Table of Contents

1. Challenge

   Create an Azure DevOps Project

   In this objective, you will create a new Azure DevOps project and import the existing repository into Azure Repos.

   1. Create a new account or log into Azure DevOps. NOTE: If you are creating a new account, you may not be allocated any parallel jobs for pipelines. Check the additional information section of the lab for potential workarounds.
   2. Create a new private project called tacowagon-network.
   3. Inside the new project navigate to Repos.
   4. Import the GitHub repository: https://github.com/ned1313/azure-simple-vnet.git
2. Challenge

   Prepare the Remote State Backend

   In this objective, you will retrieve the values to use for setting up the azurerm remote backend for the Terraform configuration. The values will be stored in a variable group in the Pipelines Library.

   1. Log into the Azure CLI or Portal using the provided username and password credentials. (Do not use the service principal)
   2. Retrieve the resource group and storage account names from the lab.
   3. Retrieve the subscription ID, name, and tenant ID from the lab.
   4. Create a variable group in the Pipelines Library called state-data with entries for the following:
      • Resource group name
      • Storage account name
      • Storage account container name (tfstate)
      • Storage account key
      • Client ID (Service Principal - Application Client ID)
      • Client secret (Service Principal - Secret)
      • Subscription ID
      • Tenant ID
3. Challenge

   Connect to the Azure Subscription

   In this objective, you will create and verify a service connection between the Azure DevOps project and the Azure Subscription using the provided service principal.

   1. Navigate to the Project settings.
   2. Create a new Service Connection called tacowagon-dev of type Azure Resource Manager.
   3. Select Service principal (manual).
   4. Fill out the fields using the provided service principal and values collected in the previous objective.
   5. Verify and save the Service Connection.
4. Challenge

   Create a Planning Pipeline

   In this objective, you will create a pipeline in Azure DevOps that runs when a pull request is created targeting the main branch and produces an execution plan to save for deployment later.

   1. Install the Terraform extension from the Visual Studio Marketplace.
   2. Create a new pipeline using Azure Repos Git and the project's repository.
   3. Pick the Starter pipeline.
   4. Change the name to pr-plan.yml.
   5. Configure the pipeline to trigger on all branches except main.
   6. Add the state-data variable group and a local variable with the service connection name.
   7. Create a validation stage which runs a terraform fmt -check and terraform validate against the code using the TerraformInstaller@0 and bash or pwsh tasks.
   8. Create a planning stage that installs Terraform, initializes the configuration, and creates an execution plan saved to a local file. Use the TerraformInstaller@0 using the TerraformTaskV4@4 tasks.
   9. Publish the execution plan file as a pipeline artifact using the PublishPipelineArtifact@1 task.
   10. Rename the pipeline pr-plan.
5. Challenge

   Create an Apply Pipeline

   In this objective, you will create a pipeline in Azure DevOps that runs when a commit is made on the main branch, running a terraform apply action using the stashed execution plan.

   1. Create a new pipeline using Azure Repos Git and the project's repository.
   2. Pick the Starter pipeline.
   3. Change the name to merge-apply.yml.
   4. Configure the pipeline to trigger only on the main branch.
   5. Add the state-data variable group and a local variable with the service connection name.
   6. Create an apply stage that downloads the saved execution plan, installs Terraform, and applies the plan to the Azure subscription. Use the DownloadPipelineArtifact@2, TerraformInstaller@0, and TerraformTaskV4@4 tasks.
   7. Rename the pipeline merge-apply.
6. Challenge

   Deploy Infrastructure with the Pipelines

   In this objective, you will promote a change to the Terraform configuration causing both pipelines to run and deploy the VNet in the target resource group.

   1. Go to the state-data variable group and grant the two pipelines access to the group.
   2. Navigate to the Repositories section of the Project Settings.
   3. Add a Build Validation policy for the pr-plan pipeline.
   4. Navigate to the Repos section of the project.
   5. Create a new branch called first-deploy.
   6. Edit the terraform.tfvars file to give the resource_group_name the correct value.
   7. Commit the edit directly to the first-deploy branch.
   8. Create a pull request to merge first-deploy into main.
   9. Verify the pr-plan pipeline fires and completes successfully. Adjust as needed.
   10. Merge the pull request and verify that the merge-apply pipeline fires and completes successfully. Adjust as needed.