diff --git a/.github/workflows/ms.signalrservice.webpubsub.yml b/.github/workflows/ms.signalrservice.webpubsub.yml index c406c1479c..70b61b83ca 100644 --- a/.github/workflows/ms.signalrservice.webpubsub.yml +++ b/.github/workflows/ms.signalrservice.webpubsub.yml @@ -106,8 +106,7 @@ jobs: - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.resourceGroupName }}' subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/modules/Microsoft.SignalRService/webPubSub/.test/common/dependencies.bicep b/modules/Microsoft.SignalRService/webPubSub/.test/common/dependencies.bicep new file mode 100644 index 0000000000..8cabbbd616 --- /dev/null +++ b/modules/Microsoft.SignalRService/webPubSub/.test/common/dependencies.bicep @@ -0,0 +1,60 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + '10.0.0.0/16' + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: '10.0.0.0/24' + privateEndpointNetworkPolicies: 'Disabled' + privateLinkServiceNetworkPolicies: 'Enabled' + } + } + ] + } +} + +resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { + name: 'privatelink.webpubsub.azure.com' + location: 'global' + + resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { + name: '${virtualNetwork.name}-vnetlink' + location: 'global' + properties: { + virtualNetwork: { + id: virtualNetwork.id + } + registrationEnabled: false + } + } +} + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The resource ID of the created Private DNS Zone.') +output privateDNSResourceId string = privateDNSZone.id + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/modules/Microsoft.SignalRService/webPubSub/.test/common/deploy.test.bicep b/modules/Microsoft.SignalRService/webPubSub/.test/common/deploy.test.bicep new file mode 100644 index 0000000000..6cdde893e9 --- /dev/null +++ b/modules/Microsoft.SignalRService/webPubSub/.test/common/deploy.test.bicep @@ -0,0 +1,99 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'ms.signalrservice.webpubsub-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'srswpscom' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + virtualNetworkName: 'dep-<>-vnet-${serviceShort}' + managedIdentityName: 'dep-<>-msi-${serviceShort}' + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>-${serviceShort}-001' + capacity: 2 + clientCertEnabled: false + disableAadAuth: false + disableLocalAuth: true + location: location + lock: 'CanNotDelete' + networkAcls: { + defaultAction: 'Allow' + privateEndpoints: [ + { + allow: [] + deny: [ + 'ServerConnection' + 'Trace' + ] + name: 'pe-<>-${serviceShort}-001' + } + ] + publicNetwork: { + allow: [] + deny: [ + 'RESTAPI' + 'Trace' + ] + } + } + privateEndpoints: [ + { + privateDnsZoneGroup: { + privateDNSResourceIds: [ + resourceGroupResources.outputs.privateDNSResourceId + ] + } + service: 'webpubsub' + subnetResourceId: resourceGroupResources.outputs.subnetResourceId + } + ] + resourceLogConfigurationsToEnable: [ + 'ConnectivityLogs' + ] + roleAssignments: [ + { + principalIds: [ + resourceGroupResources.outputs.managedIdentityPrincipalId + ] + roleDefinitionIdOrName: 'Reader' + } + ] + sku: 'Standard_S1' + systemAssignedIdentity: true + tags: { + purpose: 'test' + } + } +} diff --git a/modules/Microsoft.SignalRService/webPubSub/.test/min.parameters.json b/modules/Microsoft.SignalRService/webPubSub/.test/min.parameters.json deleted file mode 100644 index 26f8284d23..0000000000 --- a/modules/Microsoft.SignalRService/webPubSub/.test/min.parameters.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-pubsub-min-001" - } - } -} diff --git a/modules/Microsoft.SignalRService/webPubSub/.test/min/deploy.test.bicep b/modules/Microsoft.SignalRService/webPubSub/.test/min/deploy.test.bicep new file mode 100644 index 0000000000..c64c5a6aba --- /dev/null +++ b/modules/Microsoft.SignalRService/webPubSub/.test/min/deploy.test.bicep @@ -0,0 +1,37 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'ms.signalrservice.webpubsub-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'srswpsmin' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>-${serviceShort}-001' + } +} diff --git a/modules/Microsoft.SignalRService/webPubSub/.test/parameters.json b/modules/Microsoft.SignalRService/webPubSub/.test/parameters.json deleted file mode 100644 index 60c04755a7..0000000000 --- a/modules/Microsoft.SignalRService/webPubSub/.test/parameters.json +++ /dev/null @@ -1,88 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "value": "westeurope" - }, - "name": { - "value": "<>-az-pubsub-x-001" - }, - "capacity": { - "value": 2 - }, - "clientCertEnabled": { - "value": false - }, - "disableAadAuth": { - "value": false - }, - "disableLocalAuth": { - "value": true - }, - "lock": { - "value": "CanNotDelete" - }, - "sku": { - "value": "Standard_S1" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "networkAcls": { - "value": { - "defaultAction": "Allow", - "privateEndpoints": [ - { - "name": "pe-<>-az-pubsub-x-001-webpubsub-0", - "allow": [], - "deny": [ - "ServerConnection", - "Trace" - ] - } - ], - "publicNetwork": { - "allow": [], - "deny": [ - "RESTAPI", - "Trace" - ] - } - } - }, - "systemAssignedIdentity": { - "value": true - }, - "tags": { - "value": { - "purpose": "test" - } - }, - "resourceLogConfigurationsToEnable": { - "value": [ - "ConnectivityLogs" - ] - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "webpubsub", - "privateDnsZoneGroup": { - "privateDNSResourceIds": [ - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.webpubsub.azure.com" - ] - } - } - ] - } - } -} diff --git a/modules/Microsoft.SignalRService/webPubSub/.test/pe.parameters.json b/modules/Microsoft.SignalRService/webPubSub/.test/pe.parameters.json deleted file mode 100644 index f016781db3..0000000000 --- a/modules/Microsoft.SignalRService/webPubSub/.test/pe.parameters.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-pubsub-pe-001" - }, - "sku": { - "value": "Standard_S1" - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "webpubsub", - "privateDnsZoneGroup": { - "privateDNSResourceIds": [ - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.webpubsub.azure.com" - ] - } - } - ] - } - } -} diff --git a/modules/Microsoft.SignalRService/webPubSub/.test/pe/dependencies.bicep b/modules/Microsoft.SignalRService/webPubSub/.test/pe/dependencies.bicep new file mode 100644 index 0000000000..8c5984bfdd --- /dev/null +++ b/modules/Microsoft.SignalRService/webPubSub/.test/pe/dependencies.bicep @@ -0,0 +1,49 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + '10.0.0.0/16' + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: '10.0.0.0/24' + privateEndpointNetworkPolicies: 'Disabled' + privateLinkServiceNetworkPolicies: 'Enabled' + } + } + ] + } +} + +resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { + name: 'privatelink.webpubsub.azure.com' + location: 'global' + + resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { + name: '${virtualNetwork.name}-vnetlink' + location: 'global' + properties: { + virtualNetwork: { + id: virtualNetwork.id + } + registrationEnabled: false + } + } +} + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The resource ID of the created Private DNS Zone.') +output privateDNSResourceId string = privateDNSZone.id diff --git a/modules/Microsoft.SignalRService/webPubSub/.test/pe/deploy.test.bicep b/modules/Microsoft.SignalRService/webPubSub/.test/pe/deploy.test.bicep new file mode 100644 index 0000000000..bace50e6c6 --- /dev/null +++ b/modules/Microsoft.SignalRService/webPubSub/.test/pe/deploy.test.bicep @@ -0,0 +1,57 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'ms.signalrservice.webpubsub-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'srswpspe' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + virtualNetworkName: 'dep-<>-vnet-${serviceShort}' + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>-${serviceShort}-001' + privateEndpoints: [ + { + privateDnsZoneGroup: { + privateDNSResourceIds: [ + resourceGroupResources.outputs.privateDNSResourceId + ] + } + service: 'webpubsub' + subnetResourceId: resourceGroupResources.outputs.subnetResourceId + } + ] + sku: 'Standard_S1' + } +} diff --git a/modules/Microsoft.SignalRService/webPubSub/readme.md b/modules/Microsoft.SignalRService/webPubSub/readme.md index eff2baf1da..221c67a759 100644 --- a/modules/Microsoft.SignalRService/webPubSub/readme.md +++ b/modules/Microsoft.SignalRService/webPubSub/readme.md @@ -363,7 +363,7 @@ The following module usage examples are retrieved from the content of the files >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Min

+

Example 1: Common

@@ -371,53 +371,16 @@ The following module usage examples are retrieved from the content of the files ```bicep module webPubSub './Microsoft.SignalRService/webPubSub/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-WebPubSub' - params: { - name: '<>-az-pubsub-min-001' - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-pubsub-min-001" - } - } -} -``` - -
-

- -

Example 2: Parameters

- -
- -via Bicep module - -```bicep -module webPubSub './Microsoft.SignalRService/webPubSub/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-WebPubSub' + name: '${uniqueString(deployment().name)}-test-srswpscom' params: { // Required parameters - name: '<>-az-pubsub-x-001' + name: '<>-srswpscom-001' // Non-required parameters capacity: 2 clientCertEnabled: false disableAadAuth: false disableLocalAuth: true - location: 'westeurope' + location: '' lock: 'CanNotDelete' networkAcls: { defaultAction: 'Allow' @@ -428,7 +391,7 @@ module webPubSub './Microsoft.SignalRService/webPubSub/deploy.bicep' = { 'ServerConnection' 'Trace' ] - name: 'pe-<>-az-pubsub-x-001-webpubsub-0' + name: 'pe-<>-srswpscom-001' } ] publicNetwork: { @@ -443,11 +406,11 @@ module webPubSub './Microsoft.SignalRService/webPubSub/deploy.bicep' = { { privateDnsZoneGroup: { privateDNSResourceIds: [ - '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.webpubsub.azure.com' + '' ] } service: 'webpubsub' - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' + subnetResourceId: '' } ] resourceLogConfigurationsToEnable: [ @@ -456,7 +419,7 @@ module webPubSub './Microsoft.SignalRService/webPubSub/deploy.bicep' = { roleAssignments: [ { principalIds: [ - '<>' + '' ] roleDefinitionIdOrName: 'Reader' } @@ -484,7 +447,7 @@ module webPubSub './Microsoft.SignalRService/webPubSub/deploy.bicep' = { "parameters": { // Required parameters "name": { - "value": "<>-az-pubsub-x-001" + "value": "<>-srswpscom-001" }, // Non-required parameters "capacity": { @@ -500,7 +463,7 @@ module webPubSub './Microsoft.SignalRService/webPubSub/deploy.bicep' = { "value": true }, "location": { - "value": "westeurope" + "value": "" }, "lock": { "value": "CanNotDelete" @@ -515,7 +478,7 @@ module webPubSub './Microsoft.SignalRService/webPubSub/deploy.bicep' = { "ServerConnection", "Trace" ], - "name": "pe-<>-az-pubsub-x-001-webpubsub-0" + "name": "pe-<>-srswpscom-001" } ], "publicNetwork": { @@ -532,11 +495,11 @@ module webPubSub './Microsoft.SignalRService/webPubSub/deploy.bicep' = { { "privateDnsZoneGroup": { "privateDNSResourceIds": [ - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.webpubsub.azure.com" + "" ] }, "service": "webpubsub", - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" + "subnetResourceId": "" } ] }, @@ -549,7 +512,7 @@ module webPubSub './Microsoft.SignalRService/webPubSub/deploy.bicep' = { "value": [ { "principalIds": [ - "<>" + "" ], "roleDefinitionIdOrName": "Reader" } @@ -573,6 +536,43 @@ module webPubSub './Microsoft.SignalRService/webPubSub/deploy.bicep' = {

+

Example 2: Min

+ +
+ +via Bicep module + +```bicep +module webPubSub './Microsoft.SignalRService/webPubSub/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-srswpsmin' + params: { + name: '<>-srswpsmin-001' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "<>-srswpsmin-001" + } + } +} +``` + +
+

+

Example 3: Pe

@@ -581,20 +581,20 @@ module webPubSub './Microsoft.SignalRService/webPubSub/deploy.bicep' = { ```bicep module webPubSub './Microsoft.SignalRService/webPubSub/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-WebPubSub' + name: '${uniqueString(deployment().name)}-test-srswpspe' params: { // Required parameters - name: '<>-az-pubsub-pe-001' + name: '<>-srswpspe-001' // Non-required parameters privateEndpoints: [ { privateDnsZoneGroup: { privateDNSResourceIds: [ - '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.webpubsub.azure.com' + '' ] } service: 'webpubsub' - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' + subnetResourceId: '' } ] sku: 'Standard_S1' @@ -616,7 +616,7 @@ module webPubSub './Microsoft.SignalRService/webPubSub/deploy.bicep' = { "parameters": { // Required parameters "name": { - "value": "<>-az-pubsub-pe-001" + "value": "<>-srswpspe-001" }, // Non-required parameters "privateEndpoints": { @@ -624,11 +624,11 @@ module webPubSub './Microsoft.SignalRService/webPubSub/deploy.bicep' = { { "privateDnsZoneGroup": { "privateDNSResourceIds": [ - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.webpubsub.azure.com" + "" ] }, "service": "webpubsub", - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" + "subnetResourceId": "" } ] },