diff --git a/.github/workflows/ms.network.firewallpolicies.yml b/.github/workflows/ms.network.firewallpolicies.yml index 2450174926..59908cba3a 100644 --- a/.github/workflows/ms.network.firewallpolicies.yml +++ b/.github/workflows/ms.network.firewallpolicies.yml @@ -106,8 +106,7 @@ jobs: - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.resourceGroupName }}' subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/modules/Microsoft.Network/firewallPolicies/.test/common/deploy.test.bicep b/modules/Microsoft.Network/firewallPolicies/.test/common/deploy.test.bicep new file mode 100644 index 0000000000..01cbee5df4 --- /dev/null +++ b/modules/Microsoft.Network/firewallPolicies/.test/common/deploy.test.bicep @@ -0,0 +1,75 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'ms.network.firewallpolicies-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'nfpcom' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + ruleCollectionGroups: [ + { + name: '<>-rule-001' + priority: 5000 + ruleCollections: [ + { + action: { + type: 'Allow' + } + name: 'collection002' + priority: 5555 + ruleCollectionType: 'FirewallPolicyFilterRuleCollection' + rules: [ + { + destinationAddresses: [ + '*' + ] + destinationFqdns: [] + destinationIpGroups: [] + destinationPorts: [ + '80' + ] + ipProtocols: [ + 'TCP' + 'UDP' + ] + name: 'rule002' + ruleType: 'NetworkRule' + sourceAddresses: [ + '*' + ] + sourceIpGroups: [] + } + ] + } + ] + } + ] + } +} diff --git a/modules/Microsoft.Network/firewallPolicies/.test/min.parameters.json b/modules/Microsoft.Network/firewallPolicies/.test/min.parameters.json deleted file mode 100644 index bb555089ed..0000000000 --- a/modules/Microsoft.Network/firewallPolicies/.test/min.parameters.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fwpol-min-001" - } - } -} diff --git a/modules/Microsoft.Network/firewallPolicies/.test/min/deploy.test.bicep b/modules/Microsoft.Network/firewallPolicies/.test/min/deploy.test.bicep new file mode 100644 index 0000000000..a4b7f4660d --- /dev/null +++ b/modules/Microsoft.Network/firewallPolicies/.test/min/deploy.test.bicep @@ -0,0 +1,37 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'ms.network.firewallpolicies-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'nfpmin' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + } +} diff --git a/modules/Microsoft.Network/firewallPolicies/.test/parameters.json b/modules/Microsoft.Network/firewallPolicies/.test/parameters.json deleted file mode 100644 index 67e03ad34e..0000000000 --- a/modules/Microsoft.Network/firewallPolicies/.test/parameters.json +++ /dev/null @@ -1,49 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fwpol-x-002" - }, - "ruleCollectionGroups": { - "value": [ - { - "name": "<>-rule-001", - "priority": 5000, - "ruleCollections": [ - { - "name": "collection002", - "priority": 5555, - "action": { - "type": "Allow" - }, - "rules": [ - { - "name": "rule002", - "ipProtocols": [ - "TCP", - "UDP" - ], - "destinationPorts": [ - "80" - ], - "sourceAddresses": [ - "*" - ], - "sourceIpGroups": [], - "ruleType": "NetworkRule", - "destinationIpGroups": [], - "destinationAddresses": [ - "*" - ], - "destinationFqdns": [] - } - ], - "ruleCollectionType": "FirewallPolicyFilterRuleCollection" - } - ] - } - ] - } - } -} diff --git a/modules/Microsoft.Network/firewallPolicies/readme.md b/modules/Microsoft.Network/firewallPolicies/readme.md index cfc10fdf23..eb0a278980 100644 --- a/modules/Microsoft.Network/firewallPolicies/readme.md +++ b/modules/Microsoft.Network/firewallPolicies/readme.md @@ -146,7 +146,7 @@ The following module usage examples are retrieved from the content of the files >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Min

+

Example 1: Common

@@ -154,47 +154,10 @@ The following module usage examples are retrieved from the content of the files ```bicep module firewallPolicies './Microsoft.Network/firewallPolicies/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-FirewallPolicies' - params: { - name: '<>-az-fwpol-min-001' - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fwpol-min-001" - } - } -} -``` - -
-

- -

Example 2: Parameters

- -
- -via Bicep module - -```bicep -module firewallPolicies './Microsoft.Network/firewallPolicies/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-FirewallPolicies' + name: '${uniqueString(deployment().name)}-test-nfpcom' params: { // Required parameters - name: '<>-az-fwpol-x-002' + name: '<>nfpcom001' // Non-required parameters ruleCollectionGroups: [ { @@ -252,7 +215,7 @@ module firewallPolicies './Microsoft.Network/firewallPolicies/deploy.bicep' = { "parameters": { // Required parameters "name": { - "value": "<>-az-fwpol-x-002" + "value": "<>nfpcom001" }, // Non-required parameters "ruleCollectionGroups": { @@ -301,3 +264,40 @@ module firewallPolicies './Microsoft.Network/firewallPolicies/deploy.bicep' = {

+ +

Example 2: Min

+ +
+ +via Bicep module + +```bicep +module firewallPolicies './Microsoft.Network/firewallPolicies/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-nfpmin' + params: { + name: '<>nfpmin001' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "<>nfpmin001" + } + } +} +``` + +
+