diff --git a/.github/workflows/update_url.yml b/.github/workflows/update_url.yml new file mode 100644 index 0000000..d9c79c0 --- /dev/null +++ b/.github/workflows/update_url.yml @@ -0,0 +1,31 @@ +name: Update URL Version + +on: create + +env: + GITHUB_TOKEN: ${{ github.token }} + +jobs: + build: + name: Update URL Version for Release Branches + runs-on: ubuntu-latest + if: startsWith(github.ref, 'refs/heads/release/') + steps: + - name: Checkout code + uses: actions/checkout@v3 + with: + ssh-key: ${{secrets.ID_GITHUB_ACTIONS}} + + - name: Update pas-single-component-deploy.json + uses: restackio/update-json-file-action@2.1 + with: + file: azure/pas-single-component-deploy.json + fields: "{\"resources[0].properties.templateLink.uri\": \"https://raw.githubusercontent.com/cyberark/pas-on-cloud/${{github.ref_name}}/azure/nested/psmp-nested-template.json\"}" + + - name: Commit changes + run: | + git config --local user.email "action@github.com" + git config --local user.name "GitHub Action" + git add azure/pas-single-component-deploy.json + git commit -m "GitHub Action: Update psmp nested template url" + git push diff --git a/CHANGELOG.md b/CHANGELOG.md index 58ef168..58cac75 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,15 @@ The AWS Cloud package includes CyberArk PAS products, delivered as AMIs and AWS CloudFormation templates to automate deployment. +## [PAS on Cloud v14.2] (18.6.2024) + +### Changed +- #### AWS : + - Lambda functions are running using Python 3.11 + - Patches for PAM products will be distributed and supported as images for new deployments. + +- PTA & PSMP are deployed on RHEL 9, instead of RHEL 8 + ## [PAS on Cloud v14.0] (11.1.2024) ### Added diff --git a/aws/DRVault-Single-Deployment.yaml b/aws/DRVault-Single-Deployment.yaml index ac5bdac..8a9205d 100644 --- a/aws/DRVault-Single-Deployment.yaml +++ b/aws/DRVault-Single-Deployment.yaml @@ -32,7 +32,7 @@ Resources: Type: Custom::FindAMI Properties: ServiceToken: !GetAtt GetLatestAMILambda.Arn - Version: "14.0" + Version: "14.2" Component: "Vault" OS: !Ref WinVersion OwnerAccountId: !Ref CyberarkAccountId diff --git a/aws/Full-PAS-Deployment.yaml b/aws/Full-PAS-Deployment.yaml index 21e17d5..74ced38 100644 --- a/aws/Full-PAS-Deployment.yaml +++ b/aws/Full-PAS-Deployment.yaml @@ -119,7 +119,7 @@ Resources: Type: Custom::FindAMI Properties: ServiceToken: !GetAtt GetLatestAMILambda.Arn - Version: "14.0" + Version: "14.2" Component: "Vault" OS: !Ref WinVersion OwnerAccountId: !Ref CyberarkAccountId @@ -130,7 +130,7 @@ Resources: Type: Custom::FindAMI Properties: ServiceToken: !GetAtt GetLatestAMILambda.Arn - Version: "14.0" + Version: "14.2" Component: "PVWA" OS: !Ref WinVersion OwnerAccountId: !Ref CyberarkAccountId @@ -141,7 +141,7 @@ Resources: Type: Custom::FindAMI Properties: ServiceToken: !GetAtt GetLatestAMILambda.Arn - Version: "14.0" + Version: "14.2" Component: "CPM" OS: !Ref WinVersion OwnerAccountId: !Ref CyberarkAccountId @@ -152,7 +152,7 @@ Resources: Type: Custom::FindAMI Properties: ServiceToken: !GetAtt GetLatestAMILambda.Arn - Version: "14.0" + Version: "14.2" Component: "PSM" OS: !Ref WinVersion OwnerAccountId: !Ref CyberarkAccountId @@ -163,9 +163,9 @@ Resources: Type: Custom::FindAMI Properties: ServiceToken: !GetAtt GetLatestAMILambda.Arn - Version: "14.0" + Version: "14.2" Component: "PSMP" - OS: "RHEL-8" + OS: "RHEL-9" OwnerAccountId: !Ref CyberarkAccountId DependsOn: - LambdaDeployRole @@ -174,9 +174,9 @@ Resources: Type: Custom::FindAMI Properties: ServiceToken: !GetAtt GetLatestAMILambda.Arn - Version: "14.0" + Version: "14.2" Component: "PTA" - OS: "RHEL-8" + OS: "RHEL-9" OwnerAccountId: !Ref CyberarkAccountId DependsOn: - LambdaDeployRole diff --git a/aws/PAS-Component-Single-Deployment.yaml b/aws/PAS-Component-Single-Deployment.yaml index eb9d1a5..78d8e0c 100644 --- a/aws/PAS-Component-Single-Deployment.yaml +++ b/aws/PAS-Component-Single-Deployment.yaml @@ -89,7 +89,7 @@ Resources: Condition: PVWACustomImageEmpty Properties: ServiceToken: !GetAtt GetLatestAMILambda.Arn - Version: "14.0" + Version: "14.2" Component: "PVWA" OS: !Ref WinVersion OwnerAccountId: !Ref CyberarkAccountId @@ -100,7 +100,7 @@ Resources: Condition: CPMCustomImageEmpty Properties: ServiceToken: !GetAtt GetLatestAMILambda.Arn - Version: "14.0" + Version: "14.2" Component: "CPM" OS: !Ref WinVersion OwnerAccountId: !Ref CyberarkAccountId @@ -111,7 +111,7 @@ Resources: Condition: PSMCustomImageEmpty Properties: ServiceToken: !GetAtt GetLatestAMILambda.Arn - Version: "14.0" + Version: "14.2" Component: "PSM" OS: !Ref WinVersion OwnerAccountId: !Ref CyberarkAccountId @@ -122,9 +122,9 @@ Resources: Condition: PSMPCustomImageEmpty Properties: ServiceToken: !GetAtt GetLatestAMILambda.Arn - Version: "14.0" + Version: "14.2" Component: "PSMP" - OS: "RHEL-8" + OS: "RHEL-9" OwnerAccountId: !Ref CyberarkAccountId DependsOn: - LambdaDeployRole @@ -133,9 +133,9 @@ Resources: Condition: PTACustomImageEmpty Properties: ServiceToken: !GetAtt GetLatestAMILambda.Arn - Version: "14.0" + Version: "14.2" Component: "PTA" - OS: "RHEL-8" + OS: "RHEL-9" OwnerAccountId: !Ref CyberarkAccountId DependsOn: - LambdaDeployRole diff --git a/aws/Vault-Single-Deployment.yaml b/aws/Vault-Single-Deployment.yaml index 9b0d29d..2636e34 100644 --- a/aws/Vault-Single-Deployment.yaml +++ b/aws/Vault-Single-Deployment.yaml @@ -32,7 +32,7 @@ Resources: Type: Custom::FindAMI Properties: ServiceToken: !GetAtt GetLatestAMILambda.Arn - Version: "14.0" + Version: "14.2" Component: "Vault" OS: !Ref WinVersion OwnerAccountId: !Ref CyberarkAccountId diff --git a/azure/README.md b/azure/README.md index 3108c44..04d76a5 100644 --- a/azure/README.md +++ b/azure/README.md @@ -17,37 +17,18 @@ These images later can be used together with deployment scripts above in order t To copy CyberArk Privileged Access Security solution snapshot and create the images in your Azure subscription, use the import-pas-images.ps1 PowerShell script. Make sure you have all the CyberArk components AccessSAS URLs before executing the script. ## Usage -As a first step customer must receive components AccessSAS. +As a prerequisite to deploy PAM components using the supplied ARM templates, customer must have the compatible images ready in a designated Resource Group in the destination subscription. + +This can be achieved by downloading the import-pas-images.ps1 from CyberArk's Marketplace at: +https://cyberark.my.site.com/mplace/s/#software +You should navigate to "Privileged Access Manager Self-Hosted" matching your desired release version. +Under "PAM Self-Hosted on Cloud" > "Share Image on Cloud" > "Share PAM Self-Hosted on Azure", you'll be able to download the required PowerShell script. Copy import-pas-images.ps1 script to your environment. You can copy it directly to Azure Cloud Shell or to the machine with defined access to your Azure account. +The detailed documentation and helpful notes can be found inside the script, it is already loaded with all the required AccessSAS URLs needed for PAM images import. -import-pas-images.ps1 -location "" [-release] "" [-winVersion] "" [-storageName] "" [-containerName] "" [-resourceGroupName] "" [-vaultAccessSAS] "" -[-vaultDataDiskAccessSAS] "" [-pvwaAccessSAS] "" [-cpmAccessSAS] "" -[-psmAccessSAS] "" [-psmpAccessSAS] "" [-ptaAccessSAS] "" - -Parameters: - -| Parameter Name | Required | Default | Comments | -|-------------------------|----------|----------------------|----------| -| location | Yes | None | | -| release | No | **v14.0** | | -| winVersion | No | **win2016** | | -| storageName | No | **cyberarkimages** | | -| containerName | No | **cyberarkimages** | | -| resourceGroupName | No | **Cyberark-Images** | | -| vaultAccessSAS | No | None | | -| vaultDataDiskAccessSAS | No | None | | -| pvwaAccessSAS | No | None | | -| cpmAccessSAS | No | None | | -| psmAccessSAS | No | None | | -| psmpAccessSAS | No | None | | -| ptaAccessSAS | No | None | | - -## Notes: -- "release" and "winVersion" parameters are being used in the naming of the vhd files and images created, - it is recommended to specify those to get accurately described images ("winVersion" is irrelevant if only pta/psmp are being imported). -- "storageName", "containerName" and "resourceGroupName" are defaulted to "cyberarkimages", "cyberarkimages" and "Cyberark-Images" respectivly, - and the required objects will be created automatically if needed. Use these only in case you desire to place them in a custom location. -- "vaultAccessSAS" and "vaultDataDiskAccessSAS" are binded together, you must specify both of them or none of them. +As an alternative, you are also offered the option to download a toolkit that will allow you to create PAM component images on your own, +under "PAM Self-Hosted on Cloud" > "Bring Your Own Image" > "PAM_Self-Hosted_on_Azure.zip". +If chosen to use this toolkit, your results would be in the form of an chosen PAM component image, which is ready to use as part of the ARM templates. ## In order to enable PTA with self sign certificate after successful installation please do the below: diff --git a/azure/import-pas-images.ps1 b/azure/import-pas-images.ps1 deleted file mode 100644 index f2a02f2..0000000 --- a/azure/import-pas-images.ps1 +++ /dev/null @@ -1,197 +0,0 @@ -### Usage: Enter the following command in your Cloud Shell / terminal authenticated to your Azure account, after copying it to your workspace. -### -### import-pas-images.ps1 -location "" [-release] "" [-winVersion] "" [-storageName] "" ` -### [-containerName] "" [-resourceGroupName] "" [-vaultAccessSAS] "" ` -### [-vaultDataDiskAccessSAS] "" [-pvwaAccessSAS] "" [-cpmAccessSAS] "" ` -### [-psmAccessSAS] "" [-psmpAccessSAS] "" [-ptaAccessSAS] "" -### -### Notes: -### - "release" and "winVersion" parameters are being used in the naming of the vhd files and images created, -### it is recommended to specify those to get accurately described images ("winVersion" is irrelevant if only pta/psmp are being imported). -### - "storageName", "containerName" and "resourceGroupName" are defaulted to "cyberarkimages", "cyberarkimages" and "Cyberark-Images" respectivly, -### and the required objects will be created automatically if needed. Use these only in case you desire to place them in a custom location. -### - "vaultAccessSAS" and "vaultDataDiskAccessSAS" are binded together, you must specify both of them or none of them. - -[CmdletBinding(DefaultParameterSetName='default')] -Param( - # release number - [Parameter(Mandatory = $false)] - [String] - $release="v14.0", - # windows version - [Parameter(Mandatory = $false)] - [String] - $winVersion="win2016", - # location to import Cyberark images to - [Parameter(Mandatory = $true)] - [String] - $location, - # storageName to import Cyberark images to - [Parameter(Mandatory = $false)] - [String] - $storageName="cyberarkimages", - # containerName to import Cyberark images to - [Parameter(Mandatory = $false)] - [String] - $containerName="cyberarkimages", - # resourceGroupName to import Cyberark images to - [Parameter(Mandatory = $false)] - [String] - $resourceGroupName="Cyberark-Images", - # Supplied by CyberArk Vault/VaultDR AccessSAS - [Parameter(ParameterSetName='Vault', Mandatory = $false)] - [String] - $vaultAccessSAS, - # Supplied by CyberArk Vault Data Disk AccessSAS - [Parameter(ParameterSetName='Vault', Mandatory = $true)] - [String] - $vaultDataDiskAccessSAS, - # Supplied by CyberArk PVWA AccessSAS - [Parameter(Mandatory = $false)] - [String] - $pvwaAccessSAS, - # Supplied by CyberArk CPM AccessSAS - [Parameter(Mandatory = $false)] - [String] - $cpmAccessSAS, - # Supplied by CyberArk PSM AccessSAS - [Parameter(Mandatory = $false)] - [String] - $psmAccessSAS, - # Supplied by CyberArk PSMP AccessSAS - [Parameter(Mandatory = $false)] - [String] - $psmpAccessSAS, - # Supplied by CyberArk PTA AccessSAS - [Parameter(Mandatory = $false)] - [String] - $ptaAccessSAS -) - -#Set variables -$vaultDestBlob = "cyberark-pas-vault-$release-$winVersion.vhd" -$vaultDataDiskDestBlob = "cyberark-pas-vault-$release-$winVersion-datadisk.vhd" -$pvwaDestBlob = "cyberark-pas-pvwa-$release-$winVersion.vhd" -$cpmDestBlob = "cyberark-pas-cpm-$release-$winVersion.vhd" -$psmDestBlob = "cyberark-pas-psm-$release-$winVersion.vhd" -$psmpDestBlob = "cyberark-pas-psmp-$release-rhel8.vhd" -$ptaDestBlob = "cyberark-pas-pta-$release-rhel8.vhd" - -Try -{ - #Create Resource Group - New-AzureRmResourceGroup -Name $resourceGroupName -Location $location -Force - - #Create Storage Account, if not exists - $storageAccount = Get-AzureRmStorageAccount -ResourceGroupName $resourceGroupName -Name $storageName - if (!$storageAccount) - { - $storageAccount = New-AzureRmStorageAccount -ResourceGroupName $resourceGroupName -Name $storageName -Location $location -SkuName Standard_LRS - } - $destContext = $storageAccount.Context - - #Create Blob Storage Container, if not exists - if (!(Get-AzureStorageContainer -Name $containerName -Context $destContext)) - { - New-AzureStorageContainer -Name $containerName -Permission Off -Context $destContext - } - - if ($VaultAccessSAS) - { - #Start copy Vault - Start-AzureStorageBlobCopy -AbsoluteUri $vaultAccessSAS -DestContainer $containerName -DestContext $destContext -DestBlob $vaultDestBlob -Force - Get-AzureStorageBlobCopyState -Blob $vaultDestBlob -Container $containerName -Context $destContext -WaitForComplete - Start-AzureStorageBlobCopy -AbsoluteUri $vaultDataDiskAccessSAS -DestContainer $containerName -DestContext $destContext -DestBlob $vaultDataDiskDestBlob -Force - Get-AzureStorageBlobCopyState -Blob $vaultDataDiskDestBlob -Container $containerName -Context $destContext -WaitForComplete - #Create Vault Image from blob - $vaultBlobUri = ($destContext.BlobEndPoint + $containerName + "/" + $vaultDestBlob) - $vaultDataDiskBlobUri = ($destContext.BlobEndPoint + $containerName + "/" + $vaultDataDiskDestBlob) - $vmOSType = "Windows" - $imageName = "CyberArk-PAS-Vault-$release-$winVersion" - $imageConfig = New-AzureRmImageConfig -Location $location - $imageConfig = Set-AzureRmImageOsDisk -Image $imageConfig -OsType $vmOSType -OsState Generalized -BlobUri $vaultBlobUri - $imageConfig = Add-AzureRmImageDataDisk -Image $imageConfig -Lun 0 -BlobUri $vaultDataDiskBlobUri - New-AzureRmImage -ImageName $imageName -ResourceGroupName $resourceGroupName -Image $imageConfig - } - - - #Start copy pvwa - if ($pvwaAccessSAS) - { - #Start copy PVWA - Start-AzureStorageBlobCopy -AbsoluteUri $pvwaAccessSAS -DestContainer $containerName -DestContext $destContext -DestBlob $pvwaDestBlob -Force - Get-AzureStorageBlobCopyState -Blob $pvwaDestBlob -Container $containerName -Context $destContext -WaitForComplete - #Create PVWA Image from blob - $pvwaBlobUri = ($destContext.BlobEndPoint + $containerName + "/" + $pvwaDestBlob) - $vmOSType = "Windows" - $imageName = "CyberArk-PAS-PVWA-$release-$winVersion" - $imageConfig = New-AzureRmImageConfig -Location $location - $imageConfig = Set-AzureRmImageOsDisk -Image $imageConfig -OsType $vmOSType -OsState Generalized -BlobUri $pvwaBlobUri - New-AzureRmImage -ImageName $imageName -ResourceGroupName $resourceGroupName -Image $imageConfig - } - - if ($cpmAccessSAS) - { - #Start copy CPM - Start-AzureStorageBlobCopy -AbsoluteUri $cpmAccessSAS -DestContainer $containerName -DestContext $destContext -DestBlob $cpmDestBlob -Force - Get-AzureStorageBlobCopyState -Blob $cpmDestBlob -Container $containerName -Context $destContext -WaitForComplete - #Create CPM Image from blob - $cpmBlobUri = ($destContext.BlobEndPoint + $containerName + "/" + $cpmDestBlob) - $vmOSType = "Windows" - $imageName = "CyberArk-PAS-CPM-$release-$winVersion" - $imageConfig = New-AzureRmImageConfig -Location $location - $imageConfig = Set-AzureRmImageOsDisk -Image $imageConfig -OsType $vmOSType -OsState Generalized -BlobUri $cpmBlobUri - New-AzureRmImage -ImageName $imageName -ResourceGroupName $resourceGroupName -Image $imageConfig - } - - if ($psmAccessSAS) - { - #Start copy PSM - Start-AzureStorageBlobCopy -AbsoluteUri $psmAccessSAS -DestContainer $containerName -DestContext $destContext -DestBlob $psmDestBlob -Force - Get-AzureStorageBlobCopyState -Blob $psmDestBlob -Container $containerName -Context $destContext -WaitForComplete - #Create PSM Image from blob - $psmBlobUri = ($destContext.BlobEndPoint + $containerName + "/" + $psmDestBlob) - $vmOSType = "Windows" - $imageName = "CyberArk-PAS-PSM-$release-$winVersion" - $imageConfig = New-AzureRmImageConfig -Location $location - $imageConfig = Set-AzureRmImageOsDisk -Image $imageConfig -OsType $vmOSType -OsState Generalized -BlobUri $psmBlobUri - New-AzureRmImage -ImageName $imageName -ResourceGroupName $resourceGroupName -Image $imageConfig - } - - if ($psmpAccessSAS) - { - #Start copy PSMP - Start-AzureStorageBlobCopy -AbsoluteUri $psmpAccessSAS -DestContainer $containerName -DestContext $destContext -DestBlob $psmpDestBlob -Force - Get-AzureStorageBlobCopyState -Blob $psmpDestBlob -Container $containerName -Context $destContext -WaitForComplete - #Create PSMP Image from blob - $psmpBlobUri = ($destContext.BlobEndPoint + $containerName + "/" + $psmpDestBlob) - $vmOSType = "Linux" - $imageName = "CyberArk-PAS-PSMP-$release-RHEL8" - $imageConfig = New-AzureRmImageConfig -Location $location - $imageConfig = Set-AzureRmImageOsDisk -Image $imageConfig -OsType $vmOSType -OsState Generalized -BlobUri $psmpBlobUri - New-AzureRmImage -ImageName $imageName -ResourceGroupName $resourceGroupName -Image $imageConfig - } - - - if ($ptaAccessSAS) - { - #Start copy PTA - Start-AzureStorageBlobCopy -AbsoluteUri $ptaAccessSAS -DestContainer $containerName -DestContext $destContext -DestBlob $ptaDestBlob -Force - Get-AzureStorageBlobCopyState -Blob $ptaDestBlob -Container $containerName -Context $destContext -WaitForComplete - #Create PTA Image from blob - $ptaBlobUri = ($destContext.BlobEndPoint + $containerName + "/" + $ptaDestBlob) - $vmOSType = "Linux" - $imageName = "CyberArk-PAS-PTA-$release-RHEL8" - $imageConfig = New-AzureRmImageConfig -Location $location - $imageConfig = Set-AzureRmImageOsDisk -Image $imageConfig -OsType $vmOSType -OsState Generalized -BlobUri $ptaBlobUri - New-AzureRmImage -ImageName $imageName -ResourceGroupName $resourceGroupName -Image $imageConfig - } -} -Catch -{ - $ErrorMessage = $_.Exception.Message - $FailedItem = $_.Exception.ItemName - Write-Host("Error: $ErrorMessage") - Write-Host("Failed Item: $FailedItem") - Break -} diff --git a/azure/pas-single-component-deploy.json b/azure/pas-single-component-deploy.json index 05af170..645ce27 100644 --- a/azure/pas-single-component-deploy.json +++ b/azure/pas-single-component-deploy.json @@ -1,266 +1,266 @@ { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "License Agreement": { - "defaultValue": "Decline", - "allowedValues": [ - "Accept", - "Decline" - ], - "maxLength": 6, - "type": "String", - "metadata": { - "description": "I have read and agreed to the Terms and Conditions." - } - }, - "Vault Private IP": { - "type": "String", - "metadata": { - "description": "Enter the IP of the Vault instance and the DR IP (if exists) seperated by a comma (e.g 1.1.1.1,2.2.2.2)." - } - }, - "Vault Admin User": { - "defaultValue": "Administrator", - "type": "String", - "metadata": { - "description": "Enter the Administrator Vault user." - } - }, - "Vault Admin Password": { - "type": "SecureString", - "metadata": { - "description": "Enter a password for the Vault Administrator user." - } - }, - "Component To Install": { - "defaultValue": "CPM", - "allowedValues": [ - "CPM", - "PVWA", - "PSM", - "PSMP" - ], - "type": "String", - "metadata": { - "description": "Choose the Component to install." - } - }, - "Component VM Host Name": { - "type": "String", - "metadata": { - "description": "Enter the host name for the PAS Component VM." - } - }, - "Component VM Size": { - "defaultValue": "Standard_D4s_v3", - "type": "String", - "metadata": { - "description": "Enter the desired VM Size" - } - }, - "Component VM Admin User": { - "type": "String", - "metadata": { - "description": "Enter Component VM Administrator user." - } - }, - "Component VM Admin Password": { - "type": "SecureString", - "metadata": { - "description": "Enter Component VM Administrator password." - } + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "License Agreement": { + "defaultValue": "Decline", + "allowedValues": [ + "Accept", + "Decline" + ], + "maxLength": 6, + "type": "String", + "metadata": { + "description": "I have read and agreed to the Terms and Conditions." + } + }, + "Vault Private IP": { + "type": "String", + "metadata": { + "description": "Enter the IP of the Vault instance and the DR IP (if exists) seperated by a comma (e.g 1.1.1.1,2.2.2.2)." + } + }, + "Vault Admin User": { + "defaultValue": "Administrator", + "type": "String", + "metadata": { + "description": "Enter the Administrator Vault user." + } + }, + "Vault Admin Password": { + "type": "SecureString", + "metadata": { + "description": "Enter a password for the Vault Administrator user." + } + }, + "Component To Install": { + "defaultValue": "CPM", + "allowedValues": [ + "CPM", + "PVWA", + "PSM", + "PSMP" + ], + "type": "String", + "metadata": { + "description": "Choose the Component to install." + } + }, + "Component VM Host Name": { + "type": "String", + "metadata": { + "description": "Enter the host name for the PAS Component VM." + } + }, + "Component VM Size": { + "defaultValue": "Standard_D4s_v3", + "type": "String", + "metadata": { + "description": "Enter the desired VM Size" + } + }, + "Component VM Admin User": { + "type": "String", + "metadata": { + "description": "Enter Component VM Administrator user." + } + }, + "Component VM Admin Password": { + "type": "SecureString", + "metadata": { + "description": "Enter Component VM Administrator password." + } + }, + "ImageID": { + "type": "String", + "metadata": { + "description": "Enter Components Image ID." + } + }, + "Component VNet": { + "defaultValue": "PAS-VNet", + "type": "String", + "metadata": { + "description": "Enter the VNet name." + } + }, + "Component Subnet": { + "type": "String", + "metadata": { + "description": "Enter the Subnet name." + } + }, + "Availability Zone": { + "defaultValue": "1", + "allowedValues": [ + "1", + "2", + "3", + "N/A" + ], + "type": "String", + "metadata": { + "description": "Choose the availability zone for the Component VM" + } + } + }, + "variables": { + "vnetId": "[resourceId('Microsoft.Network/virtualNetworks', parameters('Component VNet'))]", + "subnetRefComponent": "[concat(resourceId('Microsoft.Network/virtualNetworks', parameters('Component VNet')), '/subnets/',parameters('Component Subnet'))]", + "networkInterfaceName": "[toLower(concat(parameters('Component VM Host Name'), '-', uniqueString(resourceGroup().id)))]", + "publicIpAddressName": "[toLower(concat(parameters('Component VM Host Name'), '-', uniqueString(resourceGroup().id)))]", + "availabilityZone": "[if(equals(parameters('Availability Zone'), 'N/A'), json('null'), array(parameters('Availability Zone')))]" + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "linkedTemplate", + "dependsOn": [ + "[concat('Microsoft.Network/networkInterfaces/', variables('networkInterfaceName'))]" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "https://raw.githubusercontent.com/cyberark/pas-on-cloud/release/v14.2/azure/nested/psmp-nested-template.json", + "contentVersion": "1.0.0.0" }, - "ImageID": { - "type": "String", - "metadata": { - "description": "Enter Components Image ID." - } + "parameters": { + "VMname": { + "value": "[parameters('Component VM Host Name')]" + }, + "computerName": { + "value": "[parameters('Component VM Host Name')]" + }, + "adminUsername": { + "value": "[parameters('Component VM Admin User')]" + }, + "adminPassword": { + "value": "[parameters('Component VM Admin Password')]" + }, + "vmSize": { + "value": "[parameters('Component VM Size')]" + }, + "Imageid": { + "value": "[parameters('ImageID')]" + }, + "NetworkInterfaceName": { + "value": "[variables('networkInterfaceName')]" + }, + "VaultAdminUser": { + "value": "[parameters('Vault Admin User')]" + }, + "VaultAdminPassword": { + "value": "[parameters('Vault Admin Password')]" + }, + "VaultPrivateIP": { + "value": "[parameters('Vault Private IP')]" + }, + "AvailabilityZone": { + "value": "[parameters('Availability Zone')]" + } + } + }, + "condition": "[equals(parameters('Component To Install'),'PSMP')]" + }, + { + "type": "Microsoft.Compute/virtualMachines", + "apiVersion": "2022-08-01", + "name": "[parameters('Component VM Host Name')]", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[concat('Microsoft.Network/networkInterfaces/', variables('networkInterfaceName'))]" + ], + "zones": "[variables('availabilityZone')]", + "identity": { + "type": "SystemAssigned" + }, + "properties": { + "osProfile": { + "computerName": "[parameters('Component VM Host Name')]", + "adminUsername": "[parameters('Component VM Admin User')]", + "adminPassword": "[parameters('Component VM Admin Password')]", + "windowsConfiguration": { + "provisionVmAgent": "true" + } }, - "Component VNet": { - "defaultValue": "PAS-VNet", - "type": "String", - "metadata": { - "description": "Enter the VNet name." - } + "hardwareProfile": { + "vmSize": "[parameters('Component VM Size')]" }, - "Component Subnet": { - "type": "String", - "metadata": { - "description": "Enter the Subnet name." + "storageProfile": { + "imageReference": { + "id": "[parameters('ImageID')]" + }, + "osDisk": { + "createOption": "FromImage", + "managedDisk": { + "storageAccountType": "Premium_LRS" } + } }, - "Availability Zone": { - "defaultValue": "1", - "allowedValues": [ - "1", - "2", - "3", - "N/A" - ], - "type": "String", - "metadata": { - "description": "Choose the availability zone for the Component VM" + "networkProfile": { + "networkInterfaces": [ + { + "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('networkInterfaceName'))]" } + ] } + }, + "condition": "[not(equals(parameters('Component To Install'), 'PSMP'))]" }, - "variables": { - "vnetId": "[resourceId('Microsoft.Network/virtualNetworks', parameters('Component VNet'))]", - "subnetRefComponent": "[concat(resourceId('Microsoft.Network/virtualNetworks', parameters('Component VNet')), '/subnets/',parameters('Component Subnet'))]", - "networkInterfaceName": "[toLower(concat(parameters('Component VM Host Name'), '-', uniqueString(resourceGroup().id)))]", - "publicIpAddressName": "[toLower(concat(parameters('Component VM Host Name'), '-', uniqueString(resourceGroup().id)))]", - "availabilityZone":"[if(equals(parameters('Availability Zone'), 'N/A'), json('null'), array(parameters('Availability Zone')))]" - }, - "resources": [ - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "linkedTemplate", - "dependsOn": [ - "[concat('Microsoft.Network/networkInterfaces/', variables('networkInterfaceName'))]" - ], - "properties": { - "mode": "Incremental", - "templateLink": { - "uri": "https://raw.githubusercontent.com/cyberark/pas-on-cloud/release-v14.0/azure/nested/psmp-nested-template.json", - "contentVersion": "1.0.0.0" - }, - "parameters": { - "VMname": { - "value": "[parameters('Component VM Host Name')]" - }, - "computerName": { - "value": "[parameters('Component VM Host Name')]" - }, - "adminUsername": { - "value": "[parameters('Component VM Admin User')]" - }, - "adminPassword": { - "value": "[parameters('Component VM Admin Password')]" - }, - "vmSize": { - "value": "[parameters('Component VM Size')]" - }, - "Imageid": { - "value": "[parameters('ImageID')]" - }, - "NetworkInterfaceName": { - "value": "[variables('networkInterfaceName')]" - }, - "VaultAdminUser": { - "value": "[parameters('Vault Admin User')]" - }, - "VaultAdminPassword": { - "value": "[parameters('Vault Admin Password')]" - }, - "VaultPrivateIP": { - "value": "[parameters('Vault Private IP')]" - }, - "AvailabilityZone": { - "value": "[parameters('Availability Zone')]" - } - } - }, - "condition": "[equals(parameters('Component To Install'),'PSMP')]" + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-08-01", + "name": "[concat(parameters('Component VM Host Name'),'/', 'customscript')]", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[concat('Microsoft.Compute/virtualMachines/', parameters('Component VM Host Name'))]" + ], + "tags": { + "displayName": "config-component" + }, + "properties": { + "publisher": "Microsoft.Compute", + "type": "CustomScriptExtension", + "typeHandlerVersion": "1.9", + "autoUpgradeMinorVersion": true, + "settings": { + "fileUris": [] }, - { - "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2022-08-01", - "name": "[parameters('Component VM Host Name')]", - "location": "[resourceGroup().location]", - "dependsOn": [ - "[concat('Microsoft.Network/networkInterfaces/', variables('networkInterfaceName'))]" - ], - "zones": "[variables('availabilityZone')]", - "identity": { - "type": "SystemAssigned" - }, - "properties": { - "osProfile": { - "computerName": "[parameters('Component VM Host Name')]", - "adminUsername": "[parameters('Component VM Admin User')]", - "adminPassword": "[parameters('Component VM Admin Password')]", - "windowsConfiguration": { - "provisionVmAgent": "true" - } - }, - "hardwareProfile": { - "vmSize": "[parameters('Component VM Size')]" - }, - "storageProfile": { - "imageReference": { - "id": "[parameters('ImageID')]" - }, - "osDisk": { - "createOption": "FromImage", - "managedDisk": { - "storageAccountType": "Premium_LRS" - } - } - }, - "networkProfile": { - "networkInterfaces": [ - { - "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('networkInterfaceName'))]" - } - ] - } - }, - "condition": "[not(equals(parameters('Component To Install'), 'PSMP'))]" - }, - { - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2022-08-01", - "name": "[concat(parameters('Component VM Host Name'),'/', 'customscript')]", - "location": "[resourceGroup().location]", - "dependsOn": [ - "[concat('Microsoft.Compute/virtualMachines/', parameters('Component VM Host Name'))]" - ], - "tags": { - "displayName": "config-component" - }, - "properties": { - "publisher": "Microsoft.Compute", - "type": "CustomScriptExtension", - "typeHandlerVersion": "1.9", - "autoUpgradeMinorVersion": true, - "settings": { - "fileUris": [] - }, - "protectedSettings": { - "commandToExecute": "[concat('powershell -ExecutionPolicy Unrestricted -file ', 'C:\\cyberark\\componentregistration.ps1', ' ', parameters('Component To Install'), ' ', parameters('Vault Private IP'), ' ', parameters('Vault Admin User'),' ',parameters('Vault Admin Password'))]" - } - }, - "condition": "[not(equals(parameters('Component To Install'), 'PSMP'))]" - }, - { - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2022-05-01", - "name": "[variables('networkInterfaceName')]", - "location": "[resourceGroup().location]", + "protectedSettings": { + "commandToExecute": "[concat('powershell -ExecutionPolicy Unrestricted -file ', 'C:\\cyberark\\componentregistration.ps1', ' ', parameters('Component To Install'), ' ', parameters('Vault Private IP'), ' ', parameters('Vault Admin User'),' ',parameters('Vault Admin Password'))]" + } + }, + "condition": "[not(equals(parameters('Component To Install'), 'PSMP'))]" + }, + { + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2022-05-01", + "name": "[variables('networkInterfaceName')]", + "location": "[resourceGroup().location]", + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", "properties": { - "ipConfigurations": [ - { - "name": "ipconfig1", - "properties": { - "subnet": { - "id": "[variables('subnetRefComponent')]" - }, - "privateIPAllocationMethod": "Dynamic" - } - } - ] + "subnet": { + "id": "[variables('subnetRefComponent')]" + }, + "privateIPAllocationMethod": "Dynamic" } - } - ], - "outputs": { - "adminUsername": { - "type": "String", - "value": "[parameters('Component VM Admin User')]" - }, - "networkInterface": { - "type": "Object", - "value": "[reference(resourceId('Microsoft.Network/networkInterfaces', variables('networkInterfaceName')),'2022-05-01')]" - } + } + ] + } + } + ], + "outputs": { + "adminUsername": { + "type": "String", + "value": "[parameters('Component VM Admin User')]" + }, + "networkInterface": { + "type": "Object", + "value": "[reference(resourceId('Microsoft.Network/networkInterfaces', variables('networkInterfaceName')),'2022-05-01')]" } -} + } +} \ No newline at end of file