From 0c33cf6c6dd83de1b127aae7f306ce865a6a5eae Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 2 Dec 2021 12:21:05 +0100 Subject: [PATCH 01/15] Update to latest --- .../.parameters/parameters.json | 32 ++---- .../.parameters/vnetPeering.parameters.json | 32 ++---- .../virtualNetworks/deploy.bicep | 46 +++++--- .../virtualNetworks/readme.md | 63 ++--------- .../subnets/.bicep/nested_cuaId.bicep | 1 + .../virtualNetworks/subnets/deploy.bicep | 107 ++++++++++++++++++ .../virtualNetworks/subnets/readme.md | 66 +++++++++++ 7 files changed, 230 insertions(+), 117 deletions(-) create mode 100644 arm/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_cuaId.bicep create mode 100644 arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep create mode 100644 arm/Microsoft.Network/virtualNetworks/subnets/readme.md diff --git a/arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json b/arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json index 2ce331a6ff..b5b797c028 100644 --- a/arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json +++ b/arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json @@ -22,18 +22,10 @@ "networkSecurityGroupName": "", "routeTableName": "", "serviceEndpoints": [ - { - "service": "Microsoft.EventHub" - }, - { - "service": "Microsoft.Sql" - }, - { - "service": "Microsoft.Storage" - }, - { - "service": "Microsoft.KeyVault" - } + "Microsoft.EventHub", + "Microsoft.Sql", + "Microsoft.Storage", + "Microsoft.KeyVault" ], "delegations": [] }, @@ -43,18 +35,10 @@ "networkSecurityGroupName": "", "routeTableName": "", "serviceEndpoints": [ - { - "service": "Microsoft.EventHub" - }, - { - "service": "Microsoft.Sql" - }, - { - "service": "Microsoft.Storage" - }, - { - "service": "Microsoft.KeyVault" - } + "Microsoft.EventHub", + "Microsoft.Sql", + "Microsoft.Storage", + "Microsoft.KeyVault" ], "delegations": [] }, diff --git a/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json b/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json index 904184b7cf..fbb2b6e0a8 100644 --- a/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json +++ b/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json @@ -22,18 +22,10 @@ "networkSecurityGroupName": "", "routeTableName": "", "serviceEndpoints": [ - { - "service": "Microsoft.EventHub" - }, - { - "service": "Microsoft.Sql" - }, - { - "service": "Microsoft.Storage" - }, - { - "service": "Microsoft.KeyVault" - } + "Microsoft.EventHub", + "Microsoft.Sql", + "Microsoft.Storage", + "Microsoft.KeyVault" ], "delegations": [] }, @@ -43,18 +35,10 @@ "networkSecurityGroupName": "", "routeTableName": "", "serviceEndpoints": [ - { - "service": "Microsoft.EventHub" - }, - { - "service": "Microsoft.Sql" - }, - { - "service": "Microsoft.Storage" - }, - { - "service": "Microsoft.KeyVault" - } + "Microsoft.EventHub", + "Microsoft.Sql", + "Microsoft.Storage", + "Microsoft.KeyVault" ], "delegations": [] }, diff --git a/arm/Microsoft.Network/virtualNetworks/deploy.bicep b/arm/Microsoft.Network/virtualNetworks/deploy.bicep index 45bc866028..9439dd173f 100644 --- a/arm/Microsoft.Network/virtualNetworks/deploy.bicep +++ b/arm/Microsoft.Network/virtualNetworks/deploy.bicep @@ -101,7 +101,7 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-05-01' = { +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-03-01' = { name: name location: location tags: tags @@ -112,18 +112,18 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-05-01' = { ddosProtectionPlan: !empty(ddosProtectionPlanId) ? ddosProtectionPlan : null dhcpOptions: !empty(dnsServers) ? dnsServers_var : null enableDdosProtection: !empty(ddosProtectionPlanId) - subnets: [for item in subnets: { - name: item.name - properties: { - addressPrefix: item.addressPrefix - networkSecurityGroup: contains(item, 'networkSecurityGroupName') ? (empty(item.networkSecurityGroupName) ? null : json('{"id": "${resourceId('Microsoft.Network/networkSecurityGroups', item.networkSecurityGroupName)}"}')) : null - routeTable: contains(item, 'routeTableName') ? (empty(item.routeTableName) ? null : json('{"id": "${resourceId('Microsoft.Network/routeTables', item.routeTableName)}"}')) : null - serviceEndpoints: contains(item, 'serviceEndpoints') ? (empty(item.serviceEndpoints) ? null : item.serviceEndpoints) : null - delegations: contains(item, 'delegations') ? (empty(item.delegations) ? null : item.delegations) : null - natGateway: contains(item, 'natGatewayName') ? (empty(item.natGatewayName) ? null : json('{"id": "${resourceId('Microsoft.Network/natGateways', item.natGatewayName)}"}')) : null - privateEndpointNetworkPolicies: contains(item, 'privateEndpointNetworkPolicies') ? (empty(item.privateEndpointNetworkPolicies) ? null : item.privateEndpointNetworkPolicies) : null - privateLinkServiceNetworkPolicies: contains(item, 'privateLinkServiceNetworkPolicies') ? (empty(item.privateLinkServiceNetworkPolicies) ? null : item.privateLinkServiceNetworkPolicies) : null - } + subnets: [for subnet in subnets: { + name: subnet.name + properties: contains(subnet, 'addressPrefix') ? { + addressPrefix: subnet.addressPrefix + } : {} + // networkSecurityGroup: contains(item, 'networkSecurityGroupName') ? (empty(item.networkSecurityGroupName) ? null : json('{"id": "${resourceId('Microsoft.Network/networkSecurityGroups', item.networkSecurityGroupName)}"}')) : null + // routeTable: contains(item, 'routeTableName') ? (empty(item.routeTableName) ? null : json('{"id": "${resourceId('Microsoft.Network/routeTables', item.routeTableName)}"}')) : null + // serviceEndpoints: contains(item, 'serviceEndpoints') ? (empty(item.serviceEndpoints) ? null : item.serviceEndpoints) : null + // delegations: contains(item, 'delegations') ? (empty(item.delegations) ? null : item.delegations) : null + // natGateway: contains(item, 'natGatewayName') ? (empty(item.natGatewayName) ? null : json('{"id": "${resourceId('Microsoft.Network/natGateways', item.natGatewayName)}"}')) : null + // privateEndpointNetworkPolicies: contains(item, 'privateEndpointNetworkPolicies') ? (empty(item.privateEndpointNetworkPolicies) ? null : item.privateEndpointNetworkPolicies) : null + // privateLinkServiceNetworkPolicies: contains(item, 'privateLinkServiceNetworkPolicies') ? (empty(item.privateLinkServiceNetworkPolicies) ? null : item.privateLinkServiceNetworkPolicies) : null }] } } @@ -142,6 +142,26 @@ module virtualNetworkPeerings_resource 'virtualNetworkPeerings/deploy.bicep' = [ } }] +module virtualNetwork_subnets 'subnets/deploy.bicep' = [for (subnet, index) in subnets: { + name: '${uniqueString(deployment().name, location)}-subnet-${index}' + params: { + virtualNetworkName: virtualNetwork.name + name: subnet.name + addressPrefix: contains(subnet, 'addressPrefix') ? subnet.addressPrefix : '' + addressPrefixes: contains(subnet, 'addressPrefixes') ? subnet.addressPrefixes : [] + applicationGatewayIpConfigurations: contains(subnet, 'applicationGatewayIpConfigurations') ? subnet.applicationGatewayIpConfigurations : [] + delegations: contains(subnet, 'delegations') ? subnet.delegations : [] + ipAllocations: contains(subnet, 'ipAllocations') ? subnet.ipAllocations : [] + natGatewayName: contains(subnet, 'natGatewayName') ? subnet.natGatewayName : '' + networkSecurityGroupName: contains(subnet, 'networkSecurityGroupName') ? subnet.networkSecurityGroupName : '' + privateEndpointNetworkPolicies: contains(subnet, 'privateEndpointNetworkPolicies') ? subnet.privateEndpointNetworkPolicies : '' + privateLinkServiceNetworkPolicies: contains(subnet, 'privateLinkServiceNetworkPolicies') ? subnet.privateLinkServiceNetworkPolicies : '' + routeTableName: contains(subnet, 'routeTableName') ? subnet.routeTableName : '' + serviceEndpointPolicies: contains(subnet, 'serviceEndpointPolicies') ? subnet.serviceEndpointPolicies : [] + serviceEndpoints: contains(subnet, 'serviceEndpoints') ? subnet.serviceEndpoints : [] + } +}] + resource virtualNetwork_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { name: '${virtualNetwork.name}-${lock}-lock' properties: { diff --git a/arm/Microsoft.Network/virtualNetworks/readme.md b/arm/Microsoft.Network/virtualNetworks/readme.md index 7c5811cb68..3985dd36e6 100644 --- a/arm/Microsoft.Network/virtualNetworks/readme.md +++ b/arm/Microsoft.Network/virtualNetworks/readme.md @@ -9,7 +9,8 @@ This template deploys a virtual network (vNet). | `Microsoft.Authorization/locks` | 2016-09-01 | | `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2017-05-01-preview | -| `Microsoft.Network/virtualNetworks` | 2021-05-01 | +| `Microsoft.Network/virtualNetworks` | 2021-03-01 | +| `Microsoft.Network/virtualNetworks/subnets` | 2021-03-01 | | `Microsoft.Network/virtualNetworks/virtualNetworkPeerings` | 2021-02-01 | ## Parameters @@ -30,7 +31,7 @@ This template deploys a virtual network (vNet). | `metricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | Optional. The name of metrics that will be streamed. | | `name` | string | | | Required. The Virtual Network (vNet) Name. | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | -| `subnets` | array | | | Required. An Array of subnets to deploy to the Virual Network. | +| `subnets` | _[subnets](subnets/readme.md)_ array | | | Required. An Array of subnets to deploy to the Virual Network. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `virtualNetworkPeerings` | _[virtualNetworkPeerings](virtualNetworkPeerings/readme.md)_ array | `[]` | | Optional. Virtual Network Peerings configurations | | `workspaceId` | string | | | Optional. Resource ID of log analytics. | @@ -49,55 +50,6 @@ Here's an example of specifying a single Address Prefix: } ``` -### Parameter Usage: `subnets` - -The `subnets` parameter accepts a JSON Array of `subnet` objects to deploy to the Virtual Network. - -Here's an example of specifying a couple Subnets to deploy: - -```json -"subnets": { - "value": [ - { - "name": "GatewaySubnet", - "addressPrefix": "10.0.255.0/24", - "networkSecurityGroupName": "nsgName1", - "routeTableName": "UdrName1", - "delegations": [], - "natGateway": "", // Name of the NAT Gateway to use for the subnet. - "serviceEndpoints": [ - { - "service": "Microsoft.EventHub" - }, - { - "service": "Microsoft.Sql" - }, - { - "service": "Microsoft.Storage" - }, - { - "service": "Microsoft.KeyVault" - } - ] - }, - { - "name": "examplePrivateEndpointSubnet", - "addressPrefix": "10.0.200.0/24", - "networkSecurityGroupName": "nsgName2", - "routeTableName": "UdrName2", - "delegations": [], - "natGateway": "", // Name of the NAT Gateway to use for the subnet. - "serviceEndpoints": [], - "privateEndpointNetworkPolicies": "Disabled" // This property must be set to disabled for subnets that contain private endpoints. Default Value when not specified is "Enabled". - }, - { - "name": "data", - "addressPrefix": "10.1.1.0/24" - } - ] -} -``` - ### Parameter Usage: `roleAssignments` ```json @@ -139,16 +91,14 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Considerations -When defining the Subnets to deploy using the `subnets` parameter, the JSON format to pass it must match the Subnet object that is normally passed in to the `subnets` property of a `virtualNetwork` within an ARM Template. - The network security group and route table resources must reside in the same resource group as the virtual network. ## Outputs | Output Name | Type | Description | | :-- | :-- | :-- | -| `subnetNames` | array | The names of the deployed subnets | -| `subnetResourceIds` | array | The resource IDs of the deployed subnets | +| `subnetNames` | array | | +| `subnetResourceIds` | array | | | `virtualNetworkName` | string | The name of the virtual network | | `virtualNetworkResourceGroup` | string | The resource group the virtual network was deployed into | | `virtualNetworkResourceId` | string | The resource ID of the virtual network | @@ -158,5 +108,6 @@ The network security group and route table resources must reside in the same res - [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2017-05-01-preview/diagnosticSettings) -- [Virtualnetworks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/virtualNetworks) +- [Virtualnetworks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/virtualNetworks) +- [Virtualnetworks/Subnets](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/virtualNetworks/subnets) - [Virtualnetworks/Virtualnetworkpeerings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/virtualNetworks/virtualNetworkPeerings) diff --git a/arm/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_cuaId.bicep b/arm/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_cuaId.bicep new file mode 100644 index 0000000000..8b13789179 --- /dev/null +++ b/arm/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_cuaId.bicep @@ -0,0 +1 @@ + diff --git a/arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep b/arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep new file mode 100644 index 0000000000..65423fb068 --- /dev/null +++ b/arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep @@ -0,0 +1,107 @@ +@description('Optional. The Name of the subnet resource.') +param name string + +@description('Required. The name of the parent virtual network') +param virtualNetworkName string + +@description('Optional. The address prefix for the subnet.') +param addressPrefix string = '' + +@description('Optional. The network security group to assign to the subnet') +param networkSecurityGroupName string = '' + +@description('Optional. The route table to assign to the subnet') +param routeTableName string = '' + +@description('Optional. The service endpoints to enable on the subnet') +param serviceEndpoints array = [] + +@description('Optional. The delegations to enable on the subnet') +param delegations array = [] + +@description('Optional. The name of the NAT Gateway to use for the subnet') +param natGatewayName string = '' + +@description('Optional. enable or disable apply network policies on private end point in the subnet.') +@allowed([ + 'Disabled' + 'Enabled' + '' +]) +param privateEndpointNetworkPolicies string = '' + +@description('Optional. enable or disable apply network policies on private link service in the subnet.') +@allowed([ + 'Disabled' + 'Enabled' + '' +]) +param privateLinkServiceNetworkPolicies string = '' + +@description('Optional. List of address prefixes for the subnet.') +param addressPrefixes array = [] + +@description('Optional. Application gateway IP configurations of virtual network resource.') +param applicationGatewayIpConfigurations array = [] + +@description('Optional. Array of IpAllocation which reference this subnet') +param ipAllocations array = [] + +@description('Optional. An array of service endpoint policies.') +param serviceEndpointPolicies array = [] + +var formattedServiceEndpoints = [for serviceEndpoint in serviceEndpoints: { + service: serviceEndpoint +}] + +@description('Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered') +param cuaId string = '' + +module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { + name: 'pid-${cuaId}' + params: {} +} + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-03-01' existing = { + name: virtualNetworkName +} + +resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2021-03-01' existing = if (!empty(networkSecurityGroupName)) { + name: networkSecurityGroupName +} + +resource routeTable 'Microsoft.Network/routeTables@2021-03-01' existing = if (!empty(routeTableName)) { + name: routeTableName +} + +resource natGateway 'Microsoft.Network/natGateways@2021-03-01' existing = if (!empty(natGatewayName)) { + name: natGatewayName +} + +resource subnet 'Microsoft.Network/virtualNetworks/subnets@2021-03-01' = { + name: name + parent: virtualNetwork + properties: { + addressPrefix: addressPrefix + networkSecurityGroup: networkSecurityGroup + routeTable: routeTable + serviceEndpoints: !empty(formattedServiceEndpoints) ? formattedServiceEndpoints : [] + delegations: delegations + natGateway: natGateway + privateEndpointNetworkPolicies: !empty(privateEndpointNetworkPolicies) ? any(privateEndpointNetworkPolicies) : null + privateLinkServiceNetworkPolicies: !empty(privateLinkServiceNetworkPolicies) ? any(privateLinkServiceNetworkPolicies) : null + addressPrefixes: addressPrefixes + applicationGatewayIpConfigurations: applicationGatewayIpConfigurations + ipAllocations: ipAllocations + serviceEndpointPolicies: serviceEndpointPolicies + } +} + +@description('The resource group the virtual network peering was deployed into') +output subnetResourceGroup string = resourceGroup().name + +@description('The name of the virtual network peering') +output subnetName string = subnet.name + +@description('The resource ID of the virtual network peering') +output subnetResourceId string = subnet.id diff --git a/arm/Microsoft.Network/virtualNetworks/subnets/readme.md b/arm/Microsoft.Network/virtualNetworks/subnets/readme.md new file mode 100644 index 0000000000..f1c5d79be7 --- /dev/null +++ b/arm/Microsoft.Network/virtualNetworks/subnets/readme.md @@ -0,0 +1,66 @@ +# Virtual Network Subnets `[Microsoft.Network/virtualNetworks/subnets]` + +This module deploys a virtual network subnet. + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Network/virtualNetworks/subnets` | 2021-03-01 | + +## Parameters + +| Parameter Name | Type | Default Value | Possible Values | Description | +| :-- | :-- | :-- | :-- | :-- | +| `addressPrefix` | string | | | Optional. The address prefix for the subnet. | +| `addressPrefixes` | array | `[]` | | Optional. List of address prefixes for the subnet. | +| `applicationGatewayIpConfigurations` | array | `[]` | | Optional. Application gateway IP configurations of virtual network resource. | +| `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `delegations` | array | `[]` | | Optional. The delegations to enable on the subnet | +| `ipAllocations` | array | `[]` | | Optional. Array of IpAllocation which reference this subnet | +| `name` | string | | | Optional. The Name of the subnet resource. | +| `natGatewayName` | string | | | Optional. The name of the NAT Gateway to use for the subnet | +| `networkSecurityGroupName` | string | | | Optional. The network security group to assign to the subnet | +| `privateEndpointNetworkPolicies` | string | | `[Disabled, Enabled, ]` | Optional. enable or disable apply network policies on private end point in the subnet. | +| `privateLinkServiceNetworkPolicies` | string | | `[Disabled, Enabled, ]` | Optional. enable or disable apply network policies on private link service in the subnet. | +| `routeTableName` | string | | | Optional. The route table to assign to the subnet | +| `serviceEndpointPolicies` | array | `[]` | | Optional. An array of service endpoint policies. | +| `serviceEndpoints` | array | `[]` | | Optional. The service endpoints to enable on the subnet | +| `virtualNetworkName` | string | | | Required. The name of the parent virtual network | + +### Parameter Usage: `delegations` + +```json +"delegations": [ + { + "name": "sqlMiDel", + "properties": { + "serviceName": "Microsoft.Sql/managedInstances" + } + } +] +``` + +### Parameter Usage: `serviceEndpoints` + +```json +"serviceEndpoints": [ + "Microsoft.EventHub", + "Microsoft.Sql", + "Microsoft.Storage", + "Microsoft.KeyVault" +] +``` + + +## Outputs + +| Output Name | Type | Description | +| :-- | :-- | :-- | +| `subnetName` | string | The name of the virtual network peering | +| `subnetResourceGroup` | string | The resource group the virtual network peering was deployed into | +| `subnetResourceId` | string | The resource ID of the virtual network peering | + +## Template references + +- [Virtualnetworks/Subnets](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/virtualNetworks/subnets) From 3197191ab0888249c95ebfb9365377021dd8f1b1 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 2 Dec 2021 13:22:12 +0100 Subject: [PATCH 02/15] Update to latest --- .github/workflows/platform.dependencies.yml | 29 +++++++- .../.parameters/parameters.json | 66 ++----------------- .../.parameters/vnetPeering.parameters.json | 32 ++------- .../virtualNetworks/deploy.bicep | 14 ++-- .../virtualNetworks/subnets/deploy.bicep | 12 ++-- .../virtualNetworks/subnets/readme.md | 2 +- .../routeTables/parameters/parameters.json | 2 +- .../parameters/sqlMi.parameters.json | 9 +++ 8 files changed, 61 insertions(+), 105 deletions(-) create mode 100644 utilities/pipelines/dependencies/Microsoft.Network/routeTables/parameters/sqlMi.parameters.json diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index 837aaf1322..149137cd99 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -313,6 +313,33 @@ jobs: managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' removeDeployment: '${{ env.removeDeployment }}' + job_deploy_udr: + runs-on: ubuntu-20.04 + name: 'Deploy sqlmi route tables' + env: + namespace: 'Microsoft.Network\routeTables' + needs: + - job_deploy_rg + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/deployModule + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + job_deploy_sqlmi_udr: runs-on: ubuntu-20.04 name: 'Deploy sqlmi route tables' @@ -324,7 +351,7 @@ jobs: strategy: fail-fast: false matrix: - parameterFilePaths: ['parameters.json'] + parameterFilePaths: ['sqlMi.parameters.json'] steps: - name: 'Checkout' uses: actions/checkout@v2 diff --git a/arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json b/arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json index b5b797c028..f9ac8af539 100644 --- a/arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json +++ b/arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json @@ -19,50 +19,18 @@ { "name": "sxx-az-subnet-x-001", "addressPrefix": "10.0.0.0/24", - "networkSecurityGroupName": "", - "routeTableName": "", + "networkSecurityGroupName": "adp-sxx-az-nsg-x-001", "serviceEndpoints": [ "Microsoft.EventHub", "Microsoft.Sql", "Microsoft.Storage", "Microsoft.KeyVault" ], - "delegations": [] + "routeTableName": "adp-sxx-az-udr-x-001" }, { "name": "sxx-az-subnet-x-002", - "addressPrefix": "10.0.1.0/24", - "networkSecurityGroupName": "", - "routeTableName": "", - "serviceEndpoints": [ - "Microsoft.EventHub", - "Microsoft.Sql", - "Microsoft.Storage", - "Microsoft.KeyVault" - ], - "delegations": [] - }, - { - "name": "sxx-az-subnet-x-003", - "addressPrefix": "10.0.2.0/24", - "networkSecurityGroupName": "", - "routeTableName": "", - "serviceEndpoints": [], - "delegations": [ - { - "name": "sqlMiDel", - "properties": { - "serviceName": "Microsoft.Sql/managedInstances" - } - } - ] - }, - { - "name": "sxx-az-subnet-x-004", "addressPrefix": "10.0.3.0/24", - "networkSecurityGroupName": "", - "routeTableName": "", - "serviceEndpoints": [], "delegations": [ { "name": "netappDel", @@ -73,28 +41,8 @@ ] }, { - "name": "AzureFirewallSubnet", - "addressPrefix": "10.0.4.0/24", - "networkSecurityGroupName": "", - "routeTableName": "", - "serviceEndpoints": [], - "delegations": [] - }, - { - "name": "AzureBastionSubnet", - "addressPrefix": "10.0.5.0/24", - "networkSecurityGroupName": "", - "routeTableName": "", - "serviceEndpoints": [], - "delegations": [] - }, - { - "name": "sxx-az-subnet-x-005", + "name": "sxx-az-subnet-x-003", "addressPrefix": "10.0.6.0/24", - "networkSecurityGroupName": "", - "routeTableName": "", - "serviceEndpoints": [], - "delegations": [], "privateEndpointNetworkPolicies": "Disabled", // This property must be set to disabled for subnets that contain private endpoints. It confirms that NSGs rules will not apply to private endpoints (currently not supported). Default Value when not specified is "Enabled". "privateLinkServiceNetworkPolicies": "Enabled" } @@ -105,7 +53,7 @@ { "roleDefinitionIdOrName": "Reader", "principalIds": [ - "<>" + "e58511af-4da2-449c-a5cd-6a10271cfb83" ] } ] @@ -114,13 +62,13 @@ "value": 7 }, "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" + "value": "/subscriptions/a7439831-1cd9-435d-a091-4aa863c96556/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, "workspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" + "value": "/subscriptions/a7439831-1cd9-435d-a091-4aa863c96556/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, "eventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" + "value": "/subscriptions/a7439831-1cd9-435d-a091-4aa863c96556/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, "eventHubName": { "value": "adp-sxx-az-evh-x-001" diff --git a/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json b/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json index fbb2b6e0a8..3a74c50221 100644 --- a/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json +++ b/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json @@ -19,35 +19,26 @@ { "name": "sxx-az-subnet-x-001", "addressPrefix": "10.0.0.0/24", - "networkSecurityGroupName": "", - "routeTableName": "", "serviceEndpoints": [ "Microsoft.EventHub", "Microsoft.Sql", "Microsoft.Storage", "Microsoft.KeyVault" - ], - "delegations": [] + ] }, { "name": "sxx-az-subnet-x-002", "addressPrefix": "10.0.1.0/24", - "networkSecurityGroupName": "", - "routeTableName": "", "serviceEndpoints": [ "Microsoft.EventHub", "Microsoft.Sql", "Microsoft.Storage", "Microsoft.KeyVault" - ], - "delegations": [] + ] }, { "name": "sxx-az-subnet-x-003", "addressPrefix": "10.0.2.0/24", - "networkSecurityGroupName": "", - "routeTableName": "", - "serviceEndpoints": [], "delegations": [ { "name": "sqlMiDel", @@ -60,9 +51,6 @@ { "name": "sxx-az-subnet-x-004", "addressPrefix": "10.0.3.0/24", - "networkSecurityGroupName": "", - "routeTableName": "", - "serviceEndpoints": [], "delegations": [ { "name": "netappDel", @@ -74,27 +62,15 @@ }, { "name": "AzureFirewallSubnet", - "addressPrefix": "10.0.4.0/24", - "networkSecurityGroupName": "", - "routeTableName": "", - "serviceEndpoints": [], - "delegations": [] + "addressPrefix": "10.0.4.0/24" }, { "name": "AzureBastionSubnet", - "addressPrefix": "10.0.5.0/24", - "networkSecurityGroupName": "", - "routeTableName": "", - "serviceEndpoints": [], - "delegations": [] + "addressPrefix": "10.0.5.0/24" }, { "name": "sxx-az-subnet-x-005", "addressPrefix": "10.0.6.0/24", - "networkSecurityGroupName": "", - "routeTableName": "", - "serviceEndpoints": [], - "delegations": [], "privateEndpointNetworkPolicies": "Disabled", // This property must be set to disabled for subnets that contain private endpoints. It confirms that NSGs rules will not apply to private endpoints (currently not supported). Default Value when not specified is "Enabled". "privateLinkServiceNetworkPolicies": "Enabled" } diff --git a/arm/Microsoft.Network/virtualNetworks/deploy.bicep b/arm/Microsoft.Network/virtualNetworks/deploy.bicep index 9439dd173f..8a4b4edff5 100644 --- a/arm/Microsoft.Network/virtualNetworks/deploy.bicep +++ b/arm/Microsoft.Network/virtualNetworks/deploy.bicep @@ -114,16 +114,9 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-03-01' = { enableDdosProtection: !empty(ddosProtectionPlanId) subnets: [for subnet in subnets: { name: subnet.name - properties: contains(subnet, 'addressPrefix') ? { + properties: { addressPrefix: subnet.addressPrefix - } : {} - // networkSecurityGroup: contains(item, 'networkSecurityGroupName') ? (empty(item.networkSecurityGroupName) ? null : json('{"id": "${resourceId('Microsoft.Network/networkSecurityGroups', item.networkSecurityGroupName)}"}')) : null - // routeTable: contains(item, 'routeTableName') ? (empty(item.routeTableName) ? null : json('{"id": "${resourceId('Microsoft.Network/routeTables', item.routeTableName)}"}')) : null - // serviceEndpoints: contains(item, 'serviceEndpoints') ? (empty(item.serviceEndpoints) ? null : item.serviceEndpoints) : null - // delegations: contains(item, 'delegations') ? (empty(item.delegations) ? null : item.delegations) : null - // natGateway: contains(item, 'natGatewayName') ? (empty(item.natGatewayName) ? null : json('{"id": "${resourceId('Microsoft.Network/natGateways', item.natGatewayName)}"}')) : null - // privateEndpointNetworkPolicies: contains(item, 'privateEndpointNetworkPolicies') ? (empty(item.privateEndpointNetworkPolicies) ? null : item.privateEndpointNetworkPolicies) : null - // privateLinkServiceNetworkPolicies: contains(item, 'privateLinkServiceNetworkPolicies') ? (empty(item.privateLinkServiceNetworkPolicies) ? null : item.privateLinkServiceNetworkPolicies) : null + } }] } } @@ -142,12 +135,13 @@ module virtualNetworkPeerings_resource 'virtualNetworkPeerings/deploy.bicep' = [ } }] +@batchSize(1) module virtualNetwork_subnets 'subnets/deploy.bicep' = [for (subnet, index) in subnets: { name: '${uniqueString(deployment().name, location)}-subnet-${index}' params: { virtualNetworkName: virtualNetwork.name name: subnet.name - addressPrefix: contains(subnet, 'addressPrefix') ? subnet.addressPrefix : '' + addressPrefix: subnet.addressPrefix addressPrefixes: contains(subnet, 'addressPrefixes') ? subnet.addressPrefixes : [] applicationGatewayIpConfigurations: contains(subnet, 'applicationGatewayIpConfigurations') ? subnet.applicationGatewayIpConfigurations : [] delegations: contains(subnet, 'delegations') ? subnet.delegations : [] diff --git a/arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep b/arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep index 65423fb068..96ead2384d 100644 --- a/arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep +++ b/arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep @@ -4,8 +4,8 @@ param name string @description('Required. The name of the parent virtual network') param virtualNetworkName string -@description('Optional. The address prefix for the subnet.') -param addressPrefix string = '' +@description('Required. The address prefix for the subnet.') +param addressPrefix string @description('Optional. The network security group to assign to the subnet') param networkSecurityGroupName string = '' @@ -83,11 +83,13 @@ resource subnet 'Microsoft.Network/virtualNetworks/subnets@2021-03-01' = { parent: virtualNetwork properties: { addressPrefix: addressPrefix - networkSecurityGroup: networkSecurityGroup - routeTable: routeTable + networkSecurityGroup: !empty(networkSecurityGroupName) ? { + id: networkSecurityGroup.id + } : null + routeTable: !empty(routeTableName) ? routeTable : null serviceEndpoints: !empty(formattedServiceEndpoints) ? formattedServiceEndpoints : [] delegations: delegations - natGateway: natGateway + natGateway: !empty(natGatewayName) ? natGateway : null privateEndpointNetworkPolicies: !empty(privateEndpointNetworkPolicies) ? any(privateEndpointNetworkPolicies) : null privateLinkServiceNetworkPolicies: !empty(privateLinkServiceNetworkPolicies) ? any(privateLinkServiceNetworkPolicies) : null addressPrefixes: addressPrefixes diff --git a/arm/Microsoft.Network/virtualNetworks/subnets/readme.md b/arm/Microsoft.Network/virtualNetworks/subnets/readme.md index f1c5d79be7..8e46294112 100644 --- a/arm/Microsoft.Network/virtualNetworks/subnets/readme.md +++ b/arm/Microsoft.Network/virtualNetworks/subnets/readme.md @@ -12,7 +12,7 @@ This module deploys a virtual network subnet. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | -| `addressPrefix` | string | | | Optional. The address prefix for the subnet. | +| `addressPrefix` | string | | | Required. The address prefix for the subnet. | | `addressPrefixes` | array | `[]` | | Optional. List of address prefixes for the subnet. | | `applicationGatewayIpConfigurations` | array | `[]` | | Optional. Application gateway IP configurations of virtual network resource. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | diff --git a/utilities/pipelines/dependencies/Microsoft.Network/routeTables/parameters/parameters.json b/utilities/pipelines/dependencies/Microsoft.Network/routeTables/parameters/parameters.json index 0c59507939..6e5ccb81ad 100644 --- a/utilities/pipelines/dependencies/Microsoft.Network/routeTables/parameters/parameters.json +++ b/utilities/pipelines/dependencies/Microsoft.Network/routeTables/parameters/parameters.json @@ -3,7 +3,7 @@ "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "adp-sxx-az-udr-x-sqlmi" + "value": "adp-sxx-az-udr-x-001" } } } diff --git a/utilities/pipelines/dependencies/Microsoft.Network/routeTables/parameters/sqlMi.parameters.json b/utilities/pipelines/dependencies/Microsoft.Network/routeTables/parameters/sqlMi.parameters.json new file mode 100644 index 0000000000..0c59507939 --- /dev/null +++ b/utilities/pipelines/dependencies/Microsoft.Network/routeTables/parameters/sqlMi.parameters.json @@ -0,0 +1,9 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "adp-sxx-az-udr-x-sqlmi" + } + } +} From a2799a92b0023844366f000adca7b097b138933a Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 2 Dec 2021 14:24:25 +0100 Subject: [PATCH 03/15] Update to latest --- .../parameters/parameters.json | 36 +++++-------------- 1 file changed, 9 insertions(+), 27 deletions(-) diff --git a/utilities/pipelines/dependencies/Microsoft.Network/virtualNetworks/parameters/parameters.json b/utilities/pipelines/dependencies/Microsoft.Network/virtualNetworks/parameters/parameters.json index 77e505da44..9d21ac6034 100644 --- a/utilities/pipelines/dependencies/Microsoft.Network/virtualNetworks/parameters/parameters.json +++ b/utilities/pipelines/dependencies/Microsoft.Network/virtualNetworks/parameters/parameters.json @@ -21,18 +21,10 @@ "addressPrefix": "10.0.0.0/24", "networkSecurityGroupName": "adp-sxx-az-nsg-x-001", "serviceEndpoints": [ - { - "service": "Microsoft.EventHub" - }, - { - "service": "Microsoft.Sql" - }, - { - "service": "Microsoft.Storage" - }, - { - "service": "Microsoft.KeyVault" - } + "Microsoft.EventHub", + "Microsoft.Sql", + "Microsoft.Storage", + "Microsoft.KeyVault" ] }, { @@ -40,18 +32,10 @@ "addressPrefix": "10.0.1.0/24", "networkSecurityGroupName": "adp-sxx-az-nsg-x-001", "serviceEndpoints": [ - { - "service": "Microsoft.EventHub" - }, - { - "service": "Microsoft.Sql" - }, - { - "service": "Microsoft.Storage" - }, - { - "service": "Microsoft.KeyVault" - } + "Microsoft.EventHub", + "Microsoft.Sql", + "Microsoft.Storage", + "Microsoft.KeyVault" ] }, { @@ -59,9 +43,7 @@ "addressPrefix": "10.0.2.0/24", "networkSecurityGroupName": "adp-sxx-az-nsg-x-001", "serviceEndpoints": [ - { - "service": "Microsoft.ServiceBus" - } + "Microsoft.ServiceBus" ] }, { From 1e089c95c000c9a241f1007aabe864e0090a156a Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 2 Dec 2021 14:26:14 +0100 Subject: [PATCH 04/15] Update to latest --- docs/wiki/TestingDesign.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/wiki/TestingDesign.md b/docs/wiki/TestingDesign.md index 5d8b294ff5..6808d756ef 100644 --- a/docs/wiki/TestingDesign.md +++ b/docs/wiki/TestingDesign.md @@ -119,6 +119,7 @@ Since also dependency resources are in turn subject to dependencies with each ot >**Note**: This resource has a global scope name. 1. Event hub namespace and Event hub: This resource is leveraged by all resources supporting diagnostic settings on an event hub. >**Note**: This resource has a global scope name. + 1. Route table: This resource is leveraged by a test subnet deployment of the [Virtual Network] module. 1. Route table: This resource is leveraged by the virtual network subnet dedicated to test [SQL managed instance]. >**Note**: This resource is deployed and configured only if sqlmi dependency resources are enabled. 1. Network watcher: This resource is leveraged by the [NSG flow logs] resource. From 0d57b830a6c71685b1f7c74c1a466e03d9c67579 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 2 Dec 2021 14:54:06 +0100 Subject: [PATCH 05/15] Update to latest --- .../virtualNetworks/.parameters/parameters.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json b/arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json index f9ac8af539..1a3d57de72 100644 --- a/arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json +++ b/arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json @@ -53,7 +53,7 @@ { "roleDefinitionIdOrName": "Reader", "principalIds": [ - "e58511af-4da2-449c-a5cd-6a10271cfb83" + "<>" ] } ] @@ -62,13 +62,13 @@ "value": 7 }, "diagnosticStorageAccountId": { - "value": "/subscriptions/a7439831-1cd9-435d-a091-4aa863c96556/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" + "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, "workspaceId": { - "value": "/subscriptions/a7439831-1cd9-435d-a091-4aa863c96556/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" + "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, "eventHubAuthorizationRuleId": { - "value": "/subscriptions/a7439831-1cd9-435d-a091-4aa863c96556/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" + "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, "eventHubName": { "value": "adp-sxx-az-evh-x-001" From 8bf06b529dd3dc820f40e5e0fde27c9c8610ea2f Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 2 Dec 2021 17:07:20 +0100 Subject: [PATCH 06/15] Update to latest --- .../virtualNetworks/subnets/deploy.bicep | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep b/arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep index 96ead2384d..b2233f2d55 100644 --- a/arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep +++ b/arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep @@ -86,10 +86,14 @@ resource subnet 'Microsoft.Network/virtualNetworks/subnets@2021-03-01' = { networkSecurityGroup: !empty(networkSecurityGroupName) ? { id: networkSecurityGroup.id } : null - routeTable: !empty(routeTableName) ? routeTable : null + routeTable: !empty(routeTableName) ? { + id: routeTable.id + } : null + natGateway: !empty(natGatewayName) ? { + id: natGateway.id + } : null serviceEndpoints: !empty(formattedServiceEndpoints) ? formattedServiceEndpoints : [] delegations: delegations - natGateway: !empty(natGatewayName) ? natGateway : null privateEndpointNetworkPolicies: !empty(privateEndpointNetworkPolicies) ? any(privateEndpointNetworkPolicies) : null privateLinkServiceNetworkPolicies: !empty(privateLinkServiceNetworkPolicies) ? any(privateLinkServiceNetworkPolicies) : null addressPrefixes: addressPrefixes From 580087e6be732c1e1734908adc3329b543d29f4e Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 2 Dec 2021 17:30:12 +0100 Subject: [PATCH 07/15] Update to latest --- .../virtualNetworks/.parameters/vnetPeering.parameters.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json b/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json index 3a74c50221..36042b3e09 100644 --- a/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json +++ b/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json @@ -3,7 +3,7 @@ "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "sxx-az-vnet-x-001" + "value": "sxx-az-vnet-peer-x-002" }, "addressPrefixes": { "value": [ From 82f4623739ff26e17d719d2dd02c3edd993050e7 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 2 Dec 2021 17:59:57 +0100 Subject: [PATCH 08/15] Update to latest --- .../.parameters/vnetPeering.parameters.json | 62 +------------------ 1 file changed, 2 insertions(+), 60 deletions(-) diff --git a/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json b/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json index 36042b3e09..b1d855089b 100644 --- a/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json +++ b/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json @@ -7,72 +7,14 @@ }, "addressPrefixes": { "value": [ - "10.0.0.0/16" + "10.0.0.0/24" ] }, "subnets": { "value": [ { "name": "GatewaySubnet", - "addressPrefix": "10.0.255.0/24" - }, - { - "name": "sxx-az-subnet-x-001", - "addressPrefix": "10.0.0.0/24", - "serviceEndpoints": [ - "Microsoft.EventHub", - "Microsoft.Sql", - "Microsoft.Storage", - "Microsoft.KeyVault" - ] - }, - { - "name": "sxx-az-subnet-x-002", - "addressPrefix": "10.0.1.0/24", - "serviceEndpoints": [ - "Microsoft.EventHub", - "Microsoft.Sql", - "Microsoft.Storage", - "Microsoft.KeyVault" - ] - }, - { - "name": "sxx-az-subnet-x-003", - "addressPrefix": "10.0.2.0/24", - "delegations": [ - { - "name": "sqlMiDel", - "properties": { - "serviceName": "Microsoft.Sql/managedInstances" - } - } - ] - }, - { - "name": "sxx-az-subnet-x-004", - "addressPrefix": "10.0.3.0/24", - "delegations": [ - { - "name": "netappDel", - "properties": { - "serviceName": "Microsoft.Netapp/volumes" - } - } - ] - }, - { - "name": "AzureFirewallSubnet", - "addressPrefix": "10.0.4.0/24" - }, - { - "name": "AzureBastionSubnet", - "addressPrefix": "10.0.5.0/24" - }, - { - "name": "sxx-az-subnet-x-005", - "addressPrefix": "10.0.6.0/24", - "privateEndpointNetworkPolicies": "Disabled", // This property must be set to disabled for subnets that contain private endpoints. It confirms that NSGs rules will not apply to private endpoints (currently not supported). Default Value when not specified is "Enabled". - "privateLinkServiceNetworkPolicies": "Enabled" + "addressPrefix": "10.0.0.42/26" } ] }, From 1f6136d62dd8b3d2587fa6389ec769886630a193 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 2 Dec 2021 19:11:24 +0100 Subject: [PATCH 09/15] Update to latest --- .../.parameters/vnetPeering.parameters.json | 26 ++++------ .../virtualNetworks/deploy.bicep | 51 ++++++++++++++----- .../virtualNetworks/readme.md | 14 +++++ 3 files changed, 61 insertions(+), 30 deletions(-) diff --git a/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json b/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json index b1d855089b..5b68a9cb4a 100644 --- a/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json +++ b/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json @@ -14,28 +14,22 @@ "value": [ { "name": "GatewaySubnet", - "addressPrefix": "10.0.0.42/26" + "addressPrefix": "10.0.0.0/26" } ] }, "virtualNetworkPeerings": { "value": [ { - "remoteVirtualNetworkId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-sxx-az-vnet-x-peer01", + "remoteVirtualNetworkId": "/subscriptions/a7439831-1cd9-435d-a091-4aa863c96556/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-sxx-az-vnet-x-peer01", "allowForwardedTraffic": true, "allowGatewayTransit": false, "allowVirtualNetworkAccess": true, - "useRemoteGateways": false - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] + "useRemoteGateways": false, + "reversePeeringEnabled": true, + "reversePeeringName": "customName", + "reversePeeringAllowVirtualNetworkAccess": true, + "reversePeeringAllowForwardedTraffic": true } ] }, @@ -43,13 +37,13 @@ "value": 7 }, "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" + "value": "/subscriptions/a7439831-1cd9-435d-a091-4aa863c96556/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, "workspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" + "value": "/subscriptions/a7439831-1cd9-435d-a091-4aa863c96556/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, "eventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" + "value": "/subscriptions/a7439831-1cd9-435d-a091-4aa863c96556/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, "eventHubName": { "value": "adp-sxx-az-evh-x-001" diff --git a/arm/Microsoft.Network/virtualNetworks/deploy.bicep b/arm/Microsoft.Network/virtualNetworks/deploy.bicep index 8a4b4edff5..74e984ba20 100644 --- a/arm/Microsoft.Network/virtualNetworks/deploy.bicep +++ b/arm/Microsoft.Network/virtualNetworks/deploy.bicep @@ -121,20 +121,6 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-03-01' = { } } -module virtualNetworkPeerings_resource 'virtualNetworkPeerings/deploy.bicep' = [for (virtualNetworkPeering, index) in virtualNetworkPeerings: { - name: '${uniqueString(deployment().name, location)}-virtualNetworkPeering-${index}' - params: { - localVnetName: name - remoteVirtualNetworkId: virtualNetworkPeering.remoteVirtualNetworkId - name: contains(virtualNetworkPeering, 'name') ? virtualNetworkPeering.name : '${name}-${last(split(virtualNetworkPeering.remoteVirtualNetworkId, '/'))}' - allowForwardedTraffic: contains(virtualNetworkPeering, 'allowForwardedTraffic') ? virtualNetworkPeering.allowForwardedTraffic : true - allowGatewayTransit: contains(virtualNetworkPeering, 'allowGatewayTransit') ? virtualNetworkPeering.allowGatewayTransit : false - allowVirtualNetworkAccess: contains(virtualNetworkPeering, 'allowVirtualNetworkAccess') ? virtualNetworkPeering.allowVirtualNetworkAccess : true - doNotVerifyRemoteGateways: contains(virtualNetworkPeering, 'doNotVerifyRemoteGateways') ? virtualNetworkPeering.doNotVerifyRemoteGateways : true - useRemoteGateways: contains(virtualNetworkPeering, 'useRemoteGateways') ? virtualNetworkPeering.useRemoteGateways : false - } -}] - @batchSize(1) module virtualNetwork_subnets 'subnets/deploy.bicep' = [for (subnet, index) in subnets: { name: '${uniqueString(deployment().name, location)}-subnet-${index}' @@ -156,6 +142,43 @@ module virtualNetwork_subnets 'subnets/deploy.bicep' = [for (subnet, index) in s } }] +// Local to Remote peering +module virtualNetwork_peering_local 'virtualNetworkPeerings/deploy.bicep' = [for (peering, index) in virtualNetworkPeerings: { + name: '${uniqueString(deployment().name, location)}-virtualNetworkPeering-local-${index}' + params: { + localVnetName: name + remoteVirtualNetworkId: peering.remoteVirtualNetworkId + name: contains(peering, 'name') ? peering.name : '${name}-${last(split(peering.remoteVirtualNetworkId, '/'))}' + allowForwardedTraffic: contains(peering, 'allowForwardedTraffic') ? peering.allowForwardedTraffic : true + allowGatewayTransit: contains(peering, 'allowGatewayTransit') ? peering.allowGatewayTransit : false + allowVirtualNetworkAccess: contains(peering, 'allowVirtualNetworkAccess') ? peering.allowVirtualNetworkAccess : true + doNotVerifyRemoteGateways: contains(peering, 'doNotVerifyRemoteGateways') ? peering.doNotVerifyRemoteGateways : true + useRemoteGateways: contains(peering, 'useRemoteGateways') ? peering.useRemoteGateways : false + } + dependsOn: [ + virtualNetwork_subnets + ] +}] + +// Remote to local peering (reverse) +module virtualNetwork_peering_remote 'virtualNetworkPeerings/deploy.bicep' = [for (peering, index) in virtualNetworkPeerings: if (contains(peering, 'reversePeeringEnabled') ? peering.reversePeeringEnabled == true : false) { + name: '${uniqueString(deployment().name, location)}-virtualNetworkPeering-remote-${index}' + scope: resourceGroup(split(peering.remoteVirtualNetworkId, '/')[4]) + params: { + localVnetName: last(split(peering.remoteVirtualNetworkId, '/')) + remoteVirtualNetworkId: virtualNetwork.id + name: contains(peering, 'reversePeeringName') ? peering.reversePeeringName : '${last(split(peering.remoteVirtualNetworkId, '/'))}-${name}' + allowForwardedTraffic: contains(peering, 'reversePeeringAllowForwardedTraffic') ? peering.reversePeeringAllowForwardedTraffic : true + allowGatewayTransit: contains(peering, 'reversePeeringAllowGatewayTransit') ? peering.reversePeeringAllowGatewayTransit : false + allowVirtualNetworkAccess: contains(peering, 'reversePeeringAllowVirtualNetworkAccess') ? peering.reversePeeringAllowVirtualNetworkAccess : true + doNotVerifyRemoteGateways: contains(peering, 'reversePeeringDoNotVerifyRemoteGateways') ? peering.reversePeeringDoNotVerifyRemoteGateways : true + useRemoteGateways: contains(peering, 'reversePeeringUseRemoteGateways') ? peering.reversePeeringUseRemoteGateways : false + } + dependsOn: [ + virtualNetwork_subnets + ] +}] + resource virtualNetwork_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { name: '${virtualNetwork.name}-${lock}-lock' properties: { diff --git a/arm/Microsoft.Network/virtualNetworks/readme.md b/arm/Microsoft.Network/virtualNetworks/readme.md index 3985dd36e6..755f157d73 100644 --- a/arm/Microsoft.Network/virtualNetworks/readme.md +++ b/arm/Microsoft.Network/virtualNetworks/readme.md @@ -36,6 +36,20 @@ This template deploys a virtual network (vNet). | `virtualNetworkPeerings` | _[virtualNetworkPeerings](virtualNetworkPeerings/readme.md)_ array | `[]` | | Optional. Virtual Network Peerings configurations | | `workspaceId` | string | | | Optional. Resource ID of log analytics. | +### Parameter Usage: `virtualNetworkPeerings` + +As the virtual network peering array allows you to deploy not only a one-way but also two-way peering (i.e reverse), you can use the following ***additional*** properties on top of what is documented in _[virtualNetworkPeerings](virtualNetworkPeerings/readme.md)_. + +| Parameter Name | Type | Default Value | Possible Values | Description | +| :-- | :-- | :-- | :-- | :-- | +| `reversePeeringEnabled` | bool | `false` | | Optional. Set to true to also deploy the reverse peering for the configured remote virtual networks to the local network | +| `reversePeeringName` | string | `'${last(split(peering.remoteVirtualNetworkId, '/'))}-${name}'` | | Optional. The Name of Vnet Peering resource. If not provided, default value will be - | +| `reversePeeringAllowForwardedTraffic` | bool | `true` | | Optional. Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. | +| `reversePeeringAllowGatewayTransit` | bool | `false` | | Optional. If gateway links can be used in remote virtual networking to link to this virtual network. | +| `reversePeeringAllowVirtualNetworkAccess` | bool | `true` | | Optional. Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. | +| `reversePeeringDoNotVerifyRemoteGateways` | bool | `true` | | Optional. If we need to verify the provisioning state of the remote gateway. | +| `reversePeeringUseRemoteGateways` | bool | `false` | | Optional. If remote gateways can be used on this virtual network. If the flag is set to `true`, and allowGatewayTransit on local peering is also `true`, virtual network will use gateways of local virtual network for transit. Only one peering can have this flag set to `true`. This flag cannot be set if virtual network already has a gateway. | + ### Parameter Usage: `addressPrefixes` The `addressPrefixes` parameter accepts a JSON Array of string values containing the IP Address Prefixes for the Virtual Network (vNet). From 105f386ce3bd6b5d7914b154e5b93d3f7b67c412 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 2 Dec 2021 19:16:42 +0100 Subject: [PATCH 10/15] Update to latest --- .../.parameters/vnetPeering.parameters.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json b/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json index 5b68a9cb4a..78c750bb2b 100644 --- a/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json +++ b/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json @@ -21,7 +21,7 @@ "virtualNetworkPeerings": { "value": [ { - "remoteVirtualNetworkId": "/subscriptions/a7439831-1cd9-435d-a091-4aa863c96556/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-sxx-az-vnet-x-peer01", + "remoteVirtualNetworkId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-sxx-az-vnet-x-peer01", "allowForwardedTraffic": true, "allowGatewayTransit": false, "allowVirtualNetworkAccess": true, @@ -37,13 +37,13 @@ "value": 7 }, "diagnosticStorageAccountId": { - "value": "/subscriptions/a7439831-1cd9-435d-a091-4aa863c96556/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" + "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, "workspaceId": { - "value": "/subscriptions/a7439831-1cd9-435d-a091-4aa863c96556/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" + "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, "eventHubAuthorizationRuleId": { - "value": "/subscriptions/a7439831-1cd9-435d-a091-4aa863c96556/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" + "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, "eventHubName": { "value": "adp-sxx-az-evh-x-001" From c96e7928ac261374275aa013100e02400742a9fb Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sat, 4 Dec 2021 17:22:23 +0100 Subject: [PATCH 11/15] Update to latest --- .../.parameters/min.parameters.json | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 arm/Microsoft.Network/virtualNetworks/.parameters/min.parameters.json diff --git a/arm/Microsoft.Network/virtualNetworks/.parameters/min.parameters.json b/arm/Microsoft.Network/virtualNetworks/.parameters/min.parameters.json new file mode 100644 index 0000000000..ef7a6d7206 --- /dev/null +++ b/arm/Microsoft.Network/virtualNetworks/.parameters/min.parameters.json @@ -0,0 +1,22 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "sxx-az-vnet-min-001" + }, + "addressPrefixes": { + "value": [ + "10.0.0.0/16" + ] + }, + "subnets": { + "value": [ + { + "name": "default", + "addressPrefix": "10.0.0.0/16" + } + ] + } + } +} From 951872a27f358832c45e883508d1fc37fc53269a Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sat, 4 Dec 2021 17:32:12 +0100 Subject: [PATCH 12/15] Renamed peering --- .../.parameters/vnetPeering.parameters.json | 8 ++++---- arm/Microsoft.Network/virtualNetworks/deploy.bicep | 14 +++++++------- arm/Microsoft.Network/virtualNetworks/readme.md | 14 +++++++------- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json b/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json index 78c750bb2b..1dafaf6ee9 100644 --- a/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json +++ b/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json @@ -26,10 +26,10 @@ "allowGatewayTransit": false, "allowVirtualNetworkAccess": true, "useRemoteGateways": false, - "reversePeeringEnabled": true, - "reversePeeringName": "customName", - "reversePeeringAllowVirtualNetworkAccess": true, - "reversePeeringAllowForwardedTraffic": true + "remotePeeringEnabled": true, + "remotePeeringName": "customName", + "remotePeeringAllowVirtualNetworkAccess": true, + "remotePeeringAllowForwardedTraffic": true } ] }, diff --git a/arm/Microsoft.Network/virtualNetworks/deploy.bicep b/arm/Microsoft.Network/virtualNetworks/deploy.bicep index 74e984ba20..c94bdcaa24 100644 --- a/arm/Microsoft.Network/virtualNetworks/deploy.bicep +++ b/arm/Microsoft.Network/virtualNetworks/deploy.bicep @@ -161,18 +161,18 @@ module virtualNetwork_peering_local 'virtualNetworkPeerings/deploy.bicep' = [for }] // Remote to local peering (reverse) -module virtualNetwork_peering_remote 'virtualNetworkPeerings/deploy.bicep' = [for (peering, index) in virtualNetworkPeerings: if (contains(peering, 'reversePeeringEnabled') ? peering.reversePeeringEnabled == true : false) { +module virtualNetwork_peering_remote 'virtualNetworkPeerings/deploy.bicep' = [for (peering, index) in virtualNetworkPeerings: if (contains(peering, 'remotePeeringEnabled') ? peering.remotePeeringEnabled == true : false) { name: '${uniqueString(deployment().name, location)}-virtualNetworkPeering-remote-${index}' scope: resourceGroup(split(peering.remoteVirtualNetworkId, '/')[4]) params: { localVnetName: last(split(peering.remoteVirtualNetworkId, '/')) remoteVirtualNetworkId: virtualNetwork.id - name: contains(peering, 'reversePeeringName') ? peering.reversePeeringName : '${last(split(peering.remoteVirtualNetworkId, '/'))}-${name}' - allowForwardedTraffic: contains(peering, 'reversePeeringAllowForwardedTraffic') ? peering.reversePeeringAllowForwardedTraffic : true - allowGatewayTransit: contains(peering, 'reversePeeringAllowGatewayTransit') ? peering.reversePeeringAllowGatewayTransit : false - allowVirtualNetworkAccess: contains(peering, 'reversePeeringAllowVirtualNetworkAccess') ? peering.reversePeeringAllowVirtualNetworkAccess : true - doNotVerifyRemoteGateways: contains(peering, 'reversePeeringDoNotVerifyRemoteGateways') ? peering.reversePeeringDoNotVerifyRemoteGateways : true - useRemoteGateways: contains(peering, 'reversePeeringUseRemoteGateways') ? peering.reversePeeringUseRemoteGateways : false + name: contains(peering, 'remotePeeringName') ? peering.remotePeeringName : '${last(split(peering.remoteVirtualNetworkId, '/'))}-${name}' + allowForwardedTraffic: contains(peering, 'remotePeeringAllowForwardedTraffic') ? peering.remotePeeringAllowForwardedTraffic : true + allowGatewayTransit: contains(peering, 'remotePeeringAllowGatewayTransit') ? peering.remotePeeringAllowGatewayTransit : false + allowVirtualNetworkAccess: contains(peering, 'remotePeeringAllowVirtualNetworkAccess') ? peering.remotePeeringAllowVirtualNetworkAccess : true + doNotVerifyRemoteGateways: contains(peering, 'remotePeeringDoNotVerifyRemoteGateways') ? peering.remotePeeringDoNotVerifyRemoteGateways : true + useRemoteGateways: contains(peering, 'remotePeeringUseRemoteGateways') ? peering.remotePeeringUseRemoteGateways : false } dependsOn: [ virtualNetwork_subnets diff --git a/arm/Microsoft.Network/virtualNetworks/readme.md b/arm/Microsoft.Network/virtualNetworks/readme.md index 755f157d73..a5c054aa16 100644 --- a/arm/Microsoft.Network/virtualNetworks/readme.md +++ b/arm/Microsoft.Network/virtualNetworks/readme.md @@ -42,13 +42,13 @@ As the virtual network peering array allows you to deploy not only a one-way but | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | -| `reversePeeringEnabled` | bool | `false` | | Optional. Set to true to also deploy the reverse peering for the configured remote virtual networks to the local network | -| `reversePeeringName` | string | `'${last(split(peering.remoteVirtualNetworkId, '/'))}-${name}'` | | Optional. The Name of Vnet Peering resource. If not provided, default value will be - | -| `reversePeeringAllowForwardedTraffic` | bool | `true` | | Optional. Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. | -| `reversePeeringAllowGatewayTransit` | bool | `false` | | Optional. If gateway links can be used in remote virtual networking to link to this virtual network. | -| `reversePeeringAllowVirtualNetworkAccess` | bool | `true` | | Optional. Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. | -| `reversePeeringDoNotVerifyRemoteGateways` | bool | `true` | | Optional. If we need to verify the provisioning state of the remote gateway. | -| `reversePeeringUseRemoteGateways` | bool | `false` | | Optional. If remote gateways can be used on this virtual network. If the flag is set to `true`, and allowGatewayTransit on local peering is also `true`, virtual network will use gateways of local virtual network for transit. Only one peering can have this flag set to `true`. This flag cannot be set if virtual network already has a gateway. | +| `remotePeeringEnabled` | bool | `false` | | Optional. Set to true to also deploy the reverse peering for the configured remote virtual networks to the local network | +| `remotePeeringName` | string | `'${last(split(peering.remoteVirtualNetworkId, '/'))}-${name}'` | | Optional. The Name of Vnet Peering resource. If not provided, default value will be - | +| `remotePeeringAllowForwardedTraffic` | bool | `true` | | Optional. Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. | +| `remotePeeringAllowGatewayTransit` | bool | `false` | | Optional. If gateway links can be used in remote virtual networking to link to this virtual network. | +| `remotePeeringAllowVirtualNetworkAccess` | bool | `true` | | Optional. Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. | +| `remotePeeringDoNotVerifyRemoteGateways` | bool | `true` | | Optional. If we need to verify the provisioning state of the remote gateway. | +| `remotePeeringUseRemoteGateways` | bool | `false` | | Optional. If remote gateways can be used on this virtual network. If the flag is set to `true`, and allowGatewayTransit on local peering is also `true`, virtual network will use gateways of local virtual network for transit. Only one peering can have this flag set to `true`. This flag cannot be set if virtual network already has a gateway. | ### Parameter Usage: `addressPrefixes` From 8978b9d46f8ff12d972c0de4a6bc729b8223441d Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sat, 4 Dec 2021 17:37:04 +0100 Subject: [PATCH 13/15] Update to latest --- arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep | 6 ++++++ arm/Microsoft.Network/virtualNetworks/subnets/readme.md | 2 ++ 2 files changed, 8 insertions(+) diff --git a/arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep b/arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep index b2233f2d55..e7baf2ea07 100644 --- a/arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep +++ b/arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep @@ -111,3 +111,9 @@ output subnetName string = subnet.name @description('The resource ID of the virtual network peering') output subnetResourceId string = subnet.id + +@description('The address prefix for the subnet') +output subnetAddressPrefix string = subnet.properties.addressPrefix + +@description('List of address prefixes for the subnet') +output subnetAddressPrefixes array = subnet.properties.addressPrefixes diff --git a/arm/Microsoft.Network/virtualNetworks/subnets/readme.md b/arm/Microsoft.Network/virtualNetworks/subnets/readme.md index 8e46294112..5cba984955 100644 --- a/arm/Microsoft.Network/virtualNetworks/subnets/readme.md +++ b/arm/Microsoft.Network/virtualNetworks/subnets/readme.md @@ -57,6 +57,8 @@ This module deploys a virtual network subnet. | Output Name | Type | Description | | :-- | :-- | :-- | +| `subnetAddressPrefix` | string | The address prefix for the subnet | +| `subnetAddressPrefixes` | array | List of address prefixes for the subnet | | `subnetName` | string | The name of the virtual network peering | | `subnetResourceGroup` | string | The resource group the virtual network peering was deployed into | | `subnetResourceId` | string | The resource ID of the virtual network peering | From dfdff6ee80b496feac10e7b11fdca8053263bbed Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sat, 4 Dec 2021 17:40:16 +0100 Subject: [PATCH 14/15] Update to latest --- .../virtualNetworks/.parameters/parameters.json | 2 +- arm/Microsoft.Network/virtualNetworks/subnets/readme.md | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json b/arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json index 1a3d57de72..1edc7171f5 100644 --- a/arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json +++ b/arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json @@ -43,7 +43,7 @@ { "name": "sxx-az-subnet-x-003", "addressPrefix": "10.0.6.0/24", - "privateEndpointNetworkPolicies": "Disabled", // This property must be set to disabled for subnets that contain private endpoints. It confirms that NSGs rules will not apply to private endpoints (currently not supported). Default Value when not specified is "Enabled". + "privateEndpointNetworkPolicies": "Disabled", "privateLinkServiceNetworkPolicies": "Enabled" } ] diff --git a/arm/Microsoft.Network/virtualNetworks/subnets/readme.md b/arm/Microsoft.Network/virtualNetworks/subnets/readme.md index 5cba984955..4a30fa4fa4 100644 --- a/arm/Microsoft.Network/virtualNetworks/subnets/readme.md +++ b/arm/Microsoft.Network/virtualNetworks/subnets/readme.md @@ -52,6 +52,10 @@ This module deploys a virtual network subnet. ] ``` +## Considerations + +The `privateEndpointNetworkPolicies` property must be set to disabled for subnets that contain private endpoints. It confirms that NSGs rules will not apply to private endpoints (currently not supported, [reference](https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview#limitations)). Default Value when not specified is "Enabled". + ## Outputs From 7cf009faffd2542571a4d8aebf79df0b81deccf3 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Fri, 10 Dec 2021 09:23:52 +0100 Subject: [PATCH 15/15] Update to latest --- arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep b/arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep index 2d7877612d..55668a3878 100644 --- a/arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep +++ b/arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep @@ -121,4 +121,4 @@ output subnetResourceId string = subnet.id output subnetAddressPrefix string = subnet.properties.addressPrefix @description('List of address prefixes for the subnet') -output subnetAddressPrefixes array = subnet.properties.addressPrefixes +output subnetAddressPrefixes array = !empty(addressPrefixes) ? subnet.properties.addressPrefixes : []