diff --git a/arm/Microsoft.Network/virtualNetworksResources/virtualNetworkPeerings/deploy.bicep b/arm/Microsoft.Network/virtualNetworksResources/virtualNetworkPeerings/deploy.bicep index 23b49f2162..4b85896967 100644 --- a/arm/Microsoft.Network/virtualNetworksResources/virtualNetworkPeerings/deploy.bicep +++ b/arm/Microsoft.Network/virtualNetworksResources/virtualNetworkPeerings/deploy.bicep @@ -1,8 +1,26 @@ +@description('Optional. The Name of Vnet Peering resource. If not provided, default value will be localVnetName-remoteVnetName') +param peeringName string = '${localVnetName}-${last(split(remoteVirtualNetworkId, '/'))}' + @description('Required. The Name of the Virtual Network to add the peering to.') param localVnetName string -@description('Optional. Optional. The list of remote networks to peering peer with, including the configuration.') -param peeringConfigurations array = [] +@description('Required. The Resource ID of the VNet that is this Local VNet is being peered to. Should be in the format of a Resource ID') +param remoteVirtualNetworkId string + +@description('Optional. Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. Default is true') +param allowForwardedTraffic bool = true + +@description('Optional. If gateway links can be used in remote virtual networking to link to this virtual network. Default is false') +param allowGatewayTransit bool = false + +@description('Optional. Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. Default is true') +param allowVirtualNetworkAccess bool = true + +@description('Optional. If we need to verify the provisioning state of the remote gateway. Default is true') +param doNotVerifyRemoteGateways bool = true + +@description('Optional. If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. Default is false') +param useRemoteGateways bool = false @description('Optional. Customer Usage Attribution id (GUID). This GUID must be previously registered') param cuaId string = '' @@ -12,19 +30,20 @@ module pid_cuaId './.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource virtualNetworkPeering 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2020-05-01' = [for peeringConfiguration in peeringConfigurations: { - name: contains(peeringConfiguration, 'peeringName') ? '${localVnetName}/${peeringConfiguration.peeringName}' : '${localVnetName}/${localVnetName}-${last(split(peeringConfiguration.remoteVirtualNetworkId, '/'))}' +resource virtualNetworkPeering 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2021-02-01' = { + name: '${localVnetName}/${peeringName}' properties: { - allowVirtualNetworkAccess: contains(peeringConfiguration, 'allowVirtualNetworkAccess') ? peeringConfiguration.allowVirtualNetworkAccess : true - allowForwardedTraffic: contains(peeringConfiguration, 'allowForwardedTraffic') ? peeringConfiguration.allowForwardedTraffic : true - allowGatewayTransit: contains(peeringConfiguration, 'allowGatewayTransit') ? peeringConfiguration.allowGatewayTransit : false - useRemoteGateways: contains(peeringConfiguration, 'useRemoteGateways') ? peeringConfiguration.useRemoteGateways : true + allowForwardedTraffic: allowForwardedTraffic + allowGatewayTransit: allowGatewayTransit + allowVirtualNetworkAccess: allowVirtualNetworkAccess + doNotVerifyRemoteGateways: doNotVerifyRemoteGateways + useRemoteGateways: useRemoteGateways remoteVirtualNetwork: { - id: peeringConfiguration.remoteVirtualNetworkId + id: remoteVirtualNetworkId } } -}] +} output virtualNetworkPeeringResourceGroup string = resourceGroup().name -output virtualNetworkPeeringNames array = [for i in range(0, length(peeringConfigurations)): virtualNetworkPeering[i].name] -output localVirtualNetworkPeeringResourceIds array = [for peeringConfiguration in peeringConfigurations: resourceId('Microsoft.Network/virtualNetworks/virtualNetworkPeerings', localVnetName, (contains(peeringConfiguration, 'peeringName') ? peeringConfiguration.peeringName : '${localVnetName}-${last(split(peeringConfiguration.remoteVirtualNetworkId, '/'))}')) ] +output virtualNetworkPeeringName string = virtualNetworkPeering.name +output virtualNetworkPeeringResourceId string = virtualNetworkPeering.id diff --git a/arm/Microsoft.Network/virtualNetworksResources/virtualNetworkPeerings/parameters/parameters.json b/arm/Microsoft.Network/virtualNetworksResources/virtualNetworkPeerings/parameters/parameters.json index 5a56f2cee9..e1bf28608c 100644 --- a/arm/Microsoft.Network/virtualNetworksResources/virtualNetworkPeerings/parameters/parameters.json +++ b/arm/Microsoft.Network/virtualNetworksResources/virtualNetworkPeerings/parameters/parameters.json @@ -3,20 +3,22 @@ "contentVersion": "1.0.0.0", "parameters": { "localVnetName": { - "value": "sxx-az-vnet-weu-x-004" + "value": "sxx-az-vnet-weu-x-002" }, - "peeringConfigurations": { - "value": [ - { - "peeringName": "sxx-az-peering-weu-x-002-sxx-az-peering-weu-x-003", - "remoteVirtualNetworkId": "/subscriptions/8629be3b-96bc-482d-a04b-ffff597c65a2/resourceGroups/dependencies-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-weu-x-003", - "useRemoteGateways": false - }, - { - "remoteVirtualNetworkId": "/subscriptions/8629be3b-96bc-482d-a04b-ffff597c65a2/resourceGroups/dependencies-rg/providers/Microsoft.Network/virtualNetworks/peeringNetwork", - "useRemoteGateways": false - } - ] + "remoteVirtualNetworkId": { + "value": "/subscriptions/8629be3b-96bc-482d-a04b-ffff597c65a2/resourceGroups/dependencies-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-weu-x-003" + }, + "allowForwardedTraffic": { + "value": true + }, + "allowGatewayTransit": { + "value": false + }, + "allowVirtualNetworkAccess": { + "value": true + }, + "useRemoteGateways": { + "value": false } } -} \ No newline at end of file +} diff --git a/arm/Microsoft.Network/virtualNetworksResources/virtualNetworkPeerings/readme.md b/arm/Microsoft.Network/virtualNetworksResources/virtualNetworkPeerings/readme.md index 3cfd096df6..b620dc294f 100644 --- a/arm/Microsoft.Network/virtualNetworksResources/virtualNetworkPeerings/readme.md +++ b/arm/Microsoft.Network/virtualNetworksResources/virtualNetworkPeerings/readme.md @@ -4,51 +4,39 @@ This template deploys Virtual Network Peering. ## Resource types -| Resource Type | Api Version | -| :-- | :-- | -| `Microsoft.Network/virtualNetworks/virtualNetworkPeerings` | 2020-05-01 | -| `Microsoft.Resources/deployments` | 2019-10-01 | +| Resource Type | Api Version | +| :--------------------------------------------------------- | :---------- | +| `Microsoft.Network/virtualNetworks/virtualNetworkPeerings` | 2021-02-01 | +| `Microsoft.Resources/deployments` | 2019-10-01 | ### Resource dependency -The following resources are required to be able to deploy this resource. +The following resources are required to be able to deploy this resource. -- *None* +- Local Virtual Network (Identified by the `localVnetName` parameter). +- Remote Virtual Network (Identified by the `remoteVirtualNetworkId` parameter) ## Parameters -| Parameter Name | Type | Description | DefaultValue | Possible values | -| :-- | :-- | :-- | :-- | :-- | -| `cuaId` | string | Optional. Customer Usage Attribution id (GUID). This GUID must be previously registered | | | -| `localVnetName` | string | Required. The Name of the Virtual Network to add the peering to. | | | -| `peeringConfigurations` | array | Optional. The list of remote networks to peering peer with, including the configuration. See below for instructions. | System.Object[] | | - -### Parameter Usage: `peeringConfigurations` - -Array containing multiple objects for different VNETs to peer with. - -```json -"peeringConfigurations": { - "value": [ - { - "peeringName": "sxx-az-peering-weu-x-002-sxx-az-peering-weu-x-003", // Optional - "remoteVirtualNetworkId": "/subscriptions//resourceGroups/dependencies-rg/providers/Microsoft.Network/virtualNetworks/", - "allowVirtualNetworkAccess": false, // Optional. Default true - "allowForwardedTraffic": false, // Optional. Default true - "allowGatewayTransit": false, // Optional. Default false - "useRemoteGateways": false // Optional. Default true - } - ] -} -``` +| Parameter Name | Type | Description | DefaultValue | Possible values | +| :-------------------------- | :----- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :--------------------------- | :-------------- | +| `peeringName` | string | Optional. The Name of Vnet Peering resource. If not provided, default value will be localVnetName-remoteVnetName | localVnetName-remoteVnetName | | +| `localVnetName` | string | Required. The Name of the Virtual Network to add the peering to. | | | +| `remoteVirtualNetworkId` | string | Required. The Resource ID of the VNet that is this Local VNet is being peered to. Should be in the format of a Resource ID. | | | +| `allowForwardedTraffic` | bool | Optional. Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. Default is true. | `true` | | +| `allowGatewayTransit` | bool | Optional. If gateway links can be used in remote virtual networking to link to this virtual network. Default is false. | `false` | | +| `allowVirtualNetworkAccess` | bool | Optional. Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. Default is true. | `true` | | +| `doNotVerifyRemoteGateways` | bool | Optional. If we need to verify the provisioning state of the remote gateway. Default is true'. | `true` | | +| `useRemoteGateways` | bool | Optional. If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. Default is false | `false` | | +| `cuaId` | string | Optional. Customer Usage Attribution id (GUID). This GUID must be previously registered | | | ## Outputs -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `localVirtualNetworkPeeringResourceIds` | array | | -| `virtualNetworkPeeringNames` | array | | -| `virtualNetworkPeeringResourceGroup` | string | | +| Output Name | Type | Description | +| :----------------------------------- | :----- | :-------------------------------------------------------------------- | +| `virtualNetworkPeeringResourceId` | array | The Resource ID of the Local VNet Peering created in this deployment. | +| `virtualNetworkPeeringName` | array | The name of the VNet Peering resource . | +| `virtualNetworkPeeringResourceGroup` | string | The Resource Group name of the local VNet Peering resource/. | ## Considerations @@ -56,7 +44,6 @@ Array containing multiple objects for different VNETs to peer with. ## Additional resources -- [Use tags to organize your Azure resources](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags) - [Azure Resource Manager template reference](https://docs.microsoft.com/en-us/azure/templates/) - [VirtualNetworks/VirtualNetworkPeerings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-05-01/virtualNetworks/virtualNetworkPeerings) -- [Deployments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Resources/2019-10-01/deployments) \ No newline at end of file +- [Deployments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Resources/2019-10-01/deployments) diff --git a/constructs/Microsoft.Network/virtualNetwork/virtualNetworkPeerings-multiRemoteVnets/.bicep/nested_cuaId.bicep b/constructs/Microsoft.Network/virtualNetwork/virtualNetworkPeerings-multiRemoteVnets/.bicep/nested_cuaId.bicep new file mode 100644 index 0000000000..e69de29bb2 diff --git a/constructs/Microsoft.Network/virtualNetwork/virtualNetworkPeerings-multiRemoteVnets/deploy.bicep b/constructs/Microsoft.Network/virtualNetwork/virtualNetworkPeerings-multiRemoteVnets/deploy.bicep new file mode 100644 index 0000000000..23b49f2162 --- /dev/null +++ b/constructs/Microsoft.Network/virtualNetwork/virtualNetworkPeerings-multiRemoteVnets/deploy.bicep @@ -0,0 +1,30 @@ +@description('Required. The Name of the Virtual Network to add the peering to.') +param localVnetName string + +@description('Optional. Optional. The list of remote networks to peering peer with, including the configuration.') +param peeringConfigurations array = [] + +@description('Optional. Customer Usage Attribution id (GUID). This GUID must be previously registered') +param cuaId string = '' + +module pid_cuaId './.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { + name: 'pid-${cuaId}' + params: {} +} + +resource virtualNetworkPeering 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2020-05-01' = [for peeringConfiguration in peeringConfigurations: { + name: contains(peeringConfiguration, 'peeringName') ? '${localVnetName}/${peeringConfiguration.peeringName}' : '${localVnetName}/${localVnetName}-${last(split(peeringConfiguration.remoteVirtualNetworkId, '/'))}' + properties: { + allowVirtualNetworkAccess: contains(peeringConfiguration, 'allowVirtualNetworkAccess') ? peeringConfiguration.allowVirtualNetworkAccess : true + allowForwardedTraffic: contains(peeringConfiguration, 'allowForwardedTraffic') ? peeringConfiguration.allowForwardedTraffic : true + allowGatewayTransit: contains(peeringConfiguration, 'allowGatewayTransit') ? peeringConfiguration.allowGatewayTransit : false + useRemoteGateways: contains(peeringConfiguration, 'useRemoteGateways') ? peeringConfiguration.useRemoteGateways : true + remoteVirtualNetwork: { + id: peeringConfiguration.remoteVirtualNetworkId + } + } +}] + +output virtualNetworkPeeringResourceGroup string = resourceGroup().name +output virtualNetworkPeeringNames array = [for i in range(0, length(peeringConfigurations)): virtualNetworkPeering[i].name] +output localVirtualNetworkPeeringResourceIds array = [for peeringConfiguration in peeringConfigurations: resourceId('Microsoft.Network/virtualNetworks/virtualNetworkPeerings', localVnetName, (contains(peeringConfiguration, 'peeringName') ? peeringConfiguration.peeringName : '${localVnetName}-${last(split(peeringConfiguration.remoteVirtualNetworkId, '/'))}')) ] diff --git a/constructs/Microsoft.Network/virtualNetwork/virtualNetworkPeerings-multiRemoteVnets/parameters/parameters.json b/constructs/Microsoft.Network/virtualNetwork/virtualNetworkPeerings-multiRemoteVnets/parameters/parameters.json new file mode 100644 index 0000000000..5a56f2cee9 --- /dev/null +++ b/constructs/Microsoft.Network/virtualNetwork/virtualNetworkPeerings-multiRemoteVnets/parameters/parameters.json @@ -0,0 +1,22 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "localVnetName": { + "value": "sxx-az-vnet-weu-x-004" + }, + "peeringConfigurations": { + "value": [ + { + "peeringName": "sxx-az-peering-weu-x-002-sxx-az-peering-weu-x-003", + "remoteVirtualNetworkId": "/subscriptions/8629be3b-96bc-482d-a04b-ffff597c65a2/resourceGroups/dependencies-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-weu-x-003", + "useRemoteGateways": false + }, + { + "remoteVirtualNetworkId": "/subscriptions/8629be3b-96bc-482d-a04b-ffff597c65a2/resourceGroups/dependencies-rg/providers/Microsoft.Network/virtualNetworks/peeringNetwork", + "useRemoteGateways": false + } + ] + } + } +} \ No newline at end of file diff --git a/constructs/Microsoft.Network/virtualNetwork/virtualNetworkPeerings-multiRemoteVnets/readme.md b/constructs/Microsoft.Network/virtualNetwork/virtualNetworkPeerings-multiRemoteVnets/readme.md new file mode 100644 index 0000000000..3cfd096df6 --- /dev/null +++ b/constructs/Microsoft.Network/virtualNetwork/virtualNetworkPeerings-multiRemoteVnets/readme.md @@ -0,0 +1,62 @@ +# VirtualNetworkPeering + +This template deploys Virtual Network Peering. + +## Resource types + +| Resource Type | Api Version | +| :-- | :-- | +| `Microsoft.Network/virtualNetworks/virtualNetworkPeerings` | 2020-05-01 | +| `Microsoft.Resources/deployments` | 2019-10-01 | + +### Resource dependency + +The following resources are required to be able to deploy this resource. + +- *None* + +## Parameters + +| Parameter Name | Type | Description | DefaultValue | Possible values | +| :-- | :-- | :-- | :-- | :-- | +| `cuaId` | string | Optional. Customer Usage Attribution id (GUID). This GUID must be previously registered | | | +| `localVnetName` | string | Required. The Name of the Virtual Network to add the peering to. | | | +| `peeringConfigurations` | array | Optional. The list of remote networks to peering peer with, including the configuration. See below for instructions. | System.Object[] | | + +### Parameter Usage: `peeringConfigurations` + +Array containing multiple objects for different VNETs to peer with. + +```json +"peeringConfigurations": { + "value": [ + { + "peeringName": "sxx-az-peering-weu-x-002-sxx-az-peering-weu-x-003", // Optional + "remoteVirtualNetworkId": "/subscriptions//resourceGroups/dependencies-rg/providers/Microsoft.Network/virtualNetworks/", + "allowVirtualNetworkAccess": false, // Optional. Default true + "allowForwardedTraffic": false, // Optional. Default true + "allowGatewayTransit": false, // Optional. Default false + "useRemoteGateways": false // Optional. Default true + } + ] +} +``` + +## Outputs + +| Output Name | Type | Description | +| :-- | :-- | :-- | +| `localVirtualNetworkPeeringResourceIds` | array | | +| `virtualNetworkPeeringNames` | array | | +| `virtualNetworkPeeringResourceGroup` | string | | + +## Considerations + +- *None* + +## Additional resources + +- [Use tags to organize your Azure resources](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags) +- [Azure Resource Manager template reference](https://docs.microsoft.com/en-us/azure/templates/) +- [VirtualNetworks/VirtualNetworkPeerings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-05-01/virtualNetworks/virtualNetworkPeerings) +- [Deployments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Resources/2019-10-01/deployments) \ No newline at end of file