diff --git a/.github/workflows/ms.network.applicationgateways.yml b/.github/workflows/ms.network.applicationgateways.yml index f725041d2e..0557fd1950 100644 --- a/.github/workflows/ms.network.applicationgateways.yml +++ b/.github/workflows/ms.network.applicationgateways.yml @@ -106,8 +106,7 @@ jobs: - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.resourceGroupName }}' subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 b/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 new file mode 100644 index 0000000000..8e723c072c --- /dev/null +++ b/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 @@ -0,0 +1,40 @@ +param( + [string] $KeyVaultName, + [string] $CertName +) + +$certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -ErrorAction 'Stop' + +if (-not $certificate) { + $policyInputObject = @{ + SecretContentType = 'application/x-pkcs12' + SubjectName = 'CN=fabrikam.com' + IssuerName = 'Self' + ValidityInMonths = 12 + ReuseKeyOnRenewal = $true + } + $certPolicy = New-AzKeyVaultCertificatePolicy @policyInputObject + + $null = Add-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -CertificatePolicy $certPolicy + Write-Verbose ('Initiated creation of certificate [{0}] in key vault [{1}]' -f $CertName, $KeyVaultName) -Verbose + + while (-not (Get-AzKeyVaultCertificateOperation -VaultName $KeyVaultName -Name $CertName).Status -eq 'completed') { + Write-Verbose 'Waiting 10 seconds for certificate creation' -Verbose + Start-Sleep 10 + } + + Write-Verbose 'Certificate created' -Verbose +} + +$secretId = $certificate.SecretId +while ([String]::IsNullOrEmpty($secretId)) { + Write-Verbose 'Waiting 10 seconds until certificate can be fetched' -Verbose + Start-Sleep 10 + $certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -ErrorAction 'Stop' + $secretId = $certificate.SecretId +} + +# Write into Deployment Script output stream +$DeploymentScriptOutputs = @{ + secretUrl = $secretId +} diff --git a/modules/Microsoft.Network/applicationGateways/.test/common/dependencies.bicep b/modules/Microsoft.Network/applicationGateways/.test/common/dependencies.bicep new file mode 100644 index 0000000000..19ccd21a1d --- /dev/null +++ b/modules/Microsoft.Network/applicationGateways/.test/common/dependencies.bicep @@ -0,0 +1,117 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +@description('Required. The name of the Public IP to create.') +param publicIPName string + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +@description('Required. The name of the Key Vault to create.') +param keyVaultName string + +@description('Required. The name of the Deployment Script to create for the Certificate generation.') +param certDeploymentScriptName string + +var CertName = 'applicationGatewaySslCertificate' + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + '10.0.0.0/24' + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: '10.0.0.0/24' + } + } + ] + } +} + +resource publicIP 'Microsoft.Network/publicIPAddresses@2022-01-01' = { + name: publicIPName + location: location + sku: { + name: 'Standard' + tier: 'Regional' + } + properties: { + publicIPAllocationMethod: 'Static' + } +} + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = { + name: keyVaultName + location: location + properties: { + sku: { + family: 'A' + name: 'standard' + } + tenantId: tenant().tenantId + enablePurgeProtection: null + enabledForTemplateDeployment: true + enabledForDiskEncryption: true + enabledForDeployment: true + enableRbacAuthorization: true + accessPolicies: [] + } +} + +resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = { + name: guid('msi-${managedIdentity.name}-KeyVault-Admin-RoleAssignment') + scope: keyVault + properties: { + principalId: managedIdentity.properties.principalId + roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483') // Key Vault Administrator + principalType: 'ServicePrincipal' + } +} + +resource certDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = { + name: certDeploymentScriptName + location: location + kind: 'AzurePowerShell' + identity: { + type: 'UserAssigned' + userAssignedIdentities: { + '${managedIdentity.id}': {} + } + } + properties: { + azPowerShellVersion: '8.0' + retentionInterval: 'P1D' + arguments: '-KeyVaultName "${keyVault.name}" -CertName "${CertName}"' + scriptContent: loadTextContent('../.scripts/New-Certificate.ps1') + } +} + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The resource ID of the created Public IP.') +output publicIPResourceId string = publicIP.id + +@description('The resource ID of the created Managed Identity.') +output managedIdentityResourceId string = managedIdentity.id + +@description('The URL of the created certificate.') +output certificateSecretUrl string = certDeploymentScript.properties.outputs.secretUrl + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep b/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep new file mode 100644 index 0000000000..ff34297ad7 --- /dev/null +++ b/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep @@ -0,0 +1,385 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'ms.network.applicationgateways-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'nagcom' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + virtualNetworkName: 'dep-<>-vnet-${serviceShort}' + publicIPName: 'dep-<>-pip-${serviceShort}' + managedIdentityName: 'dep-<>-msi-${serviceShort}' + certDeploymentScriptName: 'dep-<>-ds-${serviceShort}' + keyVaultName: 'dep-<>-kv-${serviceShort}' + } +} + +// Diagnostics +// =========== +module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' + params: { + storageAccountName: 'dep<>diasa${serviceShort}01' + logAnalyticsWorkspaceName: 'dep-<>-law-${serviceShort}' + eventHubNamespaceEventHubName: 'dep-<>-evh-${serviceShort}' + eventHubNamespaceName: 'dep-<>-evhns-${serviceShort}' + location: location + } +} + +// ============== // +// Test Execution // +// ============== // + +var appGWName = '<>${serviceShort}001' +var appGWExpectedResourceID = '${resourceGroup.id}/providers/Microsoft.Network/applicationGateways/${appGWName}' +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: appGWName + backendAddressPools: [ + { + name: 'appServiceBackendPool' + properties: { + backendAddresses: [ + { + fqdn: 'aghapp.azurewebsites.net' + } + ] + } + } + { + name: 'privateVmBackendPool' + properties: { + backendAddresses: [ + { + ipAddress: '10.0.0.4' + } + ] + } + } + ] + backendHttpSettingsCollection: [ + { + name: 'appServiceBackendHttpsSetting' + properties: { + cookieBasedAffinity: 'Disabled' + pickHostNameFromBackendAddress: true + port: 443 + protocol: 'Https' + requestTimeout: 30 + } + } + { + name: 'privateVmHttpSetting' + properties: { + cookieBasedAffinity: 'Disabled' + pickHostNameFromBackendAddress: false + port: 80 + probe: { + id: '${appGWExpectedResourceID}/probes/privateVmHttpSettingProbe' + } + protocol: 'Http' + requestTimeout: 30 + } + } + ] + diagnosticLogsRetentionInDays: 7 + diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId + diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId + diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId + diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName + enableHttp2: true + frontendIPConfigurations: [ + { + name: 'private' + properties: { + privateIPAddress: '10.0.0.20' + privateIPAllocationMethod: 'Static' + subnet: { + id: resourceGroupResources.outputs.subnetResourceId + } + } + } + { + name: 'public' + properties: { + privateIPAllocationMethod: 'Dynamic' + publicIPAddress: { + id: resourceGroupResources.outputs.publicIPResourceId + } + } + } + ] + frontendPorts: [ + { + name: 'port443' + properties: { + port: 443 + } + } + { + name: 'port4433' + properties: { + port: 4433 + } + } + { + name: 'port80' + properties: { + port: 80 + } + } + { + name: 'port8080' + properties: { + port: 8080 + } + } + ] + gatewayIPConfigurations: [ + { + name: 'apw-ip-configuration' + properties: { + subnet: { + id: resourceGroupResources.outputs.subnetResourceId + } + } + } + ] + httpListeners: [ + { + name: 'public443' + properties: { + frontendIPConfiguration: { + id: '${appGWExpectedResourceID}/frontendIPConfigurations/public' + } + frontendPort: { + id: '${appGWExpectedResourceID}/frontendPorts/port443' + } + hostNames: [] + protocol: 'https' + requireServerNameIndication: false + sslCertificate: { + id: '${appGWExpectedResourceID}/sslCertificates/<>-az-apgw-x-001-ssl-certificate' + } + } + } + { + name: 'private4433' + properties: { + frontendIPConfiguration: { + id: '${appGWExpectedResourceID}/frontendIPConfigurations/private' + } + frontendPort: { + id: '${appGWExpectedResourceID}/frontendPorts/port4433' + } + hostNames: [] + protocol: 'https' + requireServerNameIndication: false + sslCertificate: { + id: '${appGWExpectedResourceID}/sslCertificates/<>-az-apgw-x-001-ssl-certificate' + } + } + } + { + name: 'httpRedirect80' + properties: { + frontendIPConfiguration: { + id: '${appGWExpectedResourceID}/frontendIPConfigurations/public' + } + frontendPort: { + id: '${appGWExpectedResourceID}/frontendPorts/port80' + } + hostNames: [] + protocol: 'Http' + requireServerNameIndication: false + } + } + { + name: 'httpRedirect8080' + properties: { + frontendIPConfiguration: { + id: '${appGWExpectedResourceID}/frontendIPConfigurations/private' + } + frontendPort: { + id: '${appGWExpectedResourceID}/frontendPorts/port8080' + } + hostNames: [] + protocol: 'Http' + requireServerNameIndication: false + } + } + ] + lock: 'CanNotDelete' + probes: [ + { + name: 'privateVmHttpSettingProbe' + properties: { + host: '10.0.0.4' + interval: 60 + match: { + statusCodes: [ + '200' + '401' + ] + } + minServers: 3 + path: '/' + pickHostNameFromBackendHttpSettings: false + protocol: 'Http' + timeout: 15 + unhealthyThreshold: 5 + } + } + ] + redirectConfigurations: [ + { + name: 'httpRedirect80' + properties: { + includePath: true + includeQueryString: true + redirectType: 'Permanent' + requestRoutingRules: [ + { + id: '${appGWExpectedResourceID}/requestRoutingRules/httpRedirect80-public443' + } + ] + targetListener: { + id: '${appGWExpectedResourceID}/httpListeners/public443' + } + } + } + { + name: 'httpRedirect8080' + properties: { + includePath: true + includeQueryString: true + redirectType: 'Permanent' + requestRoutingRules: [ + { + id: '${appGWExpectedResourceID}/requestRoutingRules/httpRedirect8080-private4433' + } + ] + targetListener: { + id: '${appGWExpectedResourceID}/httpListeners/private4433' + } + } + } + ] + requestRoutingRules: [ + { + name: 'public443-appServiceBackendHttpsSetting-appServiceBackendHttpsSetting' + properties: { + backendAddressPool: { + id: '${appGWExpectedResourceID}/backendAddressPools/appServiceBackendPool' + } + backendHttpSettings: { + id: '${appGWExpectedResourceID}/backendHttpSettingsCollection/appServiceBackendHttpsSetting' + } + httpListener: { + id: '${appGWExpectedResourceID}/httpListeners/public443' + } + priority: 200 + ruleType: 'Basic' + } + } + { + name: 'private4433-privateVmHttpSetting-privateVmHttpSetting' + properties: { + backendAddressPool: { + id: '${appGWExpectedResourceID}/backendAddressPools/privateVmBackendPool' + } + backendHttpSettings: { + id: '${appGWExpectedResourceID}/backendHttpSettingsCollection/privateVmHttpSetting' + } + httpListener: { + id: '${appGWExpectedResourceID}/httpListeners/private4433' + } + priority: 250 + ruleType: 'Basic' + } + } + { + name: 'httpRedirect80-public443' + properties: { + httpListener: { + id: '${appGWExpectedResourceID}/httpListeners/httpRedirect80' + } + priority: 300 + redirectConfiguration: { + id: '${appGWExpectedResourceID}/redirectConfigurations/httpRedirect80' + } + ruleType: 'Basic' + } + } + { + name: 'httpRedirect8080-private4433' + properties: { + httpListener: { + id: '${appGWExpectedResourceID}/httpListeners/httpRedirect8080' + } + priority: 350 + redirectConfiguration: { + id: '${appGWExpectedResourceID}/redirectConfigurations/httpRedirect8080' + } + ruleType: 'Basic' + } + } + ] + roleAssignments: [ + { + principalIds: [ + resourceGroupResources.outputs.managedIdentityPrincipalId + ] + roleDefinitionIdOrName: 'Reader' + } + ] + sku: 'WAF_v2' + sslCertificates: [ + { + name: '<>-az-apgw-x-001-ssl-certificate' + properties: { + keyVaultSecretId: resourceGroupResources.outputs.certificateSecretUrl + } + } + ] + userAssignedIdentities: { + '${resourceGroupResources.outputs.managedIdentityResourceId}': {} + } + webApplicationFirewallConfiguration: { + disabledRuleGroups: [] + enabled: true + fileUploadLimitInMb: 100 + firewallMode: 'Detection' + maxRequestBodySizeInKb: 128 + requestBodyCheck: true + ruleSetType: 'OWASP' + ruleSetVersion: '3.0' + } + } +} diff --git a/modules/Microsoft.Network/applicationGateways/.test/parameters.json b/modules/Microsoft.Network/applicationGateways/.test/parameters.json deleted file mode 100644 index 7261318223..0000000000 --- a/modules/Microsoft.Network/applicationGateways/.test/parameters.json +++ /dev/null @@ -1,371 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-apgw-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "webApplicationFirewallConfiguration": { - "value": { - "enabled": true, - "firewallMode": "Detection", - "ruleSetType": "OWASP", - "ruleSetVersion": "3.0", - "disabledRuleGroups": [], - "requestBodyCheck": true, - "maxRequestBodySizeInKb": 128, - "fileUploadLimitInMb": 100 - } - }, - "enableHttp2": { - "value": true - }, - "backendAddressPools": { - "value": [ - { - "name": "appServiceBackendPool", - "properties": { - "backendAddresses": [ - { - "fqdn": "aghapp.azurewebsites.net" - } - ] - } - }, - { - "name": "privateVmBackendPool", - "properties": { - "backendAddresses": [ - { - "ipAddress": "10.0.0.4" - } - ] - } - } - ] - }, - "backendHttpSettingsCollection": { - "value": [ - { - "name": "appServiceBackendHttpsSetting", - "properties": { - "port": 443, - "protocol": "Https", - "cookieBasedAffinity": "Disabled", - "pickHostNameFromBackendAddress": true, - "requestTimeout": 30 - } - }, - { - "name": "privateVmHttpSetting", - "properties": { - "port": 80, - "protocol": "Http", - "cookieBasedAffinity": "Disabled", - "pickHostNameFromBackendAddress": false, - "requestTimeout": 30, - "probe": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/probes/privateVmHttpSettingProbe" - } - } - } - ] - }, - "frontendIPConfigurations": { - "value": [ - { - "name": "private", - "properties": { - "privateIPAddress": "10.0.8.6", - "privateIPAllocationMethod": "Static", - "subnet": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-007" - } - } - }, - { - "name": "public", - "properties": { - "privateIPAllocationMethod": "Dynamic", - "publicIPAddress": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-apgw" - } - } - } - ] - }, - "frontendPorts": { - "value": [ - { - "name": "port443", - "properties": { - "port": 443 - } - }, - { - "name": "port4433", - "properties": { - "port": 4433 - } - }, - { - "name": "port80", - "properties": { - "port": 80 - } - }, - { - "name": "port8080", - "properties": { - "port": 8080 - } - } - ] - }, - "httpListeners": { - "value": [ - { - "name": "public443", - "properties": { - "frontendIPConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/public" - }, - "frontendPort": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port443" - }, - "sslCertificate": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/sslCertificates/<>-az-apgw-x-001-ssl-certificate" - }, - "protocol": "https", - "hostNames": [], - "requireServerNameIndication": false - } - }, - { - "name": "private4433", - "properties": { - "frontendIPConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/private" - }, - "frontendPort": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port4433" - }, - "sslCertificate": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/sslCertificates/<>-az-apgw-x-001-ssl-certificate" - }, - "protocol": "https", - "hostNames": [], - "requireServerNameIndication": false - } - }, - { - "name": "httpRedirect80", - "properties": { - "frontendIPConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/public" - }, - "frontendPort": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port80" - }, - "protocol": "Http", - "hostNames": [], - "requireServerNameIndication": false - } - }, - { - "name": "httpRedirect8080", - "properties": { - "frontendIPConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/private" - }, - "frontendPort": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port8080" - }, - "protocol": "Http", - "hostNames": [], - "requireServerNameIndication": false - } - } - ] - }, - "gatewayIPConfigurations": { - "value": [ - { - "name": "apw-ip-configuration", - "properties": { - "subnet": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-007" - } - } - } - ] - }, - "probes": { - "value": [ - { - "name": "privateVmHttpSettingProbe", - "properties": { - "protocol": "Http", - "host": "10.0.0.4", - "path": "/", - "interval": 60, - "timeout": 15, - "unhealthyThreshold": 5, - "pickHostNameFromBackendHttpSettings": false, - "minServers": 3, - "match": { - "statusCodes": [ - "200", - "401" - ] - } - } - } - ] - }, - "redirectConfigurations": { - "value": [ - { - "name": "httpRedirect80", - "properties": { - "redirectType": "Permanent", - "targetListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/public443" - }, - "includePath": true, - "includeQueryString": true, - "requestRoutingRules": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/requestRoutingRules/httpRedirect80-public443" - } - ] - } - }, - { - "name": "httpRedirect8080", - "properties": { - "redirectType": "Permanent", - "targetListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/private4433" - }, - "includePath": true, - "includeQueryString": true, - "requestRoutingRules": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/requestRoutingRules/httpRedirect8080-private4433" - } - ] - } - } - ] - }, - "requestRoutingRules": { - "value": [ - { - "name": "public443-appServiceBackendHttpsSetting-appServiceBackendHttpsSetting", - "properties": { - "ruleType": "Basic", - "priority": 200, - "httpListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/public443" - }, - "backendAddressPool": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendAddressPools/appServiceBackendPool" - }, - "backendHttpSettings": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendHttpSettingsCollection/appServiceBackendHttpsSetting" - } - } - }, - { - "name": "private4433-privateVmHttpSetting-privateVmHttpSetting", - "properties": { - "ruleType": "Basic", - "priority": 250, - "httpListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/private4433" - }, - "backendAddressPool": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendAddressPools/privateVmBackendPool" - }, - "backendHttpSettings": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendHttpSettingsCollection/privateVmHttpSetting" - } - } - }, - { - "name": "httpRedirect80-public443", - "properties": { - "ruleType": "Basic", - "priority": 300, - "httpListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/httpRedirect80" - }, - "redirectConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/redirectConfigurations/httpRedirect80" - } - } - }, - { - "name": "httpRedirect8080-private4433", - "properties": { - "ruleType": "Basic", - "priority": 350, - "httpListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/httpRedirect8080" - }, - "redirectConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/redirectConfigurations/httpRedirect8080" - } - } - } - ] - }, - "sku": { - "value": "WAF_v2" - }, - "sslCertificates": { - "value": [ - { - "name": "<>-az-apgw-x-001-ssl-certificate", - "properties": { - "keyVaultSecretId": "https://adp-<>-az-kv-x-001.vault.azure.net/secrets/applicationGatewaySslCertificate" - } - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} diff --git a/modules/Microsoft.Network/applicationGateways/readme.md b/modules/Microsoft.Network/applicationGateways/readme.md index f45995f498..8cbb7f1b3c 100644 --- a/modules/Microsoft.Network/applicationGateways/readme.md +++ b/modules/Microsoft.Network/applicationGateways/readme.md @@ -234,7 +234,7 @@ The following module usage examples are retrieved from the content of the files >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Parameters

+

Example 1: Common

@@ -242,10 +242,10 @@ The following module usage examples are retrieved from the content of the files ```bicep module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-ApplicationGateways' + name: '${uniqueString(deployment().name)}-test-nagcom' params: { // Required parameters - name: '<>-az-apgw-x-001' + name: '' // Non-required parameters backendAddressPools: [ { @@ -287,27 +287,27 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep pickHostNameFromBackendAddress: false port: 80 probe: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/probes/privateVmHttpSettingProbe' + id: '${appGWExpectedResourceID}/probes/privateVmHttpSettingProbe' } protocol: 'Http' requestTimeout: 30 } } ] - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' + diagnosticEventHubAuthorizationRuleId: '' + diagnosticEventHubName: '' diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' + diagnosticStorageAccountId: '' + diagnosticWorkspaceId: '' enableHttp2: true frontendIPConfigurations: [ { name: 'private' properties: { - privateIPAddress: '10.0.8.6' + privateIPAddress: '10.0.0.20' privateIPAllocationMethod: 'Static' subnet: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-007' + id: '' } } } @@ -316,7 +316,7 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep properties: { privateIPAllocationMethod: 'Dynamic' publicIPAddress: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-apgw' + id: '' } } } @@ -352,7 +352,7 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep name: 'apw-ip-configuration' properties: { subnet: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-007' + id: '' } } } @@ -362,16 +362,16 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep name: 'public443' properties: { frontendIPConfiguration: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/public' + id: '${appGWExpectedResourceID}/frontendIPConfigurations/public' } frontendPort: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port443' + id: '${appGWExpectedResourceID}/frontendPorts/port443' } hostNames: [] protocol: 'https' requireServerNameIndication: false sslCertificate: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/sslCertificates/<>-az-apgw-x-001-ssl-certificate' + id: '${appGWExpectedResourceID}/sslCertificates/<>-az-apgw-x-001-ssl-certificate' } } } @@ -379,16 +379,16 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep name: 'private4433' properties: { frontendIPConfiguration: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/private' + id: '${appGWExpectedResourceID}/frontendIPConfigurations/private' } frontendPort: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port4433' + id: '${appGWExpectedResourceID}/frontendPorts/port4433' } hostNames: [] protocol: 'https' requireServerNameIndication: false sslCertificate: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/sslCertificates/<>-az-apgw-x-001-ssl-certificate' + id: '${appGWExpectedResourceID}/sslCertificates/<>-az-apgw-x-001-ssl-certificate' } } } @@ -396,10 +396,10 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep name: 'httpRedirect80' properties: { frontendIPConfiguration: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/public' + id: '${appGWExpectedResourceID}/frontendIPConfigurations/public' } frontendPort: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port80' + id: '${appGWExpectedResourceID}/frontendPorts/port80' } hostNames: [] protocol: 'Http' @@ -410,10 +410,10 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep name: 'httpRedirect8080' properties: { frontendIPConfiguration: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/private' + id: '${appGWExpectedResourceID}/frontendIPConfigurations/private' } frontendPort: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port8080' + id: '${appGWExpectedResourceID}/frontendPorts/port8080' } hostNames: [] protocol: 'Http' @@ -452,11 +452,11 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep redirectType: 'Permanent' requestRoutingRules: [ { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/requestRoutingRules/httpRedirect80-public443' + id: '${appGWExpectedResourceID}/requestRoutingRules/httpRedirect80-public443' } ] targetListener: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/public443' + id: '${appGWExpectedResourceID}/httpListeners/public443' } } } @@ -468,11 +468,11 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep redirectType: 'Permanent' requestRoutingRules: [ { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/requestRoutingRules/httpRedirect8080-private4433' + id: '${appGWExpectedResourceID}/requestRoutingRules/httpRedirect8080-private4433' } ] targetListener: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/private4433' + id: '${appGWExpectedResourceID}/httpListeners/private4433' } } } @@ -482,13 +482,13 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep name: 'public443-appServiceBackendHttpsSetting-appServiceBackendHttpsSetting' properties: { backendAddressPool: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendAddressPools/appServiceBackendPool' + id: '${appGWExpectedResourceID}/backendAddressPools/appServiceBackendPool' } backendHttpSettings: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendHttpSettingsCollection/appServiceBackendHttpsSetting' + id: '${appGWExpectedResourceID}/backendHttpSettingsCollection/appServiceBackendHttpsSetting' } httpListener: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/public443' + id: '${appGWExpectedResourceID}/httpListeners/public443' } priority: 200 ruleType: 'Basic' @@ -498,13 +498,13 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep name: 'private4433-privateVmHttpSetting-privateVmHttpSetting' properties: { backendAddressPool: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendAddressPools/privateVmBackendPool' + id: '${appGWExpectedResourceID}/backendAddressPools/privateVmBackendPool' } backendHttpSettings: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendHttpSettingsCollection/privateVmHttpSetting' + id: '${appGWExpectedResourceID}/backendHttpSettingsCollection/privateVmHttpSetting' } httpListener: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/private4433' + id: '${appGWExpectedResourceID}/httpListeners/private4433' } priority: 250 ruleType: 'Basic' @@ -514,11 +514,11 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep name: 'httpRedirect80-public443' properties: { httpListener: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/httpRedirect80' + id: '${appGWExpectedResourceID}/httpListeners/httpRedirect80' } priority: 300 redirectConfiguration: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/redirectConfigurations/httpRedirect80' + id: '${appGWExpectedResourceID}/redirectConfigurations/httpRedirect80' } ruleType: 'Basic' } @@ -527,11 +527,11 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep name: 'httpRedirect8080-private4433' properties: { httpListener: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/httpRedirect8080' + id: '${appGWExpectedResourceID}/httpListeners/httpRedirect8080' } priority: 350 redirectConfiguration: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/redirectConfigurations/httpRedirect8080' + id: '${appGWExpectedResourceID}/redirectConfigurations/httpRedirect8080' } ruleType: 'Basic' } @@ -540,7 +540,7 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep roleAssignments: [ { principalIds: [ - '<>' + '' ] roleDefinitionIdOrName: 'Reader' } @@ -550,12 +550,12 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep { name: '<>-az-apgw-x-001-ssl-certificate' properties: { - keyVaultSecretId: 'https://adp-<>-az-kv-x-001.vault.azure.net/secrets/applicationGatewaySslCertificate' + keyVaultSecretId: '' } } ] userAssignedIdentities: { - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} + '': {} } webApplicationFirewallConfiguration: { disabledRuleGroups: [] @@ -585,7 +585,7 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "parameters": { // Required parameters "name": { - "value": "<>-az-apgw-x-001" + "value": "" }, // Non-required parameters "backendAddressPools": { @@ -631,7 +631,7 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "pickHostNameFromBackendAddress": false, "port": 80, "probe": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/probes/privateVmHttpSettingProbe" + "id": "${appGWExpectedResourceID}/probes/privateVmHttpSettingProbe" }, "protocol": "Http", "requestTimeout": 30 @@ -640,19 +640,19 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep ] }, "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" + "value": "" }, "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" + "value": "" }, "diagnosticLogsRetentionInDays": { "value": 7 }, "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" + "value": "" }, "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" + "value": "" }, "enableHttp2": { "value": true @@ -662,10 +662,10 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep { "name": "private", "properties": { - "privateIPAddress": "10.0.8.6", + "privateIPAddress": "10.0.0.20", "privateIPAllocationMethod": "Static", "subnet": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-007" + "id": "" } } }, @@ -674,7 +674,7 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "properties": { "privateIPAllocationMethod": "Dynamic", "publicIPAddress": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-apgw" + "id": "" } } } @@ -714,7 +714,7 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "name": "apw-ip-configuration", "properties": { "subnet": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-007" + "id": "" } } } @@ -726,16 +726,16 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "name": "public443", "properties": { "frontendIPConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/public" + "id": "${appGWExpectedResourceID}/frontendIPConfigurations/public" }, "frontendPort": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port443" + "id": "${appGWExpectedResourceID}/frontendPorts/port443" }, "hostNames": [], "protocol": "https", "requireServerNameIndication": false, "sslCertificate": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/sslCertificates/<>-az-apgw-x-001-ssl-certificate" + "id": "${appGWExpectedResourceID}/sslCertificates/<>-az-apgw-x-001-ssl-certificate" } } }, @@ -743,16 +743,16 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "name": "private4433", "properties": { "frontendIPConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/private" + "id": "${appGWExpectedResourceID}/frontendIPConfigurations/private" }, "frontendPort": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port4433" + "id": "${appGWExpectedResourceID}/frontendPorts/port4433" }, "hostNames": [], "protocol": "https", "requireServerNameIndication": false, "sslCertificate": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/sslCertificates/<>-az-apgw-x-001-ssl-certificate" + "id": "${appGWExpectedResourceID}/sslCertificates/<>-az-apgw-x-001-ssl-certificate" } } }, @@ -760,10 +760,10 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "name": "httpRedirect80", "properties": { "frontendIPConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/public" + "id": "${appGWExpectedResourceID}/frontendIPConfigurations/public" }, "frontendPort": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port80" + "id": "${appGWExpectedResourceID}/frontendPorts/port80" }, "hostNames": [], "protocol": "Http", @@ -774,10 +774,10 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "name": "httpRedirect8080", "properties": { "frontendIPConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/private" + "id": "${appGWExpectedResourceID}/frontendIPConfigurations/private" }, "frontendPort": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port8080" + "id": "${appGWExpectedResourceID}/frontendPorts/port8080" }, "hostNames": [], "protocol": "Http", @@ -822,11 +822,11 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "redirectType": "Permanent", "requestRoutingRules": [ { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/requestRoutingRules/httpRedirect80-public443" + "id": "${appGWExpectedResourceID}/requestRoutingRules/httpRedirect80-public443" } ], "targetListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/public443" + "id": "${appGWExpectedResourceID}/httpListeners/public443" } } }, @@ -838,11 +838,11 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "redirectType": "Permanent", "requestRoutingRules": [ { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/requestRoutingRules/httpRedirect8080-private4433" + "id": "${appGWExpectedResourceID}/requestRoutingRules/httpRedirect8080-private4433" } ], "targetListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/private4433" + "id": "${appGWExpectedResourceID}/httpListeners/private4433" } } } @@ -854,13 +854,13 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "name": "public443-appServiceBackendHttpsSetting-appServiceBackendHttpsSetting", "properties": { "backendAddressPool": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendAddressPools/appServiceBackendPool" + "id": "${appGWExpectedResourceID}/backendAddressPools/appServiceBackendPool" }, "backendHttpSettings": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendHttpSettingsCollection/appServiceBackendHttpsSetting" + "id": "${appGWExpectedResourceID}/backendHttpSettingsCollection/appServiceBackendHttpsSetting" }, "httpListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/public443" + "id": "${appGWExpectedResourceID}/httpListeners/public443" }, "priority": 200, "ruleType": "Basic" @@ -870,13 +870,13 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "name": "private4433-privateVmHttpSetting-privateVmHttpSetting", "properties": { "backendAddressPool": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendAddressPools/privateVmBackendPool" + "id": "${appGWExpectedResourceID}/backendAddressPools/privateVmBackendPool" }, "backendHttpSettings": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendHttpSettingsCollection/privateVmHttpSetting" + "id": "${appGWExpectedResourceID}/backendHttpSettingsCollection/privateVmHttpSetting" }, "httpListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/private4433" + "id": "${appGWExpectedResourceID}/httpListeners/private4433" }, "priority": 250, "ruleType": "Basic" @@ -886,11 +886,11 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "name": "httpRedirect80-public443", "properties": { "httpListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/httpRedirect80" + "id": "${appGWExpectedResourceID}/httpListeners/httpRedirect80" }, "priority": 300, "redirectConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/redirectConfigurations/httpRedirect80" + "id": "${appGWExpectedResourceID}/redirectConfigurations/httpRedirect80" }, "ruleType": "Basic" } @@ -899,11 +899,11 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "name": "httpRedirect8080-private4433", "properties": { "httpListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/httpRedirect8080" + "id": "${appGWExpectedResourceID}/httpListeners/httpRedirect8080" }, "priority": 350, "redirectConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/redirectConfigurations/httpRedirect8080" + "id": "${appGWExpectedResourceID}/redirectConfigurations/httpRedirect8080" }, "ruleType": "Basic" } @@ -914,7 +914,7 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "value": [ { "principalIds": [ - "<>" + "" ], "roleDefinitionIdOrName": "Reader" } @@ -928,14 +928,14 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep { "name": "<>-az-apgw-x-001-ssl-certificate", "properties": { - "keyVaultSecretId": "https://adp-<>-az-kv-x-001.vault.azure.net/secrets/applicationGatewaySslCertificate" + "keyVaultSecretId": "" } } ] }, "userAssignedIdentities": { "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} + "": {} } }, "webApplicationFirewallConfiguration": {