diff --git a/.github/workflows/ms.network.vpnsites.yml b/.github/workflows/ms.network.vpnsites.yml index 8488bb8a44..73f10b3c22 100644 --- a/.github/workflows/ms.network.vpnsites.yml +++ b/.github/workflows/ms.network.vpnsites.yml @@ -106,8 +106,7 @@ jobs: - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.resourceGroupName }}' subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/modules/Microsoft.Network/vpnSites/.test/common/dependencies.bicep b/modules/Microsoft.Network/vpnSites/.test/common/dependencies.bicep new file mode 100644 index 0000000000..958f2e3650 --- /dev/null +++ b/modules/Microsoft.Network/vpnSites/.test/common/dependencies.bicep @@ -0,0 +1,24 @@ +@description('Required. The name of the managed identity to create.') +param managedIdentityName string + +@description('Required. The name of the virtual WAN to create.') +param virtualWANName string + +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +resource virtualWan 'Microsoft.Network/virtualWans@2021-05-01' = { + name: virtualWANName + location: location +} + +@description('The principal ID of the created managed identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId + +@description('The resource ID of the created Virtual WAN.') +output virtualWWANResourceId string = virtualWan.id diff --git a/modules/Microsoft.Network/vpnSites/.test/common/deploy.test.bicep b/modules/Microsoft.Network/vpnSites/.test/common/deploy.test.bicep new file mode 100644 index 0000000000..8bc50db062 --- /dev/null +++ b/modules/Microsoft.Network/vpnSites/.test/common/deploy.test.bicep @@ -0,0 +1,100 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(80) +param resourceGroupName string = 'ms.network.vpnSites-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'nvscom' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + managedIdentityName: 'dep-<>-msi-${serviceShort}' + virtualWANName: 'dep-<>-vw-${serviceShort}' + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>-${serviceShort}' + virtualWanId: resourceGroupResources.outputs.virtualWWANResourceId + lock: 'CanNotDelete' + tags: { + tagA: 'valueA' + tagB: 'valueB' + } + deviceProperties: { + linkSpeedInMbps: 0 + } + vpnSiteLinks: [ + { + name: '<>-vSite-${serviceShort}' + properties: { + bgpProperties: { + asn: 65010 + bgpPeeringAddress: '1.1.1.1' + } + ipAddress: '1.2.3.4' + linkProperties: { + linkProviderName: 'contoso' + linkSpeedInMbps: 5 + } + } + } + { + name: 'Link1' + properties: { + bgpProperties: { + asn: 65020 + bgpPeeringAddress: '192.168.1.0' + } + ipAddress: '2.2.2.2' + linkProperties: { + linkProviderName: 'contoso' + linkSpeedInMbps: 5 + } + } + } + ] + o365Policy: { + breakOutCategories: { + optimize: true + allow: true + default: true + } + } + roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + principalIds: [ + resourceGroupResources.outputs.managedIdentityPrincipalId + ] + } + ] + } +} diff --git a/modules/Microsoft.Network/vpnSites/.test/min.parameters.json b/modules/Microsoft.Network/vpnSites/.test/min.parameters.json deleted file mode 100644 index 24791e0339..0000000000 --- a/modules/Microsoft.Network/vpnSites/.test/min.parameters.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vSite-min-001" - }, - "addressPrefixes": { - "value": [ - "10.0.0.0/16" - ] - }, - "ipAddress": { - "value": "1.2.3.4" - }, - "virtualWanId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/apd-<>-az-vw-x-001" - } - } -} diff --git a/modules/Microsoft.Network/vpnSites/.test/min/dependencies.bicep b/modules/Microsoft.Network/vpnSites/.test/min/dependencies.bicep new file mode 100644 index 0000000000..33c8d7907d --- /dev/null +++ b/modules/Microsoft.Network/vpnSites/.test/min/dependencies.bicep @@ -0,0 +1,13 @@ +@description('Required. The name of the virtual WAN to create.') +param virtualWANName string + +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +resource virtualWan 'Microsoft.Network/virtualWans@2021-05-01' = { + name: virtualWANName + location: location +} + +@description('The resource ID of the created Virtual WAN') +output virtualWWANResourceId string = virtualWan.id diff --git a/modules/Microsoft.Network/vpnSites/.test/min/deploy.test.bicep b/modules/Microsoft.Network/vpnSites/.test/min/deploy.test.bicep new file mode 100644 index 0000000000..833029f1a7 --- /dev/null +++ b/modules/Microsoft.Network/vpnSites/.test/min/deploy.test.bicep @@ -0,0 +1,50 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(80) +param resourceGroupName string = 'ms.network.vpnSites-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'nvsmin' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + virtualWANName: 'dep-<>-vw-${serviceShort}' + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>-${serviceShort}' + virtualWanId: resourceGroupResources.outputs.virtualWWANResourceId + addressPrefixes: [ + '10.0.0.0/16' + ] + ipAddress: '1.2.3.4' + } +} diff --git a/modules/Microsoft.Network/vpnSites/.test/parameters.json b/modules/Microsoft.Network/vpnSites/.test/parameters.json deleted file mode 100644 index 94c534c5e4..0000000000 --- a/modules/Microsoft.Network/vpnSites/.test/parameters.json +++ /dev/null @@ -1,77 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vSite-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "tags": { - "value": { - "tagA": "valueA", - "tagB": "valueB" - } - }, - "deviceProperties": { - "value": { - "linkSpeedInMbps": 0 - } - }, - "virtualWanId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/apd-<>-az-vw-x-001" - }, - "vpnSiteLinks": { - "value": [ - { - "name": "<>-az-vSite-x-001", - "properties": { - "bgpProperties": { - "asn": 65010, - "bgpPeeringAddress": "1.1.1.1" - }, - "ipAddress": "1.2.3.4", - "linkProperties": { - "linkProviderName": "contoso", - "linkSpeedInMbps": 5 - } - } - }, - { - "name": "Link1", - "properties": { - "bgpProperties": { - "asn": 65020, - "bgpPeeringAddress": "192.168.1.0" - }, - "ipAddress": "2.2.2.2", - "linkProperties": { - "linkProviderName": "contoso", - "linkSpeedInMbps": 5 - } - } - } - ] - }, - "o365Policy": { - "value": { - "breakOutCategories": { - "optimize": true, - "allow": true, - "default": true - } - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} diff --git a/modules/Microsoft.Network/vpnSites/deploy.bicep b/modules/Microsoft.Network/vpnSites/deploy.bicep index 980ad072d4..356cdedb15 100644 --- a/modules/Microsoft.Network/vpnSites/deploy.bicep +++ b/modules/Microsoft.Network/vpnSites/deploy.bicep @@ -10,10 +10,10 @@ param location string = resourceGroup().location @description('Optional. Tags of the resource.') param tags object = {} -@description('Optional. An array of IP address ranges that can be used by subnets of the virtual network. Must be provided if no bgpProperties or VPNSiteLinks are configured.') +@description('Conditional. An array of IP address ranges that can be used by subnets of the virtual network. Required if no bgpProperties or VPNSiteLinks are configured.') param addressPrefixes array = [] -@description('Optional. BGP settings details. Must be provided if no addressPrefixes or VPNSiteLinks are configured. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead.') +@description('Conditional. BGP settings details. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead. Required if no addressPrefixes or VPNSiteLinks are configured.') param bgpProperties object = {} @description('Optional. List of properties of the device.') diff --git a/modules/Microsoft.Network/vpnSites/readme.md b/modules/Microsoft.Network/vpnSites/readme.md index 8f85cf0858..25676d5e8a 100644 --- a/modules/Microsoft.Network/vpnSites/readme.md +++ b/modules/Microsoft.Network/vpnSites/readme.md @@ -27,12 +27,17 @@ This module deploys a VPN Site. | `name` | string | Name of the VPN Site. | | `virtualWanId` | string | Resource ID of the virtual WAN to link to. | +**Conditional parameters** + +| Parameter Name | Type | Description | +| :-- | :-- | :-- | +| `addressPrefixes` | array | An array of IP address ranges that can be used by subnets of the virtual network. Required if no bgpProperties or VPNSiteLinks are configured. | +| `bgpProperties` | object | BGP settings details. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead. Required if no addressPrefixes or VPNSiteLinks are configured. | + **Optional parameters** | Parameter Name | Type | Default Value | Allowed Values | Description | | :-- | :-- | :-- | :-- | :-- | -| `addressPrefixes` | array | `[]` | | An array of IP address ranges that can be used by subnets of the virtual network. Must be provided if no bgpProperties or VPNSiteLinks are configured. | -| `bgpProperties` | object | `{object}` | | BGP settings details. Must be provided if no addressPrefixes or VPNSiteLinks are configured. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead. | | `deviceProperties` | object | `{object}` | | List of properties of the device. | | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | | `ipAddress` | string | `''` | | The IP-address for the VPN-site. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead. | @@ -330,7 +335,7 @@ The following module usage examples are retrieved from the content of the files >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Min

+

Example 1: Common

@@ -338,68 +343,11 @@ The following module usage examples are retrieved from the content of the files ```bicep module vpnSites './Microsoft.Network/vpnSites/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-VpnSites' + name: '${uniqueString(deployment().name)}-test-nvscom' params: { // Required parameters - name: '<>-az-vSite-min-001' - virtualWanId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/apd-<>-az-vw-x-001' - // Non-required parameters - addressPrefixes: [ - '10.0.0.0/16' - ] - ipAddress: '1.2.3.4' - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "<>-az-vSite-min-001" - }, - "virtualWanId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/apd-<>-az-vw-x-001" - }, - // Non-required parameters - "addressPrefixes": { - "value": [ - "10.0.0.0/16" - ] - }, - "ipAddress": { - "value": "1.2.3.4" - } - } -} -``` - -
-

- -

Example 2: Parameters

- -
- -via Bicep module - -```bicep -module vpnSites './Microsoft.Network/vpnSites/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-VpnSites' - params: { - // Required parameters - name: '<>-az-vSite-x-001' - virtualWanId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/apd-<>-az-vw-x-001' + name: '<>-nvscom' + virtualWanId: '' // Non-required parameters deviceProperties: { linkSpeedInMbps: 0 @@ -415,7 +363,7 @@ module vpnSites './Microsoft.Network/vpnSites/deploy.bicep' = { roleAssignments: [ { principalIds: [ - '<>' + '' ] roleDefinitionIdOrName: 'Reader' } @@ -426,7 +374,7 @@ module vpnSites './Microsoft.Network/vpnSites/deploy.bicep' = { } vpnSiteLinks: [ { - name: '<>-az-vSite-x-001' + name: '<>-vSite-nvscom' properties: { bgpProperties: { asn: 65010 @@ -472,10 +420,10 @@ module vpnSites './Microsoft.Network/vpnSites/deploy.bicep' = { "parameters": { // Required parameters "name": { - "value": "<>-az-vSite-x-001" + "value": "<>-nvscom" }, "virtualWanId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/apd-<>-az-vw-x-001" + "value": "" }, // Non-required parameters "deviceProperties": { @@ -499,7 +447,7 @@ module vpnSites './Microsoft.Network/vpnSites/deploy.bicep' = { "value": [ { "principalIds": [ - "<>" + "" ], "roleDefinitionIdOrName": "Reader" } @@ -514,7 +462,7 @@ module vpnSites './Microsoft.Network/vpnSites/deploy.bicep' = { "vpnSiteLinks": { "value": [ { - "name": "<>-az-vSite-x-001", + "name": "<>-vSite-nvscom", "properties": { "bgpProperties": { "asn": 65010, @@ -549,3 +497,60 @@ module vpnSites './Microsoft.Network/vpnSites/deploy.bicep' = {

+ +

Example 2: Min

+ +
+ +via Bicep module + +```bicep +module vpnSites './Microsoft.Network/vpnSites/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-nvsmin' + params: { + // Required parameters + name: '<>-nvsmin' + virtualWanId: '' + // Non-required parameters + addressPrefixes: [ + '10.0.0.0/16' + ] + ipAddress: '1.2.3.4' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "<>-nvsmin" + }, + "virtualWanId": { + "value": "" + }, + // Non-required parameters + "addressPrefixes": { + "value": [ + "10.0.0.0/16" + ] + }, + "ipAddress": { + "value": "1.2.3.4" + } + } +} +``` + +
+