From e24c7ac054c6ae80c7039881a33486a8b7444a0f Mon Sep 17 00:00:00 2001 From: Marius Date: Sun, 7 Nov 2021 19:47:23 +0100 Subject: [PATCH 01/26] Moved flowLogs to be child of NetworkWatcher --- .../flowLogs}/.bicep/nested_cuaId.bicep | 0 .../flowLogs}/.parameters/parameters.json | 0 .../flowLogs}/deploy.bicep | 0 .../flowLogs}/readme.md | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename arm/Microsoft.Network/{networkWatcherFlowLogs => networkWatchers/flowLogs}/.bicep/nested_cuaId.bicep (100%) rename arm/Microsoft.Network/{networkWatcherFlowLogs => networkWatchers/flowLogs}/.parameters/parameters.json (100%) rename arm/Microsoft.Network/{networkWatcherFlowLogs => networkWatchers/flowLogs}/deploy.bicep (100%) rename arm/Microsoft.Network/{networkWatcherFlowLogs => networkWatchers/flowLogs}/readme.md (100%) diff --git a/arm/Microsoft.Network/networkWatcherFlowLogs/.bicep/nested_cuaId.bicep b/arm/Microsoft.Network/networkWatchers/flowLogs/.bicep/nested_cuaId.bicep similarity index 100% rename from arm/Microsoft.Network/networkWatcherFlowLogs/.bicep/nested_cuaId.bicep rename to arm/Microsoft.Network/networkWatchers/flowLogs/.bicep/nested_cuaId.bicep diff --git a/arm/Microsoft.Network/networkWatcherFlowLogs/.parameters/parameters.json b/arm/Microsoft.Network/networkWatchers/flowLogs/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/networkWatcherFlowLogs/.parameters/parameters.json rename to arm/Microsoft.Network/networkWatchers/flowLogs/.parameters/parameters.json diff --git a/arm/Microsoft.Network/networkWatcherFlowLogs/deploy.bicep b/arm/Microsoft.Network/networkWatchers/flowLogs/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/networkWatcherFlowLogs/deploy.bicep rename to arm/Microsoft.Network/networkWatchers/flowLogs/deploy.bicep diff --git a/arm/Microsoft.Network/networkWatcherFlowLogs/readme.md b/arm/Microsoft.Network/networkWatchers/flowLogs/readme.md similarity index 100% rename from arm/Microsoft.Network/networkWatcherFlowLogs/readme.md rename to arm/Microsoft.Network/networkWatchers/flowLogs/readme.md From 617b474331309ddfb4427a6b3a655eb40e06dda0 Mon Sep 17 00:00:00 2001 From: Marius Date: Sun, 7 Nov 2021 19:47:59 +0100 Subject: [PATCH 02/26] Remove child resource workflow --- .../ms.network.networkwatcherflowlogs.yml | 216 ------------------ 1 file changed, 216 deletions(-) delete mode 100644 .github/workflows/ms.network.networkwatcherflowlogs.yml diff --git a/.github/workflows/ms.network.networkwatcherflowlogs.yml b/.github/workflows/ms.network.networkwatcherflowlogs.yml deleted file mode 100644 index ca3d4eb6f9..0000000000 --- a/.github/workflows/ms.network.networkwatcherflowlogs.yml +++ /dev/null @@ -1,216 +0,0 @@ -name: 'Network: Networkwatcherflowlogs' - -on: - workflow_dispatch: - inputs: - removeDeployment: - description: 'Remove deployed module' - required: false - default: 'true' - versioningOption: - description: 'The mode to handle the version increments [major|minor|patch]' - required: false - default: 'patch' - customVersion: - description: 'Custom version to apply. Used only if higher than latest' - required: false - default: '0.0.1' - push: - branches: - - main - paths: - - '.github/actions/templates/**' - - '.github/workflows/ms.network.networkwatcherflowlogs.yml' - - 'arm/Microsoft.Network/networkWatcherFlowLogs/**' - - '!arm/Microsoft.Network/networkWatcherFlowLogs/readme.md' - -env: - moduleName: 'networkWatcherFlowLogs' - modulePath: 'arm/Microsoft.Network/networkWatcherFlowLogs' - workflowPath: '.github/workflows/ms.network.networkwatcherflowlogs.yml' - AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} - ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} - ARM_MGMTGROUP_ID: ${{ secrets.ARM_MGMTGROUP_ID }} - -jobs: - ############################ - # SET INPUT PARAMETERS # - ############################ - job_set_workflow_param: - runs-on: ubuntu-20.04 - name: 'Set input parameters to output variables' - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Set input parameters' - id: get-workflow-param - uses: ./.github/actions/templates/getWorkflowInput - with: - workflowPath: '${{ env.workflowPath}}' - outputs: - removeDeployment: ${{ steps.get-workflow-param.outputs.removeDeployment }} - versioningOption: ${{ steps.get-workflow-param.outputs.versioningOption }} - customVersion: ${{ steps.get-workflow-param.outputs.customVersion }} - - ################## - # UNIT TESTS # - ################## - # Global tests - # ------------ - job_tests_module_global: - runs-on: ubuntu-20.04 - name: 'Run global module tests' - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Test module' - uses: ./.github/actions/templates/validateModuleGeneral - with: - modulePath: '${{ env.modulePath }}' - moduleName: '${{ env.moduleName}}' - - # Global API tests - # ---------------- - job_tests_module_global_api: - runs-on: ubuntu-20.04 - name: 'Run global API module tests' - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Test module' - uses: ./.github/actions/templates/validateModuleApis - with: - modulePath: '${{ env.modulePath }}' - moduleName: '${{ env.moduleName}}' - - # Validate deployment module tests - # -------------------------------- - job_tests_module_deploy_validate: - runs-on: ubuntu-20.04 - name: 'Run deployment validation module tests' - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: deep-mm/set-variables@v1.0 - with: - # Name of variable file - variableFileName: 'variables.module' # Don't write .json here - - name: 'Test module' - uses: ./.github/actions/templates/validateModuleDeploy - with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - parameterFilePath: '${{ env.modulePath }}/.parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - - #################### - # DEPLOY TESTS # - #################### - job_deploy_module: - runs-on: ubuntu-20.04 - name: 'Deploy module' - needs: - - job_set_workflow_param - - job_tests_module_global - - job_tests_module_global_api - - job_tests_module_deploy_validate - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: deep-mm/set-variables@v1.0 - with: - # Name of variable file - variableFileName: 'variables.module' # Don't write .json here - - name: 'Deploy module' - uses: ./.github/actions/templates/deployModule - with: - moduleName: '${{ env.moduleName }}' - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - parameterFilePath: '${{ env.modulePath }}/.parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ needs.job_set_workflow_param.outputs.removeDeployment }}' - - ############### - # PUBLISH # - ############### - job_publish_module: - name: 'Publish module' - if: contains(fromJson('["refs/heads/main", "refs/heads/master"]'), github.ref) - runs-on: ubuntu-20.04 - needs: - - job_set_workflow_param - - job_deploy_module - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: deep-mm/set-variables@v1.0 - with: - # Name of variable file - variableFileName: 'variables.module' # Don't write .json here - - name: 'Publish module' - uses: ./.github/actions/templates/publishModule - with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - versioningOption: '${{ needs.job_set_workflow_param.outputs.versioningOption }}' - customVersion: '${{ needs.job_set_workflow_param.outputs.customVersion }}' - templateSpecsRGName: '${{ env.templateSpecsRGName }}' - templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' - templateSpecsDescription: '${{ env.templateSpecsDescription }}' - templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' - bicepRegistryName: '${{ env.bicepRegistryName }}' - bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' - bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' - - ############## - # REMOVE # - ############## - job_remove_module: - runs-on: ubuntu-20.04 - name: 'Remove module' - if: ${{ always() && !cancelled() && needs.job_set_workflow_param.outputs.removeDeployment == 'true' && (contains(needs.*.result, 'success') || contains(needs.*.result, 'failure')) }} - needs: - - job_deploy_module - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: deep-mm/set-variables@v1.0 - with: - # Name of variable file - variableFileName: 'variables.module' # Don't write .json here - - name: 'Remove module' - uses: ./.github/actions/templates/removeModule - with: - moduleName: '${{ env.moduleName }}' - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - resourceGroupName: '${{ env.resourceGroupName }}' From 05f22e8183134ea40b9c96d275a614d3c4ff3b3a Mon Sep 17 00:00:00 2001 From: Marius Date: Sun, 7 Nov 2021 23:48:28 +0100 Subject: [PATCH 03/26] Restructure networkWatcher, flowlogs and connectionmonitors --- .../workflows/ms.network.networkwatchers.yml | 8 +- .../.parameters/min.parameters.json | 6 ++ .../.parameters/parameters.json | 20 ++++- .../.bicep/nested_cuaId.bicep | 1 + .../connectionMonitors/deploy.bicep | 90 +++++++++++++++++++ .../connectionMonitors/readme.md | 45 ++++++++++ .../networkWatchers/deploy.bicep | 69 +++++++------- .../flowLogs/.parameters/parameters.json | 36 -------- .../networkWatchers/flowLogs/deploy.bicep | 66 +++++++------- .../networkWatchers/flowLogs/readme.md | 24 +++-- 10 files changed, 244 insertions(+), 121 deletions(-) create mode 100644 arm/Microsoft.Network/networkWatchers/.parameters/min.parameters.json create mode 100644 arm/Microsoft.Network/networkWatchers/connectionMonitors/.bicep/nested_cuaId.bicep create mode 100644 arm/Microsoft.Network/networkWatchers/connectionMonitors/deploy.bicep create mode 100644 arm/Microsoft.Network/networkWatchers/connectionMonitors/readme.md delete mode 100644 arm/Microsoft.Network/networkWatchers/flowLogs/.parameters/parameters.json diff --git a/.github/workflows/ms.network.networkwatchers.yml b/.github/workflows/ms.network.networkwatchers.yml index 26cd840039..631db3d663 100644 --- a/.github/workflows/ms.network.networkwatchers.yml +++ b/.github/workflows/ms.network.networkwatchers.yml @@ -16,8 +16,8 @@ on: required: false default: '0.0.1' push: - branches: - - main + #branches: + # - main paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.networkwatchers.yml' @@ -97,7 +97,7 @@ jobs: strategy: fail-fast: false matrix: - parameterFilePaths: ['parameters.json'] + parameterFilePaths: ['parameters.json', 'min.parameters.json'] steps: - name: 'Checkout' uses: actions/checkout@v2 @@ -132,7 +132,7 @@ jobs: strategy: fail-fast: false matrix: - parameterFilePaths: ['parameters.json'] + parameterFilePaths: ['parameters.json', 'min.parameters.json'] steps: - name: 'Checkout' uses: actions/checkout@v2 diff --git a/arm/Microsoft.Network/networkWatchers/.parameters/min.parameters.json b/arm/Microsoft.Network/networkWatchers/.parameters/min.parameters.json new file mode 100644 index 0000000000..281531feda --- /dev/null +++ b/arm/Microsoft.Network/networkWatchers/.parameters/min.parameters.json @@ -0,0 +1,6 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + } +} diff --git a/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json b/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json index 5e823ee6bd..f147113026 100644 --- a/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json +++ b/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json @@ -2,9 +2,27 @@ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", "contentVersion": "1.0.0.0", "parameters": { - "networkWatcherName": { + "name": { "value": "adp-sxx-az-nw-x-001" }, + "flowLogs": { + "value": [ + { + "targetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/networkSecurityGroups/adp-sxx-az-nsg-x-001", + "storageId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" + }, + { + "name": "adp-sxx-az-nsg-x-apgw-flowlog", + "targetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/networkSecurityGroups/adp-sxx-az-nsg-x-apgw", + "storageId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001", + "workspaceResourceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-la-x-001", + "enabled": false, + "formatVersion": 1, + "trafficAnalyticsInterval": 10, + "retentionInDays": 8 + } + ] + }, "roleAssignments": { "value": [ { diff --git a/arm/Microsoft.Network/networkWatchers/connectionMonitors/.bicep/nested_cuaId.bicep b/arm/Microsoft.Network/networkWatchers/connectionMonitors/.bicep/nested_cuaId.bicep new file mode 100644 index 0000000000..8b13789179 --- /dev/null +++ b/arm/Microsoft.Network/networkWatchers/connectionMonitors/.bicep/nested_cuaId.bicep @@ -0,0 +1 @@ + diff --git a/arm/Microsoft.Network/networkWatchers/connectionMonitors/deploy.bicep b/arm/Microsoft.Network/networkWatchers/connectionMonitors/deploy.bicep new file mode 100644 index 0000000000..699649e5bd --- /dev/null +++ b/arm/Microsoft.Network/networkWatchers/connectionMonitors/deploy.bicep @@ -0,0 +1,90 @@ +@description('Optional. Name of the network watcher resource. Must be in the resource group where the Flow log will be created and same region as the NSG') +param networkWatcherName string = 'NetworkWatcher_${resourceGroup().location}' + +@description('Optional. Name of the resource.') +param name string + +@description('Optional. List of connection monitor endpoints.') +param endpoints array = [] + +@description('Optional. List of connection monitor test configurations.') +param testConfigurations array = [] + +@description('Optional. List of connection monitor test groups.') +param testGroups array = [] + +@description('Optional. Monitoring interval in seconds.') +param monitoringInterval int = 30 + +@description('Optional. Address of the connection monitor destination (IP or domain name).') +param destinationAddress string + +@description('Optional. The destination port used by connection monitor.') +param destinationPort int = 80 + +@description('Optional. The ID of the resource used as the destination by connection monitor.') +param destinationResourceId string = '' + +@description('Required. The ID of the resource used as the source by connection monitor.') +param sourceResourceId string + +@description('Optional. The source port used by connection monitor.') +param sourcePort int = 80 + +@description('Optional. The ID of the resource used as the source by connection monitor.') +param notes string = '' + +@description('Optional. Tags of the resource.') +param tags object = {} + +@description('Optional. Specify the Log Analytics Workspace Resource ID') +param workspaceResourceId string = '' + +@description('Optional. Customer Usage Attribution id (GUID). This GUID must be previously registered') +param cuaId string = '' + +var outputs = !empty(workspaceResourceId) ? [ + { + type: 'Workspace' + workspaceSettings: { + workspaceResourceId: workspaceResourceId + } + } +] : null + +module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { + name: 'pid-${cuaId}' + params: {} +} + +resource connectionMonitor 'Microsoft.Network/networkWatchers/connectionMonitors@2021-03-01' = { + name: '${networkWatcherName}/${name}' + tags: tags + properties: { + autoStart: false + destination: { + address: destinationAddress + port: destinationPort + resourceId: destinationResourceId + } + monitoringIntervalInSeconds: monitoringInterval + notes: notes + source: { + resourceId: sourceResourceId + port: sourcePort + } + endpoints: !empty(endpoints) ? endpoints : null + testConfigurations: !empty(testConfigurations) ? testConfigurations : null + testGroups: !empty(testGroups) ? testGroups : null + outputs: outputs + } +} + +@description('The name of the deployed connection monitor') +output connectionMonitorName string = connectionMonitor.name + +@description('The resourceId of the deployed connection monitor') +output connectionMonitorResourceId string = connectionMonitor.id + +@description('The resource group the connection monitor was deployed into') +output connectionMonitorResourceGroup string = resourceGroup().name diff --git a/arm/Microsoft.Network/networkWatchers/connectionMonitors/readme.md b/arm/Microsoft.Network/networkWatchers/connectionMonitors/readme.md new file mode 100644 index 0000000000..4f1501cdc9 --- /dev/null +++ b/arm/Microsoft.Network/networkWatchers/connectionMonitors/readme.md @@ -0,0 +1,45 @@ +# NetworkNetworkwatchersConnectionmonitors `[Microsoft.Network/networkWatchers/connectionMonitors]` + +// TODO: Replace Resource and fill in description + +## Resource Types + +| Resource Type | Api Version | +| :-- | :-- | +| `Microsoft.Network/networkWatchers/connectionMonitors` | 2021-03-01 | + +## Parameters + +| Parameter Name | Type | Default Value | Possible Values | Description | +| :-- | :-- | :-- | :-- | :-- | +| `cuaId` | string | | | Optional. Customer Usage Attribution id (GUID). This GUID must be previously registered | +| `destinationAddress` | string | | | Optional. Address of the connection monitor destination (IP or domain name). | +| `destinationPort` | int | `80` | | Optional. The destination port used by connection monitor. | +| `destinationResourceId` | string | | | Optional. The ID of the resource used as the destination by connection monitor. | +| `endpoints` | array | `[]` | | Optional. List of connection monitor endpoints. | +| `monitoringInterval` | int | `30` | | Optional. Monitoring interval in seconds. | +| `name` | string | | | Optional. Name of the resource. | +| `networkWatcherName` | string | `[format('NetworkWatcher_{0}', resourceGroup().location)]` | | Optional. Name of the network watcher resource. Must be in the resource group where the Flow log will be created and same region as the NSG | +| `notes` | string | | | Optional. The ID of the resource used as the source by connection monitor. | +| `sourcePort` | int | `80` | | Optional. The source port used by connection monitor. | +| `sourceResourceId` | string | | | Required. The ID of the resource used as the source by connection monitor. | +| `tags` | object | `{object}` | | Optional. Tags of the resource. | +| `testConfigurations` | array | `[]` | | Optional. List of connection monitor test configurations. | +| `testGroups` | array | `[]` | | Optional. List of connection monitor test groups. | +| `workspaceResourceId` | string | | | Optional. Specify the Log Analytics Workspace Resource ID | + +### Parameter Usage: `` + +// TODO: Fill in Parameter usage + +## Outputs + +| Output Name | Type | Description | +| :-- | :-- | :-- | +| `connectionMonitorName` | string | The name of the deployed connection monitor | +| `connectionMonitorResourceGroup` | string | The resource group the connection monitor was deployed into | +| `connectionMonitorResourceId` | string | The resourceId of the deployed connection monitor | + +## Template references + +- [Networkwatchers/Connectionmonitors](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/networkWatchers/connectionMonitors) diff --git a/arm/Microsoft.Network/networkWatchers/deploy.bicep b/arm/Microsoft.Network/networkWatchers/deploy.bicep index 19eb26e5dd..986882e1e3 100644 --- a/arm/Microsoft.Network/networkWatchers/deploy.bicep +++ b/arm/Microsoft.Network/networkWatchers/deploy.bicep @@ -1,15 +1,15 @@ @description('Required. Name of the Network Watcher resource (hidden)') @minLength(1) -param networkWatcherName string = '' +param networkWatcherName string = 'NetworkWatcher_${location}' @description('Optional. Location for all resources.') param location string = resourceGroup().location -@description('Optional. Array that contains the monitors') -param monitors array = [] +@description('Optional. Array that contains the Connection Monitors') +param connectionMonitors array = [] -@description('Optional. Specify the Workspace Resource ID') -param workspaceResourceId string = '' +@description('Optional. Array that contains the Flow Logs') +param flowLogs array = [] @allowed([ 'CanNotDelete' @@ -28,36 +28,16 @@ param tags object = {} @description('Optional. Customer Usage Attribution id (GUID). This GUID must be previously registered') param cuaId string = '' -var outputs = [ - { - type: 'Workspace' - workspaceSettings: { - workspaceResourceId: workspaceResourceId - } - } -] - module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { name: 'pid-${cuaId}' params: {} } resource networkWatcher 'Microsoft.Network/networkWatchers@2021-02-01' = { - location: location name: networkWatcherName + location: location + tags: tags properties: {} - - resource connectionMonitors 'connectionMonitors@2021-02-01' = [for monitor in monitors: { - name: monitor.connectionMonitorName - location: location - tags: tags - properties: { - endpoints: !empty(monitors) ? monitor.endpoints : null - testConfigurations: !empty(monitors) ? monitor.testConfigurations : null - testGroups: !empty(monitors) ? monitor.testGroups : null - outputs: !empty(workspaceResourceId) ? outputs : null - } - }] } resource networkWatcher_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { @@ -77,11 +57,38 @@ module networkWatcher_rbac '.bicep/nested_rbac.bicep' = [for (roleAssignment, in } }] -@description('The resource group the network watcher was deployed into') -output networkWatcherResourceGroup string = resourceGroup().name +module networkWatcher_connectionMonitors 'connectionMonitors/deploy.bicep' = [for connectionMonitor in connectionMonitors: { + name: connectionMonitor.name + params: { + networkWatcherName: networkWatcher.name + name: connectionMonitor.name + endpoints: contains(connectionMonitor, 'endpoints') ? connectionMonitor.endpoints : null + testConfigurations: contains(connectionMonitor, 'testConfigurations') ? connectionMonitor.testConfigurations : null + testGroups: contains(connectionMonitor, 'testGroups') ? connectionMonitor.testGroups : null + workspaceResourceId: contains(connectionMonitor, 'workspaceResourceId') ? connectionMonitor.workspaceResourceId : null + } +}] -@description('The resourceId of the deployed network watcher') -output networkWatcherResourceId string = networkWatcher.id +module networkWatcher_flowLogs 'flowLogs/deploy.bicep' = [for (flowLog, index) in flowLogs: { + name: '${deployment().name}-flowLog-${index}' + params: { + networkWatcherName: networkWatcher.name + name: contains(flowLog, 'name') ? flowLog.name : null + storageId: flowLog.storageId + targetResourceId: flowLog.targetResourceId + formatVersion: contains(flowLog, 'formatVersion') ? flowLog.formatVersion : null + enabled: contains(flowLog, 'enabled') ? flowLog.enabled : null + retentionInDays: contains(flowLog, 'retentionInDays') ? flowLog.retentionInDays : null + trafficAnalyticsInterval: contains(flowLog, 'trafficAnalyticsInterval') ? flowLog.trafficAnalyticsInterval : null + workspaceResourceId: contains(flowLog, 'workspaceResourceId') ? flowLog.workspaceResourceId : null + } +}] @description('The name of the deployed network watcher') output networkWatcherName string = networkWatcher.name + +@description('The resourceId of the deployed network watcher') +output networkWatcherResourceId string = networkWatcher.id + +@description('The resource group the network watcher was deployed into') +output networkWatcherResourceGroup string = resourceGroup().name diff --git a/arm/Microsoft.Network/networkWatchers/flowLogs/.parameters/parameters.json b/arm/Microsoft.Network/networkWatchers/flowLogs/.parameters/parameters.json deleted file mode 100644 index 53f6efdc2a..0000000000 --- a/arm/Microsoft.Network/networkWatchers/flowLogs/.parameters/parameters.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "networkWatcherName": { - "value": "adp-sxx-az-nw-x-001" - }, - "networkSecurityGroupResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/networkSecurityGroups/adp-sxx-az-nsg-x-001" - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" - }, - "retentionEnabled": { - "value": false - }, - "flowLogEnabled": { - "value": true - }, - "logFormatVersion": { - "value": 2 - }, - "flowLogIntervalInMinutes": { - "value": 10 - }, - "retentionInDays": { - "value": 8 - }, - "flowAnalyticsEnabled": { - "value": false - }, - "workspaceResourceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-la-x-001" - } - } -} diff --git a/arm/Microsoft.Network/networkWatchers/flowLogs/deploy.bicep b/arm/Microsoft.Network/networkWatchers/flowLogs/deploy.bicep index aaf1a42f01..a0b7fa5555 100644 --- a/arm/Microsoft.Network/networkWatchers/flowLogs/deploy.bicep +++ b/arm/Microsoft.Network/networkWatchers/flowLogs/deploy.bicep @@ -1,35 +1,29 @@ -@description('Optional. Location for all resources.') -param location string = resourceGroup().location +@description('Optional. Name of the network watcher resource. Must be in the resource group where the Flow log will be created and same region as the NSG') +param networkWatcherName string = 'NetworkWatcher_${resourceGroup().location}' + +@description('Optional. Name of the resource.') +param name string = '${last(split(targetResourceId, '/'))}-${split(targetResourceId, '/')[4]}-flowlog' @description('Optional. Tags of the resource.') param tags object = {} -@description('Required. Name of the network watcher resource. Must be in the resource group where the Flow log will be created and same region as the NSG') -param networkWatcherName string - @description('Required. Resource ID of the NSG that must be enabled for Flow Logs.') -param networkSecurityGroupResourceId string +param targetResourceId string @description('Required. Resource identifier of the Diagnostic Storage Account.') -param diagnosticStorageAccountId string - -@description('Optional. If the flow log retention should be enabled') -param retentionEnabled bool = true +param storageId string @description('Optional. If the flow log should be enabled') -param flowLogEnabled bool = true +param enabled bool = true @description('Optional. The flow log format version') @allowed([ 1 2 ]) -param logFormatVersion int = 2 - -@description('Optional. Enables/disables flow analytics. If Flow Analytics was previously enabled, workspaceResourceID is mandatory (even when disabling it)') -param flowAnalyticsEnabled bool = false +param formatVersion int = 2 -@description('Optional. Resource identifier of Log Analytics.') +@description('Optional. Specify the Log Analytics Workspace Resource ID') param workspaceResourceId string = '' @description('Optional. The interval in minutes which would decide how frequently TA service should do flow analytics.') @@ -37,7 +31,7 @@ param workspaceResourceId string = '' 10 60 ]) -param flowLogIntervalInMinutes int = 60 +param trafficAnalyticsInterval int = 60 @description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') @minValue(0) @@ -47,13 +41,15 @@ param retentionInDays int = 365 @description('Optional. Customer Usage Attribution id (GUID). This GUID must be previously registered') param cuaId string = '' -var nsgName = split(networkSecurityGroupResourceId, '/')[8] -var fullFlowLogName = '${networkWatcherName}/${uniqueString(nsgName)}' -var flowAnalyticsConfig = { +var flowAnalyticsConfiguration = !empty(workspaceResourceId) ? { networkWatcherFlowAnalyticsConfiguration: { - enabled: flowAnalyticsEnabled + enabled: true workspaceResourceId: workspaceResourceId - trafficAnalyticsInterval: flowLogIntervalInMinutes + trafficAnalyticsInterval: trafficAnalyticsInterval + } +} : { + networkWatcherFlowAnalyticsConfiguration: { + enabled: false } } @@ -62,31 +58,29 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource flowLog 'Microsoft.Network/networkWatchers/flowLogs@2021-05-01' = { - name: fullFlowLogName - location: location +resource flowLog 'Microsoft.Network/networkWatchers/flowLogs@2021-03-01' = { + name: '${networkWatcherName}/${name}' tags: tags properties: { - targetResourceId: networkSecurityGroupResourceId - storageId: diagnosticStorageAccountId - enabled: flowLogEnabled + targetResourceId: targetResourceId + storageId: storageId + enabled: enabled retentionPolicy: { days: retentionInDays - enabled: retentionEnabled + enabled: retentionInDays == 0 ? false : true } format: { type: 'JSON' - version: logFormatVersion + version: formatVersion } - flowAnalyticsConfiguration: empty(workspaceResourceId) ? null : flowAnalyticsConfig + flowAnalyticsConfiguration: flowAnalyticsConfiguration } } - -@description('The resource group the flow log was deployed into') -output flowLogResourceGroup string = resourceGroup().name +@description('The name of the flow log') +output flowLogName string = flowLog.name @description('The resourceId of the flow log') output flowLogResourceId string = flowLog.id -@description('The name of the flow log') -output flowLogName string = flowLog.name +@description('The resource group the flow log was deployed into') +output flowLogResourceGroup string = resourceGroup().name diff --git a/arm/Microsoft.Network/networkWatchers/flowLogs/readme.md b/arm/Microsoft.Network/networkWatchers/flowLogs/readme.md index b387af3c9b..8f40332154 100644 --- a/arm/Microsoft.Network/networkWatchers/flowLogs/readme.md +++ b/arm/Microsoft.Network/networkWatchers/flowLogs/readme.md @@ -1,4 +1,4 @@ -# NSG Flow Logs `[Microsoft.Network/networkWatcherFlowLogs]` +# NSG Flow Logs `[Microsoft.Network/networkWatchers/flowLogs]` This module controls the Network Security Group Flow Logs and analytics settings **Note: this module must be run on the Resource Group where Network Watcher is deployed** @@ -7,25 +7,23 @@ This module controls the Network Security Group Flow Logs and analytics settings | Resource Type | Api Version | | :-- | :-- | -| `Microsoft.Network/networkWatchers/flowLogs` | 2021-05-01 | +| `Microsoft.Network/networkWatchers/flowLogs` | 2021-03-01 | ## Parameters | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution id (GUID). This GUID must be previously registered | -| `diagnosticStorageAccountId` | string | | | Required. Resource identifier of the Diagnostic Storage Account. | -| `flowAnalyticsEnabled` | bool | | | Optional. Enables/disables flow analytics. If Flow Analytics was previously enabled, workspaceResourceID is mandatory (even when disabling it) | -| `flowLogEnabled` | bool | `True` | | Optional. If the flow log should be enabled | -| `flowLogIntervalInMinutes` | int | `60` | `[10, 60]` | Optional. The interval in minutes which would decide how frequently TA service should do flow analytics. | -| `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | -| `logFormatVersion` | int | `2` | `[1, 2]` | Optional. The flow log format version | -| `networkSecurityGroupResourceId` | string | | | Required. Resource ID of the NSG that must be enabled for Flow Logs. | -| `networkWatcherName` | string | | | Required. Name of the network watcher resource. Must be in the resource group where the Flow log will be created and same region as the NSG | -| `retentionEnabled` | bool | `True` | | Optional. If the flow log retention should be enabled | +| `enabled` | bool | `True` | | Optional. If the flow log should be enabled | +| `formatVersion` | int | `2` | `[1, 2]` | Optional. The flow log format version | +| `name` | string | `[format('{0}-{1}-flowlog', last(split(parameters('targetResourceId'), '/')), split(parameters('targetResourceId'), '/')[4])]` | | Optional. Name of the resource. | +| `networkWatcherName` | string | `[format('NetworkWatcher_{0}', resourceGroup().location)]` | | Optional. Name of the network watcher resource. Must be in the resource group where the Flow log will be created and same region as the NSG | | `retentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | +| `storageId` | string | | | Required. Resource identifier of the Diagnostic Storage Account. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | -| `workspaceResourceId` | string | | | Optional. Resource identifier of Log Analytics. | +| `targetResourceId` | string | | | Required. Resource ID of the NSG that must be enabled for Flow Logs. | +| `trafficAnalyticsInterval` | int | `60` | `[10, 60]` | Optional. The interval in minutes which would decide how frequently TA service should do flow analytics. | +| `workspaceResourceId` | string | | | Optional. Specify the Log Analytics Workspace Resource ID | ### Parameter Usage: `tags` @@ -54,4 +52,4 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Networkwatchers/Flowlogs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/networkWatchers/flowLogs) +- [Networkwatchers/Flowlogs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/networkWatchers/flowLogs) From ddda112488b973ed230449d8a94e23eb34766a3b Mon Sep 17 00:00:00 2001 From: Marius Date: Sun, 7 Nov 2021 23:55:57 +0100 Subject: [PATCH 04/26] Add required params --- .../networkWatchers/deploy.bicep | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/arm/Microsoft.Network/networkWatchers/deploy.bicep b/arm/Microsoft.Network/networkWatchers/deploy.bicep index 986882e1e3..3f3757acb7 100644 --- a/arm/Microsoft.Network/networkWatchers/deploy.bicep +++ b/arm/Microsoft.Network/networkWatchers/deploy.bicep @@ -60,9 +60,16 @@ module networkWatcher_rbac '.bicep/nested_rbac.bicep' = [for (roleAssignment, in module networkWatcher_connectionMonitors 'connectionMonitors/deploy.bicep' = [for connectionMonitor in connectionMonitors: { name: connectionMonitor.name params: { - networkWatcherName: networkWatcher.name - name: connectionMonitor.name + destinationAddress: connectionMonitor.destinationAddress + destinationPort: contains(connectionMonitor, 'destinationPort') ? connectionMonitor.destinationPort : null + destinationResourceId: contains(connectionMonitor, 'destinationResourceId') ? connectionMonitor.destinationResourceId : null endpoints: contains(connectionMonitor, 'endpoints') ? connectionMonitor.endpoints : null + monitoringInterval: contains(connectionMonitor, 'monitoringInterval') ? connectionMonitor.monitoringInterval : null + name: connectionMonitor.name + networkWatcherName: networkWatcher.name + notes: contains(connectionMonitor, 'notes') ? connectionMonitor.notes : null + sourcePort: contains(connectionMonitor, 'sourcePort') ? connectionMonitor.sourcePort : null + sourceResourceId: connectionMonitor.sourceResourceId testConfigurations: contains(connectionMonitor, 'testConfigurations') ? connectionMonitor.testConfigurations : null testGroups: contains(connectionMonitor, 'testGroups') ? connectionMonitor.testGroups : null workspaceResourceId: contains(connectionMonitor, 'workspaceResourceId') ? connectionMonitor.workspaceResourceId : null @@ -72,13 +79,13 @@ module networkWatcher_connectionMonitors 'connectionMonitors/deploy.bicep' = [fo module networkWatcher_flowLogs 'flowLogs/deploy.bicep' = [for (flowLog, index) in flowLogs: { name: '${deployment().name}-flowLog-${index}' params: { - networkWatcherName: networkWatcher.name + enabled: contains(flowLog, 'enabled') ? flowLog.enabled : null + formatVersion: contains(flowLog, 'formatVersion') ? flowLog.formatVersion : null name: contains(flowLog, 'name') ? flowLog.name : null + networkWatcherName: networkWatcher.name + retentionInDays: contains(flowLog, 'retentionInDays') ? flowLog.retentionInDays : null storageId: flowLog.storageId targetResourceId: flowLog.targetResourceId - formatVersion: contains(flowLog, 'formatVersion') ? flowLog.formatVersion : null - enabled: contains(flowLog, 'enabled') ? flowLog.enabled : null - retentionInDays: contains(flowLog, 'retentionInDays') ? flowLog.retentionInDays : null trafficAnalyticsInterval: contains(flowLog, 'trafficAnalyticsInterval') ? flowLog.trafficAnalyticsInterval : null workspaceResourceId: contains(flowLog, 'workspaceResourceId') ? flowLog.workspaceResourceId : null } From b4819b6020ecbb1e2cb0a5dbd614898f8512dea3 Mon Sep 17 00:00:00 2001 From: Marius Date: Mon, 8 Nov 2021 00:03:26 +0100 Subject: [PATCH 05/26] fix parameters --- arm/Microsoft.Network/networkWatchers/deploy.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arm/Microsoft.Network/networkWatchers/deploy.bicep b/arm/Microsoft.Network/networkWatchers/deploy.bicep index 3f3757acb7..12abf17073 100644 --- a/arm/Microsoft.Network/networkWatchers/deploy.bicep +++ b/arm/Microsoft.Network/networkWatchers/deploy.bicep @@ -1,6 +1,6 @@ @description('Required. Name of the Network Watcher resource (hidden)') @minLength(1) -param networkWatcherName string = 'NetworkWatcher_${location}' +param name string = 'NetworkWatcher_${location}' @description('Optional. Location for all resources.') param location string = resourceGroup().location @@ -34,7 +34,7 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { } resource networkWatcher 'Microsoft.Network/networkWatchers@2021-02-01' = { - name: networkWatcherName + name: name location: location tags: tags properties: {} From fad1b32951f2ea53620cd0d81c88fe5c832e8ed0 Mon Sep 17 00:00:00 2001 From: Marius Date: Mon, 8 Nov 2021 00:32:20 +0100 Subject: [PATCH 06/26] test new params --- .../networkWatchers/deploy.bicep | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/arm/Microsoft.Network/networkWatchers/deploy.bicep b/arm/Microsoft.Network/networkWatchers/deploy.bicep index 12abf17073..161a0be017 100644 --- a/arm/Microsoft.Network/networkWatchers/deploy.bicep +++ b/arm/Microsoft.Network/networkWatchers/deploy.bicep @@ -61,8 +61,8 @@ module networkWatcher_connectionMonitors 'connectionMonitors/deploy.bicep' = [fo name: connectionMonitor.name params: { destinationAddress: connectionMonitor.destinationAddress - destinationPort: contains(connectionMonitor, 'destinationPort') ? connectionMonitor.destinationPort : null - destinationResourceId: contains(connectionMonitor, 'destinationResourceId') ? connectionMonitor.destinationResourceId : null + destinationPort: contains(connectionMonitor, 'destinationPort') ? connectionMonitor.destinationPort : 80 + destinationResourceId: contains(connectionMonitor, 'destinationResourceId') ? connectionMonitor.destinationResourceId : '' endpoints: contains(connectionMonitor, 'endpoints') ? connectionMonitor.endpoints : null monitoringInterval: contains(connectionMonitor, 'monitoringInterval') ? connectionMonitor.monitoringInterval : null name: connectionMonitor.name @@ -79,15 +79,15 @@ module networkWatcher_connectionMonitors 'connectionMonitors/deploy.bicep' = [fo module networkWatcher_flowLogs 'flowLogs/deploy.bicep' = [for (flowLog, index) in flowLogs: { name: '${deployment().name}-flowLog-${index}' params: { - enabled: contains(flowLog, 'enabled') ? flowLog.enabled : null - formatVersion: contains(flowLog, 'formatVersion') ? flowLog.formatVersion : null - name: contains(flowLog, 'name') ? flowLog.name : null + enabled: contains(flowLog, 'enabled') ? flowLog.enabled : json('null') + formatVersion: contains(flowLog, 'formatVersion') ? flowLog.formatVersion : 2 + name: contains(flowLog, 'name') ? flowLog.name : '${last(split(flowLog.targetResourceId, '/'))}-${split(flowLog.targetResourceId, '/')[4]}-flowlog' networkWatcherName: networkWatcher.name - retentionInDays: contains(flowLog, 'retentionInDays') ? flowLog.retentionInDays : null + retentionInDays: contains(flowLog, 'retentionInDays') ? flowLog.retentionInDays : 365 storageId: flowLog.storageId targetResourceId: flowLog.targetResourceId - trafficAnalyticsInterval: contains(flowLog, 'trafficAnalyticsInterval') ? flowLog.trafficAnalyticsInterval : null - workspaceResourceId: contains(flowLog, 'workspaceResourceId') ? flowLog.workspaceResourceId : null + trafficAnalyticsInterval: contains(flowLog, 'trafficAnalyticsInterval') ? flowLog.trafficAnalyticsInterval : 60 + workspaceResourceId: contains(flowLog, 'workspaceResourceId') ? flowLog.workspaceResourceId : '' } }] From c9807edd36eba52613310ae3fec6d3c4537ad3d7 Mon Sep 17 00:00:00 2001 From: Marius Date: Mon, 8 Nov 2021 00:35:52 +0100 Subject: [PATCH 07/26] test with default parameters --- .../networkWatchers/deploy.bicep | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/arm/Microsoft.Network/networkWatchers/deploy.bicep b/arm/Microsoft.Network/networkWatchers/deploy.bicep index 161a0be017..73fd428a42 100644 --- a/arm/Microsoft.Network/networkWatchers/deploy.bicep +++ b/arm/Microsoft.Network/networkWatchers/deploy.bicep @@ -63,23 +63,23 @@ module networkWatcher_connectionMonitors 'connectionMonitors/deploy.bicep' = [fo destinationAddress: connectionMonitor.destinationAddress destinationPort: contains(connectionMonitor, 'destinationPort') ? connectionMonitor.destinationPort : 80 destinationResourceId: contains(connectionMonitor, 'destinationResourceId') ? connectionMonitor.destinationResourceId : '' - endpoints: contains(connectionMonitor, 'endpoints') ? connectionMonitor.endpoints : null - monitoringInterval: contains(connectionMonitor, 'monitoringInterval') ? connectionMonitor.monitoringInterval : null + endpoints: contains(connectionMonitor, 'endpoints') ? connectionMonitor.endpoints : [] + monitoringInterval: contains(connectionMonitor, 'monitoringInterval') ? connectionMonitor.monitoringInterval : 30 name: connectionMonitor.name networkWatcherName: networkWatcher.name - notes: contains(connectionMonitor, 'notes') ? connectionMonitor.notes : null - sourcePort: contains(connectionMonitor, 'sourcePort') ? connectionMonitor.sourcePort : null + notes: contains(connectionMonitor, 'notes') ? connectionMonitor.notes : '' + sourcePort: contains(connectionMonitor, 'sourcePort') ? connectionMonitor.sourcePort : 80 sourceResourceId: connectionMonitor.sourceResourceId - testConfigurations: contains(connectionMonitor, 'testConfigurations') ? connectionMonitor.testConfigurations : null - testGroups: contains(connectionMonitor, 'testGroups') ? connectionMonitor.testGroups : null - workspaceResourceId: contains(connectionMonitor, 'workspaceResourceId') ? connectionMonitor.workspaceResourceId : null + testConfigurations: contains(connectionMonitor, 'testConfigurations') ? connectionMonitor.testConfigurations : [] + testGroups: contains(connectionMonitor, 'testGroups') ? connectionMonitor.testGroups : [] + workspaceResourceId: contains(connectionMonitor, 'workspaceResourceId') ? connectionMonitor.workspaceResourceId : '' } }] module networkWatcher_flowLogs 'flowLogs/deploy.bicep' = [for (flowLog, index) in flowLogs: { name: '${deployment().name}-flowLog-${index}' params: { - enabled: contains(flowLog, 'enabled') ? flowLog.enabled : json('null') + enabled: contains(flowLog, 'enabled') ? flowLog.enabled : true formatVersion: contains(flowLog, 'formatVersion') ? flowLog.formatVersion : 2 name: contains(flowLog, 'name') ? flowLog.name : '${last(split(flowLog.targetResourceId, '/'))}-${split(flowLog.targetResourceId, '/')[4]}-flowlog' networkWatcherName: networkWatcher.name From fc3692570b8b523c03332e4add6bcd41c90ba921 Mon Sep 17 00:00:00 2001 From: Marius Date: Mon, 8 Nov 2021 00:41:18 +0100 Subject: [PATCH 08/26] fix minimum parameters to go to a different location --- .../networkWatchers/.parameters/min.parameters.json | 3 +++ .../networkWatchers/.parameters/parameters.json | 3 +++ 2 files changed, 6 insertions(+) diff --git a/arm/Microsoft.Network/networkWatchers/.parameters/min.parameters.json b/arm/Microsoft.Network/networkWatchers/.parameters/min.parameters.json index 281531feda..78acbb0c7e 100644 --- a/arm/Microsoft.Network/networkWatchers/.parameters/min.parameters.json +++ b/arm/Microsoft.Network/networkWatchers/.parameters/min.parameters.json @@ -2,5 +2,8 @@ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", "contentVersion": "1.0.0.0", "parameters": { + "location": { + "value": "northeurope" + } } } diff --git a/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json b/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json index f147113026..02c6cb6ec5 100644 --- a/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json +++ b/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json @@ -5,6 +5,9 @@ "name": { "value": "adp-sxx-az-nw-x-001" }, + "location": { + "value": "westeurope" + }, "flowLogs": { "value": [ { From 8514b462ba9fbc590a3a5f8de1bf9132d49d16a1 Mon Sep 17 00:00:00 2001 From: Marius Date: Mon, 8 Nov 2021 00:42:08 +0100 Subject: [PATCH 09/26] rmeoved location from full params --- .../networkWatchers/.parameters/parameters.json | 3 --- 1 file changed, 3 deletions(-) diff --git a/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json b/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json index 02c6cb6ec5..f147113026 100644 --- a/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json +++ b/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json @@ -5,9 +5,6 @@ "name": { "value": "adp-sxx-az-nw-x-001" }, - "location": { - "value": "westeurope" - }, "flowLogs": { "value": [ { From 8ed2c182e673ed3fe4973ba5ad5de292eccf3e35 Mon Sep 17 00:00:00 2001 From: Marius Date: Mon, 8 Nov 2021 00:45:27 +0100 Subject: [PATCH 10/26] update readme --- arm/Microsoft.Network/networkWatchers/readme.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/arm/Microsoft.Network/networkWatchers/readme.md b/arm/Microsoft.Network/networkWatchers/readme.md index c8608b9cdb..f9495ca6af 100644 --- a/arm/Microsoft.Network/networkWatchers/readme.md +++ b/arm/Microsoft.Network/networkWatchers/readme.md @@ -9,20 +9,21 @@ This template deploys Network Watcher. | `Microsoft.Authorization/locks` | 2016-09-01 | | `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | | `Microsoft.Network/networkWatchers` | 2021-02-01 | -| `Microsoft.Network/networkWatchers/connectionMonitors` | 2021-02-01 | +| `Microsoft.Network/networkWatchers/connectionMonitors` | 2021-03-01 | +| `Microsoft.Network/networkWatchers/flowLogs` | 2021-03-01 | ## Parameters | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | +| `connectionMonitors` | _[connectionMonitors](connectionMonitors/readme.md)_ array | `[]` | | Optional. Array that contains the Connection Monitors | | `cuaId` | string | | | Optional. Customer Usage Attribution id (GUID). This GUID must be previously registered | +| `flowLogs` | _[flowLogs](flowLogs/readme.md)_ array | `[]` | | Optional. Array that contains the Flow Logs | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | -| `monitors` | array | `[]` | | Optional. Array that contains the monitors | -| `networkWatcherName` | string | | | Required. Name of the Network Watcher resource (hidden) | +| `name` | string | `[format('NetworkWatcher_{0}', parameters('location'))]` | | Required. Name of the Network Watcher resource (hidden) | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | | `tags` | object | `{object}` | | Optional. Tags of the resource. | -| `workspaceResourceId` | string | | | Optional. Specify the Workspace Resource ID | ### Parameter Usage: `monitors` @@ -141,4 +142,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a - [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Networkwatchers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/networkWatchers) -- [Networkwatchers/Connectionmonitors](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/networkWatchers/connectionMonitors) +- [Networkwatchers/Connectionmonitors](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/networkWatchers/connectionMonitors) +- [Networkwatchers/Flowlogs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/networkWatchers/flowLogs) From feb9715c3e6c3961c9a26cbe3a479f4d59717906 Mon Sep 17 00:00:00 2001 From: Marius Date: Mon, 8 Nov 2021 00:48:53 +0100 Subject: [PATCH 11/26] Comment change to readme to trigger ci --- .github/workflows/ms.network.networkwatchers.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ms.network.networkwatchers.yml b/.github/workflows/ms.network.networkwatchers.yml index 631db3d663..2f69497f27 100644 --- a/.github/workflows/ms.network.networkwatchers.yml +++ b/.github/workflows/ms.network.networkwatchers.yml @@ -22,7 +22,7 @@ on: - '.github/actions/templates/**' - '.github/workflows/ms.network.networkwatchers.yml' - 'arm/Microsoft.Network/networkWatchers/**' - - '!arm/Microsoft.Network/networkWatchers/readme.md' + # - '!arm/Microsoft.Network/networkWatchers/readme.md' env: moduleName: 'networkWatchers' From 0d2901329145238fd0098d1901e72c15579de1eb Mon Sep 17 00:00:00 2001 From: Marius Date: Mon, 8 Nov 2021 00:59:13 +0100 Subject: [PATCH 12/26] Added location to flowlogs --- arm/Microsoft.Network/networkWatchers/deploy.bicep | 1 + arm/Microsoft.Network/networkWatchers/flowLogs/deploy.bicep | 4 ++++ arm/Microsoft.Network/networkWatchers/flowLogs/readme.md | 1 + 3 files changed, 6 insertions(+) diff --git a/arm/Microsoft.Network/networkWatchers/deploy.bicep b/arm/Microsoft.Network/networkWatchers/deploy.bicep index 73fd428a42..fab882a931 100644 --- a/arm/Microsoft.Network/networkWatchers/deploy.bicep +++ b/arm/Microsoft.Network/networkWatchers/deploy.bicep @@ -81,6 +81,7 @@ module networkWatcher_flowLogs 'flowLogs/deploy.bicep' = [for (flowLog, index) i params: { enabled: contains(flowLog, 'enabled') ? flowLog.enabled : true formatVersion: contains(flowLog, 'formatVersion') ? flowLog.formatVersion : 2 + location: contains(flowLog, 'location') ? flowLog.location : location name: contains(flowLog, 'name') ? flowLog.name : '${last(split(flowLog.targetResourceId, '/'))}-${split(flowLog.targetResourceId, '/')[4]}-flowlog' networkWatcherName: networkWatcher.name retentionInDays: contains(flowLog, 'retentionInDays') ? flowLog.retentionInDays : 365 diff --git a/arm/Microsoft.Network/networkWatchers/flowLogs/deploy.bicep b/arm/Microsoft.Network/networkWatchers/flowLogs/deploy.bicep index a0b7fa5555..fe6bc3863a 100644 --- a/arm/Microsoft.Network/networkWatchers/flowLogs/deploy.bicep +++ b/arm/Microsoft.Network/networkWatchers/flowLogs/deploy.bicep @@ -7,6 +7,9 @@ param name string = '${last(split(targetResourceId, '/'))}-${split(targetResourc @description('Optional. Tags of the resource.') param tags object = {} +@description('Optional. Location for all resources.') +param location string = resourceGroup().location + @description('Required. Resource ID of the NSG that must be enabled for Flow Logs.') param targetResourceId string @@ -61,6 +64,7 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { resource flowLog 'Microsoft.Network/networkWatchers/flowLogs@2021-03-01' = { name: '${networkWatcherName}/${name}' tags: tags + location: location properties: { targetResourceId: targetResourceId storageId: storageId diff --git a/arm/Microsoft.Network/networkWatchers/flowLogs/readme.md b/arm/Microsoft.Network/networkWatchers/flowLogs/readme.md index 8f40332154..2c437f88f9 100644 --- a/arm/Microsoft.Network/networkWatchers/flowLogs/readme.md +++ b/arm/Microsoft.Network/networkWatchers/flowLogs/readme.md @@ -16,6 +16,7 @@ This module controls the Network Security Group Flow Logs and analytics settings | `cuaId` | string | | | Optional. Customer Usage Attribution id (GUID). This GUID must be previously registered | | `enabled` | bool | `True` | | Optional. If the flow log should be enabled | | `formatVersion` | int | `2` | `[1, 2]` | Optional. The flow log format version | +| `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `name` | string | `[format('{0}-{1}-flowlog', last(split(parameters('targetResourceId'), '/')), split(parameters('targetResourceId'), '/')[4])]` | | Optional. Name of the resource. | | `networkWatcherName` | string | `[format('NetworkWatcher_{0}', resourceGroup().location)]` | | Optional. Name of the network watcher resource. Must be in the resource group where the Flow log will be created and same region as the NSG | | `retentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | From 989ccc811c4c54ac308babfce2527ee74ab5663b Mon Sep 17 00:00:00 2001 From: Marius Date: Mon, 8 Nov 2021 01:07:00 +0100 Subject: [PATCH 13/26] Setting enabled to true --- .../networkWatchers/.parameters/parameters.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json b/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json index f147113026..e0ff47edcc 100644 --- a/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json +++ b/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json @@ -9,14 +9,14 @@ "value": [ { "targetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/networkSecurityGroups/adp-sxx-az-nsg-x-001", - "storageId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" + "storageId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001", + "enabled": false }, { "name": "adp-sxx-az-nsg-x-apgw-flowlog", "targetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/networkSecurityGroups/adp-sxx-az-nsg-x-apgw", "storageId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001", "workspaceResourceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-la-x-001", - "enabled": false, "formatVersion": 1, "trafficAnalyticsInterval": 10, "retentionInDays": 8 From c1daff6e71cd35ca240e0b35c58a78389f697e77 Mon Sep 17 00:00:00 2001 From: Marius Date: Mon, 8 Nov 2021 01:09:39 +0100 Subject: [PATCH 14/26] correcting enablement of flowAnalytics --- arm/Microsoft.Network/networkWatchers/flowLogs/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Network/networkWatchers/flowLogs/deploy.bicep b/arm/Microsoft.Network/networkWatchers/flowLogs/deploy.bicep index fe6bc3863a..a7a121a482 100644 --- a/arm/Microsoft.Network/networkWatchers/flowLogs/deploy.bicep +++ b/arm/Microsoft.Network/networkWatchers/flowLogs/deploy.bicep @@ -44,7 +44,7 @@ param retentionInDays int = 365 @description('Optional. Customer Usage Attribution id (GUID). This GUID must be previously registered') param cuaId string = '' -var flowAnalyticsConfiguration = !empty(workspaceResourceId) ? { +var flowAnalyticsConfiguration = !empty(workspaceResourceId) && enabled == true ? { networkWatcherFlowAnalyticsConfiguration: { enabled: true workspaceResourceId: workspaceResourceId From 370270e53ffef8fd5d51e42fe325fdfd970983b4 Mon Sep 17 00:00:00 2001 From: Marius Date: Mon, 8 Nov 2021 01:16:54 +0100 Subject: [PATCH 15/26] reset workflow file --- .github/workflows/ms.network.networkwatchers.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ms.network.networkwatchers.yml b/.github/workflows/ms.network.networkwatchers.yml index 2f69497f27..a1a3d38e5b 100644 --- a/.github/workflows/ms.network.networkwatchers.yml +++ b/.github/workflows/ms.network.networkwatchers.yml @@ -16,13 +16,13 @@ on: required: false default: '0.0.1' push: - #branches: - # - main + branches: + - main paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.networkwatchers.yml' - 'arm/Microsoft.Network/networkWatchers/**' - # - '!arm/Microsoft.Network/networkWatchers/readme.md' + - '!arm/Microsoft.Network/networkWatchers/readme.md' env: moduleName: 'networkWatchers' From e11cb972c05e3a2eeb03dee0d59b3d0f8428ddba Mon Sep 17 00:00:00 2001 From: Marius Date: Mon, 8 Nov 2021 01:26:24 +0100 Subject: [PATCH 16/26] Test Connection Monitors --- .github/workflows/ms.network.networkwatchers.yml | 6 +++--- .../networkWatchers/.parameters/parameters.json | 12 ++++++++++++ 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ms.network.networkwatchers.yml b/.github/workflows/ms.network.networkwatchers.yml index a1a3d38e5b..2f69497f27 100644 --- a/.github/workflows/ms.network.networkwatchers.yml +++ b/.github/workflows/ms.network.networkwatchers.yml @@ -16,13 +16,13 @@ on: required: false default: '0.0.1' push: - branches: - - main + #branches: + # - main paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.networkwatchers.yml' - 'arm/Microsoft.Network/networkWatchers/**' - - '!arm/Microsoft.Network/networkWatchers/readme.md' + # - '!arm/Microsoft.Network/networkWatchers/readme.md' env: moduleName: 'networkWatchers' diff --git a/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json b/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json index e0ff47edcc..ccaf347a22 100644 --- a/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json +++ b/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json @@ -23,6 +23,18 @@ } ] }, + "connectionMonitors": { + "value": [ + { + "name": "adp-sxx-az-conn-mon-x-001", + "monitoringInterval": 10, + "destinationAddress": "www.bing.com", + "destinationPort": 80, + "sourceResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/networkInterfaces/adp-sxx-az-nic-x-001", + "workspaceResourceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-la-x-001" + } + ] + }, "roleAssignments": { "value": [ { From 0496bb245aaef91770657d9edd3c10313f6676ce Mon Sep 17 00:00:00 2001 From: Marius Date: Mon, 8 Nov 2021 01:39:40 +0100 Subject: [PATCH 17/26] Test again --- .../networkWatchers/.parameters/parameters.json | 2 +- .../networkWatchers/connectionMonitors/deploy.bicep | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json b/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json index ccaf347a22..59c404d278 100644 --- a/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json +++ b/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json @@ -30,7 +30,7 @@ "monitoringInterval": 10, "destinationAddress": "www.bing.com", "destinationPort": 80, - "sourceResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/networkInterfaces/adp-sxx-az-nic-x-001", + "sourceResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Compute/virtualMachines/adp-vm-001", "workspaceResourceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-la-x-001" } ] diff --git a/arm/Microsoft.Network/networkWatchers/connectionMonitors/deploy.bicep b/arm/Microsoft.Network/networkWatchers/connectionMonitors/deploy.bicep index 699649e5bd..1f2e93e4ca 100644 --- a/arm/Microsoft.Network/networkWatchers/connectionMonitors/deploy.bicep +++ b/arm/Microsoft.Network/networkWatchers/connectionMonitors/deploy.bicep @@ -17,7 +17,7 @@ param testGroups array = [] param monitoringInterval int = 30 @description('Optional. Address of the connection monitor destination (IP or domain name).') -param destinationAddress string +param destinationAddress string = '' @description('Optional. The destination port used by connection monitor.') param destinationPort int = 80 @@ -63,9 +63,9 @@ resource connectionMonitor 'Microsoft.Network/networkWatchers/connectionMonitors properties: { autoStart: false destination: { - address: destinationAddress + address: !empty(destinationAddress) ? destinationAddress : null port: destinationPort - resourceId: destinationResourceId + resourceId: !empty(destinationResourceId) ? destinationResourceId : null } monitoringIntervalInSeconds: monitoringInterval notes: notes From be81506789f20882f5ca20bffc09e565ec99fba7 Mon Sep 17 00:00:00 2001 From: Marius Date: Mon, 8 Nov 2021 01:55:01 +0100 Subject: [PATCH 18/26] Need NetworkWatcher extension on VM for networkWatcher/ConnectionMonitor --- .../virtualMachines/parameters/parameters.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/utilities/dependencies/Microsoft.Compute/virtualMachines/parameters/parameters.json b/utilities/dependencies/Microsoft.Compute/virtualMachines/parameters/parameters.json index 595e0c005f..40255bdc39 100644 --- a/utilities/dependencies/Microsoft.Compute/virtualMachines/parameters/parameters.json +++ b/utilities/dependencies/Microsoft.Compute/virtualMachines/parameters/parameters.json @@ -48,6 +48,9 @@ ] } ] + }, + "enableNetworkWatcherWindows": { + "value": true } } } From ab2acbcad4253a9fa00f4cf9617d5c2a02e48a0a Mon Sep 17 00:00:00 2001 From: Marius Date: Mon, 8 Nov 2021 02:18:48 +0100 Subject: [PATCH 19/26] Cleanup for new connection monitor --- .../.parameters/parameters.json | 51 +++++++++++++++++-- .../connectionMonitors/deploy.bicep | 49 ++++-------------- .../connectionMonitors/readme.md | 8 +-- 3 files changed, 58 insertions(+), 50 deletions(-) diff --git a/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json b/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json index 59c404d278..2093fba928 100644 --- a/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json +++ b/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json @@ -27,10 +27,53 @@ "value": [ { "name": "adp-sxx-az-conn-mon-x-001", - "monitoringInterval": 10, - "destinationAddress": "www.bing.com", - "destinationPort": 80, - "sourceResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Compute/virtualMachines/adp-vm-001", + "endpoints": [ + { + "name": "sxx-az-subnet-x-001(validation-rg)", + "type": "AzureSubnet", + "resourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-sxx-az-nw-x-001/subnets/sxx-az-subnet-x-001" + }, + { + "name": "Office Portal", + "type": "ExternalAddress", + "address": "www.office.com" + } + ], + "testConfigurations": [ + { + "name": "HTTP Test", + "testFrequencySec": 30, + "protocol": "Http", + "httpConfiguration": { + "port": 80, + "method": "Get", + "requestHeaders": [], + "validStatusCodeRanges": [ + "200" + ], + "preferHTTPS": false + }, + "successThreshold": { + "checksFailedPercent": 5, + "roundTripTimeMs": 100 + } + } + ], + "testGroups": [ + { + "name": "TestHTTPBing", + "disable": false, + "testConfigurations": [ + "HTTP Test" + ], + "sources": [ + "sxx-az-subnet-x-001(validation-rg)" + ], + "destinations": [ + "Office Portal" + ] + } + ], "workspaceResourceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-la-x-001" } ] diff --git a/arm/Microsoft.Network/networkWatchers/connectionMonitors/deploy.bicep b/arm/Microsoft.Network/networkWatchers/connectionMonitors/deploy.bicep index 1f2e93e4ca..6132a4293c 100644 --- a/arm/Microsoft.Network/networkWatchers/connectionMonitors/deploy.bicep +++ b/arm/Microsoft.Network/networkWatchers/connectionMonitors/deploy.bicep @@ -4,6 +4,12 @@ param networkWatcherName string = 'NetworkWatcher_${resourceGroup().location}' @description('Optional. Name of the resource.') param name string +@description('Optional. Tags of the resource.') +param tags object = {} + +@description('Optional. Location for all resources.') +param location string = resourceGroup().location + @description('Optional. List of connection monitor endpoints.') param endpoints array = [] @@ -13,30 +19,6 @@ param testConfigurations array = [] @description('Optional. List of connection monitor test groups.') param testGroups array = [] -@description('Optional. Monitoring interval in seconds.') -param monitoringInterval int = 30 - -@description('Optional. Address of the connection monitor destination (IP or domain name).') -param destinationAddress string = '' - -@description('Optional. The destination port used by connection monitor.') -param destinationPort int = 80 - -@description('Optional. The ID of the resource used as the destination by connection monitor.') -param destinationResourceId string = '' - -@description('Required. The ID of the resource used as the source by connection monitor.') -param sourceResourceId string - -@description('Optional. The source port used by connection monitor.') -param sourcePort int = 80 - -@description('Optional. The ID of the resource used as the source by connection monitor.') -param notes string = '' - -@description('Optional. Tags of the resource.') -param tags object = {} - @description('Optional. Specify the Log Analytics Workspace Resource ID') param workspaceResourceId string = '' @@ -60,22 +42,11 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { resource connectionMonitor 'Microsoft.Network/networkWatchers/connectionMonitors@2021-03-01' = { name: '${networkWatcherName}/${name}' tags: tags + location: location properties: { - autoStart: false - destination: { - address: !empty(destinationAddress) ? destinationAddress : null - port: destinationPort - resourceId: !empty(destinationResourceId) ? destinationResourceId : null - } - monitoringIntervalInSeconds: monitoringInterval - notes: notes - source: { - resourceId: sourceResourceId - port: sourcePort - } - endpoints: !empty(endpoints) ? endpoints : null - testConfigurations: !empty(testConfigurations) ? testConfigurations : null - testGroups: !empty(testGroups) ? testGroups : null + endpoints: endpoints + testConfigurations: testConfigurations + testGroups: testGroups outputs: outputs } } diff --git a/arm/Microsoft.Network/networkWatchers/connectionMonitors/readme.md b/arm/Microsoft.Network/networkWatchers/connectionMonitors/readme.md index 4f1501cdc9..6c78d6b876 100644 --- a/arm/Microsoft.Network/networkWatchers/connectionMonitors/readme.md +++ b/arm/Microsoft.Network/networkWatchers/connectionMonitors/readme.md @@ -13,16 +13,10 @@ | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution id (GUID). This GUID must be previously registered | -| `destinationAddress` | string | | | Optional. Address of the connection monitor destination (IP or domain name). | -| `destinationPort` | int | `80` | | Optional. The destination port used by connection monitor. | -| `destinationResourceId` | string | | | Optional. The ID of the resource used as the destination by connection monitor. | | `endpoints` | array | `[]` | | Optional. List of connection monitor endpoints. | -| `monitoringInterval` | int | `30` | | Optional. Monitoring interval in seconds. | +| `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `name` | string | | | Optional. Name of the resource. | | `networkWatcherName` | string | `[format('NetworkWatcher_{0}', resourceGroup().location)]` | | Optional. Name of the network watcher resource. Must be in the resource group where the Flow log will be created and same region as the NSG | -| `notes` | string | | | Optional. The ID of the resource used as the source by connection monitor. | -| `sourcePort` | int | `80` | | Optional. The source port used by connection monitor. | -| `sourceResourceId` | string | | | Required. The ID of the resource used as the source by connection monitor. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `testConfigurations` | array | `[]` | | Optional. List of connection monitor test configurations. | | `testGroups` | array | `[]` | | Optional. List of connection monitor test groups. | From d0ed83cdad4360f166c61b56e447dc3be3b441a2 Mon Sep 17 00:00:00 2001 From: Marius Date: Mon, 8 Nov 2021 02:19:48 +0100 Subject: [PATCH 20/26] Fix mapping from nw deploy file --- arm/Microsoft.Network/networkWatchers/deploy.bicep | 7 ------- 1 file changed, 7 deletions(-) diff --git a/arm/Microsoft.Network/networkWatchers/deploy.bicep b/arm/Microsoft.Network/networkWatchers/deploy.bicep index fab882a931..6f69d05a81 100644 --- a/arm/Microsoft.Network/networkWatchers/deploy.bicep +++ b/arm/Microsoft.Network/networkWatchers/deploy.bicep @@ -60,16 +60,9 @@ module networkWatcher_rbac '.bicep/nested_rbac.bicep' = [for (roleAssignment, in module networkWatcher_connectionMonitors 'connectionMonitors/deploy.bicep' = [for connectionMonitor in connectionMonitors: { name: connectionMonitor.name params: { - destinationAddress: connectionMonitor.destinationAddress - destinationPort: contains(connectionMonitor, 'destinationPort') ? connectionMonitor.destinationPort : 80 - destinationResourceId: contains(connectionMonitor, 'destinationResourceId') ? connectionMonitor.destinationResourceId : '' endpoints: contains(connectionMonitor, 'endpoints') ? connectionMonitor.endpoints : [] - monitoringInterval: contains(connectionMonitor, 'monitoringInterval') ? connectionMonitor.monitoringInterval : 30 name: connectionMonitor.name networkWatcherName: networkWatcher.name - notes: contains(connectionMonitor, 'notes') ? connectionMonitor.notes : '' - sourcePort: contains(connectionMonitor, 'sourcePort') ? connectionMonitor.sourcePort : 80 - sourceResourceId: connectionMonitor.sourceResourceId testConfigurations: contains(connectionMonitor, 'testConfigurations') ? connectionMonitor.testConfigurations : [] testGroups: contains(connectionMonitor, 'testGroups') ? connectionMonitor.testGroups : [] workspaceResourceId: contains(connectionMonitor, 'workspaceResourceId') ? connectionMonitor.workspaceResourceId : '' From d213069f81dd62182087590031928860f63c967a Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Mon, 8 Nov 2021 13:27:15 +0100 Subject: [PATCH 21/26] Test Deployment --- .../networkWatchers/.parameters/parameters.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json b/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json index 2093fba928..48e430b7a4 100644 --- a/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json +++ b/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json @@ -31,7 +31,7 @@ { "name": "sxx-az-subnet-x-001(validation-rg)", "type": "AzureSubnet", - "resourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-sxx-az-nw-x-001/subnets/sxx-az-subnet-x-001" + "resourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Compute/virtualMachines/adp-vm-001" }, { "name": "Office Portal", From 637405fb838d94480aa67e01c4b85b29fc967864 Mon Sep 17 00:00:00 2001 From: Marius Date: Mon, 8 Nov 2021 13:51:44 +0100 Subject: [PATCH 22/26] Test with AzureVM as endpoint type --- .../networkWatchers/.parameters/parameters.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json b/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json index 48e430b7a4..6c18a6c0a5 100644 --- a/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json +++ b/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json @@ -30,7 +30,7 @@ "endpoints": [ { "name": "sxx-az-subnet-x-001(validation-rg)", - "type": "AzureSubnet", + "type": "AzureVM", "resourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Compute/virtualMachines/adp-vm-001" }, { From 2af086bd700db0033872c87d97b61c8b2b9dfb05 Mon Sep 17 00:00:00 2001 From: Marius Date: Mon, 8 Nov 2021 14:01:06 +0100 Subject: [PATCH 23/26] Uncomment branch and path condition on trigger(on) --- .github/workflows/ms.network.networkwatchers.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ms.network.networkwatchers.yml b/.github/workflows/ms.network.networkwatchers.yml index 2f69497f27..a1a3d38e5b 100644 --- a/.github/workflows/ms.network.networkwatchers.yml +++ b/.github/workflows/ms.network.networkwatchers.yml @@ -16,13 +16,13 @@ on: required: false default: '0.0.1' push: - #branches: - # - main + branches: + - main paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.networkwatchers.yml' - 'arm/Microsoft.Network/networkWatchers/**' - # - '!arm/Microsoft.Network/networkWatchers/readme.md' + - '!arm/Microsoft.Network/networkWatchers/readme.md' env: moduleName: 'networkWatchers' From 3d887c027df7daf564d53f3f8147b8858b3d1fef Mon Sep 17 00:00:00 2001 From: Simone Bertaccini Date: Mon, 8 Nov 2021 15:05:03 +0100 Subject: [PATCH 24/26] Remove blank --- arm/Microsoft.Network/networkWatchers/flowLogs/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Network/networkWatchers/flowLogs/readme.md b/arm/Microsoft.Network/networkWatchers/flowLogs/readme.md index 2c437f88f9..f0ad10647f 100644 --- a/arm/Microsoft.Network/networkWatchers/flowLogs/readme.md +++ b/arm/Microsoft.Network/networkWatchers/flowLogs/readme.md @@ -1,4 +1,4 @@ -# NSG Flow Logs `[Microsoft.Network/networkWatchers/flowLogs]` +# NSG Flow Logs `[Microsoft.Network/networkWatchers/flowLogs]` This module controls the Network Security Group Flow Logs and analytics settings **Note: this module must be run on the Resource Group where Network Watcher is deployed** From b43237d08bbb935d46e0d1ea75e42417f6365699 Mon Sep 17 00:00:00 2001 From: Marius Date: Mon, 8 Nov 2021 15:05:31 +0100 Subject: [PATCH 25/26] Removed leftover TODOs --- .../networkWatchers/connectionMonitors/readme.md | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/arm/Microsoft.Network/networkWatchers/connectionMonitors/readme.md b/arm/Microsoft.Network/networkWatchers/connectionMonitors/readme.md index 6c78d6b876..a8a1f03dfb 100644 --- a/arm/Microsoft.Network/networkWatchers/connectionMonitors/readme.md +++ b/arm/Microsoft.Network/networkWatchers/connectionMonitors/readme.md @@ -1,6 +1,6 @@ -# NetworkNetworkwatchersConnectionmonitors `[Microsoft.Network/networkWatchers/connectionMonitors]` +# Network Watchers Connection Monitors `[Microsoft.Network/networkWatchers/connectionMonitors]` -// TODO: Replace Resource and fill in description +This template deploys Connection Monitors. ## Resource Types @@ -22,10 +22,6 @@ | `testGroups` | array | `[]` | | Optional. List of connection monitor test groups. | | `workspaceResourceId` | string | | | Optional. Specify the Log Analytics Workspace Resource ID | -### Parameter Usage: `` - -// TODO: Fill in Parameter usage - ## Outputs | Output Name | Type | Description | From 295901ab8dad87e0d906ac7be00deb03e66a780a Mon Sep 17 00:00:00 2001 From: Marius Date: Mon, 8 Nov 2021 15:07:25 +0100 Subject: [PATCH 26/26] removed space --- .../networkWatchers/connectionMonitors/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Network/networkWatchers/connectionMonitors/readme.md b/arm/Microsoft.Network/networkWatchers/connectionMonitors/readme.md index a8a1f03dfb..ecf4254c05 100644 --- a/arm/Microsoft.Network/networkWatchers/connectionMonitors/readme.md +++ b/arm/Microsoft.Network/networkWatchers/connectionMonitors/readme.md @@ -19,7 +19,7 @@ This template deploys Connection Monitors. | `networkWatcherName` | string | `[format('NetworkWatcher_{0}', resourceGroup().location)]` | | Optional. Name of the network watcher resource. Must be in the resource group where the Flow log will be created and same region as the NSG | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `testConfigurations` | array | `[]` | | Optional. List of connection monitor test configurations. | -| `testGroups` | array | `[]` | | Optional. List of connection monitor test groups. | +| `testGroups` | array | `[]` | | Optional. List of connection monitor test groups. | | `workspaceResourceId` | string | | | Optional. Specify the Log Analytics Workspace Resource ID | ## Outputs