[Modules] Updated Cosmos DB Module tests to support dynamic primary and secondary region locations (#3946)

ahmadabdalla · web-flow · commit 9bd1b4694490 · 2023-09-09T07:11:14.000+02:00
diff --git a/modules/document-db/database-account/.test/gremlindb/dependencies.bicep b/modules/document-db/database-account/.test/gremlindb/dependencies.bicep
@@ -4,10 +4,46 @@ param location string = resourceGroup().location
 @description('Required. The name of the Managed Identity to create.')
 param managedIdentityName string
 
+@description('Required. The name of the Deployment Script to create to get the paired region name.')
+param pairedRegionScriptName string
+
 resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
     name: managedIdentityName
     location: location
 }
 
+resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+    name: guid('msi-${location}-${managedIdentity.id}-Reader-RoleAssignment')
+    properties: {
+        principalId: managedIdentity.properties.principalId
+        roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') // Reader
+        principalType: 'ServicePrincipal'
+    }
+}
+
+resource getPairedRegionScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+    name: pairedRegionScriptName
+    location: location
+    kind: 'AzurePowerShell'
+    identity: {
+        type: 'UserAssigned'
+        userAssignedIdentities: {
+            '${managedIdentity.id}': {}
+        }
+    }
+    properties: {
+        azPowerShellVersion: '8.0'
+        retentionInterval: 'P1D'
+        arguments: '-Location \\"${location}\\"'
+        scriptContent: loadTextContent('../../../../.shared/.scripts/Get-PairedRegion.ps1')
+    }
+    dependsOn: [
+        roleAssignment
+    ]
+}
+
+@description('The name of the paired region.')
+output pairedRegionName string = getPairedRegionScript.properties.outputs.pairedRegionName
+
 @description('The principal ID of the created Managed Identity.')
 output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/modules/document-db/database-account/.test/gremlindb/main.test.bicep b/modules/document-db/database-account/.test/gremlindb/main.test.bicep
@@ -36,6 +36,7 @@ module nestedDependencies 'dependencies.bicep' = {
   name: '${uniqueString(deployment().name, location)}-nestedDependencies'
   params: {
     managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'
+    pairedRegionScriptName: 'dep-${namePrefix}-ds-${serviceShort}'
   }
 }
 
@@ -67,12 +68,12 @@ module testDeployment '../../main.bicep' = {
       {
         failoverPriority: 0
         isZoneRedundant: false
-        locationName: 'West Europe'
+        locationName: location
       }
       {
         failoverPriority: 1
         isZoneRedundant: false
-        locationName: 'North Europe'
+        locationName: nestedDependencies.outputs.pairedRegionName
       }
     ]
     capabilitiesToAdd: [
diff --git a/modules/document-db/database-account/.test/mongodb/dependencies.bicep b/modules/document-db/database-account/.test/mongodb/dependencies.bicep
@@ -4,10 +4,46 @@ param location string = resourceGroup().location
 @description('Required. The name of the Managed Identity to create.')
 param managedIdentityName string
 
+@description('Required. The name of the Deployment Script to create to get the paired region name.')
+param pairedRegionScriptName string
+
 resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
     name: managedIdentityName
     location: location
 }
 
+resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+    name: guid('msi-${location}-${managedIdentity.id}-Reader-RoleAssignment')
+    properties: {
+        principalId: managedIdentity.properties.principalId
+        roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') // Reader
+        principalType: 'ServicePrincipal'
+    }
+}
+
+resource getPairedRegionScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+    name: pairedRegionScriptName
+    location: location
+    kind: 'AzurePowerShell'
+    identity: {
+        type: 'UserAssigned'
+        userAssignedIdentities: {
+            '${managedIdentity.id}': {}
+        }
+    }
+    properties: {
+        azPowerShellVersion: '8.0'
+        retentionInterval: 'P1D'
+        arguments: '-Location \\"${location}\\"'
+        scriptContent: loadTextContent('../../../../.shared/.scripts/Get-PairedRegion.ps1')
+    }
+    dependsOn: [
+        roleAssignment
+    ]
+}
+
+@description('The name of the paired region.')
+output pairedRegionName string = getPairedRegionScript.properties.outputs.pairedRegionName
+
 @description('The principal ID of the created Managed Identity.')
 output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/modules/document-db/database-account/.test/mongodb/main.test.bicep b/modules/document-db/database-account/.test/mongodb/main.test.bicep
@@ -36,6 +36,7 @@ module nestedDependencies 'dependencies.bicep' = {
   name: '${uniqueString(deployment().name, location)}-nestedDependencies'
   params: {
     managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'
+    pairedRegionScriptName: 'dep-${namePrefix}-ds-${serviceShort}'
   }
 }
 
@@ -67,12 +68,12 @@ module testDeployment '../../main.bicep' = {
       {
         failoverPriority: 0
         isZoneRedundant: false
-        locationName: 'West Europe'
+        locationName: location
       }
       {
         failoverPriority: 1
         isZoneRedundant: false
-        locationName: 'North Europe'
+        locationName: nestedDependencies.outputs.pairedRegionName
       }
     ]
     diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
diff --git a/modules/document-db/database-account/.test/plain/dependencies.bicep b/modules/document-db/database-account/.test/plain/dependencies.bicep
@@ -4,10 +4,46 @@ param location string = resourceGroup().location
 @description('Required. The name of the Managed Identity to create.')
 param managedIdentityName string
 
+@description('Required. The name of the Deployment Script to create to get the paired region name.')
+param pairedRegionScriptName string
+
 resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
     name: managedIdentityName
     location: location
 }
 
+resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+    name: guid('msi-${location}-${managedIdentity.id}-Reader-RoleAssignment')
+    properties: {
+        principalId: managedIdentity.properties.principalId
+        roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') // Reader
+        principalType: 'ServicePrincipal'
+    }
+}
+
+resource getPairedRegionScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+    name: pairedRegionScriptName
+    location: location
+    kind: 'AzurePowerShell'
+    identity: {
+        type: 'UserAssigned'
+        userAssignedIdentities: {
+            '${managedIdentity.id}': {}
+        }
+    }
+    properties: {
+        azPowerShellVersion: '8.0'
+        retentionInterval: 'P1D'
+        arguments: '-Location \\"${location}\\"'
+        scriptContent: loadTextContent('../../../../.shared/.scripts/Get-PairedRegion.ps1')
+    }
+    dependsOn: [
+        roleAssignment
+    ]
+}
+
+@description('The name of the paired region.')
+output pairedRegionName string = getPairedRegionScript.properties.outputs.pairedRegionName
+
 @description('The principal ID of the created Managed Identity.')
 output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/modules/document-db/database-account/.test/plain/main.test.bicep b/modules/document-db/database-account/.test/plain/main.test.bicep
@@ -36,6 +36,7 @@ module nestedDependencies 'dependencies.bicep' = {
   name: '${uniqueString(deployment().name, location)}-nestedDependencies'
   params: {
     managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'
+    pairedRegionScriptName: 'dep-${namePrefix}-ds-${serviceShort}'
   }
 }
 
@@ -67,12 +68,12 @@ module testDeployment '../../main.bicep' = {
       {
         failoverPriority: 0
         isZoneRedundant: false
-        locationName: 'West Europe'
+        locationName: location
       }
       {
         failoverPriority: 1
         isZoneRedundant: false
-        locationName: 'North Europe'
+        locationName: nestedDependencies.outputs.pairedRegionName
       }
     ]
     diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
diff --git a/modules/document-db/database-account/.test/sqldb/dependencies.bicep b/modules/document-db/database-account/.test/sqldb/dependencies.bicep
@@ -7,6 +7,9 @@ param managedIdentityName string
 @description('Required. The name of the Virtual Network to create.')
 param virtualNetworkName string
 
+@description('Required. The name of the Deployment Script to create to get the paired region name.')
+param pairedRegionScriptName string
+
 var addressPrefix = '10.0.0.0/16'
 
 resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
@@ -50,6 +53,39 @@ resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = {
   }
 }
 
+resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid('msi-${location}-${managedIdentity.id}-Reader-RoleAssignment')
+  properties: {
+    principalId: managedIdentity.properties.principalId
+    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') // Reader
+    principalType: 'ServicePrincipal'
+  }
+}
+
+resource getPairedRegionScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+  name: pairedRegionScriptName
+  location: location
+  kind: 'AzurePowerShell'
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      '${managedIdentity.id}': {}
+    }
+  }
+  properties: {
+    azPowerShellVersion: '8.0'
+    retentionInterval: 'P1D'
+    arguments: '-Location \\"${location}\\"'
+    scriptContent: loadTextContent('../../../../.shared/.scripts/Get-PairedRegion.ps1')
+  }
+  dependsOn: [
+    roleAssignment
+  ]
+}
+
+@description('The name of the paired region.')
+output pairedRegionName string = getPairedRegionScript.properties.outputs.pairedRegionName
+
 @description('The principal ID of the created Managed Identity.')
 output managedIdentityPrincipalId string = managedIdentity.properties.principalId
 
diff --git a/modules/document-db/database-account/.test/sqldb/main.test.bicep b/modules/document-db/database-account/.test/sqldb/main.test.bicep
@@ -37,6 +37,7 @@ module nestedDependencies 'dependencies.bicep' = {
   params: {
     managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'
     virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}'
+    pairedRegionScriptName: 'dep-${namePrefix}-ds-${serviceShort}'
   }
 }
 
@@ -68,12 +69,12 @@ module testDeployment '../../main.bicep' = {
       {
         failoverPriority: 0
         isZoneRedundant: false
-        locationName: 'West Europe'
+        locationName: location
       }
       {
         failoverPriority: 1
         isZoneRedundant: false
-        locationName: 'North Europe'
+        locationName: nestedDependencies.outputs.pairedRegionName
       }
     ]
     diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
diff --git a/modules/document-db/database-account/README.md b/modules/document-db/database-account/README.md

Original file line number	Diff line number	Diff line change
`@@ -36,6 +36,7 @@ module nestedDependencies 'dependencies.bicep' = {`
`36`	`36`	`name: '${uniqueString(deployment().name, location)}-nestedDependencies'`
`37`	`37`	`params: {`
`38`	`38`	`managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'`
	`39`	`+ pairedRegionScriptName: 'dep-${namePrefix}-ds-${serviceShort}'`
`39`	`40`	`}`
`40`	`41`	`}`
`41`	`42`
`@@ -67,12 +68,12 @@ module testDeployment '../../main.bicep' = {`
`67`	`68`	`{`
`68`	`69`	`failoverPriority: 0`
`69`	`70`	`isZoneRedundant: false`
`70`		`- locationName: 'West Europe'`
	`71`	`+ locationName: location`
`71`	`72`	`}`
`72`	`73`	`{`
`73`	`74`	`failoverPriority: 1`
`74`	`75`	`isZoneRedundant: false`
`75`		`- locationName: 'North Europe'`
	`76`	`+ locationName: nestedDependencies.outputs.pairedRegionName`
`76`	`77`	`}`
`77`	`78`	`]`
`78`	`79`	`capabilitiesToAdd: [`
Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,7 @@ module nestedDependencies 'dependencies.bicep' = {`
`37`	`37`	`params: {`
`38`	`38`	`managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'`
`39`	`39`	`virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}'`
	`40`	`+ pairedRegionScriptName: 'dep-${namePrefix}-ds-${serviceShort}'`
`40`	`41`	`}`
`41`	`42`	`}`
`42`	`43`
`@@ -68,12 +69,12 @@ module testDeployment '../../main.bicep' = {`
`68`	`69`	`{`
`69`	`70`	`failoverPriority: 0`
`70`	`71`	`isZoneRedundant: false`
`71`		`- locationName: 'West Europe'`
	`72`	`+ locationName: location`
`72`	`73`	`}`
`73`	`74`	`{`
`74`	`75`	`failoverPriority: 1`
`75`	`76`	`isZoneRedundant: false`
`76`		`- locationName: 'North Europe'`
	`77`	`+ locationName: nestedDependencies.outputs.pairedRegionName`
`77`	`78`	`}`
`78`	`79`	`]`
`79`	`80`	`diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId`