From 015ddb27beed97e806ee7247baaade1de6ee840a Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 18 Sep 2022 13:33:14 +0200 Subject: [PATCH 1/5] Updated Network FirewallPolicies to new dependencies approach --- .../workflows/ms.network.firewallpolicies.yml | 3 +- .../.test/common/deploy.test.bicep | 75 +++++++++++++++++ .../.test/min.parameters.json | 9 -- .../.test/min/deploy.test.bicep | 37 +++++++++ .../firewallPolicies/.test/parameters.json | 49 ----------- .../firewallPolicies/readme.md | 82 +++++++++---------- 6 files changed, 154 insertions(+), 101 deletions(-) create mode 100644 modules/Microsoft.Network/firewallPolicies/.test/common/deploy.test.bicep delete mode 100644 modules/Microsoft.Network/firewallPolicies/.test/min.parameters.json create mode 100644 modules/Microsoft.Network/firewallPolicies/.test/min/deploy.test.bicep delete mode 100644 modules/Microsoft.Network/firewallPolicies/.test/parameters.json diff --git a/.github/workflows/ms.network.firewallpolicies.yml b/.github/workflows/ms.network.firewallpolicies.yml index 2450174926..59908cba3a 100644 --- a/.github/workflows/ms.network.firewallpolicies.yml +++ b/.github/workflows/ms.network.firewallpolicies.yml @@ -106,8 +106,7 @@ jobs: - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.resourceGroupName }}' subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/modules/Microsoft.Network/firewallPolicies/.test/common/deploy.test.bicep b/modules/Microsoft.Network/firewallPolicies/.test/common/deploy.test.bicep new file mode 100644 index 0000000000..fea018e862 --- /dev/null +++ b/modules/Microsoft.Network/firewallPolicies/.test/common/deploy.test.bicep @@ -0,0 +1,75 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for a testing purposes') +@maxLength(90) +param resourceGroupName string = 'ms.network.firewallpolicies-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') +param serviceShort string = 'nfpcom' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + ruleCollectionGroups: [ + { + name: '<>-rule-001' + priority: 5000 + ruleCollections: [ + { + action: { + type: 'Allow' + } + name: 'collection002' + priority: 5555 + ruleCollectionType: 'FirewallPolicyFilterRuleCollection' + rules: [ + { + destinationAddresses: [ + '*' + ] + destinationFqdns: [] + destinationIpGroups: [] + destinationPorts: [ + '80' + ] + ipProtocols: [ + 'TCP' + 'UDP' + ] + name: 'rule002' + ruleType: 'NetworkRule' + sourceAddresses: [ + '*' + ] + sourceIpGroups: [] + } + ] + } + ] + } + ] + } +} diff --git a/modules/Microsoft.Network/firewallPolicies/.test/min.parameters.json b/modules/Microsoft.Network/firewallPolicies/.test/min.parameters.json deleted file mode 100644 index bb555089ed..0000000000 --- a/modules/Microsoft.Network/firewallPolicies/.test/min.parameters.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fwpol-min-001" - } - } -} diff --git a/modules/Microsoft.Network/firewallPolicies/.test/min/deploy.test.bicep b/modules/Microsoft.Network/firewallPolicies/.test/min/deploy.test.bicep new file mode 100644 index 0000000000..0fc0d9d474 --- /dev/null +++ b/modules/Microsoft.Network/firewallPolicies/.test/min/deploy.test.bicep @@ -0,0 +1,37 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for a testing purposes') +@maxLength(90) +param resourceGroupName string = 'ms.network.firewallpolicies-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') +param serviceShort string = '...' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + } +} diff --git a/modules/Microsoft.Network/firewallPolicies/.test/parameters.json b/modules/Microsoft.Network/firewallPolicies/.test/parameters.json deleted file mode 100644 index 67e03ad34e..0000000000 --- a/modules/Microsoft.Network/firewallPolicies/.test/parameters.json +++ /dev/null @@ -1,49 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fwpol-x-002" - }, - "ruleCollectionGroups": { - "value": [ - { - "name": "<>-rule-001", - "priority": 5000, - "ruleCollections": [ - { - "name": "collection002", - "priority": 5555, - "action": { - "type": "Allow" - }, - "rules": [ - { - "name": "rule002", - "ipProtocols": [ - "TCP", - "UDP" - ], - "destinationPorts": [ - "80" - ], - "sourceAddresses": [ - "*" - ], - "sourceIpGroups": [], - "ruleType": "NetworkRule", - "destinationIpGroups": [], - "destinationAddresses": [ - "*" - ], - "destinationFqdns": [] - } - ], - "ruleCollectionType": "FirewallPolicyFilterRuleCollection" - } - ] - } - ] - } - } -} diff --git a/modules/Microsoft.Network/firewallPolicies/readme.md b/modules/Microsoft.Network/firewallPolicies/readme.md index cfc10fdf23..c0b98f2856 100644 --- a/modules/Microsoft.Network/firewallPolicies/readme.md +++ b/modules/Microsoft.Network/firewallPolicies/readme.md @@ -146,7 +146,7 @@ The following module usage examples are retrieved from the content of the files >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Min

+

Example 1: Common

@@ -154,47 +154,10 @@ The following module usage examples are retrieved from the content of the files ```bicep module firewallPolicies './Microsoft.Network/firewallPolicies/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-FirewallPolicies' - params: { - name: '<>-az-fwpol-min-001' - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fwpol-min-001" - } - } -} -``` - -
-

- -

Example 2: Parameters

- -
- -via Bicep module - -```bicep -module firewallPolicies './Microsoft.Network/firewallPolicies/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-FirewallPolicies' + name: '${uniqueString(deployment().name)}-test-nfpcom' params: { // Required parameters - name: '<>-az-fwpol-x-002' + name: '<>nfpcom001' // Non-required parameters ruleCollectionGroups: [ { @@ -252,7 +215,7 @@ module firewallPolicies './Microsoft.Network/firewallPolicies/deploy.bicep' = { "parameters": { // Required parameters "name": { - "value": "<>-az-fwpol-x-002" + "value": "<>nfpcom001" }, // Non-required parameters "ruleCollectionGroups": { @@ -301,3 +264,40 @@ module firewallPolicies './Microsoft.Network/firewallPolicies/deploy.bicep' = {

+ +

Example 2: Min

+ +
+ +via Bicep module + +```bicep +module firewallPolicies './Microsoft.Network/firewallPolicies/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-...' + params: { + name: '<>...001' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "<>...001" + } + } +} +``` + +
+

From eef65237c12e55e48e4b93350ea31bf80d249303 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 18 Sep 2022 13:42:56 +0200 Subject: [PATCH 2/5] Update to latest --- .../firewallPolicies/.test/min/deploy.test.bicep | 2 +- modules/Microsoft.Network/firewallPolicies/readme.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/Microsoft.Network/firewallPolicies/.test/min/deploy.test.bicep b/modules/Microsoft.Network/firewallPolicies/.test/min/deploy.test.bicep index 0fc0d9d474..b9f68004ed 100644 --- a/modules/Microsoft.Network/firewallPolicies/.test/min/deploy.test.bicep +++ b/modules/Microsoft.Network/firewallPolicies/.test/min/deploy.test.bicep @@ -11,7 +11,7 @@ param resourceGroupName string = 'ms.network.firewallpolicies-${serviceShort}-rg param location string = deployment().location @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') -param serviceShort string = '...' +param serviceShort string = 'nfpmin' // =========== // // Deployments // diff --git a/modules/Microsoft.Network/firewallPolicies/readme.md b/modules/Microsoft.Network/firewallPolicies/readme.md index c0b98f2856..eb0a278980 100644 --- a/modules/Microsoft.Network/firewallPolicies/readme.md +++ b/modules/Microsoft.Network/firewallPolicies/readme.md @@ -273,9 +273,9 @@ module firewallPolicies './Microsoft.Network/firewallPolicies/deploy.bicep' = { ```bicep module firewallPolicies './Microsoft.Network/firewallPolicies/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-test-...' + name: '${uniqueString(deployment().name)}-test-nfpmin' params: { - name: '<>...001' + name: '<>nfpmin001' } } ``` @@ -293,7 +293,7 @@ module firewallPolicies './Microsoft.Network/firewallPolicies/deploy.bicep' = { "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "<>...001" + "value": "<>nfpmin001" } } } From 7354b1359f1cafa8978abba20e5e481167a295f8 Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Sun, 18 Sep 2022 22:48:51 +0200 Subject: [PATCH 3/5] Update modules/Microsoft.Network/firewallPolicies/.test/common/deploy.test.bicep --- .../firewallPolicies/.test/common/deploy.test.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Network/firewallPolicies/.test/common/deploy.test.bicep b/modules/Microsoft.Network/firewallPolicies/.test/common/deploy.test.bicep index fea018e862..e6e9392c92 100644 --- a/modules/Microsoft.Network/firewallPolicies/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Network/firewallPolicies/.test/common/deploy.test.bicep @@ -3,7 +3,7 @@ targetScope = 'subscription' // ========== // // Parameters // // ========== // -@description('Optional. The name of the resource group to deploy for a testing purposes') +@description('Optional. The name of the resource group to deploy for testing purposes') @maxLength(90) param resourceGroupName string = 'ms.network.firewallpolicies-${serviceShort}-rg' From ff97e147ed25bdc9feaab727d86cded1d936a061 Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Sun, 18 Sep 2022 22:49:11 +0200 Subject: [PATCH 4/5] Update modules/Microsoft.Network/firewallPolicies/.test/min/deploy.test.bicep --- .../firewallPolicies/.test/min/deploy.test.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Network/firewallPolicies/.test/min/deploy.test.bicep b/modules/Microsoft.Network/firewallPolicies/.test/min/deploy.test.bicep index b9f68004ed..18247ebdc5 100644 --- a/modules/Microsoft.Network/firewallPolicies/.test/min/deploy.test.bicep +++ b/modules/Microsoft.Network/firewallPolicies/.test/min/deploy.test.bicep @@ -3,7 +3,7 @@ targetScope = 'subscription' // ========== // // Parameters // // ========== // -@description('Optional. The name of the resource group to deploy for a testing purposes') +@description('Optional. The name of the resource group to deploy for testing purposes') @maxLength(90) param resourceGroupName string = 'ms.network.firewallpolicies-${serviceShort}-rg' From 378e0780c9931f6535d17e81deeaef21a58b6729 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Wed, 5 Oct 2022 21:08:59 +0200 Subject: [PATCH 5/5] Update to latest --- .../firewallPolicies/.test/common/deploy.test.bicep | 6 +++--- .../firewallPolicies/.test/min/deploy.test.bicep | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/Microsoft.Network/firewallPolicies/.test/common/deploy.test.bicep b/modules/Microsoft.Network/firewallPolicies/.test/common/deploy.test.bicep index e6e9392c92..01cbee5df4 100644 --- a/modules/Microsoft.Network/firewallPolicies/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Network/firewallPolicies/.test/common/deploy.test.bicep @@ -3,14 +3,14 @@ targetScope = 'subscription' // ========== // // Parameters // // ========== // -@description('Optional. The name of the resource group to deploy for testing purposes') +@description('Optional. The name of the resource group to deploy for testing purposes.') @maxLength(90) param resourceGroupName string = 'ms.network.firewallpolicies-${serviceShort}-rg' -@description('Optional. The location to deploy resources to') +@description('Optional. The location to deploy resources to.') param location string = deployment().location -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'nfpcom' // =========== // diff --git a/modules/Microsoft.Network/firewallPolicies/.test/min/deploy.test.bicep b/modules/Microsoft.Network/firewallPolicies/.test/min/deploy.test.bicep index 18247ebdc5..a4b7f4660d 100644 --- a/modules/Microsoft.Network/firewallPolicies/.test/min/deploy.test.bicep +++ b/modules/Microsoft.Network/firewallPolicies/.test/min/deploy.test.bicep @@ -3,14 +3,14 @@ targetScope = 'subscription' // ========== // // Parameters // // ========== // -@description('Optional. The name of the resource group to deploy for testing purposes') +@description('Optional. The name of the resource group to deploy for testing purposes.') @maxLength(90) param resourceGroupName string = 'ms.network.firewallpolicies-${serviceShort}-rg' -@description('Optional. The location to deploy resources to') +@description('Optional. The location to deploy resources to.') param location string = deployment().location -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'nfpmin' // =========== //