Changes for Outbound access for Dynamic Cluster Offer and Azure security fixes

Author: gnsuryan

weblogic-azure-vm/arm-oraclelinux-wls-dynamic-cluster/arm-oraclelinux-wls-dynamic-cluster/src/main/arm/mainTemplate.json

@@ -191,6 +191,10 @@
 				"description": "A unique value to ensure the generated names are unique."
 			}
 		},
+		"guidTag": {
+			"type": "string",
+			"defaultValue": "[newGuid()]"
+		},		
 		"hasDNSZones": {
 			"type": "bool",
 			"defaultValue": false,
@@ -524,14 +528,18 @@
 	},
 	"variables": {
 		"const_globalResourceNameSuffix": "[uniqueString(parameters('guidValue'))]",
+		"const_guidTag": "[uniqueString(parameters('guidTag'))]",
 		"name_adminVM": "[concat(parameters('adminVMNamePrefix'), variables('const_globalResourceNameSuffix'), 'VM')]",
 		"name_clusterCustomSSLTemplate": "clusterCustomSSLLinkedTemplate",
 		"name_clusterCustomSSLLinkedTemplateName": "clusterCustomSSLTemplate.json",
 		"name_clusterLinkedTemplateName": "clusterTemplate.json",
 		"name_clusterTemplate": "clusterLinkedTemplate",
+		"name_uamiForPostDeploymentScript" : "uamiForPostDeploymentScript",
 		"name_coherenceTemplateName": "coherenceTemplate.json",
 		"name_dbLinkedTemplateName": "dbTemplate.json",
 		"name_dnszonesLinkedTemplateName": "dnszonesTemplate.json",
+		"name_postDeploymentUAMIRolesTemplate" : "postDeploymentUAMIRolesTemplate.json",
+		"name_postDeploymentTemplate": "postDeploymentTemplate.json",
 		"name_managedVMNamePrefix": "[concat(parameters('managedServerPrefix'), variables('const_globalResourceNameSuffix'))]",
 		"name_networkSecurityGroup": "[concat(parameters('dnsLabelPrefix'), '-nsg-', variables('const_globalResourceNameSuffix'))]",
 		"name_nsgLinkedTemplateName": "nsgNestedTemplate.json",
@@ -574,6 +582,9 @@
 					"_globalResourceNameSuffix": {
 						"value": "[variables('const_globalResourceNameSuffix')]"
 					},
+					"const_guidTag":{
+						"value": "[variables('const_guidTag')]"
+					},
 					"adminPasswordOrKey": {
 						"value": "[parameters('adminPasswordOrKey')]"
 					},
@@ -682,6 +693,9 @@
 					"_globalResourceNameSuffix": {
 						"value": "[variables('const_globalResourceNameSuffix')]"
 					},
+					"const_guidTag":{
+						"value": "[variables('const_guidTag')]"
+					},
 					"adminPasswordOrKey": {
 						"value": "[parameters('adminPasswordOrKey')]"
 					},
@@ -1270,7 +1284,8 @@
 		{
 			"type": "Microsoft.Resources/deployments",
 			"apiVersion": "${azure.apiVersionForDeployment}",
-			"name": "${dynamic.end}",
+			"name": "[variables('name_uamiForPostDeploymentScript')]",
+			"condition": "[equals(parameters('virtualNetworkNewOrExisting'), 'existing')]",
 			"dependsOn": [
 				"[resourceId('Microsoft.Resources/deployments', variables('ref_clusterTemplate'))]",
 				"[resourceId('Microsoft.Resources/deployments', 'dbLinkedTemplate')]",
@@ -1280,6 +1295,80 @@
 				"[resourceId('Microsoft.Resources/deployments', 'dnszonesLinkedTemplate')]",
 				"[resourceId('Microsoft.Resources/deployments', 'networkSecurityLinkedTemplate')]"
 			],
+			"properties": {
+				"mode": "Incremental",
+				"templateLink": {
+					"uri": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/', variables('name_postDeploymentUAMIRolesTemplate')))]",
+					"contentVersion": "1.0.0.0"
+				},
+				"parameters": {
+					"location": {
+						"value": "[parameters('location')]"
+					},
+					"_globalResourceNameSuffix": {
+						"value": "[variables('const_globalResourceNameSuffix')]"
+					}
+				}
+			}
+		},
+		{
+			"type": "Microsoft.Resources/deployments",
+			"apiVersion": "${azure.apiVersionForDeployment}",
+			"name": "postDeplyment",
+			"condition": "[equals(parameters('virtualNetworkNewOrExisting'), 'existing')]",
+			"dependsOn": [
+				"[resourceId('Microsoft.Resources/deployments', variables('ref_clusterTemplate'))]",
+				"[resourceId('Microsoft.Resources/deployments', 'dbLinkedTemplate')]",
+				"[resourceId('Microsoft.Resources/deployments', 'coherenceTemplate')]",
+				"[resourceId('Microsoft.Resources/deployments', 'coherenceTemplateWithCustomSSL')]",
+				"[resourceId('Microsoft.Resources/deployments', 'ohsLinkedTemplate')]",
+				"[resourceId('Microsoft.Resources/deployments', 'dnszonesLinkedTemplate')]",
+				"[resourceId('Microsoft.Resources/deployments', 'networkSecurityLinkedTemplate')]",
+				"[resourceId('Microsoft.Resources/deployments', variables('name_uamiForPostDeploymentScript'))]"
+			],
+			"properties": {
+				"mode": "Incremental",
+				"templateLink": {
+		         "uri": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/', variables('name_postDeploymentTemplate')))]",
+		         "contentVersion": "1.0.0.0"
+				},
+				"parameters": {
+					"location": {
+						"value": "[parameters('location')]"
+					},
+					"_globalResourceNameSuffix": {
+						"value": "[variables('const_globalResourceNameSuffix')]"
+					},
+					"const_guidTag":{
+						"value": "[variables('const_guidTag')]"
+					},
+					"_artifactsLocation": {
+						"value": "[parameters('_artifactsLocation')]"
+					},
+					"_artifactsLocationSasToken": {
+						"value": "[parameters('_artifactsLocationSasToken')]"
+					},
+					"userAssignedIdentityResourceId":{
+						"value": "[reference(variables('name_uamiForPostDeploymentScript'),'${azure.apiVersionForDeployment}').outputs.uamidForPostDeployment.value]"
+					}
+				}
+			}
+		},
+		{
+			"type": "Microsoft.Resources/deployments",
+			"apiVersion": "${azure.apiVersionForDeployment}",
+			"name": "${dynamic.end}",
+			"dependsOn": [
+				"[resourceId('Microsoft.Resources/deployments', variables('ref_clusterTemplate'))]",
+				"[resourceId('Microsoft.Resources/deployments', 'dbLinkedTemplate')]",
+				"[resourceId('Microsoft.Resources/deployments', 'coherenceTemplate')]",
+				"[resourceId('Microsoft.Resources/deployments', 'coherenceTemplateWithCustomSSL')]",
+				"[resourceId('Microsoft.Resources/deployments', 'ohsLinkedTemplate')]",
+				"[resourceId('Microsoft.Resources/deployments', 'dnszonesLinkedTemplate')]",
+				"[resourceId('Microsoft.Resources/deployments', 'networkSecurityLinkedTemplate')]",
+				"[resourceId('Microsoft.Resources/deployments', variables('name_uamiForPostDeploymentScript'))]",
+				"[resourceId('Microsoft.Resources/deployments','postDeplyment')]"
+			],
 			"properties": {
 				"mode": "Incremental",
 				"template": {

weblogic-azure-vm/arm-oraclelinux-wls-dynamic-cluster/arm-oraclelinux-wls-dynamic-cluster/src/main/arm/nestedtemplates/clusterCustomSSLTemplate.json

@@ -28,6 +28,12 @@
                 "description": "A suffix to be appended to all resources created by this template."
             }
         },
+        "const_guidTag" :{
+            "type": "string",
+            "metadata": {
+                "description": "A unique tag for resources."
+            }
+        },
         "adminPasswordOrKey": {
             "type": "securestring",
             "metadata": {
@@ -128,7 +134,7 @@
                 "owls-122140-jdk8-rhel87;Oracle:weblogic-122140-jdk8-rhel87:owls-122140-jdk8-rhel87;latest",
                 "owls-122140-jdk8-rhel76;Oracle:weblogic-122140-jdk8-rhel76:owls-122140-jdk8-rhel76;latest",
                 "owls-141100-jdk8-rhel76;Oracle:weblogic-141100-jdk8-rhel76:owls-141100-jdk8-rhel76;latest",
-                "owls-141100-jdk11-rhel76;Oracle:weblogic-141100-jdk11-rhel76:owls-141100-jdk11-rhel76;latest",
+                "owls-141100-jdk11-rhel76;Oracle:weblogic-141100-jdk11-rhel76:owls-141100-jdk11-rhel76;latest"
             ],
             "metadata": {
                 "description": "The Oracle Linux image with Weblogic and Java preinstalled. Semicolon separated string of Sku, URN, and Version"
@@ -493,7 +499,7 @@
         {
             "apiVersion": "${azure.apiVersionForPublicIPAddresses}",
             "type": "Microsoft.Network/publicIPAddresses",
-            "condition": "[equals(parameters('virtualNetworkNewOrExisting'), 'new')]",
+            "tags": "[if(equals(parameters('virtualNetworkNewOrExisting'), 'existing'),createObject(parameters('const_guidTag'),''),createObject())]",
             "name": "[if(equals(copyIndex(),0),concat(parameters('adminVMName'),variables('name_publicIPAddress')),concat(variables('const_managedVMPrefix'), copyIndex(),variables('name_publicIPAddress')))]",
             "location": "[parameters('location')]",
             "copy": {
@@ -578,20 +584,27 @@
                 "count": "[add(parameters('dynamicClusterSize'),1)]"
             },
             "dependsOn": [
-                "[variables('name_virtualNetwork')]"
+                "[variables('name_virtualNetwork')]",
+				"publicIPLoop"
             ],
             "properties": {
                 "ipConfigurations": [
                     {
                         "name": "ipconfig1",
                         "properties": {
                             "privateIPAllocationMethod": "Dynamic",
+                            "publicIPAddress": {
+                                "id": "[resourceId('Microsoft.Network/publicIPAddresses',if(equals(copyIndex(),0),concat(parameters('adminVMName'),variables('name_publicIPAddress')),concat(variables('const_managedVMPrefix'), copyIndex(),variables('name_publicIPAddress'))))]"
+                            },
                             "subnet": {
                                 "id": "[variables('ref_subnet')]"
                             }
                         }
                     }
-                ]
+                ],
+                "dnsSettings": {
+                    "internalDnsNameLabel": "[if(equals(copyIndex(),0),parameters('adminVMName'),concat(variables('const_managedVMPrefix'), copyIndex()))]"
+                }
             }
         },
         {

weblogic-azure-vm/arm-oraclelinux-wls-dynamic-cluster/arm-oraclelinux-wls-dynamic-cluster/src/main/arm/nestedtemplates/clusterTemplate.json

@@ -28,6 +28,12 @@
                 "description": "A suffix to be appended to all resources created by this template."
             }
         },
+        "const_guidTag" :{
+            "type": "string",
+            "metadata": {
+                "description": "A unique tag for resources."
+            }
+        },
         "adminPasswordOrKey": {
             "type": "securestring",
             "metadata": {
@@ -422,7 +428,7 @@
         {
             "apiVersion": "${azure.apiVersionForPublicIPAddresses}",
             "type": "Microsoft.Network/publicIPAddresses",
-            "condition": "[equals(parameters('virtualNetworkNewOrExisting'), 'new')]",
+			"tags": "[if(equals(parameters('virtualNetworkNewOrExisting'), 'existing'),createObject(parameters('const_guidTag'),''),createObject())]",
             "name": "[if(equals(copyIndex(),0),concat(parameters('adminVMName'),variables('name_publicIPAddress')),concat(variables('const_managedVMPrefix'), copyIndex(),variables('name_publicIPAddress')))]",
             "location": "[parameters('location')]",
             "copy": {
@@ -507,20 +513,27 @@
                 "count": "[add(parameters('dynamicClusterSize'),1)]"
             },
             "dependsOn": [
-                "[variables('name_virtualNetwork')]"
+                "[variables('name_virtualNetwork')]",
+                "publicIPLoop"				
             ],
             "properties": {
                 "ipConfigurations": [
                     {
                         "name": "ipconfig1",
                         "properties": {
                             "privateIPAllocationMethod": "Dynamic",
+                            "publicIPAddress": {
+                                "id": "[resourceId('Microsoft.Network/publicIPAddresses',if(equals(copyIndex(),0),concat(parameters('adminVMName'),variables('name_publicIPAddress')),concat(variables('const_managedVMPrefix'), copyIndex(),variables('name_publicIPAddress'))))]"
+                            },
                             "subnet": {
                                 "id": "[variables('ref_subnet')]"
                             }
                         }
                     }
-                ]
+                ],
+                "dnsSettings": {
+                    "internalDnsNameLabel": "[if(equals(copyIndex(),0),parameters('adminVMName'),concat(variables('const_managedVMPrefix'), copyIndex()))]"
+                }
             }
         },
         {

weblogic-azure-vm/arm-oraclelinux-wls-dynamic-cluster/arm-oraclelinux-wls-dynamic-cluster/src/main/arm/nestedtemplates/postDeploymentTemplate.json

@@ -0,0 +1,99 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+		"location": {
+		   "type": "string",
+		   "metadata": {
+		      "description": "Location for all resources."
+		   }
+		},
+		"_globalResourceNameSuffix": {
+		   "type": "string",
+		   "metadata": {
+		      "description": "A unique suffix that was specified during the deployment of the solution template."
+		   }
+		},
+		"const_guidTag" :{
+			"type": "string",
+			"metadata": {
+			   "description": "A unique tag for resources."
+			}
+		},
+		"_artifactsLocation": {
+		   "type": "string",
+		   "metadata": {
+		      "description": "The base URI where artifacts required by this template are located. When the template is deployed using the accompanying scripts, a private location in the subscription will be used and this value will be automatically generated."
+		   }
+		},
+		"_artifactsLocationAdminTemplate": {
+		   "defaultValue": "[if(contains(parameters('_artifactsLocation'), 'githubusercontent'), parameters('_artifactsLocation'), deployment().properties.templateLink.uri)]",
+		   "type": "string",
+		   "metadata": {
+		      "description": "If we are deploying from the command line, use the passed in _artifactsLocation, otherwise use the default."
+		   }
+		},
+		"_artifactsLocationSasToken": {
+		   "type": "securestring",
+		   "metadata": {
+		      "description": "The sasToken required to access _artifactsLocation.  When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured."
+		   }
+		},
+		"userAssignedIdentityResourceId":{
+			"type": "string",
+			"metadata": { 
+				"Description": "UserAssigned Identity"
+			}
+		},
+		"utcValue": {
+		  "type": "string",
+		  "defaultValue": "[utcNow()]"
+		}		
+    },
+    "variables": {
+		"name_postDeploymentscriptFile": "postDeploymentScript.sh"
+    },
+    "resources": [
+		{
+		    "type": "Microsoft.Resources/deploymentScripts",
+		    "apiVersion": "${azure.apiVersionForDeploymentScript}",
+			"name": "[concat('postdeployscript-', parameters('_globalResourceNameSuffix'))]",
+			"kind": "AzureCLI",
+			"location": "[parameters('location')]",
+			"identity": {
+			       "type": "UserAssigned",
+			       "userAssignedIdentities": {
+			        "[parameters('userAssignedIdentityResourceId')]": {}
+					}
+			 },
+			"properties": {
+				"forceUpdateTag": "[parameters('utcValue')]",
+				"azCliVersion": "2.9.1",
+				"timeout": "PT30M",
+				"cleanupPreference": "OnSuccess",
+				"retentionInterval": "P1D",
+				"primaryScriptUri": "[uri(parameters('_artifactsLocationAdminTemplate'), concat('../scripts/', variables('name_postDeploymentscriptFile'), parameters('_artifactsLocationSasToken')))]",
+				"environmentVariables": [
+					{
+						"name": "MANAGED_IDENTITY_ID",
+						"value": "[parameters('userAssignedIdentityResourceId')]"
+					},
+					{
+					    "name": "RESOURCE_GROUP_NAME",
+					    "value": "[resourceGroup().name]"	
+					},
+					{
+						"name": "GUID_TAG",
+						"value": "[parameters('const_guidTag')]"
+					}
+				]
+			}
+		}
+    ],
+    "outputs": {
+		"userAssignedIdentityResource": {
+		         "type": "string",
+		         "value": "[parameters('userAssignedIdentityResourceId')]"
+		 }
+    }
+}