From a2ae4591f2a2526205c0b972537196b6a7480a00 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Fri, 2 Sep 2022 21:31:18 +0200 Subject: [PATCH 01/19] Started refactoring --- .../ms.network.applicationgateways.yml | 3 +- .../.test/default/dependencies.bicep | 52 +++ .../.test/default/deploy.test.bicep | 383 ++++++++++++++++++ .../applicationGateways/.test/parameters.json | 371 ----------------- 4 files changed, 436 insertions(+), 373 deletions(-) create mode 100644 modules/Microsoft.Network/applicationGateways/.test/default/dependencies.bicep create mode 100644 modules/Microsoft.Network/applicationGateways/.test/default/deploy.test.bicep delete mode 100644 modules/Microsoft.Network/applicationGateways/.test/parameters.json diff --git a/.github/workflows/ms.network.applicationgateways.yml b/.github/workflows/ms.network.applicationgateways.yml index f725041d2e..0557fd1950 100644 --- a/.github/workflows/ms.network.applicationgateways.yml +++ b/.github/workflows/ms.network.applicationgateways.yml @@ -106,8 +106,7 @@ jobs: - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.resourceGroupName }}' subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/modules/Microsoft.Network/applicationGateways/.test/default/dependencies.bicep b/modules/Microsoft.Network/applicationGateways/.test/default/dependencies.bicep new file mode 100644 index 0000000000..5189e841f2 --- /dev/null +++ b/modules/Microsoft.Network/applicationGateways/.test/default/dependencies.bicep @@ -0,0 +1,52 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +@description('Required. The name of the Public IP to create.') +param publicIPName string + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + '10.0.0.0/24' + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: '10.0.0.0/24' + } + } + ] + } +} + +resource publicIP 'Microsoft.Network/publicIPAddresses@2022-01-01' = { + name: publicIPName +} + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The resource ID of the created Public IP.') +output publicIPResourceId string = publicIP.id + +@description('The resource ID of the created Managed Identity.') +output managedIdentityResourceId string = managedIdentity.id + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/modules/Microsoft.Network/applicationGateways/.test/default/deploy.test.bicep b/modules/Microsoft.Network/applicationGateways/.test/default/deploy.test.bicep new file mode 100644 index 0000000000..39b1d55dfe --- /dev/null +++ b/modules/Microsoft.Network/applicationGateways/.test/default/deploy.test.bicep @@ -0,0 +1,383 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for a testing purposes') +@maxLength(90) +param resourceGroupName string = 'ms.network.applicationgateways-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints') +param serviceShort string = 'nagdef' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + virtualNetworkName: 'dep-<>-vnet-${serviceShort}' + publicIPName: 'dep-<>-pip-${serviceShort}' + managedIdentityName: 'dep-<>-msi-${serviceShort}' + } +} + +// Diagnostics +// =========== +module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' + params: { + storageAccountName: 'dep<>diasa${serviceShort}01' + logAnalyticsWorkspaceName: 'dep-<>-law-${serviceShort}' + eventHubNamespaceEventHubName: 'dep-<>-evh-${serviceShort}' + eventHubNamespaceName: 'dep-<>-evhns-${serviceShort}' + location: location + } +} + +// ============== // +// Test Execution // +// ============== // + +var appGWName = '<>${serviceShort}001' +var appGWExpectedResourceID = '${resourceGroup.id}/providers/Microsoft.Network/applicationGateways/${appGWName}' +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: appGWName + backendAddressPools: [ + { + name: 'appServiceBackendPool' + properties: { + backendAddresses: [ + { + fqdn: 'aghapp.azurewebsites.net' + } + ] + } + } + { + name: 'privateVmBackendPool' + properties: { + backendAddresses: [ + { + ipAddress: '10.0.0.4' + } + ] + } + } + ] + backendHttpSettingsCollection: [ + { + name: 'appServiceBackendHttpsSetting' + properties: { + cookieBasedAffinity: 'Disabled' + pickHostNameFromBackendAddress: true + port: 443 + protocol: 'Https' + requestTimeout: 30 + } + } + { + name: 'privateVmHttpSetting' + properties: { + cookieBasedAffinity: 'Disabled' + pickHostNameFromBackendAddress: false + port: 80 + probe: { + id: '${appGWExpectedResourceID}/probes/privateVmHttpSettingProbe' + } + protocol: 'Http' + requestTimeout: 30 + } + } + ] + diagnosticLogsRetentionInDays: 7 + diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId + diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId + diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId + diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName + enableHttp2: true + frontendIPConfigurations: [ + { + name: 'private' + properties: { + privateIPAddress: '10.0.8.6' + privateIPAllocationMethod: 'Static' + subnet: { + id: '${resourceGroup.id}/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-007' + } + } + } + { + name: 'public' + properties: { + privateIPAllocationMethod: 'Dynamic' + publicIPAddress: { + id: '${resourceGroup.id}/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-apgw' + } + } + } + ] + frontendPorts: [ + { + name: 'port443' + properties: { + port: 443 + } + } + { + name: 'port4433' + properties: { + port: 4433 + } + } + { + name: 'port80' + properties: { + port: 80 + } + } + { + name: 'port8080' + properties: { + port: 8080 + } + } + ] + gatewayIPConfigurations: [ + { + name: 'apw-ip-configuration' + properties: { + subnet: { + id: resourceGroupResources.outputs.subnetResourceId + } + } + } + ] + httpListeners: [ + { + name: 'public443' + properties: { + frontendIPConfiguration: { + id: '${appGWExpectedResourceID}/frontendIPConfigurations/public' + } + frontendPort: { + id: '${appGWExpectedResourceID}/frontendPorts/port443' + } + hostNames: [] + protocol: 'https' + requireServerNameIndication: false + sslCertificate: { + id: '${appGWExpectedResourceID}/sslCertificates/<>-az-apgw-x-001-ssl-certificate' + } + } + } + { + name: 'private4433' + properties: { + frontendIPConfiguration: { + id: '${appGWExpectedResourceID}/frontendIPConfigurations/private' + } + frontendPort: { + id: '${appGWExpectedResourceID}/frontendPorts/port4433' + } + hostNames: [] + protocol: 'https' + requireServerNameIndication: false + sslCertificate: { + id: '${appGWExpectedResourceID}/sslCertificates/<>-az-apgw-x-001-ssl-certificate' + } + } + } + { + name: 'httpRedirect80' + properties: { + frontendIPConfiguration: { + id: '${appGWExpectedResourceID}/frontendIPConfigurations/public' + } + frontendPort: { + id: '${appGWExpectedResourceID}/frontendPorts/port80' + } + hostNames: [] + protocol: 'Http' + requireServerNameIndication: false + } + } + { + name: 'httpRedirect8080' + properties: { + frontendIPConfiguration: { + id: '${appGWExpectedResourceID}/frontendIPConfigurations/private' + } + frontendPort: { + id: '${appGWExpectedResourceID}/frontendPorts/port8080' + } + hostNames: [] + protocol: 'Http' + requireServerNameIndication: false + } + } + ] + lock: 'CanNotDelete' + probes: [ + { + name: 'privateVmHttpSettingProbe' + properties: { + host: '10.0.0.4' + interval: 60 + match: { + statusCodes: [ + '200' + '401' + ] + } + minServers: 3 + path: '/' + pickHostNameFromBackendHttpSettings: false + protocol: 'Http' + timeout: 15 + unhealthyThreshold: 5 + } + } + ] + redirectConfigurations: [ + { + name: 'httpRedirect80' + properties: { + includePath: true + includeQueryString: true + redirectType: 'Permanent' + requestRoutingRules: [ + { + id: '${appGWExpectedResourceID}/requestRoutingRules/httpRedirect80-public443' + } + ] + targetListener: { + id: '${appGWExpectedResourceID}/httpListeners/public443' + } + } + } + { + name: 'httpRedirect8080' + properties: { + includePath: true + includeQueryString: true + redirectType: 'Permanent' + requestRoutingRules: [ + { + id: '${appGWExpectedResourceID}/requestRoutingRules/httpRedirect8080-private4433' + } + ] + targetListener: { + id: '${appGWExpectedResourceID}/httpListeners/private4433' + } + } + } + ] + requestRoutingRules: [ + { + name: 'public443-appServiceBackendHttpsSetting-appServiceBackendHttpsSetting' + properties: { + backendAddressPool: { + id: '${appGWExpectedResourceID}/backendAddressPools/appServiceBackendPool' + } + backendHttpSettings: { + id: '${appGWExpectedResourceID}/backendHttpSettingsCollection/appServiceBackendHttpsSetting' + } + httpListener: { + id: '${appGWExpectedResourceID}/httpListeners/public443' + } + priority: 200 + ruleType: 'Basic' + } + } + { + name: 'private4433-privateVmHttpSetting-privateVmHttpSetting' + properties: { + backendAddressPool: { + id: '${appGWExpectedResourceID}/backendAddressPools/privateVmBackendPool' + } + backendHttpSettings: { + id: '${appGWExpectedResourceID}/backendHttpSettingsCollection/privateVmHttpSetting' + } + httpListener: { + id: '${appGWExpectedResourceID}/httpListeners/private4433' + } + priority: 250 + ruleType: 'Basic' + } + } + { + name: 'httpRedirect80-public443' + properties: { + httpListener: { + id: '${appGWExpectedResourceID}/httpListeners/httpRedirect80' + } + priority: 300 + redirectConfiguration: { + id: '${appGWExpectedResourceID}/redirectConfigurations/httpRedirect80' + } + ruleType: 'Basic' + } + } + { + name: 'httpRedirect8080-private4433' + properties: { + httpListener: { + id: '${appGWExpectedResourceID}/httpListeners/httpRedirect8080' + } + priority: 350 + redirectConfiguration: { + id: '${appGWExpectedResourceID}/redirectConfigurations/httpRedirect8080' + } + ruleType: 'Basic' + } + } + ] + roleAssignments: [ + { + principalIds: [ + resourceGroupResources.outputs.managedIdentityPrincipalId + ] + roleDefinitionIdOrName: 'Reader' + } + ] + sku: 'WAF_v2' + sslCertificates: [ + { + name: '<>-az-apgw-x-001-ssl-certificate' + properties: { + keyVaultSecretId: 'https://adp-<>-az-kv-x-001.vault.azure.net/secrets/applicationGatewaySslCertificate' + } + } + ] + userAssignedIdentities: { + '${resourceGroupResources.outputs.managedIdentityResourceId}': {} + } + webApplicationFirewallConfiguration: { + disabledRuleGroups: [] + enabled: true + fileUploadLimitInMb: 100 + firewallMode: 'Detection' + maxRequestBodySizeInKb: 128 + requestBodyCheck: true + ruleSetType: 'OWASP' + ruleSetVersion: '3.0' + } + } +} diff --git a/modules/Microsoft.Network/applicationGateways/.test/parameters.json b/modules/Microsoft.Network/applicationGateways/.test/parameters.json deleted file mode 100644 index 7261318223..0000000000 --- a/modules/Microsoft.Network/applicationGateways/.test/parameters.json +++ /dev/null @@ -1,371 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-apgw-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "webApplicationFirewallConfiguration": { - "value": { - "enabled": true, - "firewallMode": "Detection", - "ruleSetType": "OWASP", - "ruleSetVersion": "3.0", - "disabledRuleGroups": [], - "requestBodyCheck": true, - "maxRequestBodySizeInKb": 128, - "fileUploadLimitInMb": 100 - } - }, - "enableHttp2": { - "value": true - }, - "backendAddressPools": { - "value": [ - { - "name": "appServiceBackendPool", - "properties": { - "backendAddresses": [ - { - "fqdn": "aghapp.azurewebsites.net" - } - ] - } - }, - { - "name": "privateVmBackendPool", - "properties": { - "backendAddresses": [ - { - "ipAddress": "10.0.0.4" - } - ] - } - } - ] - }, - "backendHttpSettingsCollection": { - "value": [ - { - "name": "appServiceBackendHttpsSetting", - "properties": { - "port": 443, - "protocol": "Https", - "cookieBasedAffinity": "Disabled", - "pickHostNameFromBackendAddress": true, - "requestTimeout": 30 - } - }, - { - "name": "privateVmHttpSetting", - "properties": { - "port": 80, - "protocol": "Http", - "cookieBasedAffinity": "Disabled", - "pickHostNameFromBackendAddress": false, - "requestTimeout": 30, - "probe": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/probes/privateVmHttpSettingProbe" - } - } - } - ] - }, - "frontendIPConfigurations": { - "value": [ - { - "name": "private", - "properties": { - "privateIPAddress": "10.0.8.6", - "privateIPAllocationMethod": "Static", - "subnet": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-007" - } - } - }, - { - "name": "public", - "properties": { - "privateIPAllocationMethod": "Dynamic", - "publicIPAddress": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-apgw" - } - } - } - ] - }, - "frontendPorts": { - "value": [ - { - "name": "port443", - "properties": { - "port": 443 - } - }, - { - "name": "port4433", - "properties": { - "port": 4433 - } - }, - { - "name": "port80", - "properties": { - "port": 80 - } - }, - { - "name": "port8080", - "properties": { - "port": 8080 - } - } - ] - }, - "httpListeners": { - "value": [ - { - "name": "public443", - "properties": { - "frontendIPConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/public" - }, - "frontendPort": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port443" - }, - "sslCertificate": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/sslCertificates/<>-az-apgw-x-001-ssl-certificate" - }, - "protocol": "https", - "hostNames": [], - "requireServerNameIndication": false - } - }, - { - "name": "private4433", - "properties": { - "frontendIPConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/private" - }, - "frontendPort": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port4433" - }, - "sslCertificate": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/sslCertificates/<>-az-apgw-x-001-ssl-certificate" - }, - "protocol": "https", - "hostNames": [], - "requireServerNameIndication": false - } - }, - { - "name": "httpRedirect80", - "properties": { - "frontendIPConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/public" - }, - "frontendPort": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port80" - }, - "protocol": "Http", - "hostNames": [], - "requireServerNameIndication": false - } - }, - { - "name": "httpRedirect8080", - "properties": { - "frontendIPConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/private" - }, - "frontendPort": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port8080" - }, - "protocol": "Http", - "hostNames": [], - "requireServerNameIndication": false - } - } - ] - }, - "gatewayIPConfigurations": { - "value": [ - { - "name": "apw-ip-configuration", - "properties": { - "subnet": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-007" - } - } - } - ] - }, - "probes": { - "value": [ - { - "name": "privateVmHttpSettingProbe", - "properties": { - "protocol": "Http", - "host": "10.0.0.4", - "path": "/", - "interval": 60, - "timeout": 15, - "unhealthyThreshold": 5, - "pickHostNameFromBackendHttpSettings": false, - "minServers": 3, - "match": { - "statusCodes": [ - "200", - "401" - ] - } - } - } - ] - }, - "redirectConfigurations": { - "value": [ - { - "name": "httpRedirect80", - "properties": { - "redirectType": "Permanent", - "targetListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/public443" - }, - "includePath": true, - "includeQueryString": true, - "requestRoutingRules": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/requestRoutingRules/httpRedirect80-public443" - } - ] - } - }, - { - "name": "httpRedirect8080", - "properties": { - "redirectType": "Permanent", - "targetListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/private4433" - }, - "includePath": true, - "includeQueryString": true, - "requestRoutingRules": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/requestRoutingRules/httpRedirect8080-private4433" - } - ] - } - } - ] - }, - "requestRoutingRules": { - "value": [ - { - "name": "public443-appServiceBackendHttpsSetting-appServiceBackendHttpsSetting", - "properties": { - "ruleType": "Basic", - "priority": 200, - "httpListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/public443" - }, - "backendAddressPool": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendAddressPools/appServiceBackendPool" - }, - "backendHttpSettings": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendHttpSettingsCollection/appServiceBackendHttpsSetting" - } - } - }, - { - "name": "private4433-privateVmHttpSetting-privateVmHttpSetting", - "properties": { - "ruleType": "Basic", - "priority": 250, - "httpListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/private4433" - }, - "backendAddressPool": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendAddressPools/privateVmBackendPool" - }, - "backendHttpSettings": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendHttpSettingsCollection/privateVmHttpSetting" - } - } - }, - { - "name": "httpRedirect80-public443", - "properties": { - "ruleType": "Basic", - "priority": 300, - "httpListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/httpRedirect80" - }, - "redirectConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/redirectConfigurations/httpRedirect80" - } - } - }, - { - "name": "httpRedirect8080-private4433", - "properties": { - "ruleType": "Basic", - "priority": 350, - "httpListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/httpRedirect8080" - }, - "redirectConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/redirectConfigurations/httpRedirect8080" - } - } - } - ] - }, - "sku": { - "value": "WAF_v2" - }, - "sslCertificates": { - "value": [ - { - "name": "<>-az-apgw-x-001-ssl-certificate", - "properties": { - "keyVaultSecretId": "https://adp-<>-az-kv-x-001.vault.azure.net/secrets/applicationGatewaySslCertificate" - } - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} From 95b1cbccdbd1d7985da4b3055e13cf70d9c22898 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Fri, 2 Sep 2022 21:52:58 +0200 Subject: [PATCH 02/19] Finished first version --- .../.test/.scripts/New-Certificate.ps1 | 31 ++++ .../.test/default/dependencies.bicep | 57 +++++++ .../.test/default/deploy.test.bicep | 8 +- .../applicationGateways/readme.md | 148 +++++++++--------- 4 files changed, 167 insertions(+), 77 deletions(-) create mode 100644 modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 diff --git a/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 b/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 new file mode 100644 index 0000000000..f0bbf2f7f8 --- /dev/null +++ b/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 @@ -0,0 +1,31 @@ +param( + [string] $KeyVaultName, + [string] $CertName +) + +$policyInputObject = @{ + SecretContentType = 'application/x-pkcs12' + SubjectName = 'CN=fabrikam.com' + IssuerName = 'Self' + ValidityInMonths = 12 + ReuseKeyOnRenewal = $true +} +$certPolicy = New-AzKeyVaultCertificatePolicy @policyInputObject + +$null = Add-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -CertificatePolicy $certPolicy +Write-Verbose ('Initated creation of certificate [{0}] in key vault [{1}]' -f $CertName, $KeyVaultName) -Verbose + +while (-not (Get-AzKeyVaultCertificateOperation -VaultName $KeyVaultName -Name $CertName).Status -eq 'completed') { + Write-Verbose 'Waiting 10 seconds for certificate creation' -Verbose + Start-Sleep 10 +} + +Write-Verbose 'Certificate created' -Verbose + +$certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName + +# Write into Deployment Script output stream +$DeploymentScriptOutputs = @{ + # Requires conversion as the script otherwise returns an object instead of the plain public key string + secretUrl = $certificate.SecretId +} diff --git a/modules/Microsoft.Network/applicationGateways/.test/default/dependencies.bicep b/modules/Microsoft.Network/applicationGateways/.test/default/dependencies.bicep index 5189e841f2..e100d9a204 100644 --- a/modules/Microsoft.Network/applicationGateways/.test/default/dependencies.bicep +++ b/modules/Microsoft.Network/applicationGateways/.test/default/dependencies.bicep @@ -10,6 +10,14 @@ param publicIPName string @description('Required. The name of the Managed Identity to create.') param managedIdentityName string +@description('Required. The name of the Key Vault to create.') +param keyVaultName string + +@description('Required. The name of the Deployment Script to create for the Certificate generation.') +param certDeploymentScriptName string + +var CertName = 'applicationGatewaySslCertificate' + resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { name: virtualNetworkName location: location @@ -39,6 +47,52 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018- location: location } +resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = { + name: keyVaultName + location: location + properties: { + sku: { + family: 'A' + name: 'standard' + } + tenantId: tenant().tenantId + enablePurgeProtection: null + enabledForTemplateDeployment: true + enabledForDiskEncryption: true + enabledForDeployment: true + enableRbacAuthorization: true + accessPolicies: [] + } +} + +resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = { + name: guid('msi-${managedIdentity.name}-KeyVault-Admin-RoleAssignment') + scope: keyVault + properties: { + principalId: managedIdentity.properties.principalId + roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483') // Key Vault Administrator + principalType: 'ServicePrincipal' + } +} + +resource certDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = { + name: certDeploymentScriptName + location: location + kind: 'AzurePowerShell' + identity: { + type: 'UserAssigned' + userAssignedIdentities: { + '${managedIdentity.id}': {} + } + } + properties: { + azPowerShellVersion: '3.0' + retentionInterval: 'P1D' + arguments: ' -KeyVaultName "${keyVault.name}" -CertName "${CertName}"' + scriptContent: loadTextContent('../.scripts/New-Certificate.ps1') + } +} + @description('The resource ID of the created Virtual Network Subnet.') output subnetResourceId string = virtualNetwork.properties.subnets[0].id @@ -48,5 +102,8 @@ output publicIPResourceId string = publicIP.id @description('The resource ID of the created Managed Identity.') output managedIdentityResourceId string = managedIdentity.id +@description('The URL of the created certificate.') +output certificateUrl string = certDeploymentScript.properties.outputs.secretUrl + @description('The principal ID of the created Managed Identity.') output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/modules/Microsoft.Network/applicationGateways/.test/default/deploy.test.bicep b/modules/Microsoft.Network/applicationGateways/.test/default/deploy.test.bicep index 39b1d55dfe..c659262c74 100644 --- a/modules/Microsoft.Network/applicationGateways/.test/default/deploy.test.bicep +++ b/modules/Microsoft.Network/applicationGateways/.test/default/deploy.test.bicep @@ -31,6 +31,8 @@ module resourceGroupResources 'dependencies.bicep' = { virtualNetworkName: 'dep-<>-vnet-${serviceShort}' publicIPName: 'dep-<>-pip-${serviceShort}' managedIdentityName: 'dep-<>-msi-${serviceShort}' + certDeploymentScriptName: 'dep-<>-ds-${serviceShort}' + keyVaultName: 'dep-<>-kv-${serviceShort}' } } @@ -119,7 +121,7 @@ module testDeployment '../../deploy.bicep' = { privateIPAddress: '10.0.8.6' privateIPAllocationMethod: 'Static' subnet: { - id: '${resourceGroup.id}/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-007' + id: resourceGroupResources.outputs.subnetResourceId } } } @@ -128,7 +130,7 @@ module testDeployment '../../deploy.bicep' = { properties: { privateIPAllocationMethod: 'Dynamic' publicIPAddress: { - id: '${resourceGroup.id}/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-apgw' + id: resourceGroupResources.outputs.publicIPResourceId } } } @@ -362,7 +364,7 @@ module testDeployment '../../deploy.bicep' = { { name: '<>-az-apgw-x-001-ssl-certificate' properties: { - keyVaultSecretId: 'https://adp-<>-az-kv-x-001.vault.azure.net/secrets/applicationGatewaySslCertificate' + keyVaultSecretId: resourceGroupResources.outputs.certificateSecretUrl } } ] diff --git a/modules/Microsoft.Network/applicationGateways/readme.md b/modules/Microsoft.Network/applicationGateways/readme.md index 41f64ed24f..24683725e0 100644 --- a/modules/Microsoft.Network/applicationGateways/readme.md +++ b/modules/Microsoft.Network/applicationGateways/readme.md @@ -231,7 +231,7 @@ The following module usage examples are retrieved from the content of the files >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Parameters

+

Example 1: Default

@@ -239,10 +239,10 @@ The following module usage examples are retrieved from the content of the files ```bicep module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-ApplicationGateways' + name: '${uniqueString(deployment().name)}-test-nagdef' params: { // Required parameters - name: '<>-az-apgw-x-001' + name: '' // Non-required parameters backendAddressPools: [ { @@ -284,18 +284,18 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep pickHostNameFromBackendAddress: false port: 80 probe: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/probes/privateVmHttpSettingProbe' + id: '${appGWExpectedResourceID}/probes/privateVmHttpSettingProbe' } protocol: 'Http' requestTimeout: 30 } } ] - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' + diagnosticEventHubAuthorizationRuleId: '' + diagnosticEventHubName: '' diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' + diagnosticStorageAccountId: '' + diagnosticWorkspaceId: '' enableHttp2: true frontendIPConfigurations: [ { @@ -304,7 +304,7 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep privateIPAddress: '10.0.8.6' privateIPAllocationMethod: 'Static' subnet: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-007' + id: '' } } } @@ -313,7 +313,7 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep properties: { privateIPAllocationMethod: 'Dynamic' publicIPAddress: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-apgw' + id: '' } } } @@ -349,7 +349,7 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep name: 'apw-ip-configuration' properties: { subnet: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-007' + id: '' } } } @@ -359,16 +359,16 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep name: 'public443' properties: { frontendIPConfiguration: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/public' + id: '${appGWExpectedResourceID}/frontendIPConfigurations/public' } frontendPort: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port443' + id: '${appGWExpectedResourceID}/frontendPorts/port443' } hostNames: [] protocol: 'https' requireServerNameIndication: false sslCertificate: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/sslCertificates/<>-az-apgw-x-001-ssl-certificate' + id: '${appGWExpectedResourceID}/sslCertificates/<>-az-apgw-x-001-ssl-certificate' } } } @@ -376,16 +376,16 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep name: 'private4433' properties: { frontendIPConfiguration: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/private' + id: '${appGWExpectedResourceID}/frontendIPConfigurations/private' } frontendPort: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port4433' + id: '${appGWExpectedResourceID}/frontendPorts/port4433' } hostNames: [] protocol: 'https' requireServerNameIndication: false sslCertificate: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/sslCertificates/<>-az-apgw-x-001-ssl-certificate' + id: '${appGWExpectedResourceID}/sslCertificates/<>-az-apgw-x-001-ssl-certificate' } } } @@ -393,10 +393,10 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep name: 'httpRedirect80' properties: { frontendIPConfiguration: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/public' + id: '${appGWExpectedResourceID}/frontendIPConfigurations/public' } frontendPort: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port80' + id: '${appGWExpectedResourceID}/frontendPorts/port80' } hostNames: [] protocol: 'Http' @@ -407,10 +407,10 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep name: 'httpRedirect8080' properties: { frontendIPConfiguration: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/private' + id: '${appGWExpectedResourceID}/frontendIPConfigurations/private' } frontendPort: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port8080' + id: '${appGWExpectedResourceID}/frontendPorts/port8080' } hostNames: [] protocol: 'Http' @@ -449,11 +449,11 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep redirectType: 'Permanent' requestRoutingRules: [ { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/requestRoutingRules/httpRedirect80-public443' + id: '${appGWExpectedResourceID}/requestRoutingRules/httpRedirect80-public443' } ] targetListener: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/public443' + id: '${appGWExpectedResourceID}/httpListeners/public443' } } } @@ -465,11 +465,11 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep redirectType: 'Permanent' requestRoutingRules: [ { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/requestRoutingRules/httpRedirect8080-private4433' + id: '${appGWExpectedResourceID}/requestRoutingRules/httpRedirect8080-private4433' } ] targetListener: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/private4433' + id: '${appGWExpectedResourceID}/httpListeners/private4433' } } } @@ -479,13 +479,13 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep name: 'public443-appServiceBackendHttpsSetting-appServiceBackendHttpsSetting' properties: { backendAddressPool: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendAddressPools/appServiceBackendPool' + id: '${appGWExpectedResourceID}/backendAddressPools/appServiceBackendPool' } backendHttpSettings: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendHttpSettingsCollection/appServiceBackendHttpsSetting' + id: '${appGWExpectedResourceID}/backendHttpSettingsCollection/appServiceBackendHttpsSetting' } httpListener: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/public443' + id: '${appGWExpectedResourceID}/httpListeners/public443' } priority: 200 ruleType: 'Basic' @@ -495,13 +495,13 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep name: 'private4433-privateVmHttpSetting-privateVmHttpSetting' properties: { backendAddressPool: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendAddressPools/privateVmBackendPool' + id: '${appGWExpectedResourceID}/backendAddressPools/privateVmBackendPool' } backendHttpSettings: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendHttpSettingsCollection/privateVmHttpSetting' + id: '${appGWExpectedResourceID}/backendHttpSettingsCollection/privateVmHttpSetting' } httpListener: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/private4433' + id: '${appGWExpectedResourceID}/httpListeners/private4433' } priority: 250 ruleType: 'Basic' @@ -511,11 +511,11 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep name: 'httpRedirect80-public443' properties: { httpListener: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/httpRedirect80' + id: '${appGWExpectedResourceID}/httpListeners/httpRedirect80' } priority: 300 redirectConfiguration: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/redirectConfigurations/httpRedirect80' + id: '${appGWExpectedResourceID}/redirectConfigurations/httpRedirect80' } ruleType: 'Basic' } @@ -524,11 +524,11 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep name: 'httpRedirect8080-private4433' properties: { httpListener: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/httpRedirect8080' + id: '${appGWExpectedResourceID}/httpListeners/httpRedirect8080' } priority: 350 redirectConfiguration: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/redirectConfigurations/httpRedirect8080' + id: '${appGWExpectedResourceID}/redirectConfigurations/httpRedirect8080' } ruleType: 'Basic' } @@ -537,7 +537,7 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep roleAssignments: [ { principalIds: [ - '<>' + '' ] roleDefinitionIdOrName: 'Reader' } @@ -547,12 +547,12 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep { name: '<>-az-apgw-x-001-ssl-certificate' properties: { - keyVaultSecretId: 'https://adp-<>-az-kv-x-001.vault.azure.net/secrets/applicationGatewaySslCertificate' + keyVaultSecretId: '' } } ] userAssignedIdentities: { - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} + '': {} } webApplicationFirewallConfiguration: { disabledRuleGroups: [] @@ -582,7 +582,7 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "parameters": { // Required parameters "name": { - "value": "<>-az-apgw-x-001" + "value": "" }, // Non-required parameters "backendAddressPools": { @@ -628,7 +628,7 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "pickHostNameFromBackendAddress": false, "port": 80, "probe": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/probes/privateVmHttpSettingProbe" + "id": "${appGWExpectedResourceID}/probes/privateVmHttpSettingProbe" }, "protocol": "Http", "requestTimeout": 30 @@ -637,19 +637,19 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep ] }, "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" + "value": "" }, "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" + "value": "" }, "diagnosticLogsRetentionInDays": { "value": 7 }, "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" + "value": "" }, "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" + "value": "" }, "enableHttp2": { "value": true @@ -662,7 +662,7 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "privateIPAddress": "10.0.8.6", "privateIPAllocationMethod": "Static", "subnet": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-007" + "id": "" } } }, @@ -671,7 +671,7 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "properties": { "privateIPAllocationMethod": "Dynamic", "publicIPAddress": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-apgw" + "id": "" } } } @@ -711,7 +711,7 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "name": "apw-ip-configuration", "properties": { "subnet": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-007" + "id": "" } } } @@ -723,16 +723,16 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "name": "public443", "properties": { "frontendIPConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/public" + "id": "${appGWExpectedResourceID}/frontendIPConfigurations/public" }, "frontendPort": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port443" + "id": "${appGWExpectedResourceID}/frontendPorts/port443" }, "hostNames": [], "protocol": "https", "requireServerNameIndication": false, "sslCertificate": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/sslCertificates/<>-az-apgw-x-001-ssl-certificate" + "id": "${appGWExpectedResourceID}/sslCertificates/<>-az-apgw-x-001-ssl-certificate" } } }, @@ -740,16 +740,16 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "name": "private4433", "properties": { "frontendIPConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/private" + "id": "${appGWExpectedResourceID}/frontendIPConfigurations/private" }, "frontendPort": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port4433" + "id": "${appGWExpectedResourceID}/frontendPorts/port4433" }, "hostNames": [], "protocol": "https", "requireServerNameIndication": false, "sslCertificate": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/sslCertificates/<>-az-apgw-x-001-ssl-certificate" + "id": "${appGWExpectedResourceID}/sslCertificates/<>-az-apgw-x-001-ssl-certificate" } } }, @@ -757,10 +757,10 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "name": "httpRedirect80", "properties": { "frontendIPConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/public" + "id": "${appGWExpectedResourceID}/frontendIPConfigurations/public" }, "frontendPort": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port80" + "id": "${appGWExpectedResourceID}/frontendPorts/port80" }, "hostNames": [], "protocol": "Http", @@ -771,10 +771,10 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "name": "httpRedirect8080", "properties": { "frontendIPConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/private" + "id": "${appGWExpectedResourceID}/frontendIPConfigurations/private" }, "frontendPort": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port8080" + "id": "${appGWExpectedResourceID}/frontendPorts/port8080" }, "hostNames": [], "protocol": "Http", @@ -819,11 +819,11 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "redirectType": "Permanent", "requestRoutingRules": [ { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/requestRoutingRules/httpRedirect80-public443" + "id": "${appGWExpectedResourceID}/requestRoutingRules/httpRedirect80-public443" } ], "targetListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/public443" + "id": "${appGWExpectedResourceID}/httpListeners/public443" } } }, @@ -835,11 +835,11 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "redirectType": "Permanent", "requestRoutingRules": [ { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/requestRoutingRules/httpRedirect8080-private4433" + "id": "${appGWExpectedResourceID}/requestRoutingRules/httpRedirect8080-private4433" } ], "targetListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/private4433" + "id": "${appGWExpectedResourceID}/httpListeners/private4433" } } } @@ -851,13 +851,13 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "name": "public443-appServiceBackendHttpsSetting-appServiceBackendHttpsSetting", "properties": { "backendAddressPool": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendAddressPools/appServiceBackendPool" + "id": "${appGWExpectedResourceID}/backendAddressPools/appServiceBackendPool" }, "backendHttpSettings": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendHttpSettingsCollection/appServiceBackendHttpsSetting" + "id": "${appGWExpectedResourceID}/backendHttpSettingsCollection/appServiceBackendHttpsSetting" }, "httpListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/public443" + "id": "${appGWExpectedResourceID}/httpListeners/public443" }, "priority": 200, "ruleType": "Basic" @@ -867,13 +867,13 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "name": "private4433-privateVmHttpSetting-privateVmHttpSetting", "properties": { "backendAddressPool": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendAddressPools/privateVmBackendPool" + "id": "${appGWExpectedResourceID}/backendAddressPools/privateVmBackendPool" }, "backendHttpSettings": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendHttpSettingsCollection/privateVmHttpSetting" + "id": "${appGWExpectedResourceID}/backendHttpSettingsCollection/privateVmHttpSetting" }, "httpListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/private4433" + "id": "${appGWExpectedResourceID}/httpListeners/private4433" }, "priority": 250, "ruleType": "Basic" @@ -883,11 +883,11 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "name": "httpRedirect80-public443", "properties": { "httpListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/httpRedirect80" + "id": "${appGWExpectedResourceID}/httpListeners/httpRedirect80" }, "priority": 300, "redirectConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/redirectConfigurations/httpRedirect80" + "id": "${appGWExpectedResourceID}/redirectConfigurations/httpRedirect80" }, "ruleType": "Basic" } @@ -896,11 +896,11 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "name": "httpRedirect8080-private4433", "properties": { "httpListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/httpRedirect8080" + "id": "${appGWExpectedResourceID}/httpListeners/httpRedirect8080" }, "priority": 350, "redirectConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/redirectConfigurations/httpRedirect8080" + "id": "${appGWExpectedResourceID}/redirectConfigurations/httpRedirect8080" }, "ruleType": "Basic" } @@ -911,7 +911,7 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "value": [ { "principalIds": [ - "<>" + "" ], "roleDefinitionIdOrName": "Reader" } @@ -925,14 +925,14 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep { "name": "<>-az-apgw-x-001-ssl-certificate", "properties": { - "keyVaultSecretId": "https://adp-<>-az-kv-x-001.vault.azure.net/secrets/applicationGatewaySslCertificate" + "keyVaultSecretId": "" } } ] }, "userAssignedIdentities": { "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} + "": {} } }, "webApplicationFirewallConfiguration": { From 6bacd6362957b3bb1dbaf51de30b71b7e8019563 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Fri, 2 Sep 2022 21:57:41 +0200 Subject: [PATCH 03/19] Update to latest --- .../applicationGateways/.test/default/dependencies.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Network/applicationGateways/.test/default/dependencies.bicep b/modules/Microsoft.Network/applicationGateways/.test/default/dependencies.bicep index e100d9a204..43eee05964 100644 --- a/modules/Microsoft.Network/applicationGateways/.test/default/dependencies.bicep +++ b/modules/Microsoft.Network/applicationGateways/.test/default/dependencies.bicep @@ -103,7 +103,7 @@ output publicIPResourceId string = publicIP.id output managedIdentityResourceId string = managedIdentity.id @description('The URL of the created certificate.') -output certificateUrl string = certDeploymentScript.properties.outputs.secretUrl +output certificateSecretUrl string = certDeploymentScript.properties.outputs.secretUrl @description('The principal ID of the created Managed Identity.') output managedIdentityPrincipalId string = managedIdentity.properties.principalId From a9b9205025c41afebaeb49ad5a9bab5caa7d3b54 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Fri, 2 Sep 2022 22:24:44 +0200 Subject: [PATCH 04/19] Fixed pip deployment --- .../applicationGateways/.test/default/dependencies.bicep | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/Microsoft.Network/applicationGateways/.test/default/dependencies.bicep b/modules/Microsoft.Network/applicationGateways/.test/default/dependencies.bicep index 43eee05964..79224370ec 100644 --- a/modules/Microsoft.Network/applicationGateways/.test/default/dependencies.bicep +++ b/modules/Microsoft.Network/applicationGateways/.test/default/dependencies.bicep @@ -40,6 +40,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { resource publicIP 'Microsoft.Network/publicIPAddresses@2022-01-01' = { name: publicIPName + location: location } resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { From 568325a6a10c4ffd5c5c1dc8a4e6e7f8ae69aede Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sat, 3 Sep 2022 10:04:23 +0200 Subject: [PATCH 05/19] sync --- .../.test/.scripts/New-Certificate.ps1 | 36 ++++++++++--------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 b/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 index f0bbf2f7f8..4ac0aa918a 100644 --- a/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 +++ b/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 @@ -3,29 +3,31 @@ [string] $CertName ) -$policyInputObject = @{ - SecretContentType = 'application/x-pkcs12' - SubjectName = 'CN=fabrikam.com' - IssuerName = 'Self' - ValidityInMonths = 12 - ReuseKeyOnRenewal = $true -} -$certPolicy = New-AzKeyVaultCertificatePolicy @policyInputObject +if (-not ($certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -ErrorAction 'Stop')) { + $policyInputObject = @{ + SecretContentType = 'application/x-pkcs12' + SubjectName = 'CN=fabrikam.com' + IssuerName = 'Self' + ValidityInMonths = 12 + ReuseKeyOnRenewal = $true + } + $certPolicy = New-AzKeyVaultCertificatePolicy @policyInputObject -$null = Add-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -CertificatePolicy $certPolicy -Write-Verbose ('Initated creation of certificate [{0}] in key vault [{1}]' -f $CertName, $KeyVaultName) -Verbose + $null = Add-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -CertificatePolicy $certPolicy + Write-Verbose ('Initated creation of certificate [{0}] in key vault [{1}]' -f $CertName, $KeyVaultName) -Verbose -while (-not (Get-AzKeyVaultCertificateOperation -VaultName $KeyVaultName -Name $CertName).Status -eq 'completed') { - Write-Verbose 'Waiting 10 seconds for certificate creation' -Verbose - Start-Sleep 10 -} + while (-not (Get-AzKeyVaultCertificateOperation -VaultName $KeyVaultName -Name $CertName).Status -eq 'completed') { + Write-Verbose 'Waiting 10 seconds for certificate creation' -Verbose + Start-Sleep 10 + } -Write-Verbose 'Certificate created' -Verbose + Write-Verbose 'Certificate created' -Verbose -$certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName + + $certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -ErrorAction 'Stop' +} # Write into Deployment Script output stream $DeploymentScriptOutputs = @{ - # Requires conversion as the script otherwise returns an object instead of the plain public key string secretUrl = $certificate.SecretId } From fd3a149060197528cad6de2188ca0ef311f3241c Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sat, 3 Sep 2022 10:04:34 +0200 Subject: [PATCH 06/19] Update to latest --- .../applicationGateways/.test/.scripts/New-Certificate.ps1 | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 b/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 index 4ac0aa918a..e238507074 100644 --- a/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 +++ b/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 @@ -23,7 +23,6 @@ if (-not ($certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Nam Write-Verbose 'Certificate created' -Verbose - $certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -ErrorAction 'Stop' } From 60fbbb5485648f501482f553649f0a115f2baf9d Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sat, 3 Sep 2022 11:49:14 +0200 Subject: [PATCH 07/19] Update to latest --- .../.test/default/dependencies.bicep | 7 +++++ .../.test/default/deploy.test.bicep | 28 +++++++++---------- 2 files changed, 21 insertions(+), 14 deletions(-) diff --git a/modules/Microsoft.Network/applicationGateways/.test/default/dependencies.bicep b/modules/Microsoft.Network/applicationGateways/.test/default/dependencies.bicep index 79224370ec..daf1a40a31 100644 --- a/modules/Microsoft.Network/applicationGateways/.test/default/dependencies.bicep +++ b/modules/Microsoft.Network/applicationGateways/.test/default/dependencies.bicep @@ -41,6 +41,13 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { resource publicIP 'Microsoft.Network/publicIPAddresses@2022-01-01' = { name: publicIPName location: location + sku: { + name: 'Standard' + tier: 'Regional' + } + properties: { + publicIPAllocationMethod: 'Static' + } } resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { diff --git a/modules/Microsoft.Network/applicationGateways/.test/default/deploy.test.bicep b/modules/Microsoft.Network/applicationGateways/.test/default/deploy.test.bicep index c659262c74..20d8c49add 100644 --- a/modules/Microsoft.Network/applicationGateways/.test/default/deploy.test.bicep +++ b/modules/Microsoft.Network/applicationGateways/.test/default/deploy.test.bicep @@ -28,11 +28,11 @@ module resourceGroupResources 'dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-paramNested' params: { - virtualNetworkName: 'dep-<>-vnet-${serviceShort}' - publicIPName: 'dep-<>-pip-${serviceShort}' - managedIdentityName: 'dep-<>-msi-${serviceShort}' - certDeploymentScriptName: 'dep-<>-ds-${serviceShort}' - keyVaultName: 'dep-<>-kv-${serviceShort}' + virtualNetworkName: 'dep-carml-vnet-${serviceShort}' + publicIPName: 'dep-carml-pip-${serviceShort}' + managedIdentityName: 'dep-carml-msi-${serviceShort}' + certDeploymentScriptName: 'dep-carml-ds-${serviceShort}' + keyVaultName: 'dep-carml-kv-${serviceShort}' } } @@ -42,10 +42,10 @@ module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnost scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { - storageAccountName: 'dep<>diasa${serviceShort}01' - logAnalyticsWorkspaceName: 'dep-<>-law-${serviceShort}' - eventHubNamespaceEventHubName: 'dep-<>-evh-${serviceShort}' - eventHubNamespaceName: 'dep-<>-evhns-${serviceShort}' + storageAccountName: 'depcarmldiasa${serviceShort}01' + logAnalyticsWorkspaceName: 'dep-carml-law-${serviceShort}' + eventHubNamespaceEventHubName: 'dep-carml-evh-${serviceShort}' + eventHubNamespaceName: 'dep-carml-evhns-${serviceShort}' location: location } } @@ -54,7 +54,7 @@ module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnost // Test Execution // // ============== // -var appGWName = '<>${serviceShort}001' +var appGWName = 'carml${serviceShort}001' var appGWExpectedResourceID = '${resourceGroup.id}/providers/Microsoft.Network/applicationGateways/${appGWName}' module testDeployment '../../deploy.bicep' = { scope: resourceGroup @@ -118,7 +118,7 @@ module testDeployment '../../deploy.bicep' = { { name: 'private' properties: { - privateIPAddress: '10.0.8.6' + privateIPAddress: '10.0.0.20' privateIPAllocationMethod: 'Static' subnet: { id: resourceGroupResources.outputs.subnetResourceId @@ -185,7 +185,7 @@ module testDeployment '../../deploy.bicep' = { protocol: 'https' requireServerNameIndication: false sslCertificate: { - id: '${appGWExpectedResourceID}/sslCertificates/<>-az-apgw-x-001-ssl-certificate' + id: '${appGWExpectedResourceID}/sslCertificates/carml-az-apgw-x-001-ssl-certificate' } } } @@ -202,7 +202,7 @@ module testDeployment '../../deploy.bicep' = { protocol: 'https' requireServerNameIndication: false sslCertificate: { - id: '${appGWExpectedResourceID}/sslCertificates/<>-az-apgw-x-001-ssl-certificate' + id: '${appGWExpectedResourceID}/sslCertificates/carml-az-apgw-x-001-ssl-certificate' } } } @@ -362,7 +362,7 @@ module testDeployment '../../deploy.bicep' = { sku: 'WAF_v2' sslCertificates: [ { - name: '<>-az-apgw-x-001-ssl-certificate' + name: 'carml-az-apgw-x-001-ssl-certificate' properties: { keyVaultSecretId: resourceGroupResources.outputs.certificateSecretUrl } From 18b4cbcdca37a55e16e67e835cea882114cc193e Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sat, 3 Sep 2022 12:02:37 +0200 Subject: [PATCH 08/19] Update to latest --- .../.test/default/deploy.test.bicep | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/modules/Microsoft.Network/applicationGateways/.test/default/deploy.test.bicep b/modules/Microsoft.Network/applicationGateways/.test/default/deploy.test.bicep index 20d8c49add..c6ebc6e89a 100644 --- a/modules/Microsoft.Network/applicationGateways/.test/default/deploy.test.bicep +++ b/modules/Microsoft.Network/applicationGateways/.test/default/deploy.test.bicep @@ -28,11 +28,11 @@ module resourceGroupResources 'dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-paramNested' params: { - virtualNetworkName: 'dep-carml-vnet-${serviceShort}' - publicIPName: 'dep-carml-pip-${serviceShort}' - managedIdentityName: 'dep-carml-msi-${serviceShort}' - certDeploymentScriptName: 'dep-carml-ds-${serviceShort}' - keyVaultName: 'dep-carml-kv-${serviceShort}' + virtualNetworkName: 'dep-<>-vnet-${serviceShort}' + publicIPName: 'dep-<>-pip-${serviceShort}' + managedIdentityName: 'dep-<>-msi-${serviceShort}' + certDeploymentScriptName: 'dep-<>-ds-${serviceShort}' + keyVaultName: 'dep-<>-kv-${serviceShort}' } } @@ -42,10 +42,10 @@ module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnost scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { - storageAccountName: 'depcarmldiasa${serviceShort}01' - logAnalyticsWorkspaceName: 'dep-carml-law-${serviceShort}' - eventHubNamespaceEventHubName: 'dep-carml-evh-${serviceShort}' - eventHubNamespaceName: 'dep-carml-evhns-${serviceShort}' + storageAccountName: 'dep<>diasa${serviceShort}01' + logAnalyticsWorkspaceName: 'dep-<>-law-${serviceShort}' + eventHubNamespaceEventHubName: 'dep-<>-evh-${serviceShort}' + eventHubNamespaceName: 'dep-<>-evhns-${serviceShort}' location: location } } @@ -54,7 +54,7 @@ module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnost // Test Execution // // ============== // -var appGWName = 'carml${serviceShort}001' +var appGWName = '<>${serviceShort}001' var appGWExpectedResourceID = '${resourceGroup.id}/providers/Microsoft.Network/applicationGateways/${appGWName}' module testDeployment '../../deploy.bicep' = { scope: resourceGroup @@ -185,7 +185,7 @@ module testDeployment '../../deploy.bicep' = { protocol: 'https' requireServerNameIndication: false sslCertificate: { - id: '${appGWExpectedResourceID}/sslCertificates/carml-az-apgw-x-001-ssl-certificate' + id: '${appGWExpectedResourceID}/sslCertificates/<>-az-apgw-x-001-ssl-certificate' } } } @@ -202,7 +202,7 @@ module testDeployment '../../deploy.bicep' = { protocol: 'https' requireServerNameIndication: false sslCertificate: { - id: '${appGWExpectedResourceID}/sslCertificates/carml-az-apgw-x-001-ssl-certificate' + id: '${appGWExpectedResourceID}/sslCertificates/<>-az-apgw-x-001-ssl-certificate' } } } @@ -362,7 +362,7 @@ module testDeployment '../../deploy.bicep' = { sku: 'WAF_v2' sslCertificates: [ { - name: 'carml-az-apgw-x-001-ssl-certificate' + name: '<>-az-apgw-x-001-ssl-certificate' properties: { keyVaultSecretId: resourceGroupResources.outputs.certificateSecretUrl } From b7aa360190d4ee72207dc303530af1fe249496ed Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sat, 3 Sep 2022 12:21:37 +0200 Subject: [PATCH 09/19] Updated docs --- modules/Microsoft.Network/applicationGateways/readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.Network/applicationGateways/readme.md b/modules/Microsoft.Network/applicationGateways/readme.md index 24683725e0..eb05b8beec 100644 --- a/modules/Microsoft.Network/applicationGateways/readme.md +++ b/modules/Microsoft.Network/applicationGateways/readme.md @@ -301,7 +301,7 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep { name: 'private' properties: { - privateIPAddress: '10.0.8.6' + privateIPAddress: '10.0.0.20' privateIPAllocationMethod: 'Static' subnet: { id: '' @@ -659,7 +659,7 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep { "name": "private", "properties": { - "privateIPAddress": "10.0.8.6", + "privateIPAddress": "10.0.0.20", "privateIPAllocationMethod": "Static", "subnet": { "id": "" From dc2ef2ec8a7baf5ed6877b7ec2d619024383e7f8 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sat, 3 Sep 2022 13:14:43 +0200 Subject: [PATCH 10/19] Update to latest --- .../applicationGateways/.test/.scripts/New-Certificate.ps1 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 b/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 index e238507074..2d5df24ade 100644 --- a/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 +++ b/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 @@ -23,7 +23,10 @@ if (-not ($certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Nam Write-Verbose 'Certificate created' -Verbose - $certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -ErrorAction 'Stop' + while (-not ($certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -ErrorAction 'Stop')) { + Write-Verbose 'Waiting 10 seconds until certificate can be fetched' -Verbose + Start-Sleep 10 + } } # Write into Deployment Script output stream From a1b196875c1d07a0ac225b66a4ff8c8202fec987 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sat, 3 Sep 2022 14:13:11 +0200 Subject: [PATCH 11/19] Updaed script --- .../.test/.scripts/New-Certificate.ps1 | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 b/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 index 2d5df24ade..8ab46b1c4a 100644 --- a/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 +++ b/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 @@ -3,7 +3,9 @@ [string] $CertName ) -if (-not ($certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -ErrorAction 'Stop')) { +$certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -ErrorAction 'Stop' + +if (-not $certificate) { $policyInputObject = @{ SecretContentType = 'application/x-pkcs12' SubjectName = 'CN=fabrikam.com' @@ -22,14 +24,17 @@ if (-not ($certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Nam } Write-Verbose 'Certificate created' -Verbose +} - while (-not ($certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -ErrorAction 'Stop')) { - Write-Verbose 'Waiting 10 seconds until certificate can be fetched' -Verbose - Start-Sleep 10 - } +$secretId = $certificate.SecretId +while ([String]::IsNullOrEmpty($secretId)) { + Write-Verbose 'Waiting 10 seconds until certificate can be fetched' -Verbose + Start-Sleep 10 + $certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -ErrorAction 'Stop' + $secretId = $certificate.SecretId } # Write into Deployment Script output stream $DeploymentScriptOutputs = @{ - secretUrl = $certificate.SecretId + secretUrl = $secretId } From ff67d2e88b87f19d5ca8ee383d0ab98de7ce686f Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 8 Sep 2022 19:37:20 +0200 Subject: [PATCH 12/19] Updated folder default to common. --- .../.test/{default => common}/dependencies.bicep | 0 .../.test/{default => common}/deploy.test.bicep | 0 modules/Microsoft.Network/applicationGateways/readme.md | 2 +- 3 files changed, 1 insertion(+), 1 deletion(-) rename modules/Microsoft.Network/applicationGateways/.test/{default => common}/dependencies.bicep (100%) rename modules/Microsoft.Network/applicationGateways/.test/{default => common}/deploy.test.bicep (100%) diff --git a/modules/Microsoft.Network/applicationGateways/.test/default/dependencies.bicep b/modules/Microsoft.Network/applicationGateways/.test/common/dependencies.bicep similarity index 100% rename from modules/Microsoft.Network/applicationGateways/.test/default/dependencies.bicep rename to modules/Microsoft.Network/applicationGateways/.test/common/dependencies.bicep diff --git a/modules/Microsoft.Network/applicationGateways/.test/default/deploy.test.bicep b/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep similarity index 100% rename from modules/Microsoft.Network/applicationGateways/.test/default/deploy.test.bicep rename to modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep diff --git a/modules/Microsoft.Network/applicationGateways/readme.md b/modules/Microsoft.Network/applicationGateways/readme.md index eb05b8beec..1059eb85e1 100644 --- a/modules/Microsoft.Network/applicationGateways/readme.md +++ b/modules/Microsoft.Network/applicationGateways/readme.md @@ -231,7 +231,7 @@ The following module usage examples are retrieved from the content of the files >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Default

+

Example 1: Common

From 7135cc4ce3385d9d9afc1f5716350d21918e319e Mon Sep 17 00:00:00 2001 From: MrMCake Date: Fri, 9 Sep 2022 12:53:09 +0200 Subject: [PATCH 13/19] Update to latest --- .../applicationGateways/.test/common/deploy.test.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep b/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep index c6ebc6e89a..340de1c0b5 100644 --- a/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep @@ -10,8 +10,8 @@ param resourceGroupName string = 'ms.network.applicationgateways-${serviceShort} @description('Optional. The location to deploy resources to') param location string = deployment().location -@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints') -param serviceShort string = 'nagdef' +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') +param serviceShort string = 'nagcom' // =========== // // Deployments // From 2ad6e85136fb66a142aa541a1e11994850fd783a Mon Sep 17 00:00:00 2001 From: MrMCake Date: Fri, 9 Sep 2022 13:06:29 +0200 Subject: [PATCH 14/19] Update to latest --- .../applicationGateways/.test/common/deploy.test.bicep | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep b/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep index 340de1c0b5..bd6830ee65 100644 --- a/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep @@ -3,14 +3,14 @@ targetScope = 'subscription' // ========== // // Parameters // // ========== // -@description('Optional. The name of the resource group to deploy for a testing purposes') +@description('Optional. The name of the resource group to deploy for a testing purposes.') @maxLength(90) param resourceGroupName string = 'ms.network.applicationgateways-${serviceShort}-rg' -@description('Optional. The location to deploy resources to') +@description('Optional. The location to deploy resources to.') param location string = deployment().location -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'nagcom' // =========== // From 374da4ae48d4c408b5f587690ace87300e0115cf Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Mon, 19 Sep 2022 08:23:04 +0200 Subject: [PATCH 15/19] Update modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep --- .../applicationGateways/.test/common/deploy.test.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep b/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep index bd6830ee65..ff34297ad7 100644 --- a/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep @@ -3,7 +3,7 @@ targetScope = 'subscription' // ========== // // Parameters // // ========== // -@description('Optional. The name of the resource group to deploy for a testing purposes.') +@description('Optional. The name of the resource group to deploy for testing purposes.') @maxLength(90) param resourceGroupName string = 'ms.network.applicationgateways-${serviceShort}-rg' From d0bff09ccb16fa40c338bd7f82a70a3412c49328 Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Tue, 11 Oct 2022 13:02:55 +0200 Subject: [PATCH 16/19] Update modules/Microsoft.Network/applicationGateways/.test/common/dependencies.bicep Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- .../applicationGateways/.test/common/dependencies.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Network/applicationGateways/.test/common/dependencies.bicep b/modules/Microsoft.Network/applicationGateways/.test/common/dependencies.bicep index daf1a40a31..f29dd35c07 100644 --- a/modules/Microsoft.Network/applicationGateways/.test/common/dependencies.bicep +++ b/modules/Microsoft.Network/applicationGateways/.test/common/dependencies.bicep @@ -94,7 +94,7 @@ resource certDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' } } properties: { - azPowerShellVersion: '3.0' + azPowerShellVersion: '8.0' retentionInterval: 'P1D' arguments: ' -KeyVaultName "${keyVault.name}" -CertName "${CertName}"' scriptContent: loadTextContent('../.scripts/New-Certificate.ps1') From fb22a97f34bec8e1863cf7947f5e4ee019866af8 Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Tue, 11 Oct 2022 13:03:16 +0200 Subject: [PATCH 17/19] Update modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- .../applicationGateways/.test/.scripts/New-Certificate.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 b/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 index 8ab46b1c4a..8e723c072c 100644 --- a/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 +++ b/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 @@ -16,7 +16,7 @@ if (-not $certificate) { $certPolicy = New-AzKeyVaultCertificatePolicy @policyInputObject $null = Add-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -CertificatePolicy $certPolicy - Write-Verbose ('Initated creation of certificate [{0}] in key vault [{1}]' -f $CertName, $KeyVaultName) -Verbose + Write-Verbose ('Initiated creation of certificate [{0}] in key vault [{1}]' -f $CertName, $KeyVaultName) -Verbose while (-not (Get-AzKeyVaultCertificateOperation -VaultName $KeyVaultName -Name $CertName).Status -eq 'completed') { Write-Verbose 'Waiting 10 seconds for certificate creation' -Verbose From ae06a8cb14291820da400524568e4277d6d4fab7 Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Tue, 11 Oct 2022 13:03:41 +0200 Subject: [PATCH 18/19] Update modules/Microsoft.Network/applicationGateways/.test/common/dependencies.bicep Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- .../applicationGateways/.test/common/dependencies.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Network/applicationGateways/.test/common/dependencies.bicep b/modules/Microsoft.Network/applicationGateways/.test/common/dependencies.bicep index f29dd35c07..19ccd21a1d 100644 --- a/modules/Microsoft.Network/applicationGateways/.test/common/dependencies.bicep +++ b/modules/Microsoft.Network/applicationGateways/.test/common/dependencies.bicep @@ -96,7 +96,7 @@ resource certDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' properties: { azPowerShellVersion: '8.0' retentionInterval: 'P1D' - arguments: ' -KeyVaultName "${keyVault.name}" -CertName "${CertName}"' + arguments: '-KeyVaultName "${keyVault.name}" -CertName "${CertName}"' scriptContent: loadTextContent('../.scripts/New-Certificate.ps1') } } From 2cb152cf1bd07c367ddf88c3675a9b33b11ae6a0 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Tue, 11 Oct 2022 13:04:30 +0200 Subject: [PATCH 19/19] Update to latest --- modules/Microsoft.Network/applicationGateways/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Network/applicationGateways/readme.md b/modules/Microsoft.Network/applicationGateways/readme.md index 45f6d300a0..8cbb7f1b3c 100644 --- a/modules/Microsoft.Network/applicationGateways/readme.md +++ b/modules/Microsoft.Network/applicationGateways/readme.md @@ -242,7 +242,7 @@ The following module usage examples are retrieved from the content of the files ```bicep module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-test-nagdef' + name: '${uniqueString(deployment().name)}-test-nagcom' params: { // Required parameters name: ''