microsoft · TechnicallyWilliams · Sep 6, 2019 · Sep 6, 2019 · Sep 12, 2019 · Sep 12, 2019
@@ -103,7 +103,7 @@ This document provides Cobalt users instructions for initializing and integratin
             ![Request Permissions menu](https://user-images.githubusercontent.com/10041279/63549279-b6896500-c4f5-11e9-9c92-40ac2a4295c9.png)
 
         * Click [Add permissions] to save this configuration
-        * Click [Grant admin consent for *Your Directory*] to grant consent on behalf of users in this directory for this permission 
+        * Click [Grant admin consent for *Your Directory*] to grant consent on behalf of users in this directory for this permission
 
     * Configure the new AAD app as a Cobalt admin service-principal/service-endpoint
         * From the App registrations service blade, click the [Certificates & secrets] tab
@@ -174,11 +174,11 @@ This document provides Cobalt users instructions for initializing and integratin
             | Name   | Value | Var Description |
             |-------------|-----------|-----------|
             | `AGENT_POOL` | Hosted Ubuntu 1604 | The type of build agent used for your deployment. |
-            | `ARM_PROVIDER_STRICT` | false | Terraform ARM provider modification |
+            | `ARM_PROVIDER_STRICT` | true | Terraform ARM provider modification |
             | `BUILD_ARTIFACT_NAME` | drop | Name to identity the folder containing artifacts output by a build. |
             | `GO_VERSION`| 1.12.5 | The version of Go terraform deployments are bound to. |
             | `PIPELINE_ROOT_DIR` | devops/providers/azure-devops/templates/ | A path for finding Cobalt templates. |
-            | `REMOTE_STATE_CONTAINER` | `<CONTAINER_NAME>`| The remote blob storage container name for managing the state of a Cobalt Template's deployed infrastructure. Also is used as a naming convention for partitioning state into multiple workspaces. This name was created in an earlier step from within the azure portal. |
+            | `REMOTE_STATE_CONTAINER` | `<BACKEND_STATE_CONTAINER_NAME>`| The remote blob storage container name for managing the state of a Cobalt Template's deployed infrastructure. Also is used as a naming convention for partitioning state into multiple workspaces. This name was created in an earlier step from within the azure portal. |
             | `SCRIPTS_DIR` | infrastructure/scripts | Path to scripts used at runtime for composing build and release jobs at various pipeline stages. |
             | `TEST_HARNESS_DIR` | test-harness/ | A path to the cobalt test harness for running integration and unit tests written in Docker and Golang. |
             | `TF_ROOT_DIR`| infra | The primary path for all Cobalt templates and the modules they are composed of. |
@@ -244,6 +244,7 @@ This document provides Cobalt users instructions for initializing and integratin
 
     * Open the project from your favorite IDE and navigate to infrastructure templates `./infra/templates` directory.
     * Manually delete template directories not needed for your enterprise.
+    * The CI/CD pipeline needs to detect a code change to run tests. Add a comment or extra line to a TF or Go file in order to force tests to run.
     > NOTE: Do not delete 'backend-state-setup' template! We also recommended keeping the 'az-hello-world' template as a starter template.
     * Commit the newly pruned project to your newly forked repo.
         ```bash

@@ -118,6 +118,7 @@ The following *Infrastructure Pipeline Variables* are used by all possible envir
 
 ```bash
 # IMPORTANT: Replace these values as necessary to fit your environment.
+# IMPORTANT: REMOTE_STATE_CONTAINER should hold a value that is different than the source repo.
 az pipelines variable-group create --authorize true --name "$COBALT_VAR_GROUP_INFRA" --variables \
     AGENT_POOL='Hosted Ubuntu 1604' \
     ARM_PROVIDER_STRICT=true \
@@ -141,14 +142,15 @@ Within the pipeline build definition you may specify the number of environments
 For this walkthrough, we will only create a single environment -- *devint*. The following commands will create the required *DevInt Environment Variables* variable group.
 ```bash
 # IMPORTANT: Replace these values as necessary to fit your environment.
+# IMPORTANT: If you have control over the service connection, it should rely on the same SP backing the source repo service connection.
 DEVINT_VAR_GROUP="DevInt $COBALT_VAR_GROUP_ENV_SUFFIX"
 az pipelines variable-group create --authorize true --name $DEVINT_VAR_GROUP --variables \
     ARM_SUBSCRIPTION_ID='TARGETSUBSCRIPTIONID' \
     REMOTE_STATE_ACCOUNT='BACKENDSTATESTORAGEACCOUNTNAME' \
     SERVICE_CONNECTION_NAME='SERVICECONNECTIONNAME'
 ```
 
-> NOTE: The Service Connection name should be provided by someone in your organziation with the *Global administrator* permission for your Azure Active Directory tenant. If it has not been provisisioned for you, you may create another by following the directions outlined in the [Getting Started - Advocated Pattern Onwer documentation](./GETTING_STARTED_ADD_PAT_OWNER.md)
+> NOTE: The Service Connection name should be provided by someone in your organization with the *Global administrator* permission for your Azure Active Directory tenant. If it has not been provisisioned for you, you may create another by following the directions outlined in the [Getting Started - Advocated Pattern Onwer documentation](./GETTING_STARTED_ADD_PAT_OWNER.md)
 
 At this time, the Azure DevOps CLI does not support linking variable groups to pipelines. We have a temporary workaround utilizing the Azure DevOps `invoke` command to directly call the Azure DevOps REST API to update the build definition.