diff --git a/.github/workflows/ms.network.connections.yml b/.github/workflows/ms.network.connections.yml index 6c79aa5700..487dad0043 100644 --- a/.github/workflows/ms.network.connections.yml +++ b/.github/workflows/ms.network.connections.yml @@ -106,8 +106,7 @@ jobs: - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.resourceGroupName }}' subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/modules/Microsoft.Network/connections/.test/vnet2vnet.parameters.json b/modules/Microsoft.Network/connections/.test/vnet2vnet.parameters.json deleted file mode 100644 index c58d1a4593..0000000000 --- a/modules/Microsoft.Network/connections/.test/vnet2vnet.parameters.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vnetgwc-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "virtualNetworkGateway1": { - "value": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworkGateways/<>-az-vnet-vpn-gw-p-001" - } - }, - "virtualNetworkGateway2": { - "value": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworkGateways/<>-az-vnet-vpn-gw-p-002" - } - }, - "vpnSharedKey": { - "reference": { - "keyVault": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001" - }, - "secretName": "vpnSharedKey" - } - }, - "virtualNetworkGatewayConnectionType": { - "value": "Vnet2Vnet" - }, - "enableBgp": { - "value": false - }, - "location": { - "value": "eastus" - } - } -} diff --git a/modules/Microsoft.Network/connections/.test/vnet2vnet/dependencies.bicep b/modules/Microsoft.Network/connections/.test/vnet2vnet/dependencies.bicep new file mode 100644 index 0000000000..8dfed7d0f8 --- /dev/null +++ b/modules/Microsoft.Network/connections/.test/vnet2vnet/dependencies.bicep @@ -0,0 +1,132 @@ +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +@description('Required. The name of the primary Public IP to create.') +param primaryPublicIPName string + +@description('Required. The name of the primary VNET to create.') +param primaryVirtualNetworkName string + +@description('Required. The name of the primary Virtual Network Gateway to create.') +param primaryVirtualNetworkGatewayName string + +@description('Required. The name of the secondary Public IP to create.') +param secondaryPublicIPName string + +@description('Required. The name of the secondary VNET to create.') +param secondaryVirtualNetworkName string + +@description('Required. The name of the secondary Virtual Network Gateway to create.') +param secondaryVirtualNetworkGatewayName string + +resource primaryVirtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { + name: primaryVirtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + '10.0.0.0/24' + ] + } + subnets: [ + { + name: 'GatewaySubnet' + properties: { + addressPrefix: '10.0.0.0/24' + } + } + ] + } +} + +resource primaryPublicIP 'Microsoft.Network/publicIPAddresses@2022-01-01' = { + name: primaryPublicIPName + location: location +} + +resource primaryVNETGateway 'Microsoft.Network/virtualNetworkGateways@2021-08-01' = { + name: primaryVirtualNetworkGateway + location: location + properties: { + gatewayType: 'Vpn' + ipConfigurations: [ + { + name: 'default' + properties: { + privateIPAllocationMethod: 'Dynamic' + subnet: { + id: primaryVirtualNetwork.properties.subnets[0].id + } + publicIPAddress: { + id: primaryPublicIP.id + } + } + } + ] + vpnType: 'RouteBased' + vpnGatewayGeneration: 'Generation2' + sku: { + name: 'VpnGw2' + tier: 'VpnGw2' + } + } +} + +resource secondaryVirtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { + name: secondaryVirtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + '10.0.1.0/24' + ] + } + subnets: [ + { + name: 'GatewaySubnet' + properties: { + addressPrefix: '10.0.1.0/24' + } + } + ] + } +} + +resource secondaryPublicIP 'Microsoft.Network/publicIPAddresses@2022-01-01' = { + name: secondaryPublicIPName + location: location +} + +resource secondaryVNETGateway 'Microsoft.Network/virtualNetworkGateways@2021-08-01' = { + name: secondaryVirtualNetworkGateway + location: location + properties: { + gatewayType: 'Vpn' + ipConfigurations: [ + { + name: 'default' + properties: { + privateIPAllocationMethod: 'Dynamic' + subnet: { + id: secondaryVirtualNetwork.properties.subnets[0].id + } + publicIPAddress: { + id: secondaryPublicIP.id + } + } + } + ] + vpnType: 'RouteBased' + vpnGatewayGeneration: 'Generation2' + sku: { + name: 'VpnGw2' + tier: 'VpnGw2' + } + } +} + +@description('The resource ID of the created primary Virtual Network Gateway.') +output primaryVNETGatewayResourceID string = primaryVNETGateway.id + +@description('The resource ID of the created secondary Virtual Network Gateway.') +output secondaryVNETGatewayResourceID string = secondaryVNETGateway.id diff --git a/modules/Microsoft.Network/connections/.test/vnet2vnet/deploy.test.bicep b/modules/Microsoft.Network/connections/.test/vnet2vnet/deploy.test.bicep new file mode 100644 index 0000000000..8366e0e89b --- /dev/null +++ b/modules/Microsoft.Network/connections/.test/vnet2vnet/deploy.test.bicep @@ -0,0 +1,64 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(80) +param resourceGroupName string = 'ms.network.connections-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'ncvtv' + +@description('Optional. The password to leverage for the login.') +@secure() +param password string = newGuid() + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + primaryPublicIPName: 'dep-<>-pip-${serviceShort}-1' + primaryVirtualNetworkName: 'dep-<>-vnet-${serviceShort}-1' + primaryVirtualNetworkGatewayName: 'dep-<>-vpn-gw-${serviceShort}-1' + secondaryPublicIPName: 'dep-<>-pip-${serviceShort}-2' + secondaryVirtualNetworkName: 'dep-<>-vnet-${serviceShort}-2' + secondaryVirtualNetworkGatewayName: 'dep-<>-vpn-gw-${serviceShort}-2' + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + virtualNetworkGateway1: { + id: resourceGroupResources.outputs.primaryVNETGatewayResourceID + } + enableBgp: false + lock: 'CanNotDelete' + virtualNetworkGateway2: { + id: resourceGroupResources.outputs.secondaryVNETGatewayResourceID + } + virtualNetworkGatewayConnectionType: 'Vnet2Vnet' + vpnSharedKey: password + } +} diff --git a/modules/Microsoft.Network/connections/readme.md b/modules/Microsoft.Network/connections/readme.md index 910668127d..24b86cf268 100644 --- a/modules/Microsoft.Network/connections/readme.md +++ b/modules/Microsoft.Network/connections/readme.md @@ -321,28 +321,22 @@ The following module usage examples are retrieved from the content of the files via Bicep module ```bicep -resource kv1 'Microsoft.KeyVault/vaults@2019-09-01' existing = { - name: 'adp-<>-az-kv-x-001' - scope: resourceGroup('<>','validation-rg') -} - module connections './Microsoft.Network/connections/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-Connections' + name: '${uniqueString(deployment().name)}-test-ncvtv' params: { // Required parameters - name: '<>-az-vnetgwc-x-001' + name: '<>ncvtv001' virtualNetworkGateway1: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworkGateways/<>-az-vnet-vpn-gw-p-001' + id: '' } // Non-required parameters enableBgp: false - location: 'eastus' lock: 'CanNotDelete' virtualNetworkGateway2: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworkGateways/<>-az-vnet-vpn-gw-p-002' + id: '' } virtualNetworkGatewayConnectionType: 'Vnet2Vnet' - vpnSharedKey: kv1.getSecret('vpnSharedKey') + vpnSharedKey: '' } } ``` @@ -361,38 +355,30 @@ module connections './Microsoft.Network/connections/deploy.bicep' = { "parameters": { // Required parameters "name": { - "value": "<>-az-vnetgwc-x-001" + "value": "<>ncvtv001" }, "virtualNetworkGateway1": { "value": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworkGateways/<>-az-vnet-vpn-gw-p-001" + "id": "" } }, // Non-required parameters "enableBgp": { "value": false }, - "location": { - "value": "eastus" - }, "lock": { "value": "CanNotDelete" }, "virtualNetworkGateway2": { "value": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworkGateways/<>-az-vnet-vpn-gw-p-002" + "id": "" } }, "virtualNetworkGatewayConnectionType": { "value": "Vnet2Vnet" }, "vpnSharedKey": { - "reference": { - "keyVault": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001" - }, - "secretName": "vpnSharedKey" - } + "value": "" } } }