From 6abbc91ed7d2791427e403a27427d64f0fd2bde6 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Tue, 30 Aug 2022 21:54:53 +0200 Subject: [PATCH 01/13] [Modules] Updated Network/VirtualNetworkGateways to new dependency approach --- .../ms.network.virtualnetworkgateways.yml | 3 +- .../.test/expressRoute.parameters.json | 61 ------------- .../.test/expressRoute/dependencies.bicep | 39 ++++++++ .../.test/expressRoute/deploy.test.bicep | 88 +++++++++++++++++++ .../.test/vpn.parameters.json | 62 ------------- .../.test/vpn/dependencies.bicep | 39 ++++++++ .../.test/vpn/deploy.test.bicep | 86 ++++++++++++++++++ .../virtualNetworkGateways/readme.md | 76 ++++++++-------- utilities/tools/Set-ModuleReadMe.ps1 | 6 +- 9 files changed, 294 insertions(+), 166 deletions(-) delete mode 100644 modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute.parameters.json create mode 100644 modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/dependencies.bicep create mode 100644 modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/deploy.test.bicep delete mode 100644 modules/Microsoft.Network/virtualNetworkGateways/.test/vpn.parameters.json create mode 100644 modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/dependencies.bicep create mode 100644 modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep diff --git a/.github/workflows/ms.network.virtualnetworkgateways.yml b/.github/workflows/ms.network.virtualnetworkgateways.yml index a426add415..643c210227 100644 --- a/.github/workflows/ms.network.virtualnetworkgateways.yml +++ b/.github/workflows/ms.network.virtualnetworkgateways.yml @@ -106,8 +106,7 @@ jobs: - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.resourceGroupName }}' subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute.parameters.json b/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute.parameters.json deleted file mode 100644 index 3de5a1f41f..0000000000 --- a/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute.parameters.json +++ /dev/null @@ -1,61 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-gw-er-001" - }, - "gatewayPipName": { - "value": "<>-az-gw-er-001-pip" - }, - "domainNameLabel": { - "value": [ - "<>-az-gw-er-dm-001" - ] - }, - "virtualNetworkGatewayType": { - "value": "ExpressRoute" - }, - "virtualNetworkGatewaySku": { - "value": "ErGw1AZ" - }, - "vNetResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001" - }, - "tags": { - "value": { - "Environment": "Validation", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "", - "CostCenter": "", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/dependencies.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/dependencies.bicep new file mode 100644 index 0000000000..044d115b84 --- /dev/null +++ b/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/dependencies.bicep @@ -0,0 +1,39 @@ +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + '10.0.0.0/24' + ] + } + subnets: [ + { + name: 'GatewaySubnet' + properties: { + addressPrefix: '10.0.0.0/24' + } + } + ] + } +} + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +@description('The resource ID of the created Virtual Network.') +output vnetResourceId string = virtualNetwork.id + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/deploy.test.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/deploy.test.bicep new file mode 100644 index 0000000000..cd6145ed3b --- /dev/null +++ b/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/deploy.test.bicep @@ -0,0 +1,88 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for a testing purposes') +@maxLength(80) +param resourceGroupName string = 'ms.network.virtualnetworkgateways-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints') +param serviceShort string = 'nvger' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + virtualNetworkName: 'dep-<>-vnet-${serviceShort}' + managedIdentityName: 'dep-<>-msi-${serviceShort}' + } +} + +// Diagnostics +// =========== +module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' + params: { + storageAccountName: 'dep<>diasa${serviceShort}01' + logAnalyticsWorkspaceName: 'dep-<>-law-${serviceShort}' + eventHubNamespaceEventHubName: 'dep-<>-evh-${serviceShort}' + eventHubNamespaceName: 'dep-<>-evhns-${serviceShort}' + location: location + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + virtualNetworkGatewaySku: 'ErGw1AZ' + virtualNetworkGatewayType: 'ExpressRoute' + vNetResourceId: resourceGroupResources.outputs.vnetResourceId + diagnosticLogsRetentionInDays: 7 + diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId + diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId + diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId + diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName + domainNameLabel: [ + '<>-dm-${serviceShort}' + ] + gatewayPipName: '<>-pip-${serviceShort}' + roleAssignments: [ + { + principalIds: [ + resourceGroupResources.outputs.managedIdentityPrincipalId + ] + roleDefinitionIdOrName: 'Reader' + } + ] + tags: { + Contact: 'test.user@testcompany.com' + CostCenter: '' + Environment: 'Validation' + PurchaseOrder: '' + Role: 'DeploymentValidation' + ServiceName: 'DeploymentValidation' + } + } +} diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn.parameters.json b/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn.parameters.json deleted file mode 100644 index cf037dc7e9..0000000000 --- a/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn.parameters.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-gw-vpn-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "domainNameLabel": { - "value": [ - "<>-az-gw-vpn-dm-001" - ] - }, - "virtualNetworkGatewayType": { - "value": "Vpn" - }, - "virtualNetworkGatewaySku": { - "value": "VpnGw1AZ" - }, - "publicIpZones": { - "value": [ - "1" - ] - }, - "vpnType": { - "value": "RouteBased" - }, - "activeActive": { - "value": true - }, - "vNetResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/dependencies.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/dependencies.bicep new file mode 100644 index 0000000000..044d115b84 --- /dev/null +++ b/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/dependencies.bicep @@ -0,0 +1,39 @@ +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + '10.0.0.0/24' + ] + } + subnets: [ + { + name: 'GatewaySubnet' + properties: { + addressPrefix: '10.0.0.0/24' + } + } + ] + } +} + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +@description('The resource ID of the created Virtual Network.') +output vnetResourceId string = virtualNetwork.id + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep new file mode 100644 index 0000000000..21c5615758 --- /dev/null +++ b/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep @@ -0,0 +1,86 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for a testing purposes') +@maxLength(80) +param resourceGroupName string = 'ms.network.virtualnetworkgateways-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints') +param serviceShort string = 'nvgvpn' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + virtualNetworkName: 'dep-<>-vnet-${serviceShort}' + managedIdentityName: 'dep-<>-msi-${serviceShort}' + } +} + +// Diagnostics +// =========== +module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' + params: { + storageAccountName: 'dep<>diasa${serviceShort}01' + logAnalyticsWorkspaceName: 'dep-<>-law-${serviceShort}' + eventHubNamespaceEventHubName: 'dep-<>-evh-${serviceShort}' + eventHubNamespaceName: 'dep-<>-evhns-${serviceShort}' + location: location + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + virtualNetworkGatewaySku: 'VpnGw1AZ' + virtualNetworkGatewayType: 'Vpn' + vNetResourceId: resourceGroupResources.outputs.vnetResourceId + // Non-required parameters + activeActive: true + diagnosticLogsRetentionInDays: 7 + diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId + diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId + diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId + diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName + domainNameLabel: [ + '<>-dm-${serviceShort}' + ] + lock: 'CanNotDelete' + publicIpZones: [ + '1' + ] + roleAssignments: [ + { + principalIds: [ + resourceGroupResources.outputs.managedIdentityPrincipalId + ] + roleDefinitionIdOrName: 'Reader' + } + ] + vpnType: 'RouteBased' + } +} diff --git a/modules/Microsoft.Network/virtualNetworkGateways/readme.md b/modules/Microsoft.Network/virtualNetworkGateways/readme.md index 347698398c..c00f31f290 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/readme.md +++ b/modules/Microsoft.Network/virtualNetworkGateways/readme.md @@ -256,28 +256,28 @@ The following module usage examples are retrieved from the content of the files via Bicep module ```bicep -module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-virtualNetworkGateways' +module Virtualnetworkgateways './Microsoft.Network/Virtualnetworkgateways/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-nvger' params: { // Required parameters - name: '<>-az-gw-er-001' + name: '<>nvger001' virtualNetworkGatewaySku: 'ErGw1AZ' virtualNetworkGatewayType: 'ExpressRoute' - vNetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001' + vNetResourceId: '' // Non-required parameters - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' + diagnosticEventHubAuthorizationRuleId: '' + diagnosticEventHubName: '' diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' + diagnosticStorageAccountId: '' + diagnosticWorkspaceId: '' domainNameLabel: [ - '<>-az-gw-er-dm-001' + '<>-dm-nvger' ] - gatewayPipName: '<>-az-gw-er-001-pip' + gatewayPipName: '<>-pip-nvger' roleAssignments: [ { principalIds: [ - '<>' + '' ] roleDefinitionIdOrName: 'Reader' } @@ -308,7 +308,7 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy "parameters": { // Required parameters "name": { - "value": "<>-az-gw-er-001" + "value": "<>nvger001" }, "virtualNetworkGatewaySku": { "value": "ErGw1AZ" @@ -317,37 +317,37 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy "value": "ExpressRoute" }, "vNetResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001" + "value": "" }, // Non-required parameters "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" + "value": "" }, "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" + "value": "" }, "diagnosticLogsRetentionInDays": { "value": 7 }, "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" + "value": "" }, "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" + "value": "" }, "domainNameLabel": { "value": [ - "<>-az-gw-er-dm-001" + "<>-dm-nvger" ] }, "gatewayPipName": { - "value": "<>-az-gw-er-001-pip" + "value": "<>-pip-nvger" }, "roleAssignments": { "value": [ { "principalIds": [ - "<>" + "" ], "roleDefinitionIdOrName": "Reader" } @@ -377,23 +377,23 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy via Bicep module ```bicep -module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-virtualNetworkGateways' +module Virtualnetworkgateways './Microsoft.Network/Virtualnetworkgateways/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-nvgvpn' params: { // Required parameters - name: '<>-az-gw-vpn-001' + name: '<>nvgvpn001' virtualNetworkGatewaySku: 'VpnGw1AZ' virtualNetworkGatewayType: 'Vpn' - vNetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001' + vNetResourceId: '' // Non-required parameters activeActive: true - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' + diagnosticEventHubAuthorizationRuleId: '' + diagnosticEventHubName: '' diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' + diagnosticStorageAccountId: '' + diagnosticWorkspaceId: '' domainNameLabel: [ - '<>-az-gw-vpn-dm-001' + '<>-dm-nvgvpn' ] lock: 'CanNotDelete' publicIpZones: [ @@ -402,7 +402,7 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy roleAssignments: [ { principalIds: [ - '<>' + '' ] roleDefinitionIdOrName: 'Reader' } @@ -426,7 +426,7 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy "parameters": { // Required parameters "name": { - "value": "<>-az-gw-vpn-001" + "value": "<>nvgvpn001" }, "virtualNetworkGatewaySku": { "value": "VpnGw1AZ" @@ -435,30 +435,30 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy "value": "Vpn" }, "vNetResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001" + "value": "" }, // Non-required parameters "activeActive": { "value": true }, "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" + "value": "" }, "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" + "value": "" }, "diagnosticLogsRetentionInDays": { "value": 7 }, "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" + "value": "" }, "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" + "value": "" }, "domainNameLabel": { "value": [ - "<>-az-gw-vpn-dm-001" + "<>-dm-nvgvpn" ] }, "lock": { @@ -473,7 +473,7 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy "value": [ { "principalIds": [ - "<>" + "" ], "roleDefinitionIdOrName": "Reader" } diff --git a/utilities/tools/Set-ModuleReadMe.ps1 b/utilities/tools/Set-ModuleReadMe.ps1 index a1074fed21..6b922d65e8 100644 --- a/utilities/tools/Set-ModuleReadMe.ps1 +++ b/utilities/tools/Set-ModuleReadMe.ps1 @@ -883,9 +883,10 @@ function Set-DeploymentExamplesSection { '' ) + $TextInfo = (Get-Culture -Name 'en-US').TextInfo $moduleRoot = Split-Path $TemplateFilePath -Parent - $resourceTypeIdentifier = $moduleRoot.Replace('\', '/').Split('/modules/')[1].TrimStart('/') - $resourceType = $resourceTypeIdentifier.Split('/')[1] + $resourceTypeIdentifier = $TextInfo.ToTitleCase($moduleRoot.Replace('\', '/').Split('/modules/')[1].TrimStart('/')) + $resourceType = $TextInfo.ToTitleCase($resourceTypeIdentifier.Split('/')[1]) $testFilePaths = Get-ModuleTestFileList -ModulePath $moduleRoot | ForEach-Object { Join-Path $moduleRoot $_ } $RequiredParametersList = $TemplateFileContent.parameters.Keys | Where-Object { $TemplateFileContent.parameters[$_].Keys -notcontains 'defaultValue' } | Sort-Object @@ -906,7 +907,6 @@ function Set-DeploymentExamplesSection { } else { $exampleTitle = ((Split-Path $testFilePath -LeafBase) -replace '\.', ' ') -replace ' parameters', '' } - $TextInfo = (Get-Culture -Name 'en-US').TextInfo $exampleTitle = $TextInfo.ToTitleCase($exampleTitle) $SectionContent += @( '

Example {0}: {1}

' -f $pathIndex, $exampleTitle From cfbb9f1cc37aeaf553f9cd378a46f795f017ff18 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 1 Sep 2022 11:36:57 +0200 Subject: [PATCH 02/13] Update to latest --- .../Microsoft.Network/virtualNetworkGateways/readme.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/Microsoft.Network/virtualNetworkGateways/readme.md b/modules/Microsoft.Network/virtualNetworkGateways/readme.md index 053e944693..bbc1a7af9b 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/readme.md +++ b/modules/Microsoft.Network/virtualNetworkGateways/readme.md @@ -256,8 +256,8 @@ The following module usage examples are retrieved from the content of the files via Bicep module ```bicep -module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-VirtualNetworkGateways' +module VirtualNetworkGateways './Microsoft.Network/VirtualNetworkGateways/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-nvger' params: { // Required parameters name: '<>nvger001' @@ -377,8 +377,8 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy via Bicep module ```bicep -module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-VirtualNetworkGateways' +module VirtualNetworkGateways './Microsoft.Network/VirtualNetworkGateways/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-nvgvpn' params: { // Required parameters name: '<>nvgvpn001' From cbd51051d02dcd65b170f15648e02c644a3c08b0 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Fri, 9 Sep 2022 12:51:50 +0200 Subject: [PATCH 03/13] Update to latest --- .../virtualNetworkGateways/.test/expressRoute/deploy.test.bicep | 2 +- .../virtualNetworkGateways/.test/vpn/deploy.test.bicep | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/deploy.test.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/deploy.test.bicep index cd6145ed3b..75551b9588 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/deploy.test.bicep +++ b/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/deploy.test.bicep @@ -10,7 +10,7 @@ param resourceGroupName string = 'ms.network.virtualnetworkgateways-${serviceSho @description('Optional. The location to deploy resources to') param location string = deployment().location -@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints') +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') param serviceShort string = 'nvger' // =========== // diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep index 21c5615758..8eab2cfbeb 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep +++ b/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep @@ -10,7 +10,7 @@ param resourceGroupName string = 'ms.network.virtualnetworkgateways-${serviceSho @description('Optional. The location to deploy resources to') param location string = deployment().location -@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints') +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') param serviceShort string = 'nvgvpn' // =========== // From 95c47bc82345324fec9687e7a9481f89aff44f5a Mon Sep 17 00:00:00 2001 From: MrMCake Date: Fri, 9 Sep 2022 13:05:00 +0200 Subject: [PATCH 04/13] Update to latest --- .../.test/expressRoute/deploy.test.bicep | 6 +++--- .../virtualNetworkGateways/.test/vpn/deploy.test.bicep | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/deploy.test.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/deploy.test.bicep index 75551b9588..bf8ad35aa4 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/deploy.test.bicep +++ b/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/deploy.test.bicep @@ -3,14 +3,14 @@ targetScope = 'subscription' // ========== // // Parameters // // ========== // -@description('Optional. The name of the resource group to deploy for a testing purposes') +@description('Optional. The name of the resource group to deploy for a testing purposes.') @maxLength(80) param resourceGroupName string = 'ms.network.virtualnetworkgateways-${serviceShort}-rg' -@description('Optional. The location to deploy resources to') +@description('Optional. The location to deploy resources to.') param location string = deployment().location -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'nvger' // =========== // diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep index 8eab2cfbeb..60b8d25871 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep +++ b/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep @@ -3,14 +3,14 @@ targetScope = 'subscription' // ========== // // Parameters // // ========== // -@description('Optional. The name of the resource group to deploy for a testing purposes') +@description('Optional. The name of the resource group to deploy for a testing purposes.') @maxLength(80) param resourceGroupName string = 'ms.network.virtualnetworkgateways-${serviceShort}-rg' -@description('Optional. The location to deploy resources to') +@description('Optional. The location to deploy resources to.') param location string = deployment().location -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'nvgvpn' // =========== // From 39091adf40d7ee3a0fdbf51febd6c5513dc033ac Mon Sep 17 00:00:00 2001 From: MrMCake Date: Fri, 9 Sep 2022 13:57:00 +0200 Subject: [PATCH 05/13] Update to latest --- modules/Microsoft.Network/virtualNetworkGateways/readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.Network/virtualNetworkGateways/readme.md b/modules/Microsoft.Network/virtualNetworkGateways/readme.md index 9a1ae16503..f2c901cb2c 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/readme.md +++ b/modules/Microsoft.Network/virtualNetworkGateways/readme.md @@ -257,7 +257,7 @@ The following module usage examples are retrieved from the content of the files via Bicep module ```bicep -module VirtualNetworkGateways './Microsoft.Network/VirtualNetworkGateways/deploy.bicep' = { +module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy.bicep' = { name: '${uniqueString(deployment().name)}-test-nvger' params: { // Required parameters @@ -378,7 +378,7 @@ module VirtualNetworkGateways './Microsoft.Network/VirtualNetworkGateways/deploy via Bicep module ```bicep -module VirtualNetworkGateways './Microsoft.Network/VirtualNetworkGateways/deploy.bicep' = { +module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy.bicep' = { name: '${uniqueString(deployment().name)}-test-nvgvpn' params: { // Required parameters From 139eecfbc9ba406b5ee82e6f78bf6e313cf81e5a Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Mon, 19 Sep 2022 19:56:43 +0200 Subject: [PATCH 06/13] Update modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/deploy.test.bicep --- .../virtualNetworkGateways/.test/expressRoute/deploy.test.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/deploy.test.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/deploy.test.bicep index bf8ad35aa4..505f2b96b4 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/deploy.test.bicep +++ b/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/deploy.test.bicep @@ -3,7 +3,7 @@ targetScope = 'subscription' // ========== // // Parameters // // ========== // -@description('Optional. The name of the resource group to deploy for a testing purposes.') +@description('Optional. The name of the resource group to deploy for testing purposes.') @maxLength(80) param resourceGroupName string = 'ms.network.virtualnetworkgateways-${serviceShort}-rg' From 38bcc9b36f9cc7263e4e866cb29efc9303f6e4c9 Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Mon, 19 Sep 2022 19:56:57 +0200 Subject: [PATCH 07/13] Update modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep --- .../virtualNetworkGateways/.test/vpn/deploy.test.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep index 60b8d25871..5463d4e119 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep +++ b/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep @@ -3,7 +3,7 @@ targetScope = 'subscription' // ========== // // Parameters // // ========== // -@description('Optional. The name of the resource group to deploy for a testing purposes.') +@description('Optional. The name of the resource group to deploy for testing purposes.') @maxLength(80) param resourceGroupName string = 'ms.network.virtualnetworkgateways-${serviceShort}-rg' From 1ac8c95240eace5b7cba080f9433ad206f2c207f Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 19 Sep 2022 21:18:32 +0200 Subject: [PATCH 08/13] Update to latest --- utilities/tools/Set-ModuleReadMe.ps1 | 7 ------- 1 file changed, 7 deletions(-) diff --git a/utilities/tools/Set-ModuleReadMe.ps1 b/utilities/tools/Set-ModuleReadMe.ps1 index 6469605289..25923c3d62 100644 --- a/utilities/tools/Set-ModuleReadMe.ps1 +++ b/utilities/tools/Set-ModuleReadMe.ps1 @@ -896,13 +896,6 @@ function Set-DeploymentExamplesSection { '' ) -<<<<<<< HEAD - $TextInfo = (Get-Culture -Name 'en-US').TextInfo - $moduleRoot = Split-Path $TemplateFilePath -Parent - $fullIdentifier = $moduleRoot.Replace('\', '/').Split('/modules/')[1].TrimStart('/') - -======= ->>>>>>> main # Get resource type and make first letter upper case. Requires manual handling as ToTitleCase lowercases everything but the first letter $providerNamespace = ($fullModuleIdentifier.Split('/')[0] -split '\.' | ForEach-Object { $_.Substring(0, 1).ToUpper() + $_.Substring(1) }) -join '.' $resourceType = $fullModuleIdentifier.Split('/')[1] From 11177c280f3aead7aa50d00c2c093ba3e8126507 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Fri, 4 Nov 2022 10:51:33 +0100 Subject: [PATCH 09/13] Updated gw to latst --- .../diagnostic.dependencies.bicep | 1 + .../.test/aadvpn.parameters.json | 75 --------------- .../.test/aadvpn/dependencies.bicep | 39 ++++++++ .../.test/aadvpn/deploy.test.bicep | 96 +++++++++++++++++++ .../virtualNetworkGateways/readme.md | 48 +++++----- 5 files changed, 159 insertions(+), 100 deletions(-) delete mode 100644 modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn.parameters.json create mode 100644 modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/dependencies.bicep create mode 100644 modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/deploy.test.bicep diff --git a/modules/.shared/dependencyConstructs/diagnostic.dependencies.bicep b/modules/.shared/dependencyConstructs/diagnostic.dependencies.bicep index 14a77d7796..58116f5c85 100644 --- a/modules/.shared/dependencyConstructs/diagnostic.dependencies.bicep +++ b/modules/.shared/dependencyConstructs/diagnostic.dependencies.bicep @@ -3,6 +3,7 @@ // ========== // @description('Required. The name of the storage account to create.') +@maxLength(24) param storageAccountName string @description('Required. The name of the log analytics workspace to create.') diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn.parameters.json b/modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn.parameters.json deleted file mode 100644 index f3ddce3381..0000000000 --- a/modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn.parameters.json +++ /dev/null @@ -1,75 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-gw-aadvpn-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "domainNameLabel": { - "value": [ - "<>-az-gw-vpn-dm-001" - ] - }, - "virtualNetworkGatewayType": { - "value": "Vpn" - }, - "virtualNetworkGatewaySku": { - "value": "VpnGw2AZ" - }, - "publicIpZones": { - "value": [ - "1" - ] - }, - "vpnType": { - "value": "RouteBased" - }, - "activeActive": { - "value": false - }, - "vpnClientAadConfiguration": { - "value": { - "aadTenant": "https://login.microsoftonline.com/<>/", - "aadAudience": "41b23e61-6c1e-4545-b367-cd054e0ed4b4", - "aadIssuer": "'https://sts.windows.net/<>/", - "vpnAuthenticationTypes": [ - "AAD" - ], - "vpnClientProtocols": [ - "OpenVPN" - ] - } - }, - "vNetResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-vgw-002" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/dependencies.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/dependencies.bicep new file mode 100644 index 0000000000..044d115b84 --- /dev/null +++ b/modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/dependencies.bicep @@ -0,0 +1,39 @@ +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + '10.0.0.0/24' + ] + } + subnets: [ + { + name: 'GatewaySubnet' + properties: { + addressPrefix: '10.0.0.0/24' + } + } + ] + } +} + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +@description('The resource ID of the created Virtual Network.') +output vnetResourceId string = virtualNetwork.id + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/deploy.test.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/deploy.test.bicep new file mode 100644 index 0000000000..cc3fc3b9b8 --- /dev/null +++ b/modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/deploy.test.bicep @@ -0,0 +1,96 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(80) +param resourceGroupName string = 'ms.network.virtualnetworkgateways-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'nvngavpn' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + virtualNetworkName: 'dep-<>-vnet-${serviceShort}' + managedIdentityName: 'dep-<>-msi-${serviceShort}' + } +} + +// Diagnostics +// =========== +module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' + params: { + storageAccountName: 'dep<>diasa${serviceShort}01' + logAnalyticsWorkspaceName: 'dep-<>-law-${serviceShort}' + eventHubNamespaceEventHubName: 'dep-<>-evh-${serviceShort}' + eventHubNamespaceName: 'dep-<>-evhns-${serviceShort}' + location: location + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + virtualNetworkGatewaySku: 'VpnGw2AZ' + virtualNetworkGatewayType: 'Vpn' + vNetResourceId: resourceGroupResources.outputs.vnetResourceId + activeActive: false + diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId + diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId + diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId + diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName + domainNameLabel: [ + '<>-gw-vpn-dm-${serviceShort}-001' + ] + lock: 'CanNotDelete' + publicIpZones: [ + '1' + ] + roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + principalIds: [ + resourceGroupResources.outputs.managedIdentityPrincipalId + ] + principalType: 'ServicePrincipal' + } + ] + vpnClientAadConfiguration: { + aadAudience: '41b23e61-6c1e-4545-b367-cd054e0ed4b4' + aadIssuer: 'https://sts.windows.net/${tenant().tenantId}/' + aadTenant: '${environment().authentication.loginEndpoint}/${tenant().tenantId}/' + vpnAuthenticationTypes: [ + 'AAD' + ] + vpnClientProtocols: [ + 'OpenVPN' + ] + } + vpnType: 'RouteBased' + } +} diff --git a/modules/Microsoft.Network/virtualNetworkGateways/readme.md b/modules/Microsoft.Network/virtualNetworkGateways/readme.md index 8d3fe12746..ddd2c1dbc6 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/readme.md +++ b/modules/Microsoft.Network/virtualNetworkGateways/readme.md @@ -261,22 +261,21 @@ The following module usage examples are retrieved from the content of the files ```bicep module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-VirtualNetworkGateways' + name: '${uniqueString(deployment().name)}-test-nvngavpn' params: { // Required parameters - name: '<>-az-gw-aadvpn-001' + name: '<>nvngavpn001' virtualNetworkGatewaySku: 'VpnGw2AZ' virtualNetworkGatewayType: 'Vpn' - vNetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-vgw-002' + vNetResourceId: '' // Non-required parameters activeActive: false - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' + diagnosticEventHubAuthorizationRuleId: '' + diagnosticEventHubName: '' + diagnosticStorageAccountId: '' + diagnosticWorkspaceId: '' domainNameLabel: [ - '<>-az-gw-vpn-dm-001' + '<>-gw-vpn-dm-nvngavpn-001' ] lock: 'CanNotDelete' publicIpZones: [ @@ -285,15 +284,16 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy roleAssignments: [ { principalIds: [ - '<>' + '' ] + principalType: 'ServicePrincipal' roleDefinitionIdOrName: 'Reader' } ] vpnClientAadConfiguration: { aadAudience: '41b23e61-6c1e-4545-b367-cd054e0ed4b4' - aadIssuer: ''https://sts.windows.net/<>/' - aadTenant: 'https://login.microsoftonline.com/<>/' + aadIssuer: 'https://sts.windows.net/${tenant().tenantId}/' + aadTenant: '' vpnAuthenticationTypes: [ 'AAD' ] @@ -320,7 +320,7 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy "parameters": { // Required parameters "name": { - "value": "<>-az-gw-aadvpn-001" + "value": "<>nvngavpn001" }, "virtualNetworkGatewaySku": { "value": "VpnGw2AZ" @@ -329,30 +329,27 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy "value": "Vpn" }, "vNetResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-vgw-002" + "value": "" }, // Non-required parameters "activeActive": { "value": false }, "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" + "value": "" }, "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "diagnosticLogsRetentionInDays": { - "value": 7 + "value": "" }, "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" + "value": "" }, "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" + "value": "" }, "domainNameLabel": { "value": [ - "<>-az-gw-vpn-dm-001" + "<>-gw-vpn-dm-nvngavpn-001" ] }, "lock": { @@ -367,8 +364,9 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy "value": [ { "principalIds": [ - "<>" + "" ], + "principalType": "ServicePrincipal", "roleDefinitionIdOrName": "Reader" } ] @@ -376,8 +374,8 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy "vpnClientAadConfiguration": { "value": { "aadAudience": "41b23e61-6c1e-4545-b367-cd054e0ed4b4", - "aadIssuer": "'https://sts.windows.net/<>/", - "aadTenant": "https://login.microsoftonline.com/<>/", + "aadIssuer": "https://sts.windows.net/${tenant().tenantId}/", + "aadTenant": "", "vpnAuthenticationTypes": [ "AAD" ], From c9356e05489cd61cda2db03224cba48b09f45654 Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Sun, 6 Nov 2022 16:20:57 +0100 Subject: [PATCH 10/13] Update modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- .../virtualNetworkGateways/.test/vpn/deploy.test.bicep | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep index 5463d4e119..eab669ff96 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep +++ b/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep @@ -59,7 +59,6 @@ module testDeployment '../../deploy.bicep' = { virtualNetworkGatewaySku: 'VpnGw1AZ' virtualNetworkGatewayType: 'Vpn' vNetResourceId: resourceGroupResources.outputs.vnetResourceId - // Non-required parameters activeActive: true diagnosticLogsRetentionInDays: 7 diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId From 8a5460700507083ecd3e355afc3474ac84497f51 Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Sun, 6 Nov 2022 16:21:19 +0100 Subject: [PATCH 11/13] Update modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/deploy.test.bicep Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- .../virtualNetworkGateways/.test/aadvpn/deploy.test.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/deploy.test.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/deploy.test.bicep index cc3fc3b9b8..e1c8c18c57 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/deploy.test.bicep +++ b/modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/deploy.test.bicep @@ -65,7 +65,7 @@ module testDeployment '../../deploy.bicep' = { diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName domainNameLabel: [ - '<>-gw-vpn-dm-${serviceShort}-001' + '<>-dm-${serviceShort}' ] lock: 'CanNotDelete' publicIpZones: [ From c69485a90381b5d24c4fb61793450aeed30401ac Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Mon, 7 Nov 2022 17:51:56 +0100 Subject: [PATCH 12/13] Update modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/deploy.test.bicep Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- .../virtualNetworkGateways/.test/aadvpn/deploy.test.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/deploy.test.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/deploy.test.bicep index e1c8c18c57..5eb3095c0a 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/deploy.test.bicep +++ b/modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/deploy.test.bicep @@ -81,7 +81,7 @@ module testDeployment '../../deploy.bicep' = { } ] vpnClientAadConfiguration: { - aadAudience: '41b23e61-6c1e-4545-b367-cd054e0ed4b4' + aadAudience: '41b23e61-6c1e-4545-b367-cd054e0ed4b4' // The Application ID of the "Azure VPN" Azure AD Enterprise App for Azure Public aadIssuer: 'https://sts.windows.net/${tenant().tenantId}/' aadTenant: '${environment().authentication.loginEndpoint}/${tenant().tenantId}/' vpnAuthenticationTypes: [ From f9f0939699b6df08f2702fedadd9259b6a240100 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 7 Nov 2022 17:54:21 +0100 Subject: [PATCH 13/13] Updated readme --- .../virtualNetworkGateways/.test/aadvpn/deploy.test.bicep | 3 ++- modules/Microsoft.Network/virtualNetworkGateways/readme.md | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/deploy.test.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/deploy.test.bicep index 5eb3095c0a..088b0119b9 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/deploy.test.bicep +++ b/modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/deploy.test.bicep @@ -81,7 +81,8 @@ module testDeployment '../../deploy.bicep' = { } ] vpnClientAadConfiguration: { - aadAudience: '41b23e61-6c1e-4545-b367-cd054e0ed4b4' // The Application ID of the "Azure VPN" Azure AD Enterprise App for Azure Public + // The Application ID of the "Azure VPN" Azure AD Enterprise App for Azure Public + aadAudience: '41b23e61-6c1e-4545-b367-cd054e0ed4b4' aadIssuer: 'https://sts.windows.net/${tenant().tenantId}/' aadTenant: '${environment().authentication.loginEndpoint}/${tenant().tenantId}/' vpnAuthenticationTypes: [ diff --git a/modules/Microsoft.Network/virtualNetworkGateways/readme.md b/modules/Microsoft.Network/virtualNetworkGateways/readme.md index ddd2c1dbc6..9cbf8faf5e 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/readme.md +++ b/modules/Microsoft.Network/virtualNetworkGateways/readme.md @@ -275,7 +275,7 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' domainNameLabel: [ - '<>-gw-vpn-dm-nvngavpn-001' + '<>-dm-nvngavpn' ] lock: 'CanNotDelete' publicIpZones: [ @@ -349,7 +349,7 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy }, "domainNameLabel": { "value": [ - "<>-gw-vpn-dm-nvngavpn-001" + "<>-dm-nvngavpn" ] }, "lock": {