Update

Jefajers · Jan 30, 2024 · 0e1e085 · 0e1e085
1 parent 1e4fbc9
commit 0e1e085
Show file tree

Hide file tree

Showing 5 changed files with 126 additions and 0 deletions.
diff --git a/src/tests/integration/Repository.Tests.ps1 b/src/tests/integration/Repository.Tests.ps1
@@ -133,10 +133,12 @@ Describe "Repository" {
             $script:policySetDefinitionsDep = Get-AzPolicySetDefinition -Name 'TestPolicySetDefinitionDep' -ManagementGroupName $($script:testManagementGroup.Name)
             $script:subscription = (Get-AzSubscription | Where-Object Id -eq $script:subscriptionId)
             $script:resourceGroup = (Get-AzResourceGroup | Where-Object ResourceGroupName -eq "App1-azopsrg")
+            $script:resourceGroupCustomDeletion = (Get-AzResourceGroup | Where-Object ResourceGroupName -eq "CustomDeletion-azopsrg")
             $script:resourceGroupParallelDeploy = (Get-AzResourceGroup | Where-Object ResourceGroupName -eq "ParallelDeploy-azopsrg")
             $script:roleAssignments = (Get-AzRoleAssignment -ObjectId "023e7c1c-1fa4-4818-bb78-0a9c5e8b0217" | Where-Object { $_.Scope -eq "/subscriptions/$script:subscriptionId" -and $_.RoleDefinitionId -eq "acdd72a7-3385-48ef-bd42-f606fba81ae7" })
             $script:policyExemptions = Get-AzPolicyExemption -Name "PolicyExemptionTest" -Scope "/subscriptions/$script:subscriptionId"
             $script:routeTable = (Get-AzResource -Name "RouteTable" -ResourceGroupName $($script:resourceGroup).ResourceGroupName)
+            $script:policyAssignmentsDeletion = Get-AzPolicyAssignment -Name "TestPolicyAssignmentDeletion" -Scope "/subscriptions/$script:subscriptionId/resourceGroups/$($script:resourceGroupCustomDeletion.ResourceGroupName)"
             $script:ruleCollectionGroups = (Get-AzResource -ExpandProperties -Name "TestPolicy" -ResourceGroupName $($script:resourceGroup).ResourceGroupName).Properties.ruleCollectionGroups.id.split("/")[-1]
             $script:logAnalyticsWorkspace = (Get-AzResource -Name "thisisalongloganalyticsworkspacename123456789011121314151617181" -ResourceGroupName $($script:resourceGroup).ResourceGroupName)
         }
@@ -226,6 +228,11 @@ Describe "Repository" {
         $script:policyAssignmentsDeploymentName = "AzOps-{0}-{1}" -f $($script:policyAssignmentsPath.Name.Replace(".json", '')).Substring(0, 53), $deploymentLocationId
         Write-PSFMessage -Level Debug -Message "PolicyAssignmentsFile: $($script:policyAssignmentsFile)" -FunctionName "BeforeAll"
 
+        $script:policyAssignmentsDeletionPath = ($filePaths | Where-Object Name -eq "microsoft.authorization_policyassignments-$(($script:policyAssignmentsDeletion.Name).toLower()).json")
+        $script:policyAssignmentsDeletionDirectory = ($script:policyAssignmentsDeletionPath).Directory
+        $script:policyAssignmentsDeletionFile = ($script:policyAssignmentsDeletionPath).FullName
+        Write-PSFMessage -Level Debug -Message "PolicyAssignmentsDeletionFile: $($script:policyAssignmentsDeletionFile)" -FunctionName "BeforeAll"
+
         $script:policyAssignmentsDepPath = ($filePaths | Where-Object Name -eq "microsoft.authorization_policyassignments-$(($script:policyAssignmentsDep.Name).toLower()).json")
         $script:policyAssignmentsDepDirectory = ($script:policyAssignmentsDepPath).Directory
         $script:policyAssignmentsDepFile = ($script:policyAssignmentsDepPath).FullName
@@ -290,6 +297,11 @@ Describe "Repository" {
         $script:resourceGroupParallelDeployFile = ($script:resourceGroupParallelDeployPath).FullName
         Write-PSFMessage -Level Debug -Message "ParallelDeployResourceGroupFile: $($script:resourceGroupParallelDeployFile)" -FunctionName "BeforeAll"
 
+        $script:resourceGroupCustomDeletionPath = ($filePaths | Where-Object Name -eq "microsoft.resources_resourcegroups-$(($script:resourceGroupCustomDeletion.ResourceGroupName).toLower()).json")
+        $script:resourceGroupCustomDeletionDirectory = ($script:resourceGroupCustomDeletionPath).Directory
+        $script:resourceGroupCustomDeletionFile = ($script:resourceGroupCustomDeletionPath).FullName
+        Write-PSFMessage -Level Debug -Message "CustomDeletionResourceGroupFile: $($script:resourceGroupCustomDeletionFile)" -FunctionName "BeforeAll"
+
         $script:resourceGrouprgDualDeploy1Path = ($filePaths | Where-Object Name -eq "microsoft.subscription_subscriptions-$(($otherSubscription[0].Id).toLower()).json")
         $script:resourceGrouprgDualDeploy1Directory = ($script:resourceGrouprgDualDeploy1Path).Directory
         $script:resourceGrouprgDualDeploy1File = ($script:resourceGrouprgDualDeploy1Path).FullName
@@ -1183,6 +1195,30 @@ Describe "Repository" {
         #endregion
 
         #region Deletion of custom templates and pulled resources
+        It "Deletion of custom templates and pulled resources" {
+            Set-PSFConfig -FullName AzOps.Core.CustomTemplateResourceDeletion -Value $true
+            $script:deployCustomRt = Get-ChildItem -Path "$($global:testRoot)/templates/rtcustomdelete*" | Copy-Item -Destination $script:resourceGroupCustomDeletionDirectory -PassThru -Force
+            $script:deployCustomLock = Get-ChildItem -Path "$($global:testRoot)/templates/customlockdelete*" | Copy-Item -Destination $script:subscriptionDirectory -PassThru -Force
+            $changeSet = @(
+                "A`t$($script:deployCustomRt.FullName[0])",
+                "A`t$($script:deployCustomLock.FullName)"
+            )
+            {Invoke-AzOpsPush -ChangeSet $changeSet} | Should -Not -Throw
+            Start-Sleep -Seconds 5
+            $changeSet = @(
+                "D`t$($script:deployCustomRt.FullName[0])",
+                "D`t$($script:deployCustomLock.FullName)",
+                "D`t$script:policyAssignmentsDeletionFile"
+            )
+            $DeleteSetContents = (Get-Content $script:deployCustomRt.FullName[0])
+            $DeleteSetContents += '-- '
+            $DeleteSetContents = (Get-Content $script:deployCustomLock.FullName)
+            $DeleteSetContents += '-- '
+            $DeleteSetContents = (Get-Content $script:policyAssignmentsDeletionFile)
+            {Invoke-AzOpsPush -ChangeSet $changeSet -DeleteSetContents $deleteSetContents -WhatIf:$false} | Should -Not -Throw
+            Set-PSFConfig -FullName AzOps.Core.CustomTemplateResourceDeletion -Value $false
+            Start-Sleep -Seconds 30
+        }
         #endregion
     }
 

diff --git a/src/tests/templates/azuredeploy.jsonc b/src/tests/templates/azuredeploy.jsonc
@@ -506,6 +506,12 @@
                             "name": "App1-azopsrg",
                             "location": "northeurope"
                         },
+                        {
+                            "type": "Microsoft.Resources/resourceGroups",
+                            "apiVersion": "2019-10-01",
+                            "name": "CustomDeletion-azopsrg",
+                            "location": "northeurope"
+                        },
                         {
                             "type": "Microsoft.Resources/resourceGroups",
                             "apiVersion": "2019-10-01",
@@ -612,6 +618,37 @@
                                 }
                             }
                         },
+                        {
+                            "type": "Microsoft.Resources/deployments",
+                            "apiVersion": "2019-10-01",
+                            "name": "CustomDeletion",
+                            "resourceGroup": "CustomDeletion-azopsrg",
+                            "dependsOn": [
+                                "CustomDeletion-azopsrg"
+                            ],
+                            "properties": {
+                                "mode": "Incremental",
+                                "expressionEvaluationOptions": {
+                                    "scope": "inner"
+                                },
+                                "template": {
+                                    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+                                    "contentVersion": "1.0.0.0",
+                                    "resources": [
+                                        {
+                                            "type": "Microsoft.Authorization/policyAssignments",
+                                            "apiVersion": "2021-06-01",
+                                            "name": "TestPolicyAssignmentDeletion",
+                                            "properties": {
+                                                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a"
+                                            }
+                                        }
+                                    ],
+                                    "outputs": {
+                                    }
+                                }
+                            }
+                        },
                         {
                             "type": "Microsoft.Resources/deployments",
                             "apiVersion": "2019-10-01",

diff --git a/src/tests/templates/customlockdelete.bicep b/src/tests/templates/customlockdelete.bicep
@@ -0,0 +1,9 @@
+targetScope = 'subscription'
+
+resource subLock 'Microsoft.Authorization/locks@2020-05-01' = {
+  name: 'subscriptionLock'
+  properties: {
+    level: 'CanNotDelete'
+    notes: 'This subscription is locked for Delete operations.'
+  }
+}
diff --git a/src/tests/templates/rtcustomdelete.bicep b/src/tests/templates/rtcustomdelete.bicep
@@ -0,0 +1,32 @@
+param name string
+param staName string
+param location string = resourceGroup().location
+
+var storageName = '${toLower(staName)}${uniqueString(resourceGroup().id)}'
+
+resource rt 'Microsoft.Network/routeTables@2023-04-01' = {
+  name: name
+  location: location
+  properties: {
+    disableBgpRoutePropagation: false
+    routes: [
+    ]
+  }
+}
+
+resource storage_resource 'Microsoft.Storage/storageAccounts@2021-08-01' = {
+  name: storageName
+  location: location
+  kind: 'StorageV2'
+  sku: {
+    name: 'Standard_GZRS'
+  }
+  properties: {
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      bypass: 'None'
+      defaultAction: 'Deny'
+    }
+    supportsHttpsTrafficOnly: true
+  }
+}
diff --git a/src/tests/templates/rtcustomdelete.parameters.json b/src/tests/templates/rtcustomdelete.parameters.json
@@ -0,0 +1,12 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "name": {
+      "value": "CustomRouteTable"
+    },
+    "staName": {
+      "value": "deleteazops"
+    }
+  }
+}