From 24093131d3aedf32315b22ae861dba7b126ddf25 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sat, 5 Mar 2022 21:00:06 +0100 Subject: [PATCH 1/9] Refactored vwan module and shifted resources accordingly + added min param --- .../ms.network.virtualwans.yml | 1 + .github/workflows/ms.network.virtualwans.yml | 2 +- .../virtualHubs/deploy.bicep | 17 +++ arm/Microsoft.Network/virtualHubs/readme.md | 5 +- .../.parameters/min.parameters.json | 9 ++ .../virtualWans/.parameters/parameters.json | 13 +- .../virtualWans/deploy.bicep | 129 ++---------------- arm/Microsoft.Network/virtualWans/readme.md | 21 +-- .../vpnGateways/deploy.bicep | 17 +++ arm/Microsoft.Network/vpnGateways/readme.md | 7 +- 10 files changed, 71 insertions(+), 150 deletions(-) create mode 100644 arm/Microsoft.Network/virtualWans/.parameters/min.parameters.json diff --git a/.azuredevops/modulePipelines/ms.network.virtualwans.yml b/.azuredevops/modulePipelines/ms.network.virtualwans.yml index bef3372daf..11ce9c3a01 100644 --- a/.azuredevops/modulePipelines/ms.network.virtualwans.yml +++ b/.azuredevops/modulePipelines/ms.network.virtualwans.yml @@ -42,6 +42,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: + - path: $(modulePath)/.parameters/min.parameters.json - path: $(modulePath)/.parameters/parameters.json - stage: Publishing diff --git a/.github/workflows/ms.network.virtualwans.yml b/.github/workflows/ms.network.virtualwans.yml index b07c7830f3..5a22fd96b5 100644 --- a/.github/workflows/ms.network.virtualwans.yml +++ b/.github/workflows/ms.network.virtualwans.yml @@ -81,7 +81,7 @@ jobs: strategy: fail-fast: false matrix: - parameterFilePaths: ['parameters.json'] + parameterFilePaths: ['min.parameters.json', 'parameters.json'] steps: - name: 'Checkout' uses: actions/checkout@v2 diff --git a/arm/Microsoft.Network/virtualHubs/deploy.bicep b/arm/Microsoft.Network/virtualHubs/deploy.bicep index c7c7437961..7476ba632a 100644 --- a/arm/Microsoft.Network/virtualHubs/deploy.bicep +++ b/arm/Microsoft.Network/virtualHubs/deploy.bicep @@ -68,6 +68,14 @@ param hubRouteTables array = [] @description('Optional. Virtual network connections to create for the virtual hub.') param hubVirtualNetworkConnections array = [] +@allowed([ + 'CanNotDelete' + 'NotSpecified' + 'ReadOnly' +]) +@description('Optional. Specify the type of lock.') +param lock string = 'NotSpecified' + @description('Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered') param cuaId string = '' @@ -113,6 +121,15 @@ resource virtualHub 'Microsoft.Network/virtualHubs@2021-05-01' = { } } +resource virtualHub_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { + name: '${virtualHub.name}-${lock}-lock' + properties: { + level: lock + notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + } + scope: virtualHub +} + module virtualHub_routeTables 'hubRouteTables/deploy.bicep' = [for (routeTable, index) in hubRouteTables: { name: '${uniqueString(deployment().name, location)}-routeTable-${index}' params: { diff --git a/arm/Microsoft.Network/virtualHubs/readme.md b/arm/Microsoft.Network/virtualHubs/readme.md index dc649408c2..d37af7b81a 100644 --- a/arm/Microsoft.Network/virtualHubs/readme.md +++ b/arm/Microsoft.Network/virtualHubs/readme.md @@ -6,6 +6,7 @@ This module deploys a virtual hub. | Resource Type | API Version | | :-- | :-- | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Network/virtualHubs` | 2021-05-01 | | `Microsoft.Network/virtualHubs/hubRouteTables` | 2021-05-01 | | `Microsoft.Network/virtualHubs/hubVirtualNetworkConnections` | 2021-05-01 | @@ -22,13 +23,14 @@ This module deploys a virtual hub. | `hubRouteTables` | _[hubRouteTables](hubRouteTables/readme.md)_ array | `[]` | | Optional. Route tables to create for the virtual hub. | | `hubVirtualNetworkConnections` | _[hubVirtualNetworkConnections](hubVirtualNetworkConnections/readme.md)_ array | `[]` | | Optional. Virtual network connections to create for the virtual hub. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | +| `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `name` | string | | | Required. The virtual hub name. | | `p2SVpnGatewayId` | string | | | Optional. Resource ID of the Point-to-Site VPN Gateway to link to | | `preferredRoutingGateway` | string | | `[ExpressRoute, None, VpnGateway, ]` | Optional. The preferred routing gateway types | | `routeTableRoutes` | array | `[]` | | Optional. VirtualHub route tables | | `securityPartnerProviderId` | string | | | Optional. ID of the Security Partner Provider to link to | | `securityProviderName` | string | | | Optional. The Security Provider name. | -| `sku` | string | `Standard` | `Basic`,`Standard` | Optional. The sku of this VirtualHub. | +| `sku` | string | `Standard` | `[Basic, Standard]` | Optional. The sku of this VirtualHub. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `virtualHubRouteTableV2s` | array | `[]` | | Optional. List of all virtual hub route table v2s associated with this VirtualHub. | | `virtualRouterAsn` | int | `-1` | | Optional. VirtualRouter ASN. | @@ -63,6 +65,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Virtualhubs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/virtualHubs) - [Virtualhubs/Hubroutetables](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/virtualHubs/hubRouteTables) - [Virtualhubs/Hubvirtualnetworkconnections](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/virtualHubs/hubVirtualNetworkConnections) diff --git a/arm/Microsoft.Network/virtualWans/.parameters/min.parameters.json b/arm/Microsoft.Network/virtualWans/.parameters/min.parameters.json new file mode 100644 index 0000000000..badddffd7e --- /dev/null +++ b/arm/Microsoft.Network/virtualWans/.parameters/min.parameters.json @@ -0,0 +1,9 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "<>-az-vw-min-001" + } + } +} diff --git a/arm/Microsoft.Network/virtualWans/.parameters/parameters.json b/arm/Microsoft.Network/virtualWans/.parameters/parameters.json index 56ac0a55bf..b0158914bf 100644 --- a/arm/Microsoft.Network/virtualWans/.parameters/parameters.json +++ b/arm/Microsoft.Network/virtualWans/.parameters/parameters.json @@ -5,17 +5,8 @@ "name": { "value": "<>-az-vw-x-001" }, - "vpnsiteAddressspaceList": { - "value": [] - }, - "vpnsitePublicIPAddress": { - "value": "1.2.3.4" - }, - "vpnsiteBgpAsn": { - "value": 65010 - }, - "vpnsiteBgpPeeringAddress": { - "value": "1.1.1.1" + "type": { + "value": "Basic" }, "roleAssignments": { "value": [ diff --git a/arm/Microsoft.Network/virtualWans/deploy.bicep b/arm/Microsoft.Network/virtualWans/deploy.bicep index 968b410208..a5e346a5a2 100644 --- a/arm/Microsoft.Network/virtualWans/deploy.bicep +++ b/arm/Microsoft.Network/virtualWans/deploy.bicep @@ -9,41 +9,16 @@ param name string 'Standard' 'Basic' ]) -param virtualWanSku string = 'Standard' +param type string = 'Standard' -@description('Optional. Name of the Virtual Hub. A virtual hub is created inside a virtual wan.') -param virtualHubName string = 'SampleVirtualHub' +@description('Optional. True if branch to branch traffic is allowed.') +param allowBranchToBranchTraffic bool = false -@description('Optional. Name of the Vpn Gateway. A vpn gateway is created inside a virtual hub.') -param vpnGatewayName string = 'SampleVpnGateway' +@description('Optional. True if branch to branch traffic is allowed.') +param allowVnetToVnetTraffic bool = false -@description('Optional. Name of the vpnsite. A vpnsite represents the on-premise vpn device. A public ip address is mandatory for a vpn site creation.') -param vpnSiteName string = 'SampleVpnSite' - -@description('Optional. Name of the vpnconnection. A vpn connection is established between a vpnsite and a vpn gateway.') -param connectionName string = 'SampleVpnsiteVpnGwConnection' - -@description('Optional. A list of static routes corresponding to the vpn site. These are configured on the vpn gateway.') -param vpnsiteAddressspaceList array = [] - -@description('Required. he public IP address of a vpn site.') -param vpnsitePublicIPAddress string - -@description('Required. The bgp asn number of a vpnsite.') -param vpnsiteBgpAsn int - -@description('Required. The bgp peer IP address of a vpnsite.') -param vpnsiteBgpPeeringAddress string - -@description('Optional. The hub address prefix. This address prefix will be used as the address prefix for the hub vnet') -param addressPrefix string = '192.168.0.0/24' - -@description('Optional. his needs to be set to true if BGP needs to enabled on the vpn connection.') -@allowed([ - 'true' - 'false' -]) -param enableBgp string = 'false' +@description('Optional. True if branch to branch traffic is allowed.') +param disableVpnEncryption bool = false @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'') param roleAssignments array = [] @@ -72,7 +47,10 @@ resource virtualWan 'Microsoft.Network/virtualWans@2021-03-01' = { location: location tags: tags properties: { - type: virtualWanSku + allowBranchToBranchTraffic: allowBranchToBranchTraffic + allowVnetToVnetTraffic: allowVnetToVnetTraffic + disableVpnEncryption: disableVpnEncryption + type: type } } @@ -85,91 +63,6 @@ resource virtualWan_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock ! scope: virtualWan } -resource virtualHub 'Microsoft.Network/virtualHubs@2021-03-01' = { - name: virtualHubName - location: location - properties: { - addressPrefix: addressPrefix - virtualWan: { - id: virtualWan.id - } - } -} - -resource virtualHub_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { - name: '${virtualHub.name}-${lock}-lock' - properties: { - level: lock - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: virtualHub -} - -resource vpnSite 'Microsoft.Network/vpnSites@2021-03-01' = { - name: vpnSiteName - location: location - properties: { - addressSpace: { - addressPrefixes: vpnsiteAddressspaceList - } - bgpProperties: { - asn: vpnsiteBgpAsn - bgpPeeringAddress: vpnsiteBgpPeeringAddress - peerWeight: 0 - } - deviceProperties: { - linkSpeedInMbps: 0 - } - ipAddress: vpnsitePublicIPAddress - virtualWan: { - id: virtualWan.id - } - } -} - -resource vpnSite_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { - name: '${vpnSite.name}-${lock}-lock' - properties: { - level: lock - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: vpnSite -} - -resource vpnGateway 'Microsoft.Network/vpnGateways@2021-03-01' = { - name: vpnGatewayName - location: location - properties: { - connections: [ - { - name: connectionName - properties: { - connectionBandwidth: 10 - enableBgp: any(enableBgp) - remoteVpnSite: { - id: vpnSite.id - } - } - } - ] - virtualHub: { - id: virtualHub.id - } - bgpSettings: { - asn: 65515 - } - } -} - -resource vpnGateway_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { - name: '${vpnGateway.name}-${lock}-lock' - properties: { - level: lock - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: vpnGateway -} - module virtualWan_rbac '.bicep/nested_rbac.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-VWan-Rbac-${index}' params: { diff --git a/arm/Microsoft.Network/virtualWans/readme.md b/arm/Microsoft.Network/virtualWans/readme.md index 24278f39c3..dc5054cad1 100644 --- a/arm/Microsoft.Network/virtualWans/readme.md +++ b/arm/Microsoft.Network/virtualWans/readme.md @@ -8,32 +8,22 @@ This template deploys a virtual WAN. | :-- | :-- | | `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | -| `Microsoft.Network/virtualHubs` | 2021-03-01 | | `Microsoft.Network/virtualWans` | 2021-03-01 | -| `Microsoft.Network/vpnGateways` | 2021-03-01 | -| `Microsoft.Network/vpnSites` | 2021-03-01 | ## Parameters | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | -| `addressPrefix` | string | `192.168.0.0/24` | | Optional. The hub address prefix. This address prefix will be used as the address prefix for the hub vnet | -| `connectionName` | string | `SampleVpnsiteVpnGwConnection` | | Optional. Name of the vpnconnection. A vpn connection is established between a vpnsite and a vpn gateway. | +| `allowBranchToBranchTraffic` | bool | `False` | | Optional. True if branch to branch traffic is allowed. | +| `allowVnetToVnetTraffic` | bool | `False` | | Optional. True if branch to branch traffic is allowed. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | -| `enableBgp` | string | `false` | `[true, false]` | Optional. his needs to be set to true if BGP needs to enabled on the vpn connection. | +| `disableVpnEncryption` | bool | `False` | | Optional. True if branch to branch traffic is allowed. | | `location` | string | `[resourceGroup().location]` | | Optional. Location where all resources will be created. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `name` | string | | | Required. Name of the Virtual Wan. | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | | `tags` | object | `{object}` | | Optional. Tags of the resource. | -| `virtualHubName` | string | `SampleVirtualHub` | | Optional. Name of the Virtual Hub. A virtual hub is created inside a virtual wan. | -| `virtualWanSku` | string | `Standard` | `[Standard, Basic]` | Optional. Sku of the Virtual Wan. | -| `vpnGatewayName` | string | `SampleVpnGateway` | | Optional. Name of the Vpn Gateway. A vpn gateway is created inside a virtual hub. | -| `vpnsiteAddressspaceList` | array | `[]` | | Optional. A list of static routes corresponding to the vpn site. These are configured on the vpn gateway. | -| `vpnsiteBgpAsn` | int | | | Required. The bgp asn number of a vpnsite. | -| `vpnsiteBgpPeeringAddress` | string | | | Required. The bgp peer IP address of a vpnsite. | -| `vpnSiteName` | string | `SampleVpnSite` | | Optional. Name of the vpnsite. A vpnsite represents the on-premise vpn device. A public ip address is mandatory for a vpn site creation. | -| `vpnsitePublicIPAddress` | string | | | Required. he public IP address of a vpn site. | +| `type` | string | `Standard` | `[Standard, Basic]` | Optional. Sku of the Virtual Wan. | ### Parameter Usage: `roleAssignments` @@ -86,7 +76,4 @@ Tag names and tag values can be provided as needed. A tag can be left without a - [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/roleAssignments) -- [Virtualhubs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/virtualHubs) - [Virtualwans](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/virtualWans) -- [Vpngateways](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/vpnGateways) -- [Vpnsites](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/vpnSites) diff --git a/arm/Microsoft.Network/vpnGateways/deploy.bicep b/arm/Microsoft.Network/vpnGateways/deploy.bicep index 72cdd9a388..c37730bc8e 100644 --- a/arm/Microsoft.Network/vpnGateways/deploy.bicep +++ b/arm/Microsoft.Network/vpnGateways/deploy.bicep @@ -28,6 +28,14 @@ param vpnGatewayScaleUnit int = 2 @description('Optional. Tags of the resource.') param tags object = {} +@allowed([ + 'CanNotDelete' + 'NotSpecified' + 'ReadOnly' +]) +@description('Optional. Specify the type of lock.') +param lock string = 'NotSpecified' + @description('Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered') param cuaId string = '' @@ -51,6 +59,15 @@ resource vpnGateway 'Microsoft.Network/vpnGateways@2021-05-01' = { } } +resource vpnGateway_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { + name: '${vpnGateway.name}-${lock}-lock' + properties: { + level: lock + notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + } + scope: vpnGateway +} + module vpnGateway_natRules 'natRules/deploy.bicep' = [for (natRule, index) in natRules: { name: '${deployment().name}-NATRule-${index}' params: { diff --git a/arm/Microsoft.Network/vpnGateways/readme.md b/arm/Microsoft.Network/vpnGateways/readme.md index 8b4cabcd31..8f65404f74 100644 --- a/arm/Microsoft.Network/vpnGateways/readme.md +++ b/arm/Microsoft.Network/vpnGateways/readme.md @@ -6,6 +6,7 @@ This module deploys VPN Gateways. | Resource Type | API Version | | :-- | :-- | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Network/vpnGateways` | 2021-05-01 | | `Microsoft.Network/vpnGateways/natRules` | 2021-05-01 | | `Microsoft.Network/vpnGateways/vpnConnections` | 2021-05-01 | @@ -17,9 +18,10 @@ This module deploys VPN Gateways. | `bgpSettings` | object | `{object}` | | Optional. BGP settings details. | | `connections` | _[connections](connections/readme.md)_ array | `[]` | | Optional. The connections to create in the VPN gateway | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | -| `enableBgpRouteTranslationForNat` | bool | `False` | | Optional. Enable BGP routes translation for NAT on this VPNGateway. | -| `isRoutingPreferenceInternet` | bool | `False` | | Optional. Enable Routing Preference property for the Public IP Interface of the VPNGateway. | +| `enableBgpRouteTranslationForNat` | bool | `False` | | Optional. Enable BGP routes translation for NAT on this VPN gateway. | +| `isRoutingPreferenceInternet` | bool | `False` | | Optional. Enable routing preference property for the public IP interface of the VPN gateway. | | `location` | string | `[resourceGroup().location]` | | Optional. Location where all resources will be created. | +| `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `name` | string | | | Required. Name of the VPN gateway | | `natRules` | _[natRules](natRules/readme.md)_ array | `[]` | | Optional. List of all the NAT Rules to associate with the gateway. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | @@ -88,6 +90,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Vpngateways](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/vpnGateways) - [Vpngateways/Natrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/vpnGateways/natRules) - [Vpngateways/Vpnconnections](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/vpnGateways/vpnConnections) From 7545adfa36fa69f1ecd518f574d2ccc90c6a74fe Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sat, 5 Mar 2022 21:01:17 +0100 Subject: [PATCH 2/9] Updated param file --- .../virtualWans/.parameters/parameters.json | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arm/Microsoft.Network/virtualWans/.parameters/parameters.json b/arm/Microsoft.Network/virtualWans/.parameters/parameters.json index b0158914bf..325af25252 100644 --- a/arm/Microsoft.Network/virtualWans/.parameters/parameters.json +++ b/arm/Microsoft.Network/virtualWans/.parameters/parameters.json @@ -8,6 +8,15 @@ "type": { "value": "Basic" }, + "allowBranchToBranchTraffic": { + "value": true + }, + "allowVnetToVnetTraffic": { + "value": true + }, + "disableVpnEncryption": { + "value": true + }, "roleAssignments": { "value": [ { From 50f38829370609bf203cf3b1087f3729636b9954 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sat, 5 Mar 2022 21:05:14 +0100 Subject: [PATCH 3/9] Update to latest --- arm/Microsoft.Network/virtualWans/.bicep/nested_rbac.bicep | 2 +- arm/Microsoft.Network/virtualWans/deploy.bicep | 2 +- arm/Microsoft.Network/virtualWans/readme.md | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/arm/Microsoft.Network/virtualWans/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/virtualWans/.bicep/nested_rbac.bicep index 5fa4ad424d..9fa6020add 100644 --- a/arm/Microsoft.Network/virtualWans/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/virtualWans/.bicep/nested_rbac.bicep @@ -20,7 +20,7 @@ var builtInRoleNames = { 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') } -resource virtualWan 'Microsoft.Network/virtualWans@2021-03-01' existing = { +resource virtualWan 'Microsoft.Network/virtualWans@2021-05-01' existing = { name: last(split(resourceId, '/')) } diff --git a/arm/Microsoft.Network/virtualWans/deploy.bicep b/arm/Microsoft.Network/virtualWans/deploy.bicep index a5e346a5a2..bb1c870b94 100644 --- a/arm/Microsoft.Network/virtualWans/deploy.bicep +++ b/arm/Microsoft.Network/virtualWans/deploy.bicep @@ -42,7 +42,7 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource virtualWan 'Microsoft.Network/virtualWans@2021-03-01' = { +resource virtualWan 'Microsoft.Network/virtualWans@2021-05-01' = { name: name location: location tags: tags diff --git a/arm/Microsoft.Network/virtualWans/readme.md b/arm/Microsoft.Network/virtualWans/readme.md index dc5054cad1..d7eceb5f45 100644 --- a/arm/Microsoft.Network/virtualWans/readme.md +++ b/arm/Microsoft.Network/virtualWans/readme.md @@ -8,7 +8,7 @@ This template deploys a virtual WAN. | :-- | :-- | | `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | -| `Microsoft.Network/virtualWans` | 2021-03-01 | +| `Microsoft.Network/virtualWans` | 2021-05-01 | ## Parameters @@ -76,4 +76,4 @@ Tag names and tag values can be provided as needed. A tag can be left without a - [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/roleAssignments) -- [Virtualwans](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/virtualWans) +- [Virtualwans](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/virtualWans) From 329da5bd6c65e9ad6c3cc92733c35e54bbee6dcb Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sat, 5 Mar 2022 21:14:29 +0100 Subject: [PATCH 4/9] Update to latest --- arm/Microsoft.Network/virtualWans/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Network/virtualWans/deploy.bicep b/arm/Microsoft.Network/virtualWans/deploy.bicep index bb1c870b94..bfcbe1c2ac 100644 --- a/arm/Microsoft.Network/virtualWans/deploy.bicep +++ b/arm/Microsoft.Network/virtualWans/deploy.bicep @@ -48,7 +48,7 @@ resource virtualWan 'Microsoft.Network/virtualWans@2021-05-01' = { tags: tags properties: { allowBranchToBranchTraffic: allowBranchToBranchTraffic - allowVnetToVnetTraffic: allowVnetToVnetTraffic + allowVnetToVnetTraffic: allowVnetToVnetTraffic ? allowVnetToVnetTraffic : null disableVpnEncryption: disableVpnEncryption type: type } From 2cdb51802e573a60d64c37202c0aa4c86126c017 Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Sun, 6 Mar 2022 07:54:49 +0000 Subject: [PATCH 5/9] Update arm/Microsoft.Network/virtualWans/deploy.bicep Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- arm/Microsoft.Network/virtualWans/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Network/virtualWans/deploy.bicep b/arm/Microsoft.Network/virtualWans/deploy.bicep index bfcbe1c2ac..bcfcb222c7 100644 --- a/arm/Microsoft.Network/virtualWans/deploy.bicep +++ b/arm/Microsoft.Network/virtualWans/deploy.bicep @@ -14,7 +14,7 @@ param type string = 'Standard' @description('Optional. True if branch to branch traffic is allowed.') param allowBranchToBranchTraffic bool = false -@description('Optional. True if branch to branch traffic is allowed.') +@description('Optional. True if Vnet to Vnet traffic is allowed. ') param allowVnetToVnetTraffic bool = false @description('Optional. True if branch to branch traffic is allowed.') From ef66514a49ce2e6ba7b0bc00173262c8902bbebb Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Sun, 6 Mar 2022 07:55:00 +0000 Subject: [PATCH 6/9] Update arm/Microsoft.Network/virtualWans/deploy.bicep Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- arm/Microsoft.Network/virtualWans/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Network/virtualWans/deploy.bicep b/arm/Microsoft.Network/virtualWans/deploy.bicep index bcfcb222c7..372e3d2f1e 100644 --- a/arm/Microsoft.Network/virtualWans/deploy.bicep +++ b/arm/Microsoft.Network/virtualWans/deploy.bicep @@ -17,7 +17,7 @@ param allowBranchToBranchTraffic bool = false @description('Optional. True if Vnet to Vnet traffic is allowed. ') param allowVnetToVnetTraffic bool = false -@description('Optional. True if branch to branch traffic is allowed.') +@description('Optional. Vpn encryption to be disabled or not.') param disableVpnEncryption bool = false @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'') From bd01b85b9efa84b996d8e50e2c87a522dfb60575 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 6 Mar 2022 09:49:10 +0100 Subject: [PATCH 7/9] Update to latest --- arm/Microsoft.Network/virtualWans/deploy.bicep | 8 ++++---- arm/Microsoft.Network/virtualWans/readme.md | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/arm/Microsoft.Network/virtualWans/deploy.bicep b/arm/Microsoft.Network/virtualWans/deploy.bicep index 372e3d2f1e..d2dc557a24 100644 --- a/arm/Microsoft.Network/virtualWans/deploy.bicep +++ b/arm/Microsoft.Network/virtualWans/deploy.bicep @@ -1,10 +1,10 @@ @description('Optional. Location where all resources will be created.') param location string = resourceGroup().location -@description('Required. Name of the Virtual Wan.') +@description('Required. Name of the Virtual VNET.') param name string -@description('Optional. Sku of the Virtual Wan.') +@description('Optional. SKU of the Virtual WAN.') @allowed([ 'Standard' 'Basic' @@ -14,10 +14,10 @@ param type string = 'Standard' @description('Optional. True if branch to branch traffic is allowed.') param allowBranchToBranchTraffic bool = false -@description('Optional. True if Vnet to Vnet traffic is allowed. ') +@description('Optional. True if VNET to VNET traffic is allowed. ') param allowVnetToVnetTraffic bool = false -@description('Optional. Vpn encryption to be disabled or not.') +@description('Optional. VPN encryption to be disabled or not.') param disableVpnEncryption bool = false @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'') diff --git a/arm/Microsoft.Network/virtualWans/readme.md b/arm/Microsoft.Network/virtualWans/readme.md index d7eceb5f45..0061753937 100644 --- a/arm/Microsoft.Network/virtualWans/readme.md +++ b/arm/Microsoft.Network/virtualWans/readme.md @@ -15,15 +15,15 @@ This template deploys a virtual WAN. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `allowBranchToBranchTraffic` | bool | `False` | | Optional. True if branch to branch traffic is allowed. | -| `allowVnetToVnetTraffic` | bool | `False` | | Optional. True if branch to branch traffic is allowed. | +| `allowVnetToVnetTraffic` | bool | `False` | | Optional. True if VNET to VNET traffic is allowed. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | -| `disableVpnEncryption` | bool | `False` | | Optional. True if branch to branch traffic is allowed. | +| `disableVpnEncryption` | bool | `False` | | Optional. VPN encryption to be disabled or not. | | `location` | string | `[resourceGroup().location]` | | Optional. Location where all resources will be created. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | -| `name` | string | | | Required. Name of the Virtual Wan. | +| `name` | string | | | Required. Name of the Virtual VNET. | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | | `tags` | object | `{object}` | | Optional. Tags of the resource. | -| `type` | string | `Standard` | `[Standard, Basic]` | Optional. Sku of the Virtual Wan. | +| `type` | string | `Standard` | `[Standard, Basic]` | Optional. SKU of the Virtual WAN. | ### Parameter Usage: `roleAssignments` From 32612f2ab6485b620f253910e82eb3f25ea4c3e7 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 6 Mar 2022 09:50:52 +0100 Subject: [PATCH 8/9] Update to latest --- arm/Microsoft.Network/virtualWans/deploy.bicep | 2 +- arm/Microsoft.Network/virtualWans/readme.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arm/Microsoft.Network/virtualWans/deploy.bicep b/arm/Microsoft.Network/virtualWans/deploy.bicep index d2dc557a24..f39c079e82 100644 --- a/arm/Microsoft.Network/virtualWans/deploy.bicep +++ b/arm/Microsoft.Network/virtualWans/deploy.bicep @@ -4,7 +4,7 @@ param location string = resourceGroup().location @description('Required. Name of the Virtual VNET.') param name string -@description('Optional. SKU of the Virtual WAN.') +@description('Optional. The type of the VirtualWAN.') @allowed([ 'Standard' 'Basic' diff --git a/arm/Microsoft.Network/virtualWans/readme.md b/arm/Microsoft.Network/virtualWans/readme.md index 0061753937..bae30b4023 100644 --- a/arm/Microsoft.Network/virtualWans/readme.md +++ b/arm/Microsoft.Network/virtualWans/readme.md @@ -23,7 +23,7 @@ This template deploys a virtual WAN. | `name` | string | | | Required. Name of the Virtual VNET. | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | | `tags` | object | `{object}` | | Optional. Tags of the resource. | -| `type` | string | `Standard` | `[Standard, Basic]` | Optional. SKU of the Virtual WAN. | +| `type` | string | `Standard` | `[Standard, Basic]` | Optional. The type of the VirtualWAN. | ### Parameter Usage: `roleAssignments` From ba5072b7401ac4bc3deed0a328dfee41d634c991 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 7 Mar 2022 09:37:47 +0100 Subject: [PATCH 9/9] Fixed param name --- arm/Microsoft.Network/virtualWans/deploy.bicep | 4 ++-- arm/Microsoft.Network/virtualWans/readme.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/arm/Microsoft.Network/virtualWans/deploy.bicep b/arm/Microsoft.Network/virtualWans/deploy.bicep index f39c079e82..0274ec10a8 100644 --- a/arm/Microsoft.Network/virtualWans/deploy.bicep +++ b/arm/Microsoft.Network/virtualWans/deploy.bicep @@ -1,10 +1,10 @@ @description('Optional. Location where all resources will be created.') param location string = resourceGroup().location -@description('Required. Name of the Virtual VNET.') +@description('Required. Name of the Virtual WAN.') param name string -@description('Optional. The type of the VirtualWAN.') +@description('Optional. The type of the Virtual WAN.') @allowed([ 'Standard' 'Basic' diff --git a/arm/Microsoft.Network/virtualWans/readme.md b/arm/Microsoft.Network/virtualWans/readme.md index bae30b4023..4973b3273d 100644 --- a/arm/Microsoft.Network/virtualWans/readme.md +++ b/arm/Microsoft.Network/virtualWans/readme.md @@ -20,10 +20,10 @@ This template deploys a virtual WAN. | `disableVpnEncryption` | bool | `False` | | Optional. VPN encryption to be disabled or not. | | `location` | string | `[resourceGroup().location]` | | Optional. Location where all resources will be created. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | -| `name` | string | | | Required. Name of the Virtual VNET. | +| `name` | string | | | Required. Name of the Virtual WAN. | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | | `tags` | object | `{object}` | | Optional. Tags of the resource. | -| `type` | string | `Standard` | `[Standard, Basic]` | Optional. The type of the VirtualWAN. | +| `type` | string | `Standard` | `[Standard, Basic]` | Optional. The type of the Virtual WAN. | ### Parameter Usage: `roleAssignments`