feat: improve bicep templating (#501)

# Pull Request

## Description

Improve Bicep templating to provide all inputs as potential templating
sources. This allows dynamically supplying inputs for templates without
the need to specify them in the Bicep module config. Sensitive values
are obfuscated.

## License

By submitting this pull request, I confirm that my contribution is made
under the terms of the projects associated license.

Author: jaredfholgate

src/ALZ/ALZ.psd1

@@ -40,6 +40,7 @@ Included Cmdlets:
 - Deploy-Accelerator: Deploys the Azure Landing Zone accelerator to your Azure subscription.
 - Grant-SubscriptionCreatorRole: Grants the Subscription Creator role to a specified user or service principal.
 - Remove-PlatformLandingZone: Removes the deployed Azure Landing Zone from your Azure subscription
+- New-AcceleratorFolderStructure: Creates a new folder structure for the Azure Landing Zone accelerator with necessary configuration files.
 '@
 
     CompatiblePSEditions = 'Core'
@@ -85,7 +86,8 @@ Included Cmdlets:
         'Test-AcceleratorRequirement',
         'Deploy-Accelerator',
         'Grant-SubscriptionCreatorRole',
-        'Remove-PlatformLandingZone'
+        'Remove-PlatformLandingZone',
+        'New-AcceleratorFolderStructure'
     )
 
     # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.

src/ALZ/Private/Config-Helpers/Convert-BicepConfigToInputConfig.ps1

@@ -44,6 +44,8 @@ function Convert-BicepConfigToInputConfig {
                 $configItem | Add-Member -NotePropertyName "targets" -NotePropertyValue $variable.Value.targets
             }
 
+            $configItem | Add-Member -NotePropertyName "Sensitive" -NotePropertyValue $false
+
             $configItem | Add-Member -NotePropertyName "Description" -NotePropertyValue $description
             $configItems | Add-Member -NotePropertyName $variable.Name -NotePropertyValue $configItem
         }

src/ALZ/Private/Config-Helpers/Convert-HCLVariablesToInputConfig.ps1

@@ -41,6 +41,13 @@ function Convert-HCLVariablesToInputConfig {
 
             $configItem | Add-Member -NotePropertyName "Description" -NotePropertyValue $description
 
+            $sensitive = $false
+            if ($variable.Value[0].PSObject.Properties.Name -contains "sensitive" -and $variable.Value[0].sensitive -eq $true) {
+                $sensitive = $true
+                Write-Verbose "Marking variable $($variable.Name) as sensitive..."
+            }
+            $configItem | Add-Member -NotePropertyName "Sensitive" -NotePropertyValue $sensitive
+
             Write-Verbose "Adding variable $($variable.Name) to the configuration..."
             $configItems | Add-Member -NotePropertyName $variable.Name -NotePropertyValue $configItem
         }

src/ALZ/Private/Config-Helpers/Convert-ParametersToInputConfig.ps1

@@ -15,8 +15,9 @@ function Convert-ParametersToInputConfig {
                 Write-Verbose "Alias $parameterAlias exists in input config, renaming..."
                 $configItem = $inputConfig.PSObject.Properties | Where-Object { $_.Name -eq $parameterAlias }
                 $inputConfig | Add-Member -NotePropertyName $parameterKey -NotePropertyValue @{
-                    Value  = $configItem.Value.Value
-                    Source = $configItem.Value.Source
+                    Value     = $configItem.Value.Value
+                    Source    = $configItem.Value.Source
+                    Sensitive = $configItem.Value.Sensitive
                 }
                 $inputConfig.PSObject.Properties.Remove($configItem.Name)
                 continue
@@ -38,8 +39,9 @@ function Convert-ParametersToInputConfig {
             }
             Write-Verbose "Adding parameter $parameterKey with value $variableValue"
             $inputConfig | Add-Member -NotePropertyName $parameterKey -NotePropertyValue @{
-                Value  = $variableValue
-                Source = "parameter"
+                Value     = $variableValue
+                Source    = "parameter"
+                Sensitive = $false
             }
         }
     }

src/ALZ/Private/Config-Helpers/Get-ALZConfig.ps1

@@ -57,8 +57,9 @@ function Get-ALZConfig {
 
     foreach ($property in $config.PSObject.Properties) {
         $inputConfig | Add-Member -NotePropertyName $property.Name -NotePropertyValue @{
-            Value  = $property.Value
-            Source = $extension
+            Value     = $property.Value
+            Source    = $extension
+            Sensitive = $false
         }
     }
 

src/ALZ/Private/Config-Helpers/Write-JsonFile.ps1

@@ -5,7 +5,10 @@ function Write-JsonFile {
         [string] $jsonFilePath,
 
         [Parameter(Mandatory = $false)]
-        [PSObject] $configuration
+        [PSObject[]] $configurations,
+
+        [Parameter(Mandatory = $false)]
+        [switch] $all
     )
 
     if ($PSCmdlet.ShouldProcess("Download Terraform Tools", "modify")) {
@@ -16,10 +19,24 @@ function Write-JsonFile {
 
         $environmentVariables = [ordered]@{}
 
-        foreach ($configKey in $configuration.PsObject.Properties | Sort-Object Name) {
-            foreach ($target in $configKey.Value.Targets) {
-                if ($target.Destination -eq "Environment") {
-                    $environmentVariables.$($target.Name) = $configKey.Value.Value
+        foreach ($configuration in $configurations) {
+            Write-Verbose "Processing configuration for JSON output to $($jsonFilePath)"
+            foreach ($configKey in $configuration.PsObject.Properties | Sort-Object Name) {
+                Write-Verbose "Processing configuration key $($configKey.Name) for $($jsonFilePath)"
+                Write-Verbose "Configuration key value: $(ConvertTo-Json $configKey.Value -Depth 100)"
+                if($configKey.Value.Sensitive) {
+                    Write-Verbose "Obfuscating sensitive configuration $($configKey.Name) from JSON output"
+                    $environmentVariables.$($configKey.Name) = "<sensitive>"
+                    continue
+                }
+                if($all) {
+                    $environmentVariables.$($configKey.Name) = $configKey.Value.Value
+                    continue
+                }
+                foreach ($target in $configKey.Value.Targets) {
+                    if ($target.Destination -eq "Environment") {
+                        $environmentVariables.$($target.Name) = $configKey.Value.Value
+                    }
                 }
             }
         }

src/ALZ/Private/Deploy-Accelerator-Helpers/Get-BootstrapAndStarterConfig.ps1

@@ -22,19 +22,12 @@ function Get-BootstrapAndStarterConfig {
         $starterConfigFilePath = ""
 
         $bootstrapDetails = $null
-        $zonesSupport = $null
 
         # Get the bootstrap configuration
         $bootstrapConfigFullPath = Join-Path $bootstrapPath $bootstrapConfigPath
         Write-Verbose "Bootstrap config path $bootstrapConfigFullPath"
         $bootstrapConfig = Get-ALZConfig -configFilePath $bootstrapConfigFullPath
 
-        # Get the supported regions and availability zones
-        Write-Verbose "Getting Supported Regions and Availability Zones with Terraform"
-        $regionsAndZones = Get-AzureRegionData -toolsPath $toolsPath
-        Write-Verbose "Supported Regions: $($regionsAndZones.supportedRegions)"
-        $zonesSupport = $regionsAndZones.zonesSupport
-
         # Get the available bootstrap modules
         $bootstrapModules = $bootstrapConfig.bootstrap_modules.Value
 
@@ -72,7 +65,6 @@ function Get-BootstrapAndStarterConfig {
             starterModuleSourceFolder  = $starterModuleSourceFolder
             starterReleaseArtifactName = $starterReleaseArtifactName
             starterConfigFilePath      = $starterConfigFilePath
-            zonesSupport               = $zonesSupport
         }
     }
 }

src/ALZ/Private/Deploy-Accelerator-Helpers/New-Bootstrap.ps1

@@ -34,9 +34,6 @@ function New-Bootstrap {
         [Parameter(Mandatory = $false)]
         [switch] $destroy,
 
-        [Parameter(Mandatory = $false)]
-        [PSCustomObject] $zonesSupport = $null,
-
         [Parameter(Mandatory = $false, HelpMessage = "An extra level of logging that is turned off by default for easier debugging.")]
         [switch]
         $writeVerboseLogs,
@@ -125,8 +122,9 @@ function New-Bootstrap {
 
                 # Add the root module folder to bootstrap input config
                 $inputConfig | Add-Member -NotePropertyName "root_module_folder_relative_path" -NotePropertyValue @{
-                    Value  = $starterRootModuleFolder
-                    Source = "calculated"
+                    Value     = $starterRootModuleFolder
+                    Source    = "calculated"
+                    Sensitive = $false
                 }
 
                 # Set the starter root module folder full path
@@ -146,6 +144,8 @@ function New-Bootstrap {
             $bootstrapParameters = Convert-HCLVariablesToInputConfig -targetVariableFile $terraformFile.FullName -hclParserToolPath $hclParserToolPath -appendToObject $bootstrapParameters
         }
 
+        Write-Verbose "Bootstrap Parameters before setting config: $(ConvertTo-Json $bootstrapParameters -Depth 100)"
+
         # Getting the configuration for the starter module user input
         $starterParameters = [PSCustomObject]@{}
 
@@ -165,30 +165,26 @@ function New-Bootstrap {
 
         # Set computed inputs
         $inputConfig | Add-Member -NotePropertyName "module_folder_path" -NotePropertyValue @{
-            Value  = $starterModulePath
-            Source = "calculated"
-        }
-        $inputConfig | Add-Member -NotePropertyName "availability_zones_bootstrap" -NotePropertyValue @{
-            Value  = @(Get-AvailabilityZonesSupport -region $inputConfig.bootstrap_location.Value -zonesSupport $zonesSupport)
-            Source = "calculated"
+            Value     = $starterModulePath
+            Source    = "calculated"
+            Sensitive = $false
         }
 
-        if ($inputConfig.PSObject.Properties.Name -contains "starter_location" -and $inputConfig.PSObject.Properties.Name -notcontains "starter_locations") {
-            Write-Verbose "Converting starter_location $($inputConfig.starter_location.Value) to starter_locations..."
-            $inputConfig | Add-Member -NotePropertyName "starter_locations" -NotePropertyValue @{
-                Value  = @($inputConfig.starter_location.Value)
-                Source = "calculated"
-            }
-        }
+        if ($iac -eq "bicep-classic" -and $inputConfig.PSObject.Properties.Name -contains "starter_locations") {
+            # Get the supported regions and availability zones
+            Write-Verbose "Getting Supported Regions and Availability Zones with Terraform"
+            $regionsAndZones = Get-AzureRegionData -toolsPath $toolsPath
+            Write-Verbose "Supported Regions: $($regionsAndZones.supportedRegions)"
+            $zonesSupport = $regionsAndZones.zonesSupport
 
-        if ($inputConfig.PSObject.Properties.Name -contains "starter_locations") {
             $availabilityZonesStarter = @()
             foreach ($region in $inputConfig.starter_locations.Value) {
                 $availabilityZonesStarter += , @(Get-AvailabilityZonesSupport -region $region -zonesSupport $zonesSupport)
             }
             $inputConfig | Add-Member -NotePropertyName "availability_zones_starter" -NotePropertyValue @{
-                Value  = $availabilityZonesStarter
-                Source = "calculated"
+                Value     = $availabilityZonesStarter
+                Source    = "calculated"
+                Sensitive = $false
             }
         }
 
@@ -200,20 +196,25 @@ function New-Bootstrap {
             -configurationParameters $bootstrapParameters `
             -inputConfig $inputConfig
 
+        Write-Verbose "Final Bootstrap Parameters: $(ConvertTo-Json $bootstrapConfiguration -Depth 100)"
+
         # Getting the input for the starter module
         Write-Verbose "Setting the configuration for the starter module..."
         $starterConfiguration = Set-Config `
             -configurationParameters $starterParameters `
             -inputConfig $inputConfig `
             -copyEnvVarToConfig
 
-        Write-Verbose "Final Starter Parameters: $(ConvertTo-Json $starterParameters -Depth 100)"
+        Write-Verbose "Final Starter Parameters: $(ConvertTo-Json $starterConfiguration -Depth 100)"
 
         # Creating the tfvars files for the bootstrap and starter module
         $tfVarsFileName = "terraform.tfvars.json"
         $bootstrapTfvarsPath = Join-Path -Path $bootstrapModulePath -ChildPath $tfVarsFileName
         $starterTfvarsPath = Join-Path -Path $starterRootModuleFolderPath -ChildPath "terraform.tfvars.json"
-        $starterBicepVarsPath = Join-Path -Path $starterModulePath -ChildPath "parameters.json"
+        $starterBicepVarsFileName = "parameters.json"
+        $starterBicepAllVarsFileName = "template-parameters.json"
+        $starterBicepVarsPath = Join-Path -Path $starterModulePath -ChildPath $starterBicepVarsFileName
+        $starterBicepAllVarsPath = Join-Path -Path $starterModulePath -ChildPath $starterBicepAllVarsFileName
 
         # Write the tfvars file for the bootstrap and starter module
         Write-TfvarsJsonFile -tfvarsFilePath $bootstrapTfvarsPath -configuration $bootstrapConfiguration
@@ -270,10 +271,12 @@ function New-Bootstrap {
             Set-ComputedConfiguration -configuration $starterConfiguration
             Edit-ALZConfigurationFilesInPlace -alzEnvironmentDestination $starterModulePath -configuration $starterConfiguration
             Write-JsonFile -jsonFilePath $starterBicepVarsPath -configuration $starterConfiguration
+            Write-JsonFile -jsonFilePath $starterBicepAllVarsPath -configuration @($inputConfig, $starterConfiguration, $bootstrapConfiguration) -all
 
             # Remove unrequired files
             $foldersOrFilesToRetain = $starterConfig.starter_modules.Value.$($inputConfig.starter_module_name.Value).folders_or_files_to_retain
-            $foldersOrFilesToRetain += "parameters.json"
+            $foldersOrFilesToRetain += $starterBicepVarsFileName
+            $foldersOrFilesToRetain += $starterBicepAllVarsFileName
             $foldersOrFilesToRetain += "config"
             $foldersOrFilesToRetain += ".config"