Update with ARM best practices (#295)

* Update template to use _artifactsLocation and _artifactsLocationSasToken

This commit updates the mainTemplate and nested templates to use _artifactsLocation and _artifactsLocationSasToken
in line with newer Azure ARM template best practices:

https://github.com/Azure/azure-quickstart-templates/blob/master/1-CONTRIBUTION-GUIDE/best-practices.md#deployment-artifacts-nested-templates-scripts

* Update API versions

This commit updates the apiVersions of resources to the most recent supported for each

README.md

@@ -92,9 +92,14 @@ value defined in the template.
 <table>
   <tr><th>Parameter</td><th>Type</th><th>Description</th><th>Default Value</th></tr>
 
-  <tr><td>artifactsBaseUrl</td><td>string</td>
-    <td>The base url of the Elastic ARM template.
-    <strong>Required</strong></td><td>Raw content of the current branch</td></tr>
+  <tr><td>_artifactsLocation</td><td>string</td>
+    <td>The base URI where artifacts required by this template are located, including a trailing '/'.
+    <strong>Use to target a specific branch or release tag</strong></td><td>Raw content of the current branch</td></tr>
+
+  <tr><td>_artifactsLocationSasToken</td><td>securestring</td>
+    <td>The sasToken required to access <code>_artifactsLocation</code>. When the template is deployed using 
+    the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured."</td>
+    <td><code>""</code></td></tr>
 
   <tr><td>location</td><td>string</td>
     <td>The location where to provision all the items in this template. Defaults to inheriting the location
@@ -629,8 +634,8 @@ where `<name>` refers to the resource group you just created.
 
   ```powershell
   $clusterParameters = @{
-      "artifactsBaseUrl"="https://raw.githubusercontent.com/elastic/azure-marketplace/7.2/src"
-      "esVersion" = "7.1.1"
+      "_artifactsLocation" = "https://raw.githubusercontent.com/elastic/azure-marketplace/7.2/src/"
+      "esVersion" = "7.2.0"
       "esClusterName" = "elasticsearch"
       "loadBalancerType" = "internal"
       "vmDataDiskCount" = 1
@@ -661,19 +666,19 @@ where `<name>` refers to the resource group you just created.
 ## Targeting a specific template version
 
 You can target a specific version of the template by modifying the URI of the template and 
-the artifactsBaseUrl parameter of the template to point to a specific tagged release.
+the `_artifactsLocation` parameter of the template to point to a specific tagged release.
 
 **Targeting a specific template version is recommended for repeatable production deployments.**
 
 For example, to target the [`7.0.0` tag release with PowerShell](https://github.com/elastic/azure-marketplace/tree/7.0.0)
 
 ```powershell
 $templateVersion = "7.0.0"
-$templateBaseUrl = "https://raw.githubusercontent.com/elastic/azure-marketplace/$templateVersion/src"
+$_artifactsLocation = "https://raw.githubusercontent.com/elastic/azure-marketplace/$templateVersion/src/"
 
 # minimum parameters required to deploy
 $clusterParameters = @{
-  "artifactsBaseUrl" = $templateBaseUrl
+  "_artifactsLocation" = $_artifactsLocation
   "esVersion" = "7.0.0"
   "adminUsername" = "russ"
   "adminPassword" = "Password1234"
@@ -691,7 +696,7 @@ $location = "Australia Southeast"
 $name = "my-azure-cluster"
 
 New-AzureRmResourceGroup -Name $resourceGroup -Location $location
-New-AzureRmResourceGroupDeployment -Name $name -ResourceGroupName $resourceGroup -TemplateUri "$templateBaseUrl/mainTemplate.json" -TemplateParameterObject $clusterParameters
+New-AzureRmResourceGroupDeployment -Name $name -ResourceGroupName $resourceGroup -TemplateUri "$_artifactsLocation/mainTemplate.json" -TemplateParameterObject $clusterParameters
 ```
 
 ## Configuring TLS

build/allowedValues.json

@@ -253,7 +253,8 @@
     "northeurope": { "platformFaultDomainCount": 3 },
     "westeurope": { "platformFaultDomainCount": 3 }
   },
-  "trackingGuids": {
-    "marketplace": "pid-53DEEEE7-A572-4F07-99DC-151B67BB6F1F"
+  "marketplace": {
+    "trackingGuids": "pid-53DEEEE7-A572-4F07-99DC-151B67BB6F1F",
+    "_artifactsLocation": "[deployment().properties.templateLink.uri]"
   }
 }

build/gulpfile.js

@@ -22,7 +22,8 @@ gulp.task("default", gulp.series("sanity-checks", "patch", function() {
         if (path.basename(file.path) === "mainTemplate.json") {
           var allowedValues = require("./allowedValues.json");
           var mainTemplate = JSON.parse(content);
-          mainTemplate.parameters.elasticTags.defaultValue.tracking = allowedValues.trackingGuids.marketplace;
+          mainTemplate.parameters.elasticTags.defaultValue.tracking = allowedValues.marketplace.trackingGuids;
+          mainTemplate.parameters._artifactsLocation.defaultValue = allowedValues.marketplace._artifactsLocation;
           resolve(JSON.stringify(mainTemplate, null, 2) + "\n");
         }
 

build/tasks/arm-validator.js

@@ -14,7 +14,7 @@ var hostname = require("os").hostname().toLowerCase();
 var argv = require('yargs').argv;
 var az = require("./lib/az");
 var semver = require("semver");
-var artifactsBaseUrl = "";
+var _artifactsLocation = "";
 var templateUri = "";
 var armTests = {};
 var logDist = "../dist/test-runs";
@@ -65,7 +65,7 @@ var bootstrapTest = (t, defaultVersion) =>
 
   log(t, `parameters: ${JSON.stringify(test.parameters, null, 2)}`);
   var testParameters = merge.recursive(true, exampleParameters, test.parameters);
-  testParameters.artifactsBaseUrl.value = artifactsBaseUrl;
+  testParameters._artifactsLocation.value = _artifactsLocation;
   testParameters.adminUsername.value = config.deployments.username;
   testParameters.adminPassword.value = config.deployments.password;
   testParameters.sshPublicKey.value = config.deployments.ssh;
@@ -113,8 +113,8 @@ var bootstrap = (cb) => {
   var templateMatcher = new RegExp(argv.test || ".*");
 
   git.branch((branch) => {
-    artifactsBaseUrl = `https://raw.githubusercontent.com/elastic/azure-marketplace/${branch}/src`;
-    templateUri = `${artifactsBaseUrl}/mainTemplate.json`;
+    _artifactsLocation = `https://raw.githubusercontent.com/elastic/azure-marketplace/${branch}/src/`;
+    templateUri = `${_artifactsLocation}mainTemplate.json`;
     log(`Using template: ${templateUri}`, false);
     armTests = _(fs.readdirSync("arm-tests"))
       .filter(t => templateMatcher.test(t))

build/tasks/sanity-checks.js

@@ -12,8 +12,8 @@ function checks(cb) {
     var difference = _.difference(mainTemplateParams, _.keys(uiTemplate.parameters.outputs));
     if (difference.length == 0) return;
     var excludingDefault = [];
-    difference.forEach(p=> {
-      if (mainTemplate.parameters[p] && mainTemplate.parameters[p].defaultValue) return;
+    difference.forEach(p => {
+      if (mainTemplate.parameters[p] && mainTemplate.parameters[p].hasOwnProperty('defaultValue')) return;
       excludingDefault.push(p);
     });
     if (excludingDefault.length == 0) return;

build/tasks/update-links.js

@@ -16,11 +16,11 @@ gulp.task("links", (cb) => {
   function error(err) { }
 
   function replaceLinks(fileName, content, repo, branch) {
-    var link = /https:\/\/raw\.githubusercontent\.com\/.+?\/.+?\/(?!\$).+?\/src/g;
-    var escapedLink = /https%3A%2F%2Fraw\.githubusercontent\.com%2F.+?%2F.+?%2F(?!\$).+?%2Fsrc/g;
+    var link = /https:\/\/raw\.githubusercontent\.com\/.+?\/.+?\/(?!\$).+?\/src\//g;
+    var escapedLink = /https%3A%2F%2Fraw\.githubusercontent\.com%2F.+?%2F.+?%2F(?!\$).+?%2Fsrc%2F/g;
 
-    var newContent = content.replace(link, `https://raw.githubusercontent.com/${repo}/${branch}/src`);
-    newContent = newContent.replace(escapedLink, `https%3A%2F%2Fraw.githubusercontent.com%2F${repo.toString().replace("/", "%2F")}%2F${branch.toString().replace("/", "%2F")}%2Fsrc`);
+    var newContent = content.replace(link, `https://raw.githubusercontent.com/${repo}/${branch}/src/`);
+    newContent = newContent.replace(escapedLink, `https%3A%2F%2Fraw.githubusercontent.com%2F${repo.toString().replace("/", "%2F")}%2F${branch.toString().replace("/", "%2F")}%2Fsrc%2F`);
     fs.writeFile(fileName, newContent, error);
   }
 

docs/azure-arm-template.asciidoc

@@ -146,7 +146,7 @@ template_version={version}
 az group deployment create \
   --resource-group "<name>" \
   --template-uri $template_base_uri/$template_version/src/mainTemplate.json \
-  --parameters artifactsBaseUrl=$template_base_uri/$template_version/src \
+  --parameters _artifactsLocation=$template_base_uri/$template_version/src/ \
                esVersion={version} esClusterName=elasticsearch \
                vmDataDiskCount=1 dataNodesAreMasterEligible=Yes \
                adminUsername=russ adminPassword=Password1234 \
@@ -167,7 +167,7 @@ $templateBaseUri = "https://raw.githubusercontent.com/elastic/azure-marketplace"
 $templateVersion = "{version}"
 
 $parameters = @{
-  "artifactsBaseUrl" = "$templateBaseUri/$templateVersion/src"
+  "_artifactsLocation" = "$templateBaseUri/$templateVersion/src/"
   "esVersion" = "{version}"
   "esClusterName" = "elasticsearch"
   "vmDataDiskCount" = 1
@@ -276,12 +276,18 @@ different parameter and deployment options.
 The ARM template has some general parameters that control the operation of the
 template:
 
-`artifactsBaseUrl`::
+`_artifactsLocation`::
 The base public URI which informs the main template from where the other contents
 of the ARM template will be retrieved, such as linked templates and deployment scripts.
-Default is `https://raw.githubusercontent.com/elastic/azure-marketplace/{branch}/src`
+Default is `https://raw.githubusercontent.com/elastic/azure-marketplace/{branch}/src/`
 where `{branch}` is the git branch or tag to target, for
-<<azure-arm-template-repeatable-deployments, repeatable deployments>>
+<<azure-arm-template-repeatable-deployments, repeatable deployments>>. The value must end
+in a trailing `/`.
+
+`_artifactsLocationSasToken`::
+The sasToken required to access `_artifactsLocation`. The default value should be an empty 
+string `""`` for scenarios where the `_artifactsLocation` is not secured, such as the raw GitHub 
+URI for the Azure Marketplace public repo.
 
 `location`::
 The {azurelocations}[Azure location] in which to deploy the resources. Defaults to the same location
@@ -1255,7 +1261,7 @@ An example of a minimum deployment is
 .Azure CLI 2.0
 ----
 template_version={version}
-template_base_uri="https://raw.githubusercontent.com/elastic/azure-marketplace/$template_version/src"
+template_base_uri="https://raw.githubusercontent.com/elastic/azure-marketplace/$template_version/src/"
 
 # certificates for SSL/TLS
 http_cert=$(base64 /mnt/c/http.p12)
@@ -1273,7 +1279,7 @@ az group create --name $resource_group --location $location
 az group deployment create \
     --resource-group $resource_group \
     --template-uri $template_base_uri/mainTemplate.json \
-    --parameters artifactsBaseUrl=$template_base_uri \
+    --parameters _artifactsLocation=$template_base_uri \
         esClusterName=elasticsearch \
         esHttpCertBlob=$http_cert \
         adminUsername=russ \
@@ -1296,7 +1302,7 @@ az group deployment create \
 .Azure PowerShell
 ----
 $templateVersion = "{version}"
-$templateBaseUri = "https://raw.githubusercontent.com/elastic/azure-marketplace/$templateVersion/src"
+$templateBaseUri = "https://raw.githubusercontent.com/elastic/azure-marketplace/$templateVersion/src/"
 
 # certificates for SSL/TLS
 $httpCert = [Convert]::ToBase64String([IO.File]::ReadAllBytes("C:\http-cert.pfx"))
@@ -1310,7 +1316,7 @@ $location = "<location>"
 $metadataUri="https://login.microsoftonline.com/<guid>/federationmetadata/2007-06/federationmetadata.xml?appid=<guid>"
 
 $parameters = @{
-    "artifactsBaseUrl"= $templateBaseUri
+    "_artifactsLocation"= $templateBaseUri
     "esClusterName" = "elasticsearch"
     "esHttpCertBlob" = $httpCert
     "adminUsername" = "russ"

docs/troubleshooting.asciidoc

@@ -153,7 +153,7 @@ template_version={version}
 az group deployment create \
   --resource-group "<name>" \
   --template-uri $template_base_uri/$template_version/src/mainTemplate.json \
-  --parameters artifactsBaseUrl=$template_base_uri/$template_version/src \
+  --parameters _artifactsLocation=$template_base_uri/$template_version/src/ \
                esVersion={version} esClusterName=elasticsearch \
                vmDataDiskCount=1 dataNodesAreMasterEligible=Yes \
                adminUsername=russ adminPassword=Password1234 \
@@ -174,7 +174,7 @@ $templateBaseUri = "https://raw.githubusercontent.com/elastic/azure-marketplace"
 $templateVersion = "{version}"
 
 $parameters = @{
-  "artifactsBaseUrl" = "$templateBaseUri/$templateVersion/src"
+  "_artifactsLocation" = "$templateBaseUri/$templateVersion/src/"
   "esVersion" = "{version}"
   "esClusterName" = "elasticsearch"
   "vmDataDiskCount" = 1

parameters/password.parameters.json

@@ -1,5 +1,6 @@
 {
-  "artifactsBaseUrl":{"value":"https://raw.githubusercontent.com/elastic/azure-marketplace/7.2/src"},
+  "_artifactsLocation":{"value":"https://raw.githubusercontent.com/elastic/azure-marketplace/7.2/src/"},
+  "_artifactsLocationSasToken":{"value":""},
   "esVersion":{"value":"6.7.0"},
   "esClusterName":{"value":"my-azure-cluster"},
   "loadBalancerType":{"value":"internal"},

parameters/ssh.parameters.json

@@ -1,5 +1,6 @@
 {
-  "artifactsBaseUrl":{"value":"https://raw.githubusercontent.com/elastic/azure-marketplace/7.2/src"},
+  "_artifactsLocation":{"value":"https://raw.githubusercontent.com/elastic/azure-marketplace/7.2/src/"},
+  "_artifactsLocationSasToken":{"value":""},
   "esVersion":{"value":"6.7.0"},
   "esClusterName":{"value":"my-azure-cluster"},
   "loadBalancerType":{"value":"internal"},

src/empty/empty-jumpbox-resources.json

@@ -2,12 +2,6 @@
   "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
   "contentVersion": "1.0.0.0",
   "parameters": {
-    "templateBaseUrl": {
-      "type": "string",
-      "metadata": {
-        "description": "Base uri of resources"
-      }
-    },
     "location": {
       "type": "string",
       "metadata": {

src/empty/empty-kibana-resources.json

@@ -2,12 +2,6 @@
   "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
   "contentVersion": "1.0.0.0",
   "parameters": {
-    "templateBaseUrl": {
-      "type": "string",
-      "metadata": {
-        "description": "Base uri of resources"
-      }
-    },
     "location": {
       "type": "string",
       "metadata": {

src/ips/kibana-ip-resources.json

@@ -46,7 +46,7 @@
   },
   "resources": [
     {
-      "apiVersion": "2017-10-01",
+      "apiVersion": "2019-04-01",
       "type": "Microsoft.Network/publicIPAddresses",
       "name": "[variables('publicIpName')]",
       "location": "[parameters('location')]",

src/loadbalancers/external-lb-resources.json

@@ -26,8 +26,8 @@
   },
   "variables": {
     "httpsOpts": {
-      "Yes" : "https://",
-      "No" : "http://"
+      "Yes": "https://",
+      "No": "http://"
     },
     "https": "[variables('httpsOpts')[parameters('networkSettings').https]]",
     "internalLoadBalancerName": "[concat(parameters('networkSettings').namespacePrefix, 'internal-lb')]",
@@ -36,7 +36,7 @@
   },
   "resources": [
     {
-      "apiVersion": "2017-10-01",
+      "apiVersion": "2019-04-01",
       "name": "[variables('internalLoadBalancerName')]",
       "type": "Microsoft.Network/loadBalancers",
       "location": "[parameters('networkSettings').location]",
@@ -115,7 +115,7 @@
       }
     },
     {
-      "apiVersion": "2017-10-01",
+      "apiVersion": "2019-04-01",
       "type": "Microsoft.Network/publicIPAddresses",
       "name": "[variables('externalLoadBalancerIp')]",
       "location": "[parameters('networkSettings').location]",
@@ -133,12 +133,12 @@
       }
     },
     {
-      "apiVersion": "2017-10-01",
+      "apiVersion": "2019-04-01",
       "name": "[variables('externalLoadBalancerName')]",
       "type": "Microsoft.Network/loadBalancers",
       "location": "[parameters('networkSettings').location]",
-      "sku": { 
-        "name": "[parameters('networkSettings').externalSku]" 
+      "sku": {
+        "name": "[parameters('networkSettings').externalSku]"
       },
       "tags": {
         "provider": "[toUpper(parameters('elasticTags').provider)]"
@@ -197,7 +197,7 @@
       }
     }
   ],
-  "outputs" : {
+  "outputs": {
     "fqdn": {
       "value": "[concat(variables('https'), reference(variables('externalLoadBalancerIp')).dnsSettings.fqdn, ':9200')]",
       "type": "string"

src/loadbalancers/internal-lb-resources.json

@@ -29,12 +29,12 @@
   },
   "resources": [
     {
-      "apiVersion": "2017-10-01",
+      "apiVersion": "2019-04-01",
       "name": "[variables('internalLoadBalancerName')]",
       "type": "Microsoft.Network/loadBalancers",
       "location": "[parameters('networkSettings').location]",
-      "sku": { 
-        "name": "[parameters('networkSettings').internalSku]" 
+      "sku": {
+        "name": "[parameters('networkSettings').internalSku]"
       },
       "tags": {
         "provider": "[toUpper(parameters('elasticTags').provider)]"
@@ -108,7 +108,7 @@
       }
     }
   ],
-  "outputs" : {
+  "outputs": {
     "fqdn": {
       "value": "N/A",
       "type": "string"