diff --git a/.github/workflows/ms.network.privatednszones.yml b/.github/workflows/ms.network.privatednszones.yml index b7dc28d582..f47fbb3686 100644 --- a/.github/workflows/ms.network.privatednszones.yml +++ b/.github/workflows/ms.network.privatednszones.yml @@ -106,8 +106,7 @@ jobs: - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.resourceGroupName }}' subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/modules/Microsoft.Network/privateDnsZones/.test/common/dependencies.bicep b/modules/Microsoft.Network/privateDnsZones/.test/common/dependencies.bicep new file mode 100644 index 0000000000..a3cab26da9 --- /dev/null +++ b/modules/Microsoft.Network/privateDnsZones/.test/common/dependencies.bicep @@ -0,0 +1,39 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + '10.0.0.0/24' + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: '10.0.0.0/24' + } + } + ] + } +} + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +@description('The resource ID of the created Virtual Network.') +output virtualNetworkResourceId string = virtualNetwork.id + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/modules/Microsoft.Network/privateDnsZones/.test/common/deploy.test.bicep b/modules/Microsoft.Network/privateDnsZones/.test/common/deploy.test.bicep new file mode 100644 index 0000000000..14962e5240 --- /dev/null +++ b/modules/Microsoft.Network/privateDnsZones/.test/common/deploy.test.bicep @@ -0,0 +1,213 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'ms.network.privatednszones-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'npdzcom' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + virtualNetworkName: 'dep-<>-vnet-${serviceShort}' + managedIdentityName: 'dep-<>-msi-${serviceShort}' + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001.com' + a: [ + { + aRecords: [ + { + ipv4Address: '10.240.4.4' + } + ] + name: 'A_10.240.4.4' + roleAssignments: [ + { + principalIds: [ + resourceGroupResources.outputs.managedIdentityPrincipalId + ] + roleDefinitionIdOrName: 'Reader' + } + ] + ttl: 3600 + } + ] + aaaa: [ + { + aaaaRecords: [ + { + ipv6Address: '2001:0db8:85a3:0000:0000:8a2e:0370:7334' + } + ] + name: 'AAAA_2001_0db8_85a3_0000_0000_8a2e_0370_7334' + ttl: 3600 + } + ] + cname: [ + { + cnameRecord: { + cname: 'test' + } + name: 'CNAME_test' + roleAssignments: [ + { + principalIds: [ + resourceGroupResources.outputs.managedIdentityPrincipalId + ] + roleDefinitionIdOrName: 'Reader' + } + ] + ttl: 3600 + } + ] + lock: 'CanNotDelete' + mx: [ + { + mxRecords: [ + { + exchange: 'contoso.com' + preference: 100 + } + ] + name: 'MX_contoso' + roleAssignments: [ + { + principalIds: [ + resourceGroupResources.outputs.managedIdentityPrincipalId + ] + roleDefinitionIdOrName: 'Reader' + } + ] + ttl: 3600 + } + ] + ptr: [ + { + name: 'PTR_contoso' + ptrRecords: [ + { + ptrdname: 'contoso.com' + } + ] + roleAssignments: [ + { + principalIds: [ + resourceGroupResources.outputs.managedIdentityPrincipalId + ] + roleDefinitionIdOrName: 'Reader' + } + ] + ttl: 3600 + } + ] + roleAssignments: [ + { + principalIds: [ + resourceGroupResources.outputs.managedIdentityPrincipalId + ] + roleDefinitionIdOrName: 'Reader' + } + ] + soa: [ + { + name: '@' + roleAssignments: [ + { + principalIds: [ + resourceGroupResources.outputs.managedIdentityPrincipalId + ] + roleDefinitionIdOrName: 'Reader' + } + ] + soaRecord: { + email: 'azureprivatedns-host.microsoft.com' + expireTime: 2419200 + host: 'azureprivatedns.net' + minimumTtl: 10 + refreshTime: 3600 + retryTime: 300 + serialNumber: '1' + } + ttl: 3600 + } + ] + srv: [ + { + name: 'SRV_contoso' + roleAssignments: [ + { + principalIds: [ + resourceGroupResources.outputs.managedIdentityPrincipalId + ] + roleDefinitionIdOrName: 'Reader' + } + ] + srvRecords: [ + { + port: 9332 + priority: 0 + target: 'test.contoso.com' + weight: 0 + } + ] + ttl: 3600 + } + ] + txt: [ + { + name: 'TXT_test' + roleAssignments: [ + { + principalIds: [ + resourceGroupResources.outputs.managedIdentityPrincipalId + ] + roleDefinitionIdOrName: 'Reader' + } + ] + ttl: 3600 + txtRecords: [ + { + value: [ + 'test' + ] + } + ] + } + ] + virtualNetworkLinks: [ + { + registrationEnabled: true + virtualNetworkResourceId: resourceGroupResources.outputs.virtualNetworkResourceId + } + ] + } +} diff --git a/modules/Microsoft.Network/privateDnsZones/.test/min.parameters.json b/modules/Microsoft.Network/privateDnsZones/.test/min.parameters.json deleted file mode 100644 index d33fbd032b..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/.test/min.parameters.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-privdns-x-001.com" - } - } -} diff --git a/modules/Microsoft.Network/privateDnsZones/.test/min/deploy.test.bicep b/modules/Microsoft.Network/privateDnsZones/.test/min/deploy.test.bicep new file mode 100644 index 0000000000..a0c32568d1 --- /dev/null +++ b/modules/Microsoft.Network/privateDnsZones/.test/min/deploy.test.bicep @@ -0,0 +1,37 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'ms.network.privatednszones-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'npdzmin' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001.com' + } +} diff --git a/modules/Microsoft.Network/privateDnsZones/.test/parameters.json b/modules/Microsoft.Network/privateDnsZones/.test/parameters.json deleted file mode 100644 index 8b3662c1ee..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/.test/parameters.json +++ /dev/null @@ -1,198 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-privdns-x-002.com" - }, - "lock": { - "value": "CanNotDelete" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "AAAA": { - "value": [ - { - "name": "AAAA_2001_0db8_85a3_0000_0000_8a2e_0370_7334", - "ttl": 3600, - "aaaaRecords": [ - { - "ipv6Address": "2001:0db8:85a3:0000:0000:8a2e:0370:7334" - } - ] - } - ] - }, - "A": { - "value": [ - { - "name": "A_10.240.4.4", - "ttl": 3600, - "aRecords": [ - { - "ipv4Address": "10.240.4.4" - } - ], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "CNAME": { - "value": [ - { - "name": "CNAME_test", - "ttl": 3600, - "cnameRecord": { - "cname": "test" - }, - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "MX": { - "value": [ - { - "name": "MX_contoso", - "ttl": 3600, - "mxRecords": [ - { - "exchange": "contoso.com", - "preference": 100 - } - ], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "PTR": { - "value": [ - { - "name": "PTR_contoso", - "ttl": 3600, - "ptrRecords": [ - { - "ptrdname": "contoso.com" - } - ], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "SOA": { - "value": [ - { - "name": "@", - "ttl": 3600, - "soaRecord": { - "email": "azureprivatedns-host.microsoft.com", - "expireTime": 2419200, - "host": "azureprivatedns.net", - "minimumTtl": 10, - "refreshTime": 3600, - "retryTime": 300, - "serialNumber": "1" - }, - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "SRV": { - "value": [ - { - "name": "SRV_contoso", - "ttl": 3600, - "srvRecords": [ - { - "port": 9332, - "priority": 0, - "target": "test.contoso.com", - "weight": 0 - } - ], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "TXT": { - "value": [ - { - "name": "TXT_test", - "ttl": 3600, - "txtRecords": [ - { - "value": [ - "test" - ] - } - ], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "virtualNetworkLinks": { - "value": [ - { - "virtualNetworkResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001", - "registrationEnabled": true - } - ] - } - } -} diff --git a/modules/Microsoft.Network/privateDnsZones/readme.md b/modules/Microsoft.Network/privateDnsZones/readme.md index 7c90f9d89c..d408a62a71 100644 --- a/modules/Microsoft.Network/privateDnsZones/readme.md +++ b/modules/Microsoft.Network/privateDnsZones/readme.md @@ -30,11 +30,13 @@ This template deploys a private DNS zone. ## Parameters **Required parameters** + | Parameter Name | Type | Description | | :-- | :-- | :-- | | `name` | string | Private DNS zone name. | **Optional parameters** + | Parameter Name | Type | Default Value | Allowed Values | Description | | :-- | :-- | :-- | :-- | :-- | | `a` | _[a](a/readme.md)_ array | `[]` | | Array of A records. | @@ -173,44 +175,7 @@ The following module usage examples are retrieved from the content of the files >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Min

- -
- -via Bicep module - -```bicep -module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-PrivateDnsZones' - params: { - name: '<>-az-privdns-x-001.com' - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-privdns-x-001.com" - } - } -} -``` - -
-

- -

Example 2: Parameters

+

Example 1: Common

@@ -218,12 +183,12 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { ```bicep module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-PrivateDnsZones' + name: '${uniqueString(deployment().name)}-test-npdzcom' params: { // Required parameters - name: '<>-az-privdns-x-002.com' + name: '<>npdzcom001.com' // Non-required parameters - A: [ + a: [ { aRecords: [ { @@ -234,7 +199,7 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { roleAssignments: [ { principalIds: [ - '<>' + '' ] roleDefinitionIdOrName: 'Reader' } @@ -242,7 +207,7 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { ttl: 3600 } ] - AAAA: [ + aaaa: [ { aaaaRecords: [ { @@ -253,7 +218,7 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { ttl: 3600 } ] - CNAME: [ + cname: [ { cnameRecord: { cname: 'test' @@ -262,7 +227,7 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { roleAssignments: [ { principalIds: [ - '<>' + '' ] roleDefinitionIdOrName: 'Reader' } @@ -271,7 +236,7 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { } ] lock: 'CanNotDelete' - MX: [ + mx: [ { mxRecords: [ { @@ -283,7 +248,7 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { roleAssignments: [ { principalIds: [ - '<>' + '' ] roleDefinitionIdOrName: 'Reader' } @@ -291,7 +256,7 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { ttl: 3600 } ] - PTR: [ + ptr: [ { name: 'PTR_contoso' ptrRecords: [ @@ -302,7 +267,7 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { roleAssignments: [ { principalIds: [ - '<>' + '' ] roleDefinitionIdOrName: 'Reader' } @@ -313,18 +278,18 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { roleAssignments: [ { principalIds: [ - '<>' + '' ] roleDefinitionIdOrName: 'Reader' } ] - SOA: [ + soa: [ { name: '@' roleAssignments: [ { principalIds: [ - '<>' + '' ] roleDefinitionIdOrName: 'Reader' } @@ -341,13 +306,13 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { ttl: 3600 } ] - SRV: [ + srv: [ { name: 'SRV_contoso' roleAssignments: [ { principalIds: [ - '<>' + '' ] roleDefinitionIdOrName: 'Reader' } @@ -363,13 +328,13 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { ttl: 3600 } ] - TXT: [ + txt: [ { name: 'TXT_test' roleAssignments: [ { principalIds: [ - '<>' + '' ] roleDefinitionIdOrName: 'Reader' } @@ -387,7 +352,7 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { virtualNetworkLinks: [ { registrationEnabled: true - virtualNetworkResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001' + virtualNetworkResourceId: '' } ] } @@ -408,10 +373,10 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { "parameters": { // Required parameters "name": { - "value": "<>-az-privdns-x-002.com" + "value": "<>npdzcom001.com" }, // Non-required parameters - "A": { + "a": { "value": [ { "aRecords": [ @@ -423,7 +388,7 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { "roleAssignments": [ { "principalIds": [ - "<>" + "" ], "roleDefinitionIdOrName": "Reader" } @@ -432,7 +397,7 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { } ] }, - "AAAA": { + "aaaa": { "value": [ { "aaaaRecords": [ @@ -445,7 +410,7 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { } ] }, - "CNAME": { + "cname": { "value": [ { "cnameRecord": { @@ -455,7 +420,7 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { "roleAssignments": [ { "principalIds": [ - "<>" + "" ], "roleDefinitionIdOrName": "Reader" } @@ -467,7 +432,7 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { "lock": { "value": "CanNotDelete" }, - "MX": { + "mx": { "value": [ { "mxRecords": [ @@ -480,7 +445,7 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { "roleAssignments": [ { "principalIds": [ - "<>" + "" ], "roleDefinitionIdOrName": "Reader" } @@ -489,7 +454,7 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { } ] }, - "PTR": { + "ptr": { "value": [ { "name": "PTR_contoso", @@ -501,7 +466,7 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { "roleAssignments": [ { "principalIds": [ - "<>" + "" ], "roleDefinitionIdOrName": "Reader" } @@ -514,20 +479,20 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { "value": [ { "principalIds": [ - "<>" + "" ], "roleDefinitionIdOrName": "Reader" } ] }, - "SOA": { + "soa": { "value": [ { "name": "@", "roleAssignments": [ { "principalIds": [ - "<>" + "" ], "roleDefinitionIdOrName": "Reader" } @@ -545,14 +510,14 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { } ] }, - "SRV": { + "srv": { "value": [ { "name": "SRV_contoso", "roleAssignments": [ { "principalIds": [ - "<>" + "" ], "roleDefinitionIdOrName": "Reader" } @@ -569,14 +534,14 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { } ] }, - "TXT": { + "txt": { "value": [ { "name": "TXT_test", "roleAssignments": [ { "principalIds": [ - "<>" + "" ], "roleDefinitionIdOrName": "Reader" } @@ -596,7 +561,7 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { "value": [ { "registrationEnabled": true, - "virtualNetworkResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001" + "virtualNetworkResourceId": "" } ] } @@ -606,3 +571,40 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = {

+ +

Example 2: Min

+ +
+ +via Bicep module + +```bicep +module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-npdzmin' + params: { + name: '<>npdzmin001.com' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "<>npdzmin001.com" + } + } +} +``` + +
+