diff --git a/.azuredevops/modulePipelines/ms.network.loadbalancers.yml b/.azuredevops/modulePipelines/ms.network.loadbalancers.yml index 6f25287269..29abbe76ae 100644 --- a/.azuredevops/modulePipelines/ms.network.loadbalancers.yml +++ b/.azuredevops/modulePipelines/ms.network.loadbalancers.yml @@ -51,6 +51,7 @@ stages: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json - stage: Publishing displayName: Publish module diff --git a/.github/workflows/ms.network.loadbalancers.yml b/.github/workflows/ms.network.loadbalancers.yml index e07a033ab5..e92cc5f58c 100644 --- a/.github/workflows/ms.network.loadbalancers.yml +++ b/.github/workflows/ms.network.loadbalancers.yml @@ -91,7 +91,7 @@ jobs: strategy: fail-fast: false matrix: - parameterFilePaths: ['parameters.json'] + parameterFilePaths: ['min.parameters.json', 'parameters.json'] steps: - name: 'Checkout' uses: actions/checkout@v2 diff --git a/arm/Microsoft.Network/loadBalancers/.parameters/min.parameters.json b/arm/Microsoft.Network/loadBalancers/.parameters/min.parameters.json new file mode 100644 index 0000000000..06f52efe09 --- /dev/null +++ b/arm/Microsoft.Network/loadBalancers/.parameters/min.parameters.json @@ -0,0 +1,19 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "sxx-az-lb-min-001" + }, + "frontendIPConfigurations": { + "value": [ + { + "name": "publicIPConfig1", + "publicIPAddressId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-sxx-az-pip-x-lb", + "subnetId": "", + "privateIPAddress": "" + } + ] + } + } +} diff --git a/arm/Microsoft.Network/loadBalancers/.parameters/parameters.json b/arm/Microsoft.Network/loadBalancers/.parameters/parameters.json index 5230ad50e1..7055c7629f 100644 --- a/arm/Microsoft.Network/loadBalancers/.parameters/parameters.json +++ b/arm/Microsoft.Network/loadBalancers/.parameters/parameters.json @@ -8,53 +8,94 @@ "frontendIPConfigurations": { "value": [ { - "name": "publicIPConfig", - "properties": { - "publicIPAddressId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-sxx-az-pip-x-lb", - "subnetId": "", - "privateIPAddress": "" - } + "name": "publicIPConfig1", + "publicIPAddressId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-sxx-az-pip-x-lb", + "subnetId": "", + "privateIPAddress": "" } ] }, "backendAddressPools": { "value": [ { - "name": "backendAddressPool" + "name": "backendAddressPool1" + }, + { + "name": "backendAddressPool2" } ] }, "loadBalancingRules": { "value": [ { - "name": "publicIPLBRule", - "properties": { - "frontendIPConfigurationName": "publicIPConfig", - "frontendPort": 80, - "backendPort": 80, - "enableFloatingIP": false, - "idleTimeoutInMinutes": 5, - "protocol": "TCP", - "enableTcpReset": false, - "loadDistribution": "Default", - "disableOutboundSnat": false, - "probeName": "probe", - "backendAddressPoolName": "backendAddressPool" - } + "name": "publicIPLBRule1", + "frontendIPConfigurationName": "publicIPConfig1", + "frontendPort": 80, + "backendPort": 80, + "enableFloatingIP": false, + "idleTimeoutInMinutes": 5, + "protocol": "Tcp", + "enableTcpReset": false, + "loadDistribution": "Default", + "disableOutboundSnat": true, + "probeName": "probe1", + "backendAddressPoolName": "backendAddressPool1" + }, + { + "name": "publicIPLBRule2", + "frontendIPConfigurationName": "publicIPConfig1", + "frontendPort": 8080, + "backendPort": 8080, + "loadDistribution": "Default", + "probeName": "probe2", + "backendAddressPoolName": "backendAddressPool2" + } + ] + }, + "inboundNatRules": { + "value": [ + { + "name": "inboundNatRule1", + "frontendIPConfigurationName": "publicIPConfig1", + "frontendPort": 443, + "backendPort": 443, + "enableFloatingIP": false, + "idleTimeoutInMinutes": 4, + "protocol": "Tcp", + "enableTcpReset": false + }, + { + "name": "inboundNatRule2", + "frontendIPConfigurationName": "publicIPConfig1", + "frontendPort": 3389, + "backendPort": 3389 + } + ] + }, + "outboundRules": { + "value": [ + { + "name": "outboundRule1", + "frontendIPConfigurationName": "publicIPConfig1", + "backendAddressPoolName": "backendAddressPool1", + "allocatedOutboundPorts": 63984 } ] }, "probes": { "value": [ { - "name": "probe", - "properties": { - "protocol": "TCP", - "port": 80, - "requestPath": "/", - "intervalInSeconds": 10, - "numberOfProbes": 5 - } + "name": "probe1", + "protocol": "Tcp", + "port": 80, + "intervalInSeconds": 10, + "numberOfProbes": 5 + }, + { + "name": "probe2", + "protocol": "Https", + "port": 443, + "requestPath": "/" } ] }, diff --git a/arm/Microsoft.Network/loadBalancers/backendAddressPools/.bicep/nested_cuaId.bicep b/arm/Microsoft.Network/loadBalancers/backendAddressPools/.bicep/nested_cuaId.bicep new file mode 100644 index 0000000000..8b13789179 --- /dev/null +++ b/arm/Microsoft.Network/loadBalancers/backendAddressPools/.bicep/nested_cuaId.bicep @@ -0,0 +1 @@ + diff --git a/arm/Microsoft.Network/loadBalancers/backendAddressPools/deploy.bicep b/arm/Microsoft.Network/loadBalancers/backendAddressPools/deploy.bicep new file mode 100644 index 0000000000..800052e3fb --- /dev/null +++ b/arm/Microsoft.Network/loadBalancers/backendAddressPools/deploy.bicep @@ -0,0 +1,41 @@ +@description('Required. The name of the parent load balancer') +param loadBalancerName string + +@description('Required. The name of the backend address pool') +param name string + +@description('Optional. An array of backend addresses.') +param loadBalancerBackendAddresses array = [] + +@description('Optional. An array of gateway load balancer tunnel interfaces.') +param tunnelInterfaces array = [] + +@description('Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered') +param cuaId string = '' + +module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { + name: 'pid-${cuaId}' + params: {} +} + +resource loadBalancer 'Microsoft.Network/loadBalancers@2021-02-01' existing = { + name: loadBalancerName +} + +resource backendAddressPool 'Microsoft.Network/loadBalancers/backendAddressPools@2021-05-01' = { + name: name + properties: { + loadBalancerBackendAddresses: loadBalancerBackendAddresses + tunnelInterfaces: tunnelInterfaces + } + parent: loadBalancer +} + +@description('The name of the backend address pool') +output inboundNatRuleName string = backendAddressPool.name + +@description('The resource ID of the backend address pool') +output inboundNatRuleResourceId string = backendAddressPool.id + +@description('The resource group the backend address pool was deployed into') +output inboundNatRuleResourceGroupName string = resourceGroup().name diff --git a/arm/Microsoft.Network/loadBalancers/backendAddressPools/readme.md b/arm/Microsoft.Network/loadBalancers/backendAddressPools/readme.md new file mode 100644 index 0000000000..92a854508f --- /dev/null +++ b/arm/Microsoft.Network/loadBalancers/backendAddressPools/readme.md @@ -0,0 +1,31 @@ +# Load Balancers Backend Address Pools `[Microsoft.Network/loadBalancers/backendAddressPools]` + +This module deploys load balancer backend address pools. + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Network/loadBalancers/backendAddressPools` | 2021-05-01 | + +## Parameters + +| Parameter Name | Type | Default Value | Possible Values | Description | +| :-- | :-- | :-- | :-- | :-- | +| `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `loadBalancerBackendAddresses` | array | `[]` | | Optional. An array of backend addresses. | +| `loadBalancerName` | string | | | Required. The name of the parent load balancer | +| `name` | string | | | Required. The name of the backend address pool | +| `tunnelInterfaces` | array | `[]` | | Optional. An array of gateway load balancer tunnel interfaces. | + +## Outputs + +| Output Name | Type | Description | +| :-- | :-- | :-- | +| `inboundNatRuleName` | string | The name of the backend address pool | +| `inboundNatRuleResourceGroupName` | string | The resource group the backend address pool was deployed into | +| `inboundNatRuleResourceId` | string | The resource ID of the backend address pool | + +## Template references + +- [Loadbalancers/Backendaddresspools](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/loadBalancers/backendAddressPools) diff --git a/arm/Microsoft.Network/loadBalancers/deploy.bicep b/arm/Microsoft.Network/loadBalancers/deploy.bicep index 584a6e8c53..bec72843ea 100644 --- a/arm/Microsoft.Network/loadBalancers/deploy.bicep +++ b/arm/Microsoft.Network/loadBalancers/deploy.bicep @@ -15,17 +15,14 @@ param loadBalancerSku string = 'Standard' @minLength(1) param frontendIPConfigurations array -@description('Required. Collection of backend address pools used by a load balancer.') -@minLength(1) -param backendAddressPools array +@description('Optional. Collection of backend address pools used by a load balancer.') +param backendAddressPools array = [] -@description('Required. Array of objects containing all load balancing rules') -@minLength(1) -param loadBalancingRules array +@description('Optional. Array of objects containing all load balancing rules') +param loadBalancingRules array = [] -@description('Required. Array of objects containing all probes, these are references in the load balancing rules') -@minLength(1) -param probes array +@description('Optional. Array of objects containing all probes, these are references in the load balancing rules') +param probes array = [] @description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') @minValue(0) @@ -61,11 +58,17 @@ param tags object = {} @description('Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered') param cuaId string = '' +@description('Optional. Collection of inbound NAT Rules used by a load balancer. Defining inbound NAT rules on your load balancer is mutually exclusive with defining an inbound NAT pool. Inbound NAT pools are referenced from virtual machine scale sets. NICs that are associated with individual virtual machines cannot reference an Inbound NAT pool. They have to reference individual inbound NAT rules.') +param inboundNatRules array = [] + +@description('Optional. The outbound rules.') +param outboundRules array = [] + var frontendsSubnets = [for item in frontendIPConfigurations: { - id: item.properties.subnetId + id: item.subnetId }] var frontendsPublicIPAddresses = [for item in frontendIPConfigurations: { - id: item.properties.publicIPAddressId + id: item.publicIPAddressId }] var frontendsObj = { subnets: frontendsSubnets @@ -75,10 +78,10 @@ var frontendsObj = { var frontendIPConfigurations_var = [for (frontendIPConfiguration, index) in frontendIPConfigurations: { name: frontendIPConfiguration.name properties: { - subnet: !empty(frontendIPConfiguration.properties.subnetId) ? frontendsObj.subnets[index] : null - publicIPAddress: !empty(frontendIPConfiguration.properties.publicIPAddressId) ? frontendsObj.publicIPAddresses[index] : null - privateIPAddress: !empty(frontendIPConfiguration.properties.privateIPAddress) ? frontendIPConfiguration.properties.privateIPAddress : null - privateIPAllocationMethod: !empty(frontendIPConfiguration.properties.subnetId) ? (empty(frontendIPConfiguration.properties.privateIPAddress) ? 'Dynamic' : 'Static') : null + subnet: !empty(frontendIPConfiguration.subnetId) ? frontendsObj.subnets[index] : null + publicIPAddress: !empty(frontendIPConfiguration.publicIPAddressId) ? frontendsObj.publicIPAddresses[index] : null + privateIPAddress: !empty(frontendIPConfiguration.privateIPAddress) ? frontendIPConfiguration.privateIPAddress : null + privateIPAllocationMethod: !empty(frontendIPConfiguration.subnetId) ? (empty(frontendIPConfiguration.privateIPAddress) ? 'Dynamic' : 'Static') : null } }] @@ -86,33 +89,51 @@ var loadBalancingRules_var = [for loadBalancingRule in loadBalancingRules: { name: loadBalancingRule.name properties: { backendAddressPool: { - id: resourceId('Microsoft.Network/loadBalancers/backendAddressPools', name, loadBalancingRule.properties.backendAddressPoolName) + id: resourceId('Microsoft.Network/loadBalancers/backendAddressPools', name, loadBalancingRule.backendAddressPoolName) } - backendPort: loadBalancingRule.properties.backendPort - disableOutboundSnat: contains(loadBalancingRule.properties, 'disableOutboundSnat') ? loadBalancingRule.properties.disableOutboundSnat : 'false' - enableFloatingIP: loadBalancingRule.properties.enableFloatingIP - enableTcpReset: contains(loadBalancingRule.properties, 'enableTcpReset') ? loadBalancingRule.properties.enableTcpReset : 'false' + backendPort: loadBalancingRule.backendPort + disableOutboundSnat: contains(loadBalancingRule, 'disableOutboundSnat') ? loadBalancingRule.disableOutboundSnat : true + enableFloatingIP: contains(loadBalancingRule, 'enableFloatingIP') ? loadBalancingRule.enableFloatingIP : false + enableTcpReset: contains(loadBalancingRule, 'enableTcpReset') ? loadBalancingRule.enableTcpReset : false frontendIPConfiguration: { - id: resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', name, loadBalancingRule.properties.frontendIPConfigurationName) + id: resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', name, loadBalancingRule.frontendIPConfigurationName) } - frontendPort: loadBalancingRule.properties.frontendPort - idleTimeoutInMinutes: loadBalancingRule.properties.idleTimeoutInMinutes - loadDistribution: contains(loadBalancingRule.properties, 'loadDistribution') ? loadBalancingRule.properties.loadDistribution : 'Default' + frontendPort: loadBalancingRule.frontendPort + idleTimeoutInMinutes: contains(loadBalancingRule, 'idleTimeoutInMinutes') ? loadBalancingRule.idleTimeoutInMinutes : 4 + loadDistribution: contains(loadBalancingRule, 'loadDistribution') ? loadBalancingRule.loadDistribution : 'Default' probe: { - id: '${resourceId('Microsoft.Network/loadBalancers', name)}/probes/${loadBalancingRule.properties.probeName}' + id: '${resourceId('Microsoft.Network/loadBalancers', name)}/probes/${loadBalancingRule.probeName}' } - protocol: loadBalancingRule.properties.protocol + protocol: contains(loadBalancingRule, 'protocol') ? loadBalancingRule.protocol : 'Tcp' + } +}] + +var outboundRules_var = [for outboundRule in outboundRules: { + name: outboundRule.name + properties: { + frontendIPConfigurations: [ + { + id: resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', name, outboundRule.frontendIPConfigurationName) + } + ] + backendAddressPool: { + id: resourceId('Microsoft.Network/loadBalancers/backendAddressPools', name, outboundRule.backendAddressPoolName) + } + protocol: contains(outboundRule, 'protocol') ? outboundRule.protocol : 'All' + allocatedOutboundPorts: contains(outboundRule, 'allocatedOutboundPorts') ? outboundRule.allocatedOutboundPorts : 63984 + enableTcpReset: contains(outboundRule, 'enableTcpReset') ? outboundRule.enableTcpReset : true + idleTimeoutInMinutes: contains(outboundRule, 'idleTimeoutInMinutes') ? outboundRule.idleTimeoutInMinutes : 4 } }] var probes_var = [for probe in probes: { name: probe.name properties: { - protocol: probe.properties.protocol - requestPath: toLower(probe.properties.protocol) == 'tcp' ? null : probe.properties.requestPath - port: probe.properties.port - intervalInSeconds: probe.properties.intervalInSeconds - numberOfProbes: probe.properties.numberOfProbes + protocol: contains(probe, 'protocol') ? probe.protocol : 'Tcp' + requestPath: (contains(probe, 'protocol') && toLower(probe.protocol) == 'tcp') ? null : probe.requestPath + port: contains(probe, 'port') ? probe.port : 80 + intervalInSeconds: contains(probe, 'intervalInSeconds') ? probe.intervalInSeconds : 5 + numberOfProbes: contains(probe, 'numberOfProbes') ? probe.numberOfProbes : 2 } }] @@ -150,10 +171,42 @@ resource loadBalancer 'Microsoft.Network/loadBalancers@2021-02-01' = { frontendIPConfigurations: frontendIPConfigurations_var backendAddressPools: backendAddressPools loadBalancingRules: loadBalancingRules_var + outboundRules: outboundRules_var probes: probes_var } } +module loadBalancer_backendAddressPools 'backendAddressPools/deploy.bicep' = [for (backendAddressPool, index) in backendAddressPools: { + name: '${uniqueString(deployment().name, location)}-LoadBalancer-backendAddressPools-${index}' + params: { + loadBalancerName: loadBalancer.name + name: backendAddressPool.name + loadBalancerBackendAddresses: contains(backendAddressPool, 'loadBalancerBackendAddresses') ? backendAddressPool.loadBalancerBackendAddresses : [] + tunnelInterfaces: contains(backendAddressPool, 'tunnelInterfaces') ? backendAddressPool.tunnelInterfaces : [] + } +}] + +module loadBalancer_inboundNATRules 'inboundNatRules/deploy.bicep' = [for (inboundNATRule, index) in inboundNatRules: { + name: '${uniqueString(deployment().name, location)}-LoadBalancer-inboundNatRules-${index}' + params: { + loadBalancerName: loadBalancer.name + name: inboundNATRule.name + frontendIPConfigurationName: inboundNATRule.frontendIPConfigurationName + frontendPort: inboundNATRule.frontendPort + backendPort: contains(inboundNATRule, 'backendPort') ? inboundNATRule.backendPort : inboundNATRule.frontendPort + backendAddressPoolName: contains(inboundNATRule, 'backendAddressPoolName') ? inboundNATRule.backendAddressPoolName : '' + enableFloatingIP: contains(inboundNATRule, 'enableFloatingIP') ? inboundNATRule.enableFloatingIP : false + enableTcpReset: contains(inboundNATRule, 'enableTcpReset') ? inboundNATRule.enableTcpReset : false + frontendPortRangeEnd: contains(inboundNATRule, 'frontendPortRangeEnd') ? inboundNATRule.frontendPortRangeEnd : -1 + frontendPortRangeStart: contains(inboundNATRule, 'frontendPortRangeStart') ? inboundNATRule.frontendPortRangeStart : -1 + idleTimeoutInMinutes: contains(inboundNATRule, 'idleTimeoutInMinutes') ? inboundNATRule.idleTimeoutInMinutes : 4 + protocol: contains(inboundNATRule, 'protocol') ? inboundNATRule.protocol : 'Tcp' + } + dependsOn: [ + loadBalancer_backendAddressPools + ] +}] + resource loadBalancer_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { name: '${loadBalancer.name}-${lock}-lock' properties: { diff --git a/arm/Microsoft.Network/loadBalancers/inboundNatRules/.bicep/nested_cuaId.bicep b/arm/Microsoft.Network/loadBalancers/inboundNatRules/.bicep/nested_cuaId.bicep new file mode 100644 index 0000000000..8b13789179 --- /dev/null +++ b/arm/Microsoft.Network/loadBalancers/inboundNatRules/.bicep/nested_cuaId.bicep @@ -0,0 +1 @@ + diff --git a/arm/Microsoft.Network/loadBalancers/inboundNatRules/deploy.bicep b/arm/Microsoft.Network/loadBalancers/inboundNatRules/deploy.bicep new file mode 100644 index 0000000000..c24f8b97a7 --- /dev/null +++ b/arm/Microsoft.Network/loadBalancers/inboundNatRules/deploy.bicep @@ -0,0 +1,90 @@ +@description('Required. The name of the parent load balancer') +param loadBalancerName string + +@description('Required. The name of the inbound NAT rule') +param name string + +@description('Required. The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. ') +@minValue(1) +@maxValue(65534) +param frontendPort int + +@description('Optional. The port used for the internal endpoint.') +@minValue(1) +@maxValue(65535) +param backendPort int = frontendPort + +@description('Optional. Name of the backend address pool') +param backendAddressPoolName string = '' + +@description('Optional. Configures a virtual machine\'s endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can\'t be changed after you create the endpoint.') +param enableFloatingIP bool = false + +@description('Optional. Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP.') +param enableTcpReset bool = false + +@description('Required. The name of the frontend IP address to set for the inbound NAT rule') +param frontendIPConfigurationName string + +@description('Optional. The port range end for the external endpoint. This property is used together with BackendAddressPool and FrontendPortRangeStart. Individual inbound NAT rule port mappings will be created for each backend address from BackendAddressPool.') +@minValue(-1) +@maxValue(65534) +param frontendPortRangeEnd int = -1 + +@description('Optional. The port range start for the external endpoint. This property is used together with BackendAddressPool and FrontendPortRangeEnd. Individual inbound NAT rule port mappings will be created for each backend address from BackendAddressPool.') +@minValue(-1) +@maxValue(65534) +param frontendPortRangeStart int = -1 + +@description('Optional. The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP.') +param idleTimeoutInMinutes int = 4 + +@description('Optional. The transport protocol for the endpoint.') +@allowed([ + 'All' + 'Tcp' + 'Udp' +]) +param protocol string = 'Tcp' + +@description('Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered') +param cuaId string = '' + +module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { + name: 'pid-${cuaId}' + params: {} +} + +resource loadBalancer 'Microsoft.Network/loadBalancers@2021-02-01' existing = { + name: loadBalancerName +} + +resource inboundNatRule 'Microsoft.Network/loadBalancers/inboundNatRules@2021-05-01' = { + name: name + properties: { + frontendPort: frontendPort + backendPort: backendPort + backendAddressPool: !empty(backendAddressPoolName) ? { + id: resourceId('Microsoft.Network/loadBalancers/backendAddressPools', name, backendAddressPoolName) + } : null + enableFloatingIP: enableFloatingIP + enableTcpReset: enableTcpReset + frontendIPConfiguration: { + id: '${loadBalancer.id}/frontendIPConfigurations/${frontendIPConfigurationName}' + } + frontendPortRangeStart: frontendPortRangeStart != -1 ? frontendPortRangeStart : null + frontendPortRangeEnd: frontendPortRangeEnd != -1 ? frontendPortRangeEnd : null + idleTimeoutInMinutes: idleTimeoutInMinutes + protocol: protocol + } + parent: loadBalancer +} + +@description('The name of the inbound NAT rule') +output inboundNatRuleName string = inboundNatRule.name + +@description('The resource ID of the inbound NAT rule') +output inboundNatRuleResourceId string = inboundNatRule.id + +@description('The resource group the inbound NAT rule was deployed into') +output inboundNatRuleResourceGroupName string = resourceGroup().name diff --git a/arm/Microsoft.Network/loadBalancers/inboundNatRules/readme.md b/arm/Microsoft.Network/loadBalancers/inboundNatRules/readme.md new file mode 100644 index 0000000000..e011695b7b --- /dev/null +++ b/arm/Microsoft.Network/loadBalancers/inboundNatRules/readme.md @@ -0,0 +1,39 @@ +# Load Balancer Inbound NAT Rules `[Microsoft.Network/loadBalancers/inboundNatRules]` + +This module deploys load balancers inbound NAT rules. + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Network/loadBalancers/inboundNatRules` | 2021-05-01 | + +## Parameters + +| Parameter Name | Type | Default Value | Possible Values | Description | +| :-- | :-- | :-- | :-- | :-- | +| `backendAddressPoolName` | string | | | Optional. Name of the backend address pool | +| `backendPort` | int | `[parameters('frontendPort')]` | | Optional. The port used for the internal endpoint. | +| `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `enableFloatingIP` | bool | | | Optional. Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. | +| `enableTcpReset` | bool | | | Optional. Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. | +| `frontendIPConfigurationName` | string | | | Required. The name of the frontend IP address to set for the inbound NAT rule | +| `frontendPort` | int | | | Required. The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. | +| `frontendPortRangeEnd` | int | `-1` | | Optional. The port range end for the external endpoint. This property is used together with BackendAddressPool and FrontendPortRangeStart. Individual inbound NAT rule port mappings will be created for each backend address from BackendAddressPool. | +| `frontendPortRangeStart` | int | `-1` | | Optional. The port range start for the external endpoint. This property is used together with BackendAddressPool and FrontendPortRangeEnd. Individual inbound NAT rule port mappings will be created for each backend address from BackendAddressPool. | +| `idleTimeoutInMinutes` | int | `4` | | Optional. The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. | +| `loadBalancerName` | string | | | Required. The name of the parent load balancer | +| `name` | string | | | Required. The name of the inbound NAT rule | +| `protocol` | string | `Tcp` | `[All, Tcp, Udp]` | Optional. The transport protocol for the endpoint. | + +## Outputs + +| Output Name | Type | Description | +| :-- | :-- | :-- | +| `inboundNatRuleName` | string | The name of the inbound NAT rule | +| `inboundNatRuleResourceGroupName` | string | The resource group the inbound NAT rule was deployed into | +| `inboundNatRuleResourceId` | string | The resource ID of the inbound NAT rule | + +## Template references + +- [Loadbalancers/Inboundnatrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/loadBalancers/inboundNatRules) diff --git a/arm/Microsoft.Network/loadBalancers/readme.md b/arm/Microsoft.Network/loadBalancers/readme.md index 45237bb220..76be954c28 100644 --- a/arm/Microsoft.Network/loadBalancers/readme.md +++ b/arm/Microsoft.Network/loadBalancers/readme.md @@ -10,25 +10,29 @@ This module deploys a load balancer. | `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/loadBalancers` | 2021-02-01 | +| `Microsoft.Network/loadBalancers/backendAddressPools` | 2021-05-01 | +| `Microsoft.Network/loadBalancers/inboundNatRules` | 2021-05-01 | ## Parameters | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | -| `backendAddressPools` | array | | | Required. Collection of backend address pools used by a load balancer. | +| `backendAddressPools` | _[backendAddressPools](backendAddressPools/readme.md)_ array | `[]` | | Optional. Collection of backend address pools used by a load balancer. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | | `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `frontendIPConfigurations` | array | | | Required. Array of objects containing all frontend IP configurations | +| `inboundNatRules` | _[inboundNatRules](inboundNatRules/readme.md)_ array | `[]` | | Optional. Collection of inbound NAT Rules used by a load balancer. Defining inbound NAT rules on your load balancer is mutually exclusive with defining an inbound NAT pool. Inbound NAT pools are referenced from virtual machine scale sets. NICs that are associated with individual virtual machines cannot reference an Inbound NAT pool. They have to reference individual inbound NAT rules. | | `loadBalancerSku` | string | `Standard` | `[Basic, Standard]` | Optional. Name of a load balancer SKU. | -| `loadBalancingRules` | array | | | Required. Array of objects containing all load balancing rules | +| `loadBalancingRules` | array | `[]` | | Optional. Array of objects containing all load balancing rules | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `metricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | Optional. The name of metrics that will be streamed. | | `name` | string | | | Required. The Proximity Placement Groups Name | -| `probes` | array | | | Required. Array of objects containing all probes, these are references in the load balancing rules | +| `outboundRules` | array | `[]` | | Optional. The outbound rules. | +| `probes` | array | `[]` | | Optional. Array of objects containing all probes, these are references in the load balancing rules | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `workspaceId` | string | | | Optional. Resource ID of log analytics. | @@ -212,7 +216,9 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Loadbalancers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/loadBalancers) +- [Loadbalancers/Backendaddresspools](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/loadBalancers/backendAddressPools) +- [Loadbalancers/Inboundnatrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/loadBalancers/inboundNatRules) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) diff --git a/utilities/pipelines/resourceRemoval/helper/Remove-Deployment.ps1 b/utilities/pipelines/resourceRemoval/helper/Remove-Deployment.ps1 index 3137192c12..7263e04a29 100644 --- a/utilities/pipelines/resourceRemoval/helper/Remove-Deployment.ps1 +++ b/utilities/pipelines/resourceRemoval/helper/Remove-Deployment.ps1 @@ -85,28 +85,28 @@ function Remove-Deployment { Scope = $deploymentScope ResourceGroupName = $resourceGroupName } - $deploymentResourceIds = Get-ResourceIdsOfDeployment @deploymentsInputObject -Verbose + [array] $deploymentResourceIds = Get-ResourceIdsOfDeployment @deploymentsInputObject -Verbose Write-Verbose ('Total number of deployments after fetching deployments [{0}]' -f $deploymentResourceIds.Count) -Verbose # Pre-Filter & order items # ======================== - $rawResourceIdsToRemove = $deploymentResourceIds | Sort-Object -Property { $_.Split('/').Count } -Descending | Select-Object -Unique + [array] $rawResourceIdsToRemove = $deploymentResourceIds | Sort-Object -Property { $_.Split('/').Count } -Descending | Select-Object -Unique Write-Verbose ('Total number of deployments after pre-filtering & ordering items [{0}]' -f $rawResourceIdsToRemove.Count) -Verbose # Format items # ============ - $resourcesToRemove = Get-ResourceIdsAsFormattedObjectList -ResourceIds $rawResourceIdsToRemove + [array] $resourcesToRemove = Get-ResourceIdsAsFormattedObjectList -ResourceIds $rawResourceIdsToRemove Write-Verbose ('Total number of deployments after formatting items [{0}]' -f $resourcesToRemove.Count) -Verbose # Filter all dependency resources # =============================== $dependencyResourceNames = Get-DependencyResourceNameList - $resourcesToRemove = $resourcesToRemove | Where-Object { (Split-Path $_.resourceId -Leaf) -notin $dependencyResourceNames } + [array] $resourcesToRemove = $resourcesToRemove | Where-Object { (Split-Path $_.resourceId -Leaf) -notin $dependencyResourceNames } Write-Verbose ('Total number of deployments after filtering all dependency resources [{0}]' -f $resourcesToRemove.Count) -Verbose # Order resources # =============== - $resourcesToRemove = Get-OrderedResourcesList -ResourcesToOrder $resourcesToRemove -Order $RemovalSequence + [array] $resourcesToRemove = Get-OrderedResourcesList -ResourcesToOrder $resourcesToRemove -Order $RemovalSequence Write-Verbose ('Total number of deployments after final ordering of resources [{0}]' -f $resourcesToRemove.Count) -Verbose # Remove resources