+        vnetSubnetID: aksSubnetId
+      }
+      {
+        name: 'userpool'
+        count: aksNodeCount
+        vmSize: aksVmSize
+        osType: 'Linux'
+        osDiskSizeGB: 128
+        type: 'VirtualMachineScaleSets'
+        mode: 'User'
+        orchestratorVersion: aksKubernetesVersion
+        enableNodePublicIP: false
+        vnetSubnetID: aksSubnetId
+        enableAutoScaling: true
+        minCount: 1
+        maxCount: 5
+      }
+    ]
+    networkProfile: {
+      networkPlugin: 'azure'
+      networkPolicy: 'azure'
+      loadBalancerSku: 'standard'
+      serviceCidr: '10.10.0.0/16'
+      dnsServiceIP: '10.10.0.10'
+    }
+    kubernetesVersion: aksKubernetesVersion
+    enableRBAC: true
+    apiServerAccessProfile: {
+      enablePrivateCluster: enablePrivateCluster
+    }
+  }
+}
+
+output aksClusterId string = aksCluster.id
+output aksClusterName string = aksCluster.name
+output aksClusterFqdn string = aksCluster.properties.fqdn
+output aksPrincipalId string = aksCluster.identity.principalId

deployments/bicep/modules/hub-network.bicep

@@ -0,0 +1,82 @@
+param location string = resourceGroup().location
+param hubAddressPrefix string = '10.0.0.0/16'
+param enableAzureFirewall bool = true
+param projectName string = 'silkroad'
+param environment string = 'dev'
+
+var hubVNetName = '${projectName}-hub-vnet-${environment}'
+var firewallSubnetName = 'AzureFirewallSubnet'
+var gatewaySubnetName = 'GatewaySubnet'
+var firewallSubnetPrefix = '10.0.0.0/26'
+var gatewaySubnetPrefix = '10.0.0.64/27'
+
+resource hubVNet 'Microsoft.Network/virtualNetworks@2023-11-01' = {
+  name: hubVNetName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [hubAddressPrefix]
+    }
+    subnets: [
+      {
+        name: firewallSubnetName
+        properties: {
+          addressPrefix: firewallSubnetPrefix
+          delegations: []
+          privateEndpointNetworkPolicies: 'Enabled'
+          privateLinkServiceNetworkPolicies: 'Enabled'
+        }
+      }
+      {
+        name: gatewaySubnetName
+        properties: {
+          addressPrefix: gatewaySubnetPrefix
+          delegations: []
+          privateEndpointNetworkPolicies: 'Enabled'
+          privateLinkServiceNetworkPolicies: 'Enabled'
+        }
+      }
+    ]
+  }
+}
+
+resource azureFirewall 'Microsoft.Network/azureFirewalls@2023-11-01' = if (enableAzureFirewall) {
+  name: '${projectName}-hub-fw-${environment}'
+  location: location
+  properties: {
+    sku: {
+      name: 'AZFW_Hub'
+      tier: 'Standard'
+    }
+    threatIntelMode: 'Alert'
+    ipConfigurations: [
+      {
+        name: 'configuration'
+        properties: {
+          subnet: {
+            id: hubVNet.properties.subnets[0].id
+          }
+        }
+      }
+    ]
+  }
+}
+
+resource dnsZoneSql 'Microsoft.Network/privateDnsZones@2023-11-01' = {
+  name: 'privatelink.database.windows.net'
+  location: 'global'
+  properties: {}
+}
+
+resource dnsZoneBlob 'Microsoft.Network/privateDnsZones@2023-11-01' = {
+  name: 'privatelink.blob.core.windows.net'
+  location: 'global'
+  properties: {}
+}
+
+output hubVNetId string = hubVNet.id
+output hubVNetName string = hubVNet.name
+output hubResourceGroup string = resourceGroup().name
+output firewallPrivateIp string = enableAzureFirewall ? azureFirewall.properties.ipConfigurations[0].properties.privateIPAddress : ''
+output dnsZoneSqlId string = dnsZoneSql.id
+output dnsZoneBlobId string = dnsZoneBlob.id