feat: New module azure-stack-hci/cluster module

[mbrat2005]

Description

Adds new Azure Stack HCI Cluster AVM module

Includes some helper modules for e2e testing placed here avm\utilities\e2e-template-assets\templates\azure-stack-hci, as I'll also be using them for other HCI resource modules (always needing to deploy an HCI cluster in Azure to test on). If this is not the right location for this sort of shared asset, please let me know...

Pipeline Reference

Pipeline

Type of Change

• Update to CI Environment or utilities (Non-module affecting changes)
• Azure Verified Module updates:
  • Bugfix containing backwards-compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in version.json:
    • Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description.
    • The bug was found by the module author, and no one has opened an issue to report it yet.
  • Feature update backwards compatible feature updates, and I have bumped the MINOR version in version.json.
  • Breaking changes and I have bumped the MAJOR version in version.json.
  • Update to documentation

Checklist

• I'm sure there are no other open Pull Requests for the same update/change
• I have run Set-AVMModule locally to generate the supporting module files.
• My corresponding pipelines / checks run clean and green without any errors or warnings

Maintainer checklist:

• Microsoft.AzureStackHCI RP registered (in order to grant permissions before starting)
• Service Principal created and granted Azure Resource Bridge Deployment role on the management group (deployment will create subscription-level permissions, but parallel deployments/failures may clean up the required role). Create a secret credential.
• CI_arbDeploymentAppId
• CI_arbDeploymentSPObjectId (from Enterprise Application)
• CI_arbDeploymentServicePrincipalSecret
• CI_hciResourceProviderObjectId (Get-AzADServicePrincipal -ApplicationId 1412d89f-b8a8-4111-b4fd-e82905cbd85d)

[ReneHezser]

@mbrat2005
We have added examples for Bicep parameter files to the Readme. This has been applied to all published modules but needs to be done for PRs as well. Can you please update your branch and run the Set-AVMModule utility as detailed here. It is required for the validation pipeline to succeed and the contribution to be published.

Please reach out if any support is needed.

[AlexanderSehr]

How come you have this readme here? Is this content you wanted to have in the module's README.md?
If so (in case you did not know), you can add a ## Notes section to it (and as many subheaders below it as you want) and add the content there. The readme generation will preserve that section and append it after the generation again to the file

[mbrat2005]

This is more because this code is reusable elsewhere (in labs, etc) and I wanted to document it for easier sharing. I could remove the readme of you prefer...

[AlexanderSehr]

Hey @mbrat2005 what happened here?

[mbrat2005]

I kept getting 'An error occurred while sending the request.' during testing, but have yet to hit it again while this workaround catch is in place--trying again today. I don't want to be getting failed runs every week once there are several modules deploying several tests... I plan to revert this and rework for a separate PR if this works around that issue

[AlexanderSehr]

Understandable. I guess you're referring to the deployment returning that, right? I.e. in the ARM log when it fetches the state of the deployment every 30 seconds or so

[AlexanderSehr]

Just a blocking comment for us maintainers until the same secrets are set up

[AlexanderSehr]

@mbrat2005 I may need your help with those secrets. Some sound like I should just have a dedicated service principal set up, while others sound like tenant-specific Enterprise Applications which are quite common, yet I cannot, for example, find one that has a name like Azure Stack HCI Resource Provider. I guess there are a couple like the latter, right?
If the case, it would be great if we could add the exact name to the secret's description to enable folks to set them up by themselves :)

[mbrat2005]

@AlexanderSehr The HCI RP identity doesn't show up until you register for the Microsoft.AzureStackHCI RP. Once registered, running this command (or the CLI equivalent) should show the SP ID for the global app in the current tenant: Get-AzADServicePrincipal -ApplicationId 1412d89f-b8a8-4111-b4fd-e82905cbd85d

I'll add the app ID to the param description...

[AlexanderSehr]

Hey @mbrat2005,
I'm really sorry this is taking so long on my end. I'm trying to squeeze working on this PR in every time I get the chance. I'll try to continue on this this week 💪

[jtracey93]

Hey @mbrat2005 ,

Firstly, thanks for your work on this PR!

We have made some changes to the AVM CI, detailed below, which means we need you to update your fork to pull in these latest changes and re-run your tests to show they still are passing prior to approving and merging this PR, as we don't and it fails once merged the publishing of your module will fail and will be blocked going forward until the test pass again via additional PRs.

Changes to CI That Have Been Made That You Need To Take Action On

• feat: Add WAF Security PS Rule Config #3745
  • Adds WAF Security PSRule Checks using this custom baseline of rules (/avm/utilities/pipelines/staticValidation/psrule/.ps-rule/cb-waf-security.Rule.yaml)
  • Action Required By You:
    • Ingest/pull-in these changes into your PR branch and re-run your tests to ensure they pass
      • If any issues with the rules and you think it should apply, please ping/reach out to the core team

Any questions reach out to the AVM Core Team by tagging us in your PR here or internally via Teams

Thanks

Jack (AVM Core Team)

[AlexanderSehr]

Hey @mbrat2005, what's the name of that application? I can't find an application with that ID (neither in the portal, nor via code)