From a10a60fa2ad4763541aca6fc34eb44fe5891b786 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 4 Sep 2022 18:35:33 +0200 Subject: [PATCH 01/15] Updated AzureFirewall to new dependency approach --- .../workflows/ms.network.azurefirewalls.yml | 3 +- .../.test/addpip.parameters.json | 20 --- .../.test/addpip/dependencies.bicep | 39 +++++ .../.test/addpip/deploy.test.bicep | 53 ++++++ .../.test/custompip.parameters.json | 37 ---- .../.test/custompip/dependencies.bicep | 50 ++++++ .../.test/custompip/deploy.test.bicep | 71 ++++++++ .../.test/default/dependencies.bicep | 50 ++++++ .../.test/default/deploy.test.bicep | 163 ++++++++++++++++++ .../azureFirewalls/.test/min.parameters.json | 12 -- .../.test/min/dependencies.bicep | 27 +++ .../.test/min/deploy.test.bicep | 60 +++++++ .../azureFirewalls/.test/parameters.json | 135 --------------- .../azureFirewalls/readme.md | 154 ++++++++--------- 14 files changed, 591 insertions(+), 283 deletions(-) delete mode 100644 modules/Microsoft.Network/azureFirewalls/.test/addpip.parameters.json create mode 100644 modules/Microsoft.Network/azureFirewalls/.test/addpip/dependencies.bicep create mode 100644 modules/Microsoft.Network/azureFirewalls/.test/addpip/deploy.test.bicep delete mode 100644 modules/Microsoft.Network/azureFirewalls/.test/custompip.parameters.json create mode 100644 modules/Microsoft.Network/azureFirewalls/.test/custompip/dependencies.bicep create mode 100644 modules/Microsoft.Network/azureFirewalls/.test/custompip/deploy.test.bicep create mode 100644 modules/Microsoft.Network/azureFirewalls/.test/default/dependencies.bicep create mode 100644 modules/Microsoft.Network/azureFirewalls/.test/default/deploy.test.bicep delete mode 100644 modules/Microsoft.Network/azureFirewalls/.test/min.parameters.json create mode 100644 modules/Microsoft.Network/azureFirewalls/.test/min/dependencies.bicep create mode 100644 modules/Microsoft.Network/azureFirewalls/.test/min/deploy.test.bicep delete mode 100644 modules/Microsoft.Network/azureFirewalls/.test/parameters.json diff --git a/.github/workflows/ms.network.azurefirewalls.yml b/.github/workflows/ms.network.azurefirewalls.yml index 22f7cceea8..4287854e8f 100644 --- a/.github/workflows/ms.network.azurefirewalls.yml +++ b/.github/workflows/ms.network.azurefirewalls.yml @@ -106,8 +106,7 @@ jobs: - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.resourceGroupName }}' subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/modules/Microsoft.Network/azureFirewalls/.test/addpip.parameters.json b/modules/Microsoft.Network/azureFirewalls/.test/addpip.parameters.json deleted file mode 100644 index bd881f7897..0000000000 --- a/modules/Microsoft.Network/azureFirewalls/.test/addpip.parameters.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fw-add-001" - }, - "vNetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-add-azfw" - }, - "additionalPublicIpConfigurations": { - "value": [ - { - "name": "ipConfig01", - "publicIPAddressResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-additional-fw" - } - ] - } - } -} diff --git a/modules/Microsoft.Network/azureFirewalls/.test/addpip/dependencies.bicep b/modules/Microsoft.Network/azureFirewalls/.test/addpip/dependencies.bicep new file mode 100644 index 0000000000..fb0f9451ca --- /dev/null +++ b/modules/Microsoft.Network/azureFirewalls/.test/addpip/dependencies.bicep @@ -0,0 +1,39 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +@description('Required. The name of the Public IP to create.') +param publicIPName string + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + '10.0.0.0/24' + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: '10.0.0.0/24' + } + } + ] + } +} + +resource publicIP 'Microsoft.Network/publicIPAddresses@2022-01-01' = { + name: publicIPName + location: location +} + +@description('The resource ID of the created Virtual Network.') +output virtualNetworkResourceId string = virtualNetwork.id + +@description('The resource ID of the created Public IP.') +output publicIPResourceId string = publicIP.id diff --git a/modules/Microsoft.Network/azureFirewalls/.test/addpip/deploy.test.bicep b/modules/Microsoft.Network/azureFirewalls/.test/addpip/deploy.test.bicep new file mode 100644 index 0000000000..36533f6808 --- /dev/null +++ b/modules/Microsoft.Network/azureFirewalls/.test/addpip/deploy.test.bicep @@ -0,0 +1,53 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for a testing purposes') +@maxLength(90) +param resourceGroupName string = 'ms.network.azurefirewalls-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints') +param serviceShort string = 'nafaddpip' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + virtualNetworkName: 'dep-<>-vnet-${serviceShort}' + publicIPName: 'dep-<>-pip-${serviceShort}' + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + vNetId: resourceGroupResources.outputs.virtualNetworkResourceId + additionalPublicIpConfigurations: [ + { + name: 'ipConfig01' + publicIPAddressResourceId: resourceGroupResources.outputs.publicIPResourceId + } + ] + } +} diff --git a/modules/Microsoft.Network/azureFirewalls/.test/custompip.parameters.json b/modules/Microsoft.Network/azureFirewalls/.test/custompip.parameters.json deleted file mode 100644 index 68a1ce42cd..0000000000 --- a/modules/Microsoft.Network/azureFirewalls/.test/custompip.parameters.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fw-custompip-001" - }, - "vNetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-custompip-azfw" - }, - "publicIPAddressObject": { - "value": { - "name": "adp-<>-az-pip-custom-x-fw", - "publicIPPrefixResourceId": "", - "publicIPAllocationMethod": "Static", - "skuName": "Standard", - "skuTier": "Regional", - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ], - "diagnosticMetricsToEnable": [ - "AllMetrics" - ], - "diagnosticLogCategoriesToEnable": [ - "DDoSProtectionNotifications", - "DDoSMitigationFlowLogs", - "DDoSMitigationReports" - ] - } - } - } -} diff --git a/modules/Microsoft.Network/azureFirewalls/.test/custompip/dependencies.bicep b/modules/Microsoft.Network/azureFirewalls/.test/custompip/dependencies.bicep new file mode 100644 index 0000000000..341f7e8e92 --- /dev/null +++ b/modules/Microsoft.Network/azureFirewalls/.test/custompip/dependencies.bicep @@ -0,0 +1,50 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +@description('Required. The name of the Public IP to create.') +param publicIPName string + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + '10.0.0.0/24' + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: '10.0.0.0/24' + } + } + ] + } +} + +resource publicIP 'Microsoft.Network/publicIPAddresses@2022-01-01' = { + name: publicIPName + location: location +} + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +@description('The resource ID of the created Virtual Network.') +output virtualNetworkResourceId string = virtualNetwork.id + +@description('The resource ID of the created Public IP.') +output publicIPResourceId string = publicIP.id + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/modules/Microsoft.Network/azureFirewalls/.test/custompip/deploy.test.bicep b/modules/Microsoft.Network/azureFirewalls/.test/custompip/deploy.test.bicep new file mode 100644 index 0000000000..808f1eb66f --- /dev/null +++ b/modules/Microsoft.Network/azureFirewalls/.test/custompip/deploy.test.bicep @@ -0,0 +1,71 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for a testing purposes') +@maxLength(90) +param resourceGroupName string = 'ms.network.azurefirewalls-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints') +param serviceShort string = 'nafcstpip' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + virtualNetworkName: 'dep-<>-vnet-${serviceShort}' + publicIPName: 'dep-<>-pip-${serviceShort}' + managedIdentityName: 'dep-<>-msi-${serviceShort}' + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + vNetId: resourceGroupResources.outputs.virtualNetworkResourceId + publicIPAddressObject: { + diagnosticLogCategoriesToEnable: [ + 'DDoSMitigationFlowLogs' + 'DDoSMitigationReports' + 'DDoSProtectionNotifications' + ] + diagnosticMetricsToEnable: [ + 'AllMetrics' + ] + name: 'adp-<>-az-pip-custom-x-fw' + publicIPAllocationMethod: 'Static' + publicIPPrefixResourceId: '' + roleAssignments: [ + { + principalIds: [ + resourceGroupResources.outputs.managedIdentityPrincipalId + ] + roleDefinitionIdOrName: 'Reader' + } + ] + skuName: 'Standard' + skuTier: 'Regional' + } + } +} diff --git a/modules/Microsoft.Network/azureFirewalls/.test/default/dependencies.bicep b/modules/Microsoft.Network/azureFirewalls/.test/default/dependencies.bicep new file mode 100644 index 0000000000..341f7e8e92 --- /dev/null +++ b/modules/Microsoft.Network/azureFirewalls/.test/default/dependencies.bicep @@ -0,0 +1,50 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +@description('Required. The name of the Public IP to create.') +param publicIPName string + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + '10.0.0.0/24' + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: '10.0.0.0/24' + } + } + ] + } +} + +resource publicIP 'Microsoft.Network/publicIPAddresses@2022-01-01' = { + name: publicIPName + location: location +} + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +@description('The resource ID of the created Virtual Network.') +output virtualNetworkResourceId string = virtualNetwork.id + +@description('The resource ID of the created Public IP.') +output publicIPResourceId string = publicIP.id + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/modules/Microsoft.Network/azureFirewalls/.test/default/deploy.test.bicep b/modules/Microsoft.Network/azureFirewalls/.test/default/deploy.test.bicep new file mode 100644 index 0000000000..c2ca995d82 --- /dev/null +++ b/modules/Microsoft.Network/azureFirewalls/.test/default/deploy.test.bicep @@ -0,0 +1,163 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for a testing purposes') +@maxLength(90) +param resourceGroupName string = 'ms.network.azurefirewalls-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints') +param serviceShort string = 'nafdef' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + virtualNetworkName: 'dep-<>-vnet-${serviceShort}' + publicIPName: 'dep-<>-pip-${serviceShort}' + managedIdentityName: 'dep-<>-msi-${serviceShort}' + } +} + +// Diagnostics +// =========== +module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' + params: { + storageAccountName: 'dep<>diasa${serviceShort}01' + logAnalyticsWorkspaceName: 'dep-<>-law-${serviceShort}' + eventHubNamespaceEventHubName: 'dep-<>-evh-${serviceShort}' + eventHubNamespaceName: 'dep-<>-evhns-${serviceShort}' + location: location + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + vNetId: resourceGroupResources.outputs.virtualNetworkResourceId + applicationRuleCollections: [ + { + name: 'allow-app-rules' + properties: { + action: { + type: 'allow' + } + priority: 100 + rules: [ + { + fqdnTags: [ + 'AppServiceEnvironment' + 'WindowsUpdate' + ] + name: 'allow-ase-tags' + protocols: [ + { + port: '80' + protocolType: 'HTTP' + } + { + port: '443' + protocolType: 'HTTPS' + } + ] + sourceAddresses: [ + '*' + ] + } + { + name: 'allow-ase-management' + protocols: [ + { + port: '80' + protocolType: 'HTTP' + } + { + port: '443' + protocolType: 'HTTPS' + } + ] + sourceAddresses: [ + '*' + ] + targetFqdns: [ + environment().resourceManager + ] + } + ] + } + } + ] + azureFirewallSubnetPublicIpId: resourceGroupResources.outputs.publicIPResourceId + diagnosticLogsRetentionInDays: 7 + diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId + diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId + diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId + diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName + lock: 'CanNotDelete' + networkRuleCollections: [ + { + name: 'allow-network-rules' + properties: { + action: { + type: 'allow' + } + priority: 100 + rules: [ + { + destinationAddresses: [ + '*' + ] + destinationPorts: [ + '12000' + '123' + ] + name: 'allow-ntp' + protocols: [ + 'Any' + ] + sourceAddresses: [ + '*' + ] + } + ] + } + } + ] + roleAssignments: [ + { + principalIds: [ + resourceGroupResources.outputs.managedIdentityPrincipalId + ] + roleDefinitionIdOrName: 'Reader' + } + ] + zones: [ + '1' + '2' + '3' + ] + } +} diff --git a/modules/Microsoft.Network/azureFirewalls/.test/min.parameters.json b/modules/Microsoft.Network/azureFirewalls/.test/min.parameters.json deleted file mode 100644 index 56f60cdaca..0000000000 --- a/modules/Microsoft.Network/azureFirewalls/.test/min.parameters.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fw-min-001" - }, - "vNetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-min-azfw" - } - } -} diff --git a/modules/Microsoft.Network/azureFirewalls/.test/min/dependencies.bicep b/modules/Microsoft.Network/azureFirewalls/.test/min/dependencies.bicep new file mode 100644 index 0000000000..12252b9e3f --- /dev/null +++ b/modules/Microsoft.Network/azureFirewalls/.test/min/dependencies.bicep @@ -0,0 +1,27 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + '10.0.0.0/24' + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: '10.0.0.0/24' + } + } + ] + } +} +@description('The resource ID of the created Virtual Network.') +output virtualNetworkResourceId string = virtualNetwork.id diff --git a/modules/Microsoft.Network/azureFirewalls/.test/min/deploy.test.bicep b/modules/Microsoft.Network/azureFirewalls/.test/min/deploy.test.bicep new file mode 100644 index 0000000000..9c1d77b47c --- /dev/null +++ b/modules/Microsoft.Network/azureFirewalls/.test/min/deploy.test.bicep @@ -0,0 +1,60 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for a testing purposes') +@maxLength(90) +param resourceGroupName string = 'ms.network.azurefirewalls-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints') +param serviceShort string = 'nafmin' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + virtualNetworkName: 'dep-<>-vnet-${serviceShort}' + } +} + +// Diagnostics +// =========== +module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' + params: { + storageAccountName: 'dep<>diasa${serviceShort}01' + logAnalyticsWorkspaceName: 'dep-<>-law-${serviceShort}' + eventHubNamespaceEventHubName: 'dep-<>-evh-${serviceShort}' + eventHubNamespaceName: 'dep-<>-evhns-${serviceShort}' + location: location + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + vNetId: resourceGroupResources.outputs.virtualNetworkResourceId + } +} diff --git a/modules/Microsoft.Network/azureFirewalls/.test/parameters.json b/modules/Microsoft.Network/azureFirewalls/.test/parameters.json deleted file mode 100644 index 6f0a85edea..0000000000 --- a/modules/Microsoft.Network/azureFirewalls/.test/parameters.json +++ /dev/null @@ -1,135 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fw-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "zones": { - "value": [ - "1", - "2", - "3" - ] - }, - "vNetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-azfw" - }, - "azureFirewallSubnetPublicIpId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-fw" - }, - "applicationRuleCollections": { - "value": [ - { - "name": "allow-app-rules", - "properties": { - "priority": 100, - "action": { - "type": "allow" - }, - "rules": [ - { - "name": "allow-ase-tags", - "sourceAddresses": [ - "*" - ], - "protocols": [ - { - "protocolType": "HTTP", - "port": "80" - }, - { - "protocolType": "HTTPS", - "port": "443" - } - ], - "fqdnTags": [ - "AppServiceEnvironment", - "WindowsUpdate" - ] - }, - { - "name": "allow-ase-management", - "sourceAddresses": [ - "*" - ], - "protocols": [ - { - "protocolType": "HTTP", - "port": "80" - }, - { - "protocolType": "HTTPS", - "port": "443" - } - ], - "targetFqdns": [ - "management.azure.com" - ] - } - ] - } - } - ] - }, - "networkRuleCollections": { - "value": [ - { - "name": "allow-network-rules", - "properties": { - "priority": 100, - "action": { - "type": "allow" - }, - "rules": [ - { - "name": "allow-ntp", - "sourceAddresses": [ - "*" - ], - "destinationAddresses": [ - "*" - ], - "destinationPorts": [ - "123", - "12000" - ], - "protocols": [ - "Any" - ] - } - ] - } - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Network/azureFirewalls/readme.md b/modules/Microsoft.Network/azureFirewalls/readme.md index fed3392837..db076e946a 100644 --- a/modules/Microsoft.Network/azureFirewalls/readme.md +++ b/modules/Microsoft.Network/azureFirewalls/readme.md @@ -320,16 +320,16 @@ The following module usage examples are retrieved from the content of the files ```bicep module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-AzureFirewalls' + name: '${uniqueString(deployment().name)}-test-nafaddpip' params: { // Required parameters - name: '<>-az-fw-add-001' - vNetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-add-azfw' + name: '<>nafaddpip001' + vNetId: '' // Non-required parameters additionalPublicIpConfigurations: [ { name: 'ipConfig01' - publicIPAddressResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-additional-fw' + publicIPAddressResourceId: '' } ] } @@ -350,17 +350,17 @@ module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { "parameters": { // Required parameters "name": { - "value": "<>-az-fw-add-001" + "value": "<>nafaddpip001" }, "vNetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-add-azfw" + "value": "" }, // Non-required parameters "additionalPublicIpConfigurations": { "value": [ { "name": "ipConfig01", - "publicIPAddressResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-additional-fw" + "publicIPAddressResourceId": "" } ] } @@ -379,11 +379,11 @@ module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { ```bicep module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-AzureFirewalls' + name: '${uniqueString(deployment().name)}-test-nafcstpip' params: { // Required parameters - name: '<>-az-fw-custompip-001' - vNetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-custompip-azfw' + name: '<>nafcstpip001' + vNetId: '' // Non-required parameters publicIPAddressObject: { diagnosticLogCategoriesToEnable: [ @@ -400,7 +400,7 @@ module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { roleAssignments: [ { principalIds: [ - '<>' + '' ] roleDefinitionIdOrName: 'Reader' } @@ -426,10 +426,10 @@ module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { "parameters": { // Required parameters "name": { - "value": "<>-az-fw-custompip-001" + "value": "<>nafcstpip001" }, "vNetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-custompip-azfw" + "value": "" }, // Non-required parameters "publicIPAddressObject": { @@ -448,7 +448,7 @@ module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { "roleAssignments": [ { "principalIds": [ - "<>" + "" ], "roleDefinitionIdOrName": "Reader" } @@ -464,7 +464,7 @@ module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = {

-

Example 3: Min

+

Example 3: Default

@@ -472,54 +472,11 @@ module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { ```bicep module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-AzureFirewalls' + name: '${uniqueString(deployment().name)}-test-nafdef' params: { // Required parameters - name: '<>-az-fw-min-001' - vNetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-min-azfw' - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "<>-az-fw-min-001" - }, - "vNetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-min-azfw" - } - } -} -``` - -
-

- -

Example 4: Parameters

- -
- -via Bicep module - -```bicep -module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-AzureFirewalls' - params: { - // Required parameters - name: '<>-az-fw-x-001' - vNetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-azfw' + name: '<>nafdef001' + vNetId: '' // Non-required parameters applicationRuleCollections: [ { @@ -566,19 +523,19 @@ module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { '*' ] targetFqdns: [ - 'management.azure.com' + '' ] } ] } } ] - azureFirewallSubnetPublicIpId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-fw' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' + azureFirewallSubnetPublicIpId: '' + diagnosticEventHubAuthorizationRuleId: '' + diagnosticEventHubName: '' diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' + diagnosticStorageAccountId: '' + diagnosticWorkspaceId: '' lock: 'CanNotDelete' networkRuleCollections: [ { @@ -612,7 +569,7 @@ module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { roleAssignments: [ { principalIds: [ - '<>' + '' ] roleDefinitionIdOrName: 'Reader' } @@ -640,10 +597,10 @@ module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { "parameters": { // Required parameters "name": { - "value": "<>-az-fw-x-001" + "value": "<>nafdef001" }, "vNetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-azfw" + "value": "" }, // Non-required parameters "applicationRuleCollections": { @@ -692,7 +649,7 @@ module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { "*" ], "targetFqdns": [ - "management.azure.com" + "" ] } ] @@ -701,22 +658,22 @@ module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { ] }, "azureFirewallSubnetPublicIpId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-fw" + "value": "" }, "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" + "value": "" }, "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" + "value": "" }, "diagnosticLogsRetentionInDays": { "value": 7 }, "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" + "value": "" }, "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" + "value": "" }, "lock": { "value": "CanNotDelete" @@ -756,7 +713,7 @@ module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { "value": [ { "principalIds": [ - "<>" + "" ], "roleDefinitionIdOrName": "Reader" } @@ -775,3 +732,46 @@ module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = {

+ +

Example 4: Min

+ +
+ +via Bicep module + +```bicep +module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-nafmin' + params: { + // Required parameters + name: '<>nafmin001' + vNetId: '' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "<>nafmin001" + }, + "vNetId": { + "value": "" + } + } +} +``` + +
+

From 7c70eeffc98854b478607897aaf4271c0be54e2a Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 4 Sep 2022 18:57:03 +0200 Subject: [PATCH 02/15] Updated subnet --- .../azureFirewalls/.test/addpip/dependencies.bicep | 2 +- .../azureFirewalls/.test/custompip/dependencies.bicep | 2 +- .../azureFirewalls/.test/default/dependencies.bicep | 2 +- .../azureFirewalls/.test/min/dependencies.bicep | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/Microsoft.Network/azureFirewalls/.test/addpip/dependencies.bicep b/modules/Microsoft.Network/azureFirewalls/.test/addpip/dependencies.bicep index fb0f9451ca..31397aa5a1 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/addpip/dependencies.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/addpip/dependencies.bicep @@ -18,7 +18,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { } subnets: [ { - name: 'defaultSubnet' + name: 'AzureFirewallSubnet' properties: { addressPrefix: '10.0.0.0/24' } diff --git a/modules/Microsoft.Network/azureFirewalls/.test/custompip/dependencies.bicep b/modules/Microsoft.Network/azureFirewalls/.test/custompip/dependencies.bicep index 341f7e8e92..b4d8c6a1b1 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/custompip/dependencies.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/custompip/dependencies.bicep @@ -21,7 +21,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { } subnets: [ { - name: 'defaultSubnet' + name: 'AzureFirewallSubnet' properties: { addressPrefix: '10.0.0.0/24' } diff --git a/modules/Microsoft.Network/azureFirewalls/.test/default/dependencies.bicep b/modules/Microsoft.Network/azureFirewalls/.test/default/dependencies.bicep index 341f7e8e92..b4d8c6a1b1 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/default/dependencies.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/default/dependencies.bicep @@ -21,7 +21,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { } subnets: [ { - name: 'defaultSubnet' + name: 'AzureFirewallSubnet' properties: { addressPrefix: '10.0.0.0/24' } diff --git a/modules/Microsoft.Network/azureFirewalls/.test/min/dependencies.bicep b/modules/Microsoft.Network/azureFirewalls/.test/min/dependencies.bicep index 12252b9e3f..5d70333cf0 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/min/dependencies.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/min/dependencies.bicep @@ -15,7 +15,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { } subnets: [ { - name: 'defaultSubnet' + name: 'AzureFirewallSubnet' properties: { addressPrefix: '10.0.0.0/24' } From c52c8b08937e56c4557c7c0498305a35212d151d Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 4 Sep 2022 20:06:47 +0200 Subject: [PATCH 03/15] Update to latest --- .../azureFirewalls/.test/custompip/dependencies.bicep | 4 ++++ .../azureFirewalls/.test/default/dependencies.bicep | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/modules/Microsoft.Network/azureFirewalls/.test/custompip/dependencies.bicep b/modules/Microsoft.Network/azureFirewalls/.test/custompip/dependencies.bicep index b4d8c6a1b1..05f0ba612b 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/custompip/dependencies.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/custompip/dependencies.bicep @@ -33,6 +33,10 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { resource publicIP 'Microsoft.Network/publicIPAddresses@2022-01-01' = { name: publicIPName location: location + sku: { + name: 'Standard' + tier: 'Regional' + } } resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { diff --git a/modules/Microsoft.Network/azureFirewalls/.test/default/dependencies.bicep b/modules/Microsoft.Network/azureFirewalls/.test/default/dependencies.bicep index b4d8c6a1b1..05f0ba612b 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/default/dependencies.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/default/dependencies.bicep @@ -33,6 +33,10 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { resource publicIP 'Microsoft.Network/publicIPAddresses@2022-01-01' = { name: publicIPName location: location + sku: { + name: 'Standard' + tier: 'Regional' + } } resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { From f64a71d11c038d85ef969c05df37f3ea80624c92 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 4 Sep 2022 20:27:32 +0200 Subject: [PATCH 04/15] Updated pip creation --- .../azureFirewalls/.test/addpip/dependencies.bicep | 3 +++ .../azureFirewalls/.test/custompip/dependencies.bicep | 3 +++ .../azureFirewalls/.test/default/dependencies.bicep | 3 +++ 3 files changed, 9 insertions(+) diff --git a/modules/Microsoft.Network/azureFirewalls/.test/addpip/dependencies.bicep b/modules/Microsoft.Network/azureFirewalls/.test/addpip/dependencies.bicep index 31397aa5a1..1fd7fc357e 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/addpip/dependencies.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/addpip/dependencies.bicep @@ -30,6 +30,9 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { resource publicIP 'Microsoft.Network/publicIPAddresses@2022-01-01' = { name: publicIPName location: location + properties: { + publicIPAllocationMethod: 'Static' + } } @description('The resource ID of the created Virtual Network.') diff --git a/modules/Microsoft.Network/azureFirewalls/.test/custompip/dependencies.bicep b/modules/Microsoft.Network/azureFirewalls/.test/custompip/dependencies.bicep index 05f0ba612b..f37337c33a 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/custompip/dependencies.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/custompip/dependencies.bicep @@ -37,6 +37,9 @@ resource publicIP 'Microsoft.Network/publicIPAddresses@2022-01-01' = { name: 'Standard' tier: 'Regional' } + properties: { + publicIPAllocationMethod: 'Static' + } } resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { diff --git a/modules/Microsoft.Network/azureFirewalls/.test/default/dependencies.bicep b/modules/Microsoft.Network/azureFirewalls/.test/default/dependencies.bicep index 05f0ba612b..f37337c33a 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/default/dependencies.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/default/dependencies.bicep @@ -37,6 +37,9 @@ resource publicIP 'Microsoft.Network/publicIPAddresses@2022-01-01' = { name: 'Standard' tier: 'Regional' } + properties: { + publicIPAllocationMethod: 'Static' + } } resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { From 5ff600c1f1788af2bc4981db645f1f5878ec0d52 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 4 Sep 2022 20:46:12 +0200 Subject: [PATCH 05/15] Fixed pip deployment --- .../azureFirewalls/.test/addpip/dependencies.bicep | 5 +++++ .../azureFirewalls/.test/custompip/dependencies.bicep | 5 +++++ .../azureFirewalls/.test/default/dependencies.bicep | 5 +++++ 3 files changed, 15 insertions(+) diff --git a/modules/Microsoft.Network/azureFirewalls/.test/addpip/dependencies.bicep b/modules/Microsoft.Network/azureFirewalls/.test/addpip/dependencies.bicep index 1fd7fc357e..7d2f10a346 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/addpip/dependencies.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/addpip/dependencies.bicep @@ -33,6 +33,11 @@ resource publicIP 'Microsoft.Network/publicIPAddresses@2022-01-01' = { properties: { publicIPAllocationMethod: 'Static' } + zones: [ + '1' + '2' + '3' + ] } @description('The resource ID of the created Virtual Network.') diff --git a/modules/Microsoft.Network/azureFirewalls/.test/custompip/dependencies.bicep b/modules/Microsoft.Network/azureFirewalls/.test/custompip/dependencies.bicep index f37337c33a..a889aeb149 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/custompip/dependencies.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/custompip/dependencies.bicep @@ -40,6 +40,11 @@ resource publicIP 'Microsoft.Network/publicIPAddresses@2022-01-01' = { properties: { publicIPAllocationMethod: 'Static' } + zones: [ + '1' + '2' + '3' + ] } resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { diff --git a/modules/Microsoft.Network/azureFirewalls/.test/default/dependencies.bicep b/modules/Microsoft.Network/azureFirewalls/.test/default/dependencies.bicep index f37337c33a..a889aeb149 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/default/dependencies.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/default/dependencies.bicep @@ -40,6 +40,11 @@ resource publicIP 'Microsoft.Network/publicIPAddresses@2022-01-01' = { properties: { publicIPAllocationMethod: 'Static' } + zones: [ + '1' + '2' + '3' + ] } resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { From 7de39627a7d49b29c2200e76e55fb004d18f5e97 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 4 Sep 2022 20:57:14 +0200 Subject: [PATCH 06/15] Update to latest --- .../azureFirewalls/.test/addpip/dependencies.bicep | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/Microsoft.Network/azureFirewalls/.test/addpip/dependencies.bicep b/modules/Microsoft.Network/azureFirewalls/.test/addpip/dependencies.bicep index 7d2f10a346..3ba1faf83b 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/addpip/dependencies.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/addpip/dependencies.bicep @@ -30,6 +30,10 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { resource publicIP 'Microsoft.Network/publicIPAddresses@2022-01-01' = { name: publicIPName location: location + sku: { + name: 'Standard' + tier: 'Regional' + } properties: { publicIPAllocationMethod: 'Static' } From 2b5f9281d982431fd01bb55edb5d3ac84f2ec890 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 4 Sep 2022 21:52:50 +0200 Subject: [PATCH 07/15] Update to latest --- .../azureFirewalls/.test/default/deploy.test.bicep | 2 +- modules/Microsoft.Network/azureFirewalls/readme.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/Microsoft.Network/azureFirewalls/.test/default/deploy.test.bicep b/modules/Microsoft.Network/azureFirewalls/.test/default/deploy.test.bicep index c2ca995d82..e4a3c9e659 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/default/deploy.test.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/default/deploy.test.bicep @@ -103,7 +103,7 @@ module testDeployment '../../deploy.bicep' = { '*' ] targetFqdns: [ - environment().resourceManager + 'bing.com' ] } ] diff --git a/modules/Microsoft.Network/azureFirewalls/readme.md b/modules/Microsoft.Network/azureFirewalls/readme.md index db076e946a..cf07830348 100644 --- a/modules/Microsoft.Network/azureFirewalls/readme.md +++ b/modules/Microsoft.Network/azureFirewalls/readme.md @@ -523,7 +523,7 @@ module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { '*' ] targetFqdns: [ - '' + 'bing.com' ] } ] @@ -649,7 +649,7 @@ module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { "*" ], "targetFqdns": [ - "" + "bing.com" ] } ] From 64ad17a5827b74a6b19aa71311c5c72403559f7a Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 8 Sep 2022 19:10:58 +0200 Subject: [PATCH 08/15] Updated folder default to common. --- .../{default => common}/dependencies.bicep | 0 .../{default => common}/deploy.test.bicep | 0 .../azureFirewalls/readme.md | 188 +++++++++--------- 3 files changed, 94 insertions(+), 94 deletions(-) rename modules/Microsoft.Network/azureFirewalls/.test/{default => common}/dependencies.bicep (100%) rename modules/Microsoft.Network/azureFirewalls/.test/{default => common}/deploy.test.bicep (100%) diff --git a/modules/Microsoft.Network/azureFirewalls/.test/default/dependencies.bicep b/modules/Microsoft.Network/azureFirewalls/.test/common/dependencies.bicep similarity index 100% rename from modules/Microsoft.Network/azureFirewalls/.test/default/dependencies.bicep rename to modules/Microsoft.Network/azureFirewalls/.test/common/dependencies.bicep diff --git a/modules/Microsoft.Network/azureFirewalls/.test/default/deploy.test.bicep b/modules/Microsoft.Network/azureFirewalls/.test/common/deploy.test.bicep similarity index 100% rename from modules/Microsoft.Network/azureFirewalls/.test/default/deploy.test.bicep rename to modules/Microsoft.Network/azureFirewalls/.test/common/deploy.test.bicep diff --git a/modules/Microsoft.Network/azureFirewalls/readme.md b/modules/Microsoft.Network/azureFirewalls/readme.md index cf07830348..8107c859ac 100644 --- a/modules/Microsoft.Network/azureFirewalls/readme.md +++ b/modules/Microsoft.Network/azureFirewalls/readme.md @@ -371,100 +371,7 @@ module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = {

-

Example 2: Custompip

- -
- -via Bicep module - -```bicep -module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-test-nafcstpip' - params: { - // Required parameters - name: '<>nafcstpip001' - vNetId: '' - // Non-required parameters - publicIPAddressObject: { - diagnosticLogCategoriesToEnable: [ - 'DDoSMitigationFlowLogs' - 'DDoSMitigationReports' - 'DDoSProtectionNotifications' - ] - diagnosticMetricsToEnable: [ - 'AllMetrics' - ] - name: 'adp-<>-az-pip-custom-x-fw' - publicIPAllocationMethod: 'Static' - publicIPPrefixResourceId: '' - roleAssignments: [ - { - principalIds: [ - '' - ] - roleDefinitionIdOrName: 'Reader' - } - ] - skuName: 'Standard' - skuTier: 'Regional' - } - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "<>nafcstpip001" - }, - "vNetId": { - "value": "" - }, - // Non-required parameters - "publicIPAddressObject": { - "value": { - "diagnosticLogCategoriesToEnable": [ - "DDoSMitigationFlowLogs", - "DDoSMitigationReports", - "DDoSProtectionNotifications" - ], - "diagnosticMetricsToEnable": [ - "AllMetrics" - ], - "name": "adp-<>-az-pip-custom-x-fw", - "publicIPAllocationMethod": "Static", - "publicIPPrefixResourceId": "", - "roleAssignments": [ - { - "principalIds": [ - "" - ], - "roleDefinitionIdOrName": "Reader" - } - ], - "skuName": "Standard", - "skuTier": "Regional" - } - } - } -} -``` - -
-

- -

Example 3: Default

+

Example 2: Common

@@ -733,6 +640,99 @@ module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = {

+

Example 3: Custompip

+ +
+ +via Bicep module + +```bicep +module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-nafcstpip' + params: { + // Required parameters + name: '<>nafcstpip001' + vNetId: '' + // Non-required parameters + publicIPAddressObject: { + diagnosticLogCategoriesToEnable: [ + 'DDoSMitigationFlowLogs' + 'DDoSMitigationReports' + 'DDoSProtectionNotifications' + ] + diagnosticMetricsToEnable: [ + 'AllMetrics' + ] + name: 'adp-<>-az-pip-custom-x-fw' + publicIPAllocationMethod: 'Static' + publicIPPrefixResourceId: '' + roleAssignments: [ + { + principalIds: [ + '' + ] + roleDefinitionIdOrName: 'Reader' + } + ] + skuName: 'Standard' + skuTier: 'Regional' + } + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "<>nafcstpip001" + }, + "vNetId": { + "value": "" + }, + // Non-required parameters + "publicIPAddressObject": { + "value": { + "diagnosticLogCategoriesToEnable": [ + "DDoSMitigationFlowLogs", + "DDoSMitigationReports", + "DDoSProtectionNotifications" + ], + "diagnosticMetricsToEnable": [ + "AllMetrics" + ], + "name": "adp-<>-az-pip-custom-x-fw", + "publicIPAllocationMethod": "Static", + "publicIPPrefixResourceId": "", + "roleAssignments": [ + { + "principalIds": [ + "" + ], + "roleDefinitionIdOrName": "Reader" + } + ], + "skuName": "Standard", + "skuTier": "Regional" + } + } + } +} +``` + +
+

+

Example 4: Min

From 866cb975049a2f132234bdb617d52c2c7d898206 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Fri, 9 Sep 2022 12:51:22 +0200 Subject: [PATCH 09/15] Update to latest --- .../azureFirewalls/.test/addpip/deploy.test.bicep | 2 +- .../azureFirewalls/.test/common/deploy.test.bicep | 4 ++-- .../azureFirewalls/.test/custompip/deploy.test.bicep | 2 +- .../azureFirewalls/.test/min/deploy.test.bicep | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/Microsoft.Network/azureFirewalls/.test/addpip/deploy.test.bicep b/modules/Microsoft.Network/azureFirewalls/.test/addpip/deploy.test.bicep index 36533f6808..a794814f58 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/addpip/deploy.test.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/addpip/deploy.test.bicep @@ -10,7 +10,7 @@ param resourceGroupName string = 'ms.network.azurefirewalls-${serviceShort}-rg' @description('Optional. The location to deploy resources to') param location string = deployment().location -@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints') +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') param serviceShort string = 'nafaddpip' // =========== // diff --git a/modules/Microsoft.Network/azureFirewalls/.test/common/deploy.test.bicep b/modules/Microsoft.Network/azureFirewalls/.test/common/deploy.test.bicep index e4a3c9e659..55eaa34de6 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/common/deploy.test.bicep @@ -10,8 +10,8 @@ param resourceGroupName string = 'ms.network.azurefirewalls-${serviceShort}-rg' @description('Optional. The location to deploy resources to') param location string = deployment().location -@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints') -param serviceShort string = 'nafdef' +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') +param serviceShort string = 'nafcom' // =========== // // Deployments // diff --git a/modules/Microsoft.Network/azureFirewalls/.test/custompip/deploy.test.bicep b/modules/Microsoft.Network/azureFirewalls/.test/custompip/deploy.test.bicep index 808f1eb66f..566fcfd0b0 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/custompip/deploy.test.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/custompip/deploy.test.bicep @@ -10,7 +10,7 @@ param resourceGroupName string = 'ms.network.azurefirewalls-${serviceShort}-rg' @description('Optional. The location to deploy resources to') param location string = deployment().location -@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints') +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') param serviceShort string = 'nafcstpip' // =========== // diff --git a/modules/Microsoft.Network/azureFirewalls/.test/min/deploy.test.bicep b/modules/Microsoft.Network/azureFirewalls/.test/min/deploy.test.bicep index 9c1d77b47c..700e3d36a9 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/min/deploy.test.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/min/deploy.test.bicep @@ -10,7 +10,7 @@ param resourceGroupName string = 'ms.network.azurefirewalls-${serviceShort}-rg' @description('Optional. The location to deploy resources to') param location string = deployment().location -@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints') +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') param serviceShort string = 'nafmin' // =========== // From 53623e0a8a7eefdcae1d705db6cd56b1cfc326fa Mon Sep 17 00:00:00 2001 From: MrMCake Date: Fri, 9 Sep 2022 13:04:26 +0200 Subject: [PATCH 10/15] Update to latest --- .../azureFirewalls/.test/addpip/deploy.test.bicep | 6 +++--- .../azureFirewalls/.test/common/deploy.test.bicep | 6 +++--- .../azureFirewalls/.test/custompip/deploy.test.bicep | 6 +++--- .../azureFirewalls/.test/min/deploy.test.bicep | 6 +++--- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/modules/Microsoft.Network/azureFirewalls/.test/addpip/deploy.test.bicep b/modules/Microsoft.Network/azureFirewalls/.test/addpip/deploy.test.bicep index a794814f58..c172433102 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/addpip/deploy.test.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/addpip/deploy.test.bicep @@ -3,14 +3,14 @@ targetScope = 'subscription' // ========== // // Parameters // // ========== // -@description('Optional. The name of the resource group to deploy for a testing purposes') +@description('Optional. The name of the resource group to deploy for a testing purposes.') @maxLength(90) param resourceGroupName string = 'ms.network.azurefirewalls-${serviceShort}-rg' -@description('Optional. The location to deploy resources to') +@description('Optional. The location to deploy resources to.') param location string = deployment().location -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'nafaddpip' // =========== // diff --git a/modules/Microsoft.Network/azureFirewalls/.test/common/deploy.test.bicep b/modules/Microsoft.Network/azureFirewalls/.test/common/deploy.test.bicep index 55eaa34de6..e52e93f2b4 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/common/deploy.test.bicep @@ -3,14 +3,14 @@ targetScope = 'subscription' // ========== // // Parameters // // ========== // -@description('Optional. The name of the resource group to deploy for a testing purposes') +@description('Optional. The name of the resource group to deploy for a testing purposes.') @maxLength(90) param resourceGroupName string = 'ms.network.azurefirewalls-${serviceShort}-rg' -@description('Optional. The location to deploy resources to') +@description('Optional. The location to deploy resources to.') param location string = deployment().location -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'nafcom' // =========== // diff --git a/modules/Microsoft.Network/azureFirewalls/.test/custompip/deploy.test.bicep b/modules/Microsoft.Network/azureFirewalls/.test/custompip/deploy.test.bicep index 566fcfd0b0..55b475e630 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/custompip/deploy.test.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/custompip/deploy.test.bicep @@ -3,14 +3,14 @@ targetScope = 'subscription' // ========== // // Parameters // // ========== // -@description('Optional. The name of the resource group to deploy for a testing purposes') +@description('Optional. The name of the resource group to deploy for a testing purposes.') @maxLength(90) param resourceGroupName string = 'ms.network.azurefirewalls-${serviceShort}-rg' -@description('Optional. The location to deploy resources to') +@description('Optional. The location to deploy resources to.') param location string = deployment().location -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'nafcstpip' // =========== // diff --git a/modules/Microsoft.Network/azureFirewalls/.test/min/deploy.test.bicep b/modules/Microsoft.Network/azureFirewalls/.test/min/deploy.test.bicep index 700e3d36a9..e4579079e1 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/min/deploy.test.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/min/deploy.test.bicep @@ -3,14 +3,14 @@ targetScope = 'subscription' // ========== // // Parameters // // ========== // -@description('Optional. The name of the resource group to deploy for a testing purposes') +@description('Optional. The name of the resource group to deploy for a testing purposes.') @maxLength(90) param resourceGroupName string = 'ms.network.azurefirewalls-${serviceShort}-rg' -@description('Optional. The location to deploy resources to') +@description('Optional. The location to deploy resources to.') param location string = deployment().location -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'nafmin' // =========== // From 39d3d7f5fab889b4d608d7a362dcab176e1917fe Mon Sep 17 00:00:00 2001 From: MrMCake Date: Fri, 9 Sep 2022 13:53:59 +0200 Subject: [PATCH 11/15] Update to latest --- modules/Microsoft.Network/azureFirewalls/readme.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/Microsoft.Network/azureFirewalls/readme.md b/modules/Microsoft.Network/azureFirewalls/readme.md index 03f1dc2145..0b251c3dbe 100644 --- a/modules/Microsoft.Network/azureFirewalls/readme.md +++ b/modules/Microsoft.Network/azureFirewalls/readme.md @@ -380,10 +380,10 @@ module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { ```bicep module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-test-nafdef' + name: '${uniqueString(deployment().name)}-test-nafcom' params: { // Required parameters - name: '<>nafdef001' + name: '<>nafcom001' vNetId: '' // Non-required parameters applicationRuleCollections: [ @@ -505,7 +505,7 @@ module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { "parameters": { // Required parameters "name": { - "value": "<>nafdef001" + "value": "<>nafcom001" }, "vNetId": { "value": "" From 652bbabd62a217ff5b388d126a27c85d856626cd Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Mon, 19 Sep 2022 00:05:36 +0200 Subject: [PATCH 12/15] Update modules/Microsoft.Network/azureFirewalls/.test/addpip/deploy.test.bicep --- .../azureFirewalls/.test/addpip/deploy.test.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Network/azureFirewalls/.test/addpip/deploy.test.bicep b/modules/Microsoft.Network/azureFirewalls/.test/addpip/deploy.test.bicep index c172433102..4c99ded661 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/addpip/deploy.test.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/addpip/deploy.test.bicep @@ -3,7 +3,7 @@ targetScope = 'subscription' // ========== // // Parameters // // ========== // -@description('Optional. The name of the resource group to deploy for a testing purposes.') +@description('Optional. The name of the resource group to deploy for testing purposes.') @maxLength(90) param resourceGroupName string = 'ms.network.azurefirewalls-${serviceShort}-rg' From d9ad302f78e0bc4a79f137b9d713eaec54833f96 Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Mon, 19 Sep 2022 00:05:50 +0200 Subject: [PATCH 13/15] Update modules/Microsoft.Network/azureFirewalls/.test/common/deploy.test.bicep --- .../azureFirewalls/.test/common/deploy.test.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Network/azureFirewalls/.test/common/deploy.test.bicep b/modules/Microsoft.Network/azureFirewalls/.test/common/deploy.test.bicep index e52e93f2b4..32ea8d1a13 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/common/deploy.test.bicep @@ -3,7 +3,7 @@ targetScope = 'subscription' // ========== // // Parameters // // ========== // -@description('Optional. The name of the resource group to deploy for a testing purposes.') +@description('Optional. The name of the resource group to deploy for testing purposes.') @maxLength(90) param resourceGroupName string = 'ms.network.azurefirewalls-${serviceShort}-rg' From e0be3549f4192fa2ecfd5ee9beaecf47facfd789 Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Mon, 19 Sep 2022 00:06:06 +0200 Subject: [PATCH 14/15] Update modules/Microsoft.Network/azureFirewalls/.test/custompip/deploy.test.bicep --- .../azureFirewalls/.test/custompip/deploy.test.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Network/azureFirewalls/.test/custompip/deploy.test.bicep b/modules/Microsoft.Network/azureFirewalls/.test/custompip/deploy.test.bicep index 55b475e630..434cc1adcb 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/custompip/deploy.test.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/custompip/deploy.test.bicep @@ -3,7 +3,7 @@ targetScope = 'subscription' // ========== // // Parameters // // ========== // -@description('Optional. The name of the resource group to deploy for a testing purposes.') +@description('Optional. The name of the resource group to deploy for testing purposes.') @maxLength(90) param resourceGroupName string = 'ms.network.azurefirewalls-${serviceShort}-rg' From b6c423d1b449d19c82016708227254048d7bd69c Mon Sep 17 00:00:00 2001 From: MrMCake Date: Wed, 12 Oct 2022 11:20:18 +0200 Subject: [PATCH 15/15] Addressed comments --- .../.test/custompip/dependencies.bicep | 23 ------------------- .../.test/custompip/deploy.test.bicep | 3 +-- .../.test/min/deploy.test.bicep | 14 ----------- .../azureFirewalls/readme.md | 4 ++-- 4 files changed, 3 insertions(+), 41 deletions(-) diff --git a/modules/Microsoft.Network/azureFirewalls/.test/custompip/dependencies.bicep b/modules/Microsoft.Network/azureFirewalls/.test/custompip/dependencies.bicep index a889aeb149..a6ab54882e 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/custompip/dependencies.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/custompip/dependencies.bicep @@ -4,9 +4,6 @@ param location string = resourceGroup().location @description('Required. The name of the Virtual Network to create.') param virtualNetworkName string -@description('Required. The name of the Public IP to create.') -param publicIPName string - @description('Required. The name of the Managed Identity to create.') param managedIdentityName string @@ -30,23 +27,6 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { } } -resource publicIP 'Microsoft.Network/publicIPAddresses@2022-01-01' = { - name: publicIPName - location: location - sku: { - name: 'Standard' - tier: 'Regional' - } - properties: { - publicIPAllocationMethod: 'Static' - } - zones: [ - '1' - '2' - '3' - ] -} - resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { name: managedIdentityName location: location @@ -55,8 +35,5 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018- @description('The resource ID of the created Virtual Network.') output virtualNetworkResourceId string = virtualNetwork.id -@description('The resource ID of the created Public IP.') -output publicIPResourceId string = publicIP.id - @description('The principal ID of the created Managed Identity.') output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/modules/Microsoft.Network/azureFirewalls/.test/custompip/deploy.test.bicep b/modules/Microsoft.Network/azureFirewalls/.test/custompip/deploy.test.bicep index 434cc1adcb..7171a53e12 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/custompip/deploy.test.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/custompip/deploy.test.bicep @@ -29,7 +29,6 @@ module resourceGroupResources 'dependencies.bicep' = { name: '${uniqueString(deployment().name, location)}-paramNested' params: { virtualNetworkName: 'dep-<>-vnet-${serviceShort}' - publicIPName: 'dep-<>-pip-${serviceShort}' managedIdentityName: 'dep-<>-msi-${serviceShort}' } } @@ -53,7 +52,7 @@ module testDeployment '../../deploy.bicep' = { diagnosticMetricsToEnable: [ 'AllMetrics' ] - name: 'adp-<>-az-pip-custom-x-fw' + name: 'new-<>-pip-${serviceShort}' publicIPAllocationMethod: 'Static' publicIPPrefixResourceId: '' roleAssignments: [ diff --git a/modules/Microsoft.Network/azureFirewalls/.test/min/deploy.test.bicep b/modules/Microsoft.Network/azureFirewalls/.test/min/deploy.test.bicep index e4579079e1..b12e4889c8 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/min/deploy.test.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/min/deploy.test.bicep @@ -32,20 +32,6 @@ module resourceGroupResources 'dependencies.bicep' = { } } -// Diagnostics -// =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { - scope: resourceGroup - name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' - params: { - storageAccountName: 'dep<>diasa${serviceShort}01' - logAnalyticsWorkspaceName: 'dep-<>-law-${serviceShort}' - eventHubNamespaceEventHubName: 'dep-<>-evh-${serviceShort}' - eventHubNamespaceName: 'dep-<>-evhns-${serviceShort}' - location: location - } -} - // ============== // // Test Execution // // ============== // diff --git a/modules/Microsoft.Network/azureFirewalls/readme.md b/modules/Microsoft.Network/azureFirewalls/readme.md index 0b251c3dbe..a84c1b14ad 100644 --- a/modules/Microsoft.Network/azureFirewalls/readme.md +++ b/modules/Microsoft.Network/azureFirewalls/readme.md @@ -664,7 +664,7 @@ module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { diagnosticMetricsToEnable: [ 'AllMetrics' ] - name: 'adp-<>-az-pip-custom-x-fw' + name: 'new-<>-pip-nafcstpip' publicIPAllocationMethod: 'Static' publicIPPrefixResourceId: '' roleAssignments: [ @@ -712,7 +712,7 @@ module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { "diagnosticMetricsToEnable": [ "AllMetrics" ], - "name": "adp-<>-az-pip-custom-x-fw", + "name": "new-<>-pip-nafcstpip", "publicIPAllocationMethod": "Static", "publicIPPrefixResourceId": "", "roleAssignments": [