Azure · AlexanderSehr · Mar 4, 2022 · Feb 21, 2022 · Feb 21, 2022 · Feb 21, 2022
@@ -0,0 +1,52 @@
+name: 'Network - VPN Gateway'
+
+parameters:
+  - name: removeDeployment
+    displayName: Remove deployed module
+    type: boolean
+    default: true
+  - name: prerelease
+    displayName: Publish prerelease module
+    type: boolean
+    default: false
+
+trigger:
+  batch: true
+  branches:
+    include:
+      - main
+  paths:
+    include:
+      - '/.azuredevops/modulePipelines/ms.network.vpnGateways.yml'
+      - '/.azuredevops/pipelineTemplates/module.*.yml'
+      - '/arm/Microsoft.Network/vpnGateways/*'
+    exclude:
+      - '/**/*.md'
+
+variables:
+  - template: '/.azuredevops/pipelineVariables/global.variables.yml'
+  - group: 'PLATFORM_VARIABLES'
+  - name: modulePath
+    value: '/arm/Microsoft.Network/vpnGateways'
+
+stages:
+  - stage: Validation
+    displayName: Pester tests
+    jobs:
+      - template: /.azuredevops/pipelineTemplates/jobs.validateModulePester.yml
+
+  - stage: Deployment
+    displayName: Deployment tests
+    jobs:
+      - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml
+        parameters:
+          removeDeployment: '${{ parameters.removeDeployment }}'
+          deploymentBlocks:
+            - path: $(modulePath)/.parameters/min.parameters.json
+            - path: $(modulePath)/.parameters/parameters.json
+
+  - stage: Publishing
+    displayName: Publish module
+    condition: and(succeeded(), or(eq(variables['Build.SourceBranch'], 'refs/heads/main'), eq(variables['Build.SourceBranch'], 'refs/heads/master'), eq('${{ parameters.prerelease }}', 'true')))
+    jobs:
+      - template: /.azuredevops/pipelineTemplates/jobs.publishModule.yml
@@ -0,0 +1,135 @@
+name: 'Network - VPN Gateway'
+
+on:
+  workflow_dispatch:
+    inputs:
+      removeDeployment:
+        type: boolean
+        description: 'Remove deployed module'
+        required: false
+        default: 'true'
+      prerelease:
+        type: boolean
+        description: 'Publish prerelease module'
+        required: false
+        default: 'false'
+  push:
+    branches:
+      - main
+    paths:
+      - '.github/actions/templates/**'
+      - '.github/workflows/ms.network.vpnGateways.yml'
+      - 'arm/Microsoft.Network/vpnGateways/**'
+      - '!*/**/readme.md'
+      - 'utilities/pipelines/**'
+      - '!utilities/pipelines/dependencies/**'
+
+env:
+  modulePath: 'arm/Microsoft.Network/vpnGateways'
+  workflowPath: '.github/workflows/ms.network.vpnGateways.yml'
+  AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
+  ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
+  ARM_MGMTGROUP_ID: '${{ secrets.ARM_MGMTGROUP_ID }}'
+  ARM_TENANT_ID: '${{ secrets.ARM_TENANT_ID }}'
+  DEPLOYMENT_SP_ID: '${{ secrets.DEPLOYMENT_SP_ID }}'
+
+jobs:
+  ############################
+  #   SET INPUT PARAMETERS   #
+  ############################
+  job_set_workflow_param:
+    runs-on: ubuntu-20.04
+    name: 'Set input parameters to output variables'
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: 'Set input parameters'
+        id: get-workflow-param
+        uses: ./.github/actions/templates/getWorkflowInput
+        with:
+          workflowPath: '${{ env.workflowPath}}'
+    outputs:
+      removeDeployment: ${{ steps.get-workflow-param.outputs.removeDeployment }}
+
+  ####################
+  #   Pester Tests   #
+  ####################
+  job_module_pester_validation:
+    runs-on: ubuntu-20.04
+    name: 'Pester tests'
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: 'Run tests'
+        uses: ./.github/actions/templates/validateModulePester
+        with:
+          modulePath: '${{ env.modulePath }}'
+
+  ####################
+  # Deployment tests #
+  ####################
+  job_module_deploy_validation:
+    runs-on: ubuntu-20.04
+    name: 'Deployment tests'
+    needs:
+      - job_set_workflow_param
+      - job_module_pester_validation
+    strategy:
+      fail-fast: false
+      matrix:
+        parameterFilePaths: ['min.parameters.json', 'parameters.json']
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Set environment variables
+        uses: deep-mm/set-variables@v1.0
+        with:
+          variableFileName: 'global.variables'
+      - name: 'Using parameter file [${{ matrix.parameterFilePaths }}]'
+        uses: ./.github/actions/templates/validateModuleDeployment
+        with:
+          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
+          parameterFilePath: '${{ env.modulePath }}/.parameters/${{ matrix.parameterFilePaths }}'
+          location: '${{ env.defaultLocation }}'
+          resourceGroupName: '${{ env.resourceGroupName }}'
+          subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
+          managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}'
+          removeDeployment: '${{ needs.job_set_workflow_param.outputs.removeDeployment }}'
+
+  ###############
+  #   PUBLISH   #
+  ###############
+  job_publish_module:
+    name: 'Publish module'
+    if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true'
+    runs-on: ubuntu-20.04
+    needs:
+      - job_set_workflow_param
+      - job_module_deploy_validation
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Set environment variables
+        uses: deep-mm/set-variables@v1.0
+        with:
+          variableFileName: 'global.variables'
+      - name: 'Publish module'
+        uses: ./.github/actions/templates/publishModule
+        with:
+          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
+          templateSpecsRGName: '${{ env.templateSpecsRGName }}'
+          templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}'
+          templateSpecsDescription: '${{ env.templateSpecsDescription }}'
+          templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}'
+          bicepRegistryName: '${{ env.bicepRegistryName }}'
+          bicepRegistryRGName: '${{ env.bicepRegistryRGName }}'
+          bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}'
+          bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}'
@@ -0,0 +1 @@
+
@@ -0,0 +1,12 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "name": {
+            "value": "<<namePrefix>>-az-vpngw-min-001"
+        },
+        "virtualHubResourceId": {
+            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-az-vhub-min-001"
+        }
+    }
+}
@@ -0,0 +1,65 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "name": {
+            "value": "<<namePrefix>>-az-vpngw-x-001"
+        },
+        "virtualHubResourceId": {
+            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-az-vhub-x-001"
+        },
+        "bgpSettings": {
+            "value": {
+                "asn": 65515,
+                "peerWeight": 0
+            }
+        },
+        "connections": {
+            "value": [
+                {
+                    "name": "Connection-<<namePrefix>>-az-vsite-x-001",
+                    "connectionBandwidth": 10,
+                    "enableBgp": true,
+                    "routingConfiguration": {
+                        "associatedRouteTable": {
+                            "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-az-vhub-x-001/hubRouteTables/defaultRouteTable"
+                        },
+                        "propagatedRouteTables": {
+                            "labels": [
+                                "default"
+                            ],
+                            "ids": [
+                                {
+                                    "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-az-vhub-x-001/hubRouteTables/defaultRouteTable"
+                                }
+                            ]
+                        },
+                        "vnetRoutes": {
+                            "staticRoutes": []
+                        }
+                    },
+                    "remoteVpnSiteResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/vpnSites/<<namePrefix>>-az-vsite-x-001"
+                }
+            ]
+        },
+        "natRules": {
+            "value": [
+                {
+                    "name": "natRule1",
+                    "internalMappings": [
+                        {
+                            "addressSpace": "10.4.0.0/24"
+                        }
+                    ],
+                    "externalMappings": [
+                        {
+                            "addressSpace": "192.168.21.0/24"
+                        }
+                    ],
+                    "type": "Static",
+                    "mode": "EgressSnat"
+                }
+            ]
+        }
+    }
+}
@@ -0,0 +1 @@
+
@@ -0,0 +1,95 @@
+@description('Required. The name of the VPN connection.')
+param name string
+
+@description('Required. The name of the VPN gateway this VPN connection is associated with.')
+param vpnGatewayName string
+
+@description('Optional. The IPSec policies to be considered by this connection.')
+param ipsecPolicies array = []
+
+@description('Optional. The traffic selector policies to be considered by this connection.')
+param trafficSelectorPolicies array = []
+
+@description('Optional. List of all VPN site link connections to the gateway.')
+param vpnLinkConnections array = []
+
+@description('Optional. Routing configuration indicating the associated and propagated route tables for this connection.')
+param routingConfiguration object = {}
+
+@description('Optional. Enable policy-based traffic selectors.')
+param usePolicyBasedTrafficSelectors bool = false
+
+@description('Optional. Use local Azure IP to initiate connection.')
+param useLocalAzureIpAddress bool = false
+
+@description('Optional. Enable rate limiting.')
+param enableRateLimiting bool = false
+
+@description('Optional. Enable internet security.')
+param enableInternetSecurity bool = false
+
+@description('Optional. Enable BGP flag.')
+param enableBgp bool = false
+
+@description('Optional. Routing weight for VPN connection.')
+param routingWeight int = 0
+
+@description('Optional. Expected bandwidth in MBPS.')
+param connectionBandwidth int = 10
+
+@description('Optional. Gateway connection protocol.')
+@allowed([
+  'IKEv1'
+  'IKEv2'
+])
+param vpnConnectionProtocolType string = 'IKEv2'
+
+@description('Optional. SharedKey for the VPN connection.')
+param sharedKey string = ''
+
+@description('Optional. Reference to a VPN site to link to')
+param remoteVpnSiteResourceId string = ''
+
+@description('Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered')
+param cuaId string = ''
+
+module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) {
+  name: 'pid-${cuaId}'
+  params: {}
+}
+
+resource vpnGateway 'Microsoft.Network/vpnGateways@2021-05-01' existing = {
+  name: vpnGatewayName
+}
+
+resource vpnConnection 'Microsoft.Network/vpnGateways/vpnConnections@2021-05-01' = {
+  name: name
+  parent: vpnGateway
+  properties: {
+    connectionBandwidth: connectionBandwidth
+    enableBgp: enableBgp
+    enableInternetSecurity: enableInternetSecurity
+    enableRateLimiting: enableRateLimiting
+    ipsecPolicies: ipsecPolicies
+    remoteVpnSite: !empty(remoteVpnSiteResourceId) ? {
+      id: remoteVpnSiteResourceId
+    } : null
+    routingConfiguration: routingConfiguration
+    routingWeight: routingWeight
+    sharedKey: sharedKey
+    trafficSelectorPolicies: trafficSelectorPolicies
+    useLocalAzureIpAddress: useLocalAzureIpAddress
+    usePolicyBasedTrafficSelectors: usePolicyBasedTrafficSelectors
+    vpnConnectionProtocolType: vpnConnectionProtocolType
+    vpnLinkConnections: vpnLinkConnections
+  }
+}
+
+@description('The name of the VPN connection')
+output name string = vpnConnection.name
+
+@description('The resource ID of the VPN connection')
+output resourceId string = vpnConnection.id
+
+@description('The name of the resource group the VPN connection was deployed into')
+output resourceGroupName string = resourceGroup().name