From 04cd7211d8284ce76fded468666dcc7f69fce9af Mon Sep 17 00:00:00 2001 From: Nathan Windisch Date: Thu, 21 Nov 2024 14:37:28 +0000 Subject: [PATCH] Initial commit of template files, and a (brief) README.md --- README.md | 18 ++ groupmanager-v1-aa.parameters.json | 34 ++++ groupmanager-v1-aa.template.json | 156 +++++++++++++++++ groupmanager-v1.parameters.json | 21 +++ groupmanager-v1.template.json | 264 +++++++++++++++++++++++++++++ 5 files changed, 493 insertions(+) create mode 100644 README.md create mode 100644 groupmanager-v1-aa.parameters.json create mode 100644 groupmanager-v1-aa.template.json create mode 100644 groupmanager-v1.parameters.json create mode 100644 groupmanager-v1.template.json diff --git a/README.md b/README.md new file mode 100644 index 0000000..5ee00fd --- /dev/null +++ b/README.md @@ -0,0 +1,18 @@ +# neogroupmanager + +## what? +neogroupmanager is a web-based application for managing on-premise Active Directory groups, similar to [Group Manager]() by [cjwdev](). + + +## how? +_(via [PowerShell]() or a UNIX equivelant)_ +1. `git clone https://git.wnd.sh/neogroupmanager/az neogroupmanager` +2. `cd neogroupmanager` +3. `Connect-AzAccount` +4. `New-AzResouceGroup -ResourceGroupName groupmanager-p-v1-rg -Location ` +5. `New-AzResourceGroupDeployment -ResourceGroupName groupmanager-p-v1-rg -TemplateFile ./groupmanager-v1.template.json -TemplateParameterFile ./groupmanager-v1.parameters.json` +6. `New-AzResourceGroupDeployment -ResourceGroupName groupmanager-p-v1-rg -TemplateFile ./groupmanager-v1-aa.template.json -TemplateParameterFile ./groupmanager-v1-aa.parameters.json` + +## why? + + diff --git a/groupmanager-v1-aa.parameters.json b/groupmanager-v1-aa.parameters.json new file mode 100644 index 0000000..805f75b --- /dev/null +++ b/groupmanager-v1-aa.parameters.json @@ -0,0 +1,34 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "tenantName": { + "value": "wndsh" + }, + "projectName": { + "value": "groupmanager" + }, + "projectEnvironment": { + "value": "p" + }, + "projectVersion": { + "value": "v1" + }, + "subscriptionId": { + "value": "56aa1670-6826-4e0f-b415-10f242bbd995" + }, + "aaRgName": { + "value": "automation-p-rg", + "valuex": "UoR-uks-ops-automation-p-rg" + }, + "aaName": { + "value": "automation-p-v1-aa" + }, + "hybridWorkerId": { + "value": "1719436c-139e-4117-8517-5a2c56df8aeb" + }, + "azTableVersion": { + "value": "2.1.0" + } + } +} diff --git a/groupmanager-v1-aa.template.json b/groupmanager-v1-aa.template.json new file mode 100644 index 0000000..165ea21 --- /dev/null +++ b/groupmanager-v1-aa.template.json @@ -0,0 +1,156 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "tenantName": { + "defaultValue": "exampleorg", + "type": "string" + }, + "projectName": { + "defaultValue": "groupmanager", + "type": "String" + }, + "projectEnvironment": { + "defaultValue": "t", + "type": "String" + }, + "projectVersion": { + "defaultValue": "v1", + "type": "String" + }, + "subscriptionId": { + "defaultValue": "00000000-0000-0000-0000-000000000000", + "type": "String" + }, + "aaRgName": { + "defaultValue": "my-aa-rg-name", + "type": "String" + }, + "aaName": { + "defaultValue": "my-aa-name", + "type": "String" + }, + "hybridWorkerId": { + "defaultValue": "00000000-0000-0000-0000-000000000000", + "type": "string" + }, + "azTableVersion": { + "defaultValue": "2.1.0", + "type": "string" + } + }, + "variables": { + "projectPrefix": "[concat(parameters('projectName'), '-', parameters('projectEnvironment'), '-', parameters('projectVersion'))]", + "aaName": "[concat(variables('projectPrefix'), '-aa')]", + "miName": "[concat(variables('projectPrefix'), '-mi')]", + "reName": "[concat(variables('aaName'), 're')]", + "hwgwName": "[concat(variables('aaName'), '/', '001-hwgw')]" + }, + "resources": [ + { + "type": "Microsoft.Automation/automationAccounts", + "apiVersion": "2023-11-01", + "name": "[variables('aaName')]", + "location": "uksouth", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('miName'))]": {} + } + }, + "properties": { + "publicNetworkAccess": true, + "disableLocalAuth": false, + "sku": { + "name": "Basic" + }, + "encryption": { + "keySource": "Microsoft.Automation", + "identity": {} + } + } + }, + { + "type": "Microsoft.Automation/automationAccounts/connectionTypes", + "apiVersion": "2023-11-01", + "name": "[concat(variables('aaName'), '/Azure')]", + "dependsOn": [ + "[resourceId('Microsoft.Automation/automationAccounts', variables('aaName'))]" + ], + "properties": { + "isGlobal": false, + "fieldDefinitions": { + "AutomationCertificateName": { + "isEncrypted": false, + "isOptional": false, + "type": "System.String" + }, + "SubscriptionID": { + "isEncrypted": false, + "isOptional": false, + "type": "System.String" + } + } + } + }, + { + "type": "Microsoft.Automation/automationAccounts/runtimeEnvironments", + "apiVersion": "2023-05-15-preview", + "name": "[concat(variables('aaName'), '/', variables('reName'))]", + "location": "uksouth", + "dependsOn": [ + "[resourceId('Microsoft.Automation/automationAccounts', variables('aaName'))]" + ], + "properties": { + "runtime": { + "language": "PowerShell", + "version": "7.2" + }, + "defaultPackages": { + "az": "11.2.0", + "azure cli": "2.56.0" + }, + "packages": { + "aztable": "[parameters('azTableVersion')]" + }, + "description": "The main runtime environment used for managing UoR Group Manager." + } + }, + { + "type": "Microsoft.Automation/automationAccounts/runtimeEnvironments/packages", + "apiVersion": "2023-05-15-preview", + "name": "[concat(variables('aaName'), '/', variables('aaName'), 're/AzTable')]", + "location": "uksouth", + "dependsOn": [ + "[resourceId('Microsoft.Automation/automationAccounts/runtimeEnvironments', variables('aaName'), concat(variables('aaName'), 're'))]", + "[resourceId('Microsoft.Automation/automationAccounts', variables('aaName'))]" + ], + "properties": { + "contentLink": { + "uri": "[concat('https://devopsgallerystorage.blob.core.windows.net/packages/aztable.', parameters('azTableVersion'), '.nupkg')]", + "version": "[parameters('azTableVersion')]" + } + } + }, + { + "type": "Microsoft.Automation/automationAccounts/runbooks", + "apiVersion": "2023-11-01", + "name": "[concat(variables('aaName'), '/groupmanager-update-membership-t-v1-aar')]", + "location": "uksouth", + "dependsOn": [ + "[resourceId('Microsoft.Automation/automationAccounts', variables('aaName'))]" + ], + "properties": { + "description": "This runbook updates the membership of a group, by using the associated message queues to process requests.", + "runbookType": "PowerShell", + "publishContentLink": { + "uri": "https://git.wnd.sh/neogroupmanager/neogroupmanager/branch/main/update-membership.ps1", + "version": "1.0.0" + }, + "logVerbose": false, + "logProgress": false, + "logActivityTrace": 0 + } + } + ] +} \ No newline at end of file diff --git a/groupmanager-v1.parameters.json b/groupmanager-v1.parameters.json new file mode 100644 index 0000000..3e1ae49 --- /dev/null +++ b/groupmanager-v1.parameters.json @@ -0,0 +1,21 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "tenantName": { + "value": "wndsh" + }, + "projectName": { + "value": "groupmanager" + }, + "projectEnvironment": { + "value": "p" + }, + "projectVersion": { + "value": "v1" + }, + "subscriptionId": { + "value": "56aa1670-6826-4e0f-b415-10f242bbd995" + } + } +} \ No newline at end of file diff --git a/groupmanager-v1.template.json b/groupmanager-v1.template.json new file mode 100644 index 0000000..5cb9ebe --- /dev/null +++ b/groupmanager-v1.template.json @@ -0,0 +1,264 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "tenantName": { + "defaultValue": "exampleorg", + "type": "string" + }, + "projectName": { + "defaultValue": "groupmanager", + "type": "string" + }, + "projectEnvironment": { + "defaultValue": "d", + "type": "string" + }, + "projectVersion": { + "defaultValue": "v1", + "type": "string" + }, + "subscriptionId": { + "defaultValue": "00000000-0000-0000-0000-000000000000", + "type": "string" + } + }, + "variables": { + "projectPrefix": "[concat(parameters('projectName'), '-', parameters('projectEnvironment'), '-', parameters('projectVersion'))]", + "swaName": "[concat(parameters('tenantName'), '-', variables('projectPrefix'), '-swa')]", + "miName": "[concat(variables('projectPrefix'), '-mi')]", + "saName": "[concat(parameters('tenantName'), parameters('projectName'), parameters('projectEnvironment'), parameters('projectVersion'), 'sa')]", + "fsName": "[concat(parameters('tenantName'), '-', variables('projectPrefix'), '-func')]" + }, + "resources": [ + { + "type": "Microsoft.ManagedIdentity/userAssignedIdentities", + "apiVersion": "2023-07-31-preview", + "name": "[variables('miName')]", + "location": "uksouth" + }, + { + "type": "Microsoft.Storage/storageAccounts", + "apiVersion": "2023-05-01", + "name": "[variables('saName')]", + "location": "uksouth", + "sku": { + "name": "Standard_LRS", + "tier": "Standard" + }, + "kind": "Storage", + "properties": { + "allowedCopyScope": "AAD", + "defaultToOAuthAuthentication": true, + "allowCrossTenantReplication": false, + "minimumTlsVersion": "TLS1_2", + "allowBlobPublicAccess": false, + "allowSharedKeyAccess": true, + "networkAcls": { + "bypass": "AzureServices", + "virtualNetworkRules": [], + "ipRules": [], + "defaultAction": "Allow" + }, + "supportsHttpsTrafficOnly": true, + "encryption": { + "services": { + "file": { + "keyType": "Account", + "enabled": true + }, + "blob": { + "keyType": "Account", + "enabled": true + } + }, + "keySource": "Microsoft.Storage" + } + } + }, + { + "type": "Microsoft.Web/staticSites", + "apiVersion": "2023-12-01", + "name": "[variables('swaName')]", + "location": "West Europe", + "tags": { + "hidden-link: /app-insights-resource-id": "/subscriptions/56aa1670-6826-4e0f-b415-10f242bbd995/resourceGroups/general-p-rg/providers/microsoft.insights/components/wndsh-openapi-function-test-v1-func", + "hidden-link: /app-insights-instrumentation-key": "a5699918-8985-4069-8fa3-252aaeac0ac5", + "hidden-link: /app-insights-conn-string": "InstrumentationKey=a5699918-8985-4069-8fa3-252aaeac0ac5;IngestionEndpoint=https://uksouth-1.in.applicationinsights.azure.com/;LiveEndpoint=https://uksouth.livediagnostics.monitor.azure.com/;ApplicationId=e8916dde-8ac7-4ee5-ac81-d35013aa9750" + }, + "sku": { + "name": "Free", + "tier": "Free" + }, + "properties": { + "repositoryUrl": "https://github.com/NathanWindisch/group-manager-swa", + "branch": "main", + "stagingEnvironmentPolicy": "Enabled", + "allowConfigFileUpdates": true, + "provider": "GitHub", + "enterpriseGradeCdnStatus": "Disabled" + } + }, + { + "type": "Microsoft.Storage/storageAccounts/blobServices", + "apiVersion": "2023-05-01", + "name": "[concat(variables('saName'), '/default')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', variables('saName'))]" + ], + "sku": { + "name": "Standard_LRS", + "tier": "Standard" + }, + "properties": { + "cors": { + "corsRules": [] + }, + "deleteRetentionPolicy": { + "allowPermanentDelete": false, + "enabled": false + } + } + }, + { + "type": "Microsoft.Storage/storageAccounts/fileServices", + "apiVersion": "2023-05-01", + "name": "[concat(variables('saName'), '/default')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', variables('saName'))]" + ], + "sku": { + "name": "Standard_LRS", + "tier": "Standard" + }, + "properties": { + "protocolSettings": { + "smb": {} + }, + "cors": { + "corsRules": [] + }, + "shareDeleteRetentionPolicy": { + "enabled": true, + "days": 7 + } + } + }, + { + "type": "Microsoft.Storage/storageAccounts/queueServices", + "apiVersion": "2023-05-01", + "name": "[concat(variables('saName'), '/default')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', variables('saName'))]" + ], + "properties": { + "cors": { + "corsRules": [] + } + } + }, + { + "type": "Microsoft.Storage/storageAccounts/tableServices", + "apiVersion": "2023-05-01", + "name": "[concat(variables('saName'), '/default')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', variables('saName'))]" + ], + "properties": { + "cors": { + "corsRules": [] + } + } + }, + { + "type": "Microsoft.Web/staticSites/basicAuth", + "apiVersion": "2023-12-01", + "name": "[concat(variables('swaName'), '/default')]", + "location": "West Europe", + "dependsOn": [ + "[resourceId('Microsoft.Web/staticSites', variables('swaName'))]" + ], + "properties": { + "applicableEnvironmentsMode": "SpecifiedEnvironments" + } + }, + { + "type": "Microsoft.Storage/storageAccounts/blobServices/containers", + "apiVersion": "2023-05-01", + "name": "[concat(variables('saName'), '/default/azure-webjobs-hosts')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts/blobServices', variables('saName'), 'default')]", + "[resourceId('Microsoft.Storage/storageAccounts', variables('saName'))]" + ], + "properties": { + "immutableStorageWithVersioning": { + "enabled": false + }, + "defaultEncryptionScope": "$account-encryption-key", + "denyEncryptionScopeOverride": false, + "publicAccess": "None" + } + }, + { + "type": "Microsoft.Storage/storageAccounts/blobServices/containers", + "apiVersion": "2023-05-01", + "name": "[concat(variables('saName'), '/default/azure-webjobs-secrets')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts/blobServices', variables('saName'), 'default')]", + "[resourceId('Microsoft.Storage/storageAccounts', variables('saName'))]" + ], + "properties": { + "immutableStorageWithVersioning": { + "enabled": false + }, + "defaultEncryptionScope": "$account-encryption-key", + "denyEncryptionScopeOverride": false, + "publicAccess": "None" + } + }, + { + "type": "Microsoft.Storage/storageAccounts/queueServices/queues", + "apiVersion": "2023-05-01", + "name": "[concat(variables('saName'), '/default/members')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts/queueServices', variables('saName'), 'default')]", + "[resourceId('Microsoft.Storage/storageAccounts', variables('saName'))]" + ], + "properties": { + "metadata": {} + } + }, + { + "type": "Microsoft.Storage/storageAccounts/queueServices/queues", + "apiVersion": "2023-05-01", + "name": "[concat(variables('saName'), '/default/permissions')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts/queueServices', variables('saName'), 'default')]", + "[resourceId('Microsoft.Storage/storageAccounts', variables('saName'))]" + ], + "properties": { + "metadata": {} + } + }, + { + "type": "Microsoft.Storage/storageAccounts/tableServices/tables", + "apiVersion": "2023-05-01", + "name": "[concat(variables('saName'), '/default/permissions')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts/tableServices', variables('saName'), 'default')]", + "[resourceId('Microsoft.Storage/storageAccounts', variables('saName'))]" + ], + "properties": {} + }, + { + "type": "Microsoft.Storage/storageAccounts/tableServices/tables", + "apiVersion": "2023-05-01", + "name": "[concat(variables('saName'), '/default/users')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts/tableServices', variables('saName'), 'default')]", + "[resourceId('Microsoft.Storage/storageAccounts', variables('saName'))]" + ], + "properties": {} + } + ] +} \ No newline at end of file