From c0c2cc3109f47b1295aead7c68b13a0f1bca140a Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 30 Nov 2023 19:40:38 +0100 Subject: [PATCH 1/5] First draft --- modules/network/vpn-gateway/main.bicep | 52 +++++++++++++------ .../vpn-gateway/vpn-connection/main.bicep | 4 ++ 2 files changed, 41 insertions(+), 15 deletions(-) diff --git a/modules/network/vpn-gateway/main.bicep b/modules/network/vpn-gateway/main.bicep index 98d2495329..e4cef1131a 100644 --- a/modules/network/vpn-gateway/main.bicep +++ b/modules/network/vpn-gateway/main.bicep @@ -61,6 +61,28 @@ resource vpnGateway 'Microsoft.Network/vpnGateways@2023-04-01' = { enableBgpRouteTranslationForNat: enableBgpRouteTranslationForNat isRoutingPreferenceInternet: isRoutingPreferenceInternet vpnGatewayScaleUnit: vpnGatewayScaleUnit + connections: [for (connection, index) in vpnConnections: { + name: connection.name + properties: { + connectionBandwidth: connection.?connectionBandwidth + enableBgp: connection.?enableBgp + enableInternetSecurity: connection.?enableInternetSecurity + remoteVpnSite: contains(connection, 'remoteVpnSiteResourceId') ? { + id: connection.remoteVpnSiteResourceId + } : null + enableRateLimiting: connection.?enableRateLimiting + routingConfiguration: connection.?routingConfiguration + routingWeight: connection.?routingWeight + sharedKey: connection.?sharedKey + useLocalAzureIpAddress: connection.?useLocalAzureIpAddress + usePolicyBasedTrafficSelectors: connection.?usePolicyBasedTrafficSelectors + vpnConnectionProtocolType: connection.?vpnConnectionProtocolType + ipsecPolicies: connection.?ipsecPolicies + trafficSelectorPolicies: connection.?trafficSelectorPolicies + vpnLinkConnections: connection.?vpnLinkConnections + dpdTimeoutSeconds: connection.?dpdTimeoutSeconds + } + }] virtualHub: { id: virtualHubResourceId } @@ -95,21 +117,21 @@ module vpnGateway_vpnConnections 'vpn-connection/main.bicep' = [for (connection, params: { name: connection.name vpnGatewayName: vpnGateway.name - connectionBandwidth: contains(connection, 'connectionBandwidth') ? connection.connectionBandwidth : 10 - enableBgp: contains(connection, 'enableBgp') ? connection.enableBgp : false - enableInternetSecurity: contains(connection, 'enableInternetSecurity') ? connection.enableInternetSecurity : false - remoteVpnSiteResourceId: contains(connection, 'remoteVpnSiteResourceId') ? connection.remoteVpnSiteResourceId : '' - enableRateLimiting: contains(connection, 'enableRateLimiting') ? connection.enableRateLimiting : false - routingConfiguration: contains(connection, 'routingConfiguration') ? connection.routingConfiguration : {} - routingWeight: contains(connection, 'routingWeight') ? connection.routingWeight : 0 - sharedKey: contains(connection, 'sharedKey') ? connection.sharedKey : '' - useLocalAzureIpAddress: contains(connection, 'useLocalAzureIpAddress') ? connection.useLocalAzureIpAddress : false - usePolicyBasedTrafficSelectors: contains(connection, 'usePolicyBasedTrafficSelectors') ? connection.usePolicyBasedTrafficSelectors : false - vpnConnectionProtocolType: contains(connection, 'vpnConnectionProtocolType') ? connection.vpnConnectionProtocolType : 'IKEv2' - enableDefaultTelemetry: enableReferencedModulesTelemetry - ipsecPolicies: contains(connection, 'ipsecPolicies') ? connection.ipsecPolicies : [] - trafficSelectorPolicies: contains(connection, 'trafficSelectorPolicies') ? connection.trafficSelectorPolicies : [] - vpnLinkConnections: contains(connection, 'vpnLinkConnections') ? connection.vpnLinkConnections : [] + connectionBandwidth: connection.?connectionBandwidth + enableBgp: connection.?enableBgp + enableInternetSecurity: connection.?enableInternetSecurity + remoteVpnSiteResourceId: connection.?remoteVpnSiteResourceId + enableRateLimiting: connection.?enableRateLimiting + routingConfiguration: connection.?routingConfiguration + routingWeight: connection.?routingWeight + sharedKey: connection.?sharedKey + useLocalAzureIpAddress: connection.?useLocalAzureIpAddress + usePolicyBasedTrafficSelectors: connection.?usePolicyBasedTrafficSelectors + vpnConnectionProtocolType: connection.?vpnConnectionProtocolType + enableDefaultTelemetry: connection.?ipsecPolicies + trafficSelectorPolicies: connection.?trafficSelectorPolicies + vpnLinkConnections: connection.?vpnLinkConnections + dpdTimeoutSeconds connection.?dpdTimeoutSeconds } }] diff --git a/modules/network/vpn-gateway/vpn-connection/main.bicep b/modules/network/vpn-gateway/vpn-connection/main.bicep index 8a72835671..e76614499e 100644 --- a/modules/network/vpn-gateway/vpn-connection/main.bicep +++ b/modules/network/vpn-gateway/vpn-connection/main.bicep @@ -55,6 +55,9 @@ param sharedKey string = '' @description('Optional. Reference to a VPN site to link to.') param remoteVpnSiteResourceId string = '' +@description('Optional. DPD timeout in seconds for vpn connection.') +param dpdTimeoutSeconds int? + @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true @@ -94,6 +97,7 @@ resource vpnConnection 'Microsoft.Network/vpnGateways/vpnConnections@2023-04-01' usePolicyBasedTrafficSelectors: usePolicyBasedTrafficSelectors vpnConnectionProtocolType: vpnConnectionProtocolType vpnLinkConnections: vpnLinkConnections + dpdTimeoutSeconds: dpdTimeoutSeconds } } From aec76ee6a64bfbd3bb1ce3916301143ed691b2c5 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 30 Nov 2023 19:44:06 +0100 Subject: [PATCH 2/5] Refreshed files --- modules/network/vpn-gateway/main.bicep | 2 +- modules/network/vpn-gateway/main.json | 118 ++++++++++++++---- .../network/vpn-gateway/nat-rule/main.json | 4 +- .../vpn-gateway/vpn-connection/README.md | 8 ++ .../vpn-gateway/vpn-connection/main.json | 34 +++-- 5 files changed, 132 insertions(+), 34 deletions(-) diff --git a/modules/network/vpn-gateway/main.bicep b/modules/network/vpn-gateway/main.bicep index e4cef1131a..9c82680e12 100644 --- a/modules/network/vpn-gateway/main.bicep +++ b/modules/network/vpn-gateway/main.bicep @@ -131,7 +131,7 @@ module vpnGateway_vpnConnections 'vpn-connection/main.bicep' = [for (connection, enableDefaultTelemetry: connection.?ipsecPolicies trafficSelectorPolicies: connection.?trafficSelectorPolicies vpnLinkConnections: connection.?vpnLinkConnections - dpdTimeoutSeconds connection.?dpdTimeoutSeconds + dpdTimeoutSeconds: connection.?dpdTimeoutSeconds } }] diff --git a/modules/network/vpn-gateway/main.json b/modules/network/vpn-gateway/main.json index aefc4f89d9..4a28d65835 100644 --- a/modules/network/vpn-gateway/main.json +++ b/modules/network/vpn-gateway/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "8700890331432111745" + "templateHash": "1259873595132419366" }, "name": "VPN Gateways", "description": "This module deploys a VPN Gateway.", @@ -147,6 +147,32 @@ "location": "[parameters('location')]", "tags": "[parameters('tags')]", "properties": { + "copy": [ + { + "name": "connections", + "count": "[length(parameters('vpnConnections'))]", + "input": { + "name": "[parameters('vpnConnections')[copyIndex('connections')].name]", + "properties": { + "connectionBandwidth": "[tryGet(parameters('vpnConnections')[copyIndex('connections')], 'connectionBandwidth')]", + "enableBgp": "[tryGet(parameters('vpnConnections')[copyIndex('connections')], 'enableBgp')]", + "enableInternetSecurity": "[tryGet(parameters('vpnConnections')[copyIndex('connections')], 'enableInternetSecurity')]", + "remoteVpnSite": "[if(contains(parameters('vpnConnections')[copyIndex('connections')], 'remoteVpnSiteResourceId'), createObject('id', parameters('vpnConnections')[copyIndex('connections')].remoteVpnSiteResourceId), null())]", + "enableRateLimiting": "[tryGet(parameters('vpnConnections')[copyIndex('connections')], 'enableRateLimiting')]", + "routingConfiguration": "[tryGet(parameters('vpnConnections')[copyIndex('connections')], 'routingConfiguration')]", + "routingWeight": "[tryGet(parameters('vpnConnections')[copyIndex('connections')], 'routingWeight')]", + "sharedKey": "[tryGet(parameters('vpnConnections')[copyIndex('connections')], 'sharedKey')]", + "useLocalAzureIpAddress": "[tryGet(parameters('vpnConnections')[copyIndex('connections')], 'useLocalAzureIpAddress')]", + "usePolicyBasedTrafficSelectors": "[tryGet(parameters('vpnConnections')[copyIndex('connections')], 'usePolicyBasedTrafficSelectors')]", + "vpnConnectionProtocolType": "[tryGet(parameters('vpnConnections')[copyIndex('connections')], 'vpnConnectionProtocolType')]", + "ipsecPolicies": "[tryGet(parameters('vpnConnections')[copyIndex('connections')], 'ipsecPolicies')]", + "trafficSelectorPolicies": "[tryGet(parameters('vpnConnections')[copyIndex('connections')], 'trafficSelectorPolicies')]", + "vpnLinkConnections": "[tryGet(parameters('vpnConnections')[copyIndex('connections')], 'vpnLinkConnections')]", + "dpdTimeoutSeconds": "[tryGet(parameters('vpnConnections')[copyIndex('connections')], 'dpdTimeoutSeconds')]" + } + } + } + ], "bgpSettings": "[parameters('bgpSettings')]", "enableBgpRouteTranslationForNat": "[parameters('enableBgpRouteTranslationForNat')]", "isRoutingPreferenceInternet": "[parameters('isRoutingPreferenceInternet')]", @@ -355,32 +381,61 @@ "vpnGatewayName": { "value": "[parameters('name')]" }, - "connectionBandwidth": "[if(contains(parameters('vpnConnections')[copyIndex()], 'connectionBandwidth'), createObject('value', parameters('vpnConnections')[copyIndex()].connectionBandwidth), createObject('value', 10))]", - "enableBgp": "[if(contains(parameters('vpnConnections')[copyIndex()], 'enableBgp'), createObject('value', parameters('vpnConnections')[copyIndex()].enableBgp), createObject('value', false()))]", - "enableInternetSecurity": "[if(contains(parameters('vpnConnections')[copyIndex()], 'enableInternetSecurity'), createObject('value', parameters('vpnConnections')[copyIndex()].enableInternetSecurity), createObject('value', false()))]", - "remoteVpnSiteResourceId": "[if(contains(parameters('vpnConnections')[copyIndex()], 'remoteVpnSiteResourceId'), createObject('value', parameters('vpnConnections')[copyIndex()].remoteVpnSiteResourceId), createObject('value', ''))]", - "enableRateLimiting": "[if(contains(parameters('vpnConnections')[copyIndex()], 'enableRateLimiting'), createObject('value', parameters('vpnConnections')[copyIndex()].enableRateLimiting), createObject('value', false()))]", - "routingConfiguration": "[if(contains(parameters('vpnConnections')[copyIndex()], 'routingConfiguration'), createObject('value', parameters('vpnConnections')[copyIndex()].routingConfiguration), createObject('value', createObject()))]", - "routingWeight": "[if(contains(parameters('vpnConnections')[copyIndex()], 'routingWeight'), createObject('value', parameters('vpnConnections')[copyIndex()].routingWeight), createObject('value', 0))]", - "sharedKey": "[if(contains(parameters('vpnConnections')[copyIndex()], 'sharedKey'), createObject('value', parameters('vpnConnections')[copyIndex()].sharedKey), createObject('value', ''))]", - "useLocalAzureIpAddress": "[if(contains(parameters('vpnConnections')[copyIndex()], 'useLocalAzureIpAddress'), createObject('value', parameters('vpnConnections')[copyIndex()].useLocalAzureIpAddress), createObject('value', false()))]", - "usePolicyBasedTrafficSelectors": "[if(contains(parameters('vpnConnections')[copyIndex()], 'usePolicyBasedTrafficSelectors'), createObject('value', parameters('vpnConnections')[copyIndex()].usePolicyBasedTrafficSelectors), createObject('value', false()))]", - "vpnConnectionProtocolType": "[if(contains(parameters('vpnConnections')[copyIndex()], 'vpnConnectionProtocolType'), createObject('value', parameters('vpnConnections')[copyIndex()].vpnConnectionProtocolType), createObject('value', 'IKEv2'))]", + "connectionBandwidth": { + "value": "[tryGet(parameters('vpnConnections')[copyIndex()], 'connectionBandwidth')]" + }, + "enableBgp": { + "value": "[tryGet(parameters('vpnConnections')[copyIndex()], 'enableBgp')]" + }, + "enableInternetSecurity": { + "value": "[tryGet(parameters('vpnConnections')[copyIndex()], 'enableInternetSecurity')]" + }, + "remoteVpnSiteResourceId": { + "value": "[tryGet(parameters('vpnConnections')[copyIndex()], 'remoteVpnSiteResourceId')]" + }, + "enableRateLimiting": { + "value": "[tryGet(parameters('vpnConnections')[copyIndex()], 'enableRateLimiting')]" + }, + "routingConfiguration": { + "value": "[tryGet(parameters('vpnConnections')[copyIndex()], 'routingConfiguration')]" + }, + "routingWeight": { + "value": "[tryGet(parameters('vpnConnections')[copyIndex()], 'routingWeight')]" + }, + "sharedKey": { + "value": "[tryGet(parameters('vpnConnections')[copyIndex()], 'sharedKey')]" + }, + "useLocalAzureIpAddress": { + "value": "[tryGet(parameters('vpnConnections')[copyIndex()], 'useLocalAzureIpAddress')]" + }, + "usePolicyBasedTrafficSelectors": { + "value": "[tryGet(parameters('vpnConnections')[copyIndex()], 'usePolicyBasedTrafficSelectors')]" + }, + "vpnConnectionProtocolType": { + "value": "[tryGet(parameters('vpnConnections')[copyIndex()], 'vpnConnectionProtocolType')]" + }, "enableDefaultTelemetry": { - "value": "[variables('enableReferencedModulesTelemetry')]" + "value": "[tryGet(parameters('vpnConnections')[copyIndex()], 'ipsecPolicies')]" }, - "ipsecPolicies": "[if(contains(parameters('vpnConnections')[copyIndex()], 'ipsecPolicies'), createObject('value', parameters('vpnConnections')[copyIndex()].ipsecPolicies), createObject('value', createArray()))]", - "trafficSelectorPolicies": "[if(contains(parameters('vpnConnections')[copyIndex()], 'trafficSelectorPolicies'), createObject('value', parameters('vpnConnections')[copyIndex()].trafficSelectorPolicies), createObject('value', createArray()))]", - "vpnLinkConnections": "[if(contains(parameters('vpnConnections')[copyIndex()], 'vpnLinkConnections'), createObject('value', parameters('vpnConnections')[copyIndex()].vpnLinkConnections), createObject('value', createArray()))]" + "trafficSelectorPolicies": { + "value": "[tryGet(parameters('vpnConnections')[copyIndex()], 'trafficSelectorPolicies')]" + }, + "vpnLinkConnections": { + "value": "[tryGet(parameters('vpnConnections')[copyIndex()], 'vpnLinkConnections')]" + }, + "dpdTimeoutSeconds": { + "value": "[tryGet(parameters('vpnConnections')[copyIndex()], 'dpdTimeoutSeconds')]" + } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "6383697389251029881" + "templateHash": "14722022986555703365" }, "name": "VPN Gateway VPN Connections", "description": "This module deploys a VPN Gateway VPN Connection.", @@ -501,6 +556,13 @@ "description": "Optional. Reference to a VPN site to link to." } }, + "dpdTimeoutSeconds": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. DPD timeout in seconds for vpn connection." + } + }, "enableDefaultTelemetry": { "type": "bool", "defaultValue": true, @@ -509,8 +571,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -524,7 +586,13 @@ } } }, - { + "vpnGateway": { + "existing": true, + "type": "Microsoft.Network/vpnGateways", + "apiVersion": "2023-04-01", + "name": "[parameters('vpnGatewayName')]" + }, + "vpnConnection": { "type": "Microsoft.Network/vpnGateways/vpnConnections", "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', parameters('vpnGatewayName'), parameters('name'))]", @@ -542,10 +610,14 @@ "useLocalAzureIpAddress": "[parameters('useLocalAzureIpAddress')]", "usePolicyBasedTrafficSelectors": "[parameters('usePolicyBasedTrafficSelectors')]", "vpnConnectionProtocolType": "[parameters('vpnConnectionProtocolType')]", - "vpnLinkConnections": "[parameters('vpnLinkConnections')]" - } + "vpnLinkConnections": "[parameters('vpnLinkConnections')]", + "dpdTimeoutSeconds": "[parameters('dpdTimeoutSeconds')]" + }, + "dependsOn": [ + "vpnGateway" + ] } - ], + }, "outputs": { "name": { "type": "string", diff --git a/modules/network/vpn-gateway/nat-rule/main.json b/modules/network/vpn-gateway/nat-rule/main.json index 9be53d2e0d..2e03c8868b 100644 --- a/modules/network/vpn-gateway/nat-rule/main.json +++ b/modules/network/vpn-gateway/nat-rule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "4165642550711844737" + "version": "0.23.1.45101", + "templateHash": "2150556463317760652" }, "name": "VPN Gateway NAT Rules", "description": "This module deploys a VPN Gateway NAT Rule.", diff --git a/modules/network/vpn-gateway/vpn-connection/README.md b/modules/network/vpn-gateway/vpn-connection/README.md index 5b7275f37e..5ea3c31fc1 100644 --- a/modules/network/vpn-gateway/vpn-connection/README.md +++ b/modules/network/vpn-gateway/vpn-connection/README.md @@ -35,6 +35,7 @@ This module deploys a VPN Gateway VPN Connection. | Parameter | Type | Description | | :-- | :-- | :-- | | [`connectionBandwidth`](#parameter-connectionbandwidth) | int | Expected bandwidth in MBPS. | +| [`dpdTimeoutSeconds`](#parameter-dpdtimeoutseconds) | int | DPD timeout in seconds for vpn connection. | | [`enableBgp`](#parameter-enablebgp) | bool | Enable BGP flag. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`enableInternetSecurity`](#parameter-enableinternetsecurity) | bool | Enable internet security. | @@ -72,6 +73,13 @@ Expected bandwidth in MBPS. - Type: int - Default: `10` +### Parameter: `dpdTimeoutSeconds` + +DPD timeout in seconds for vpn connection. + +- Required: No +- Type: int + ### Parameter: `enableBgp` Enable BGP flag. diff --git a/modules/network/vpn-gateway/vpn-connection/main.json b/modules/network/vpn-gateway/vpn-connection/main.json index a4ad3b7923..ee2ba7fd0b 100644 --- a/modules/network/vpn-gateway/vpn-connection/main.json +++ b/modules/network/vpn-gateway/vpn-connection/main.json @@ -1,11 +1,12 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "13660788048333105050" + "version": "0.23.1.45101", + "templateHash": "14722022986555703365" }, "name": "VPN Gateway VPN Connections", "description": "This module deploys a VPN Gateway VPN Connection.", @@ -126,6 +127,13 @@ "description": "Optional. Reference to a VPN site to link to." } }, + "dpdTimeoutSeconds": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. DPD timeout in seconds for vpn connection." + } + }, "enableDefaultTelemetry": { "type": "bool", "defaultValue": true, @@ -134,8 +142,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -149,7 +157,13 @@ } } }, - { + "vpnGateway": { + "existing": true, + "type": "Microsoft.Network/vpnGateways", + "apiVersion": "2023-04-01", + "name": "[parameters('vpnGatewayName')]" + }, + "vpnConnection": { "type": "Microsoft.Network/vpnGateways/vpnConnections", "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', parameters('vpnGatewayName'), parameters('name'))]", @@ -167,10 +181,14 @@ "useLocalAzureIpAddress": "[parameters('useLocalAzureIpAddress')]", "usePolicyBasedTrafficSelectors": "[parameters('usePolicyBasedTrafficSelectors')]", "vpnConnectionProtocolType": "[parameters('vpnConnectionProtocolType')]", - "vpnLinkConnections": "[parameters('vpnLinkConnections')]" - } + "vpnLinkConnections": "[parameters('vpnLinkConnections')]", + "dpdTimeoutSeconds": "[parameters('dpdTimeoutSeconds')]" + }, + "dependsOn": [ + "vpnGateway" + ] } - ], + }, "outputs": { "name": { "type": "string", From b114d3c334ee08cf47769e059e154d95ef57f9ac Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 2 Dec 2023 16:58:27 +0100 Subject: [PATCH 3/5] Update to latest --- modules/network/vpn-gateway/tests/e2e/defaults/main.test.bicep | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/network/vpn-gateway/tests/e2e/defaults/main.test.bicep b/modules/network/vpn-gateway/tests/e2e/defaults/main.test.bicep index 49411aaf37..9d7badf03d 100644 --- a/modules/network/vpn-gateway/tests/e2e/defaults/main.test.bicep +++ b/modules/network/vpn-gateway/tests/e2e/defaults/main.test.bicep @@ -56,4 +56,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' name: '${namePrefix}${serviceShort}001' virtualHubResourceId: nestedDependencies.outputs.virtualHubResourceId } + dependsOn: [ + nestedDependencies + ] }] From e6ce47f36140cba7c2521766b1df42b92876f475 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 2 Dec 2023 17:01:33 +0100 Subject: [PATCH 4/5] Update to latest --- modules/network/vpn-gateway/main.bicep | 2 - modules/network/vpn-gateway/main.json | 40 +++++-------------- .../vpn-gateway/vpn-connection/README.md | 8 ---- .../vpn-gateway/vpn-connection/main.bicep | 4 -- .../vpn-gateway/vpn-connection/main.json | 32 ++++----------- 5 files changed, 16 insertions(+), 70 deletions(-) diff --git a/modules/network/vpn-gateway/main.bicep b/modules/network/vpn-gateway/main.bicep index 9c82680e12..943525aca2 100644 --- a/modules/network/vpn-gateway/main.bicep +++ b/modules/network/vpn-gateway/main.bicep @@ -80,7 +80,6 @@ resource vpnGateway 'Microsoft.Network/vpnGateways@2023-04-01' = { ipsecPolicies: connection.?ipsecPolicies trafficSelectorPolicies: connection.?trafficSelectorPolicies vpnLinkConnections: connection.?vpnLinkConnections - dpdTimeoutSeconds: connection.?dpdTimeoutSeconds } }] virtualHub: { @@ -131,7 +130,6 @@ module vpnGateway_vpnConnections 'vpn-connection/main.bicep' = [for (connection, enableDefaultTelemetry: connection.?ipsecPolicies trafficSelectorPolicies: connection.?trafficSelectorPolicies vpnLinkConnections: connection.?vpnLinkConnections - dpdTimeoutSeconds: connection.?dpdTimeoutSeconds } }] diff --git a/modules/network/vpn-gateway/main.json b/modules/network/vpn-gateway/main.json index 4a28d65835..07ddb84961 100644 --- a/modules/network/vpn-gateway/main.json +++ b/modules/network/vpn-gateway/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "1259873595132419366" + "templateHash": "12893789800987585694" }, "name": "VPN Gateways", "description": "This module deploys a VPN Gateway.", @@ -167,8 +167,7 @@ "vpnConnectionProtocolType": "[tryGet(parameters('vpnConnections')[copyIndex('connections')], 'vpnConnectionProtocolType')]", "ipsecPolicies": "[tryGet(parameters('vpnConnections')[copyIndex('connections')], 'ipsecPolicies')]", "trafficSelectorPolicies": "[tryGet(parameters('vpnConnections')[copyIndex('connections')], 'trafficSelectorPolicies')]", - "vpnLinkConnections": "[tryGet(parameters('vpnConnections')[copyIndex('connections')], 'vpnLinkConnections')]", - "dpdTimeoutSeconds": "[tryGet(parameters('vpnConnections')[copyIndex('connections')], 'dpdTimeoutSeconds')]" + "vpnLinkConnections": "[tryGet(parameters('vpnConnections')[copyIndex('connections')], 'vpnLinkConnections')]" } } } @@ -422,20 +421,16 @@ }, "vpnLinkConnections": { "value": "[tryGet(parameters('vpnConnections')[copyIndex()], 'vpnLinkConnections')]" - }, - "dpdTimeoutSeconds": { - "value": "[tryGet(parameters('vpnConnections')[copyIndex()], 'dpdTimeoutSeconds')]" } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "14722022986555703365" + "templateHash": "6383697389251029881" }, "name": "VPN Gateway VPN Connections", "description": "This module deploys a VPN Gateway VPN Connection.", @@ -556,13 +551,6 @@ "description": "Optional. Reference to a VPN site to link to." } }, - "dpdTimeoutSeconds": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. DPD timeout in seconds for vpn connection." - } - }, "enableDefaultTelemetry": { "type": "bool", "defaultValue": true, @@ -571,8 +559,8 @@ } } }, - "resources": { - "defaultTelemetry": { + "resources": [ + { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -586,13 +574,7 @@ } } }, - "vpnGateway": { - "existing": true, - "type": "Microsoft.Network/vpnGateways", - "apiVersion": "2023-04-01", - "name": "[parameters('vpnGatewayName')]" - }, - "vpnConnection": { + { "type": "Microsoft.Network/vpnGateways/vpnConnections", "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', parameters('vpnGatewayName'), parameters('name'))]", @@ -610,14 +592,10 @@ "useLocalAzureIpAddress": "[parameters('useLocalAzureIpAddress')]", "usePolicyBasedTrafficSelectors": "[parameters('usePolicyBasedTrafficSelectors')]", "vpnConnectionProtocolType": "[parameters('vpnConnectionProtocolType')]", - "vpnLinkConnections": "[parameters('vpnLinkConnections')]", - "dpdTimeoutSeconds": "[parameters('dpdTimeoutSeconds')]" - }, - "dependsOn": [ - "vpnGateway" - ] + "vpnLinkConnections": "[parameters('vpnLinkConnections')]" + } } - }, + ], "outputs": { "name": { "type": "string", diff --git a/modules/network/vpn-gateway/vpn-connection/README.md b/modules/network/vpn-gateway/vpn-connection/README.md index 5ea3c31fc1..5b7275f37e 100644 --- a/modules/network/vpn-gateway/vpn-connection/README.md +++ b/modules/network/vpn-gateway/vpn-connection/README.md @@ -35,7 +35,6 @@ This module deploys a VPN Gateway VPN Connection. | Parameter | Type | Description | | :-- | :-- | :-- | | [`connectionBandwidth`](#parameter-connectionbandwidth) | int | Expected bandwidth in MBPS. | -| [`dpdTimeoutSeconds`](#parameter-dpdtimeoutseconds) | int | DPD timeout in seconds for vpn connection. | | [`enableBgp`](#parameter-enablebgp) | bool | Enable BGP flag. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`enableInternetSecurity`](#parameter-enableinternetsecurity) | bool | Enable internet security. | @@ -73,13 +72,6 @@ Expected bandwidth in MBPS. - Type: int - Default: `10` -### Parameter: `dpdTimeoutSeconds` - -DPD timeout in seconds for vpn connection. - -- Required: No -- Type: int - ### Parameter: `enableBgp` Enable BGP flag. diff --git a/modules/network/vpn-gateway/vpn-connection/main.bicep b/modules/network/vpn-gateway/vpn-connection/main.bicep index e76614499e..8a72835671 100644 --- a/modules/network/vpn-gateway/vpn-connection/main.bicep +++ b/modules/network/vpn-gateway/vpn-connection/main.bicep @@ -55,9 +55,6 @@ param sharedKey string = '' @description('Optional. Reference to a VPN site to link to.') param remoteVpnSiteResourceId string = '' -@description('Optional. DPD timeout in seconds for vpn connection.') -param dpdTimeoutSeconds int? - @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true @@ -97,7 +94,6 @@ resource vpnConnection 'Microsoft.Network/vpnGateways/vpnConnections@2023-04-01' usePolicyBasedTrafficSelectors: usePolicyBasedTrafficSelectors vpnConnectionProtocolType: vpnConnectionProtocolType vpnLinkConnections: vpnLinkConnections - dpdTimeoutSeconds: dpdTimeoutSeconds } } diff --git a/modules/network/vpn-gateway/vpn-connection/main.json b/modules/network/vpn-gateway/vpn-connection/main.json index ee2ba7fd0b..84a6dfdf0b 100644 --- a/modules/network/vpn-gateway/vpn-connection/main.json +++ b/modules/network/vpn-gateway/vpn-connection/main.json @@ -1,12 +1,11 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "14722022986555703365" + "templateHash": "6383697389251029881" }, "name": "VPN Gateway VPN Connections", "description": "This module deploys a VPN Gateway VPN Connection.", @@ -127,13 +126,6 @@ "description": "Optional. Reference to a VPN site to link to." } }, - "dpdTimeoutSeconds": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. DPD timeout in seconds for vpn connection." - } - }, "enableDefaultTelemetry": { "type": "bool", "defaultValue": true, @@ -142,8 +134,8 @@ } } }, - "resources": { - "defaultTelemetry": { + "resources": [ + { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -157,13 +149,7 @@ } } }, - "vpnGateway": { - "existing": true, - "type": "Microsoft.Network/vpnGateways", - "apiVersion": "2023-04-01", - "name": "[parameters('vpnGatewayName')]" - }, - "vpnConnection": { + { "type": "Microsoft.Network/vpnGateways/vpnConnections", "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', parameters('vpnGatewayName'), parameters('name'))]", @@ -181,14 +167,10 @@ "useLocalAzureIpAddress": "[parameters('useLocalAzureIpAddress')]", "usePolicyBasedTrafficSelectors": "[parameters('usePolicyBasedTrafficSelectors')]", "vpnConnectionProtocolType": "[parameters('vpnConnectionProtocolType')]", - "vpnLinkConnections": "[parameters('vpnLinkConnections')]", - "dpdTimeoutSeconds": "[parameters('dpdTimeoutSeconds')]" - }, - "dependsOn": [ - "vpnGateway" - ] + "vpnLinkConnections": "[parameters('vpnLinkConnections')]" + } } - }, + ], "outputs": { "name": { "type": "string", From 2ac4a7a4dca11585927b57c8eed0c361316be4f2 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 2 Dec 2023 21:26:06 +0100 Subject: [PATCH 5/5] Update to latest --- modules/network/vpn-gateway/tests/e2e/defaults/main.test.bicep | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/network/vpn-gateway/tests/e2e/defaults/main.test.bicep b/modules/network/vpn-gateway/tests/e2e/defaults/main.test.bicep index 9d7badf03d..49411aaf37 100644 --- a/modules/network/vpn-gateway/tests/e2e/defaults/main.test.bicep +++ b/modules/network/vpn-gateway/tests/e2e/defaults/main.test.bicep @@ -56,7 +56,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' name: '${namePrefix}${serviceShort}001' virtualHubResourceId: nestedDependencies.outputs.virtualHubResourceId } - dependsOn: [ - nestedDependencies - ] }]