Skip to content

Commit

Permalink
Merge branch 'avm-resiliency-vnetGw' of https://github.com/sebassem/b…
Browse files Browse the repository at this point in the history
…icep-registry-modules into avm-resiliency-vnetGw
  • Loading branch information
sebassem committed Sep 29, 2024
2 parents 9e3a30c + 27a45f8 commit 7a69b4e
Show file tree
Hide file tree
Showing 32 changed files with 316 additions and 122 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/platform.ossf-scorecard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: SARIF file
path: results.sarif
Expand All @@ -68,6 +68,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard (optional).
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
with:
sarif_file: results.sarif
2 changes: 1 addition & 1 deletion .github/workflows/platform.publish-module-index-json.yml
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ jobs:
}
- name: Upload artifacts
uses: actions/upload-artifact@v4.3.5
uses: actions/upload-artifact@v4.4.0
with:
name: publish-module-index-json-artifacts
path: |
Expand Down
111 changes: 106 additions & 5 deletions avm/res/network/service-endpoint-policy/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,8 @@ The following section provides usage examples for the module, which were used to
>**Note**: To reference the module, please use the following syntax `br/public:avm/res/network/service-endpoint-policy:<version>`.
- [Using only defaults](#example-1-using-only-defaults)
- [WAF-aligned](#example-2-waf-aligned)
- [Using large parameter set](#example-2-using-large-parameter-set)
- [WAF-aligned](#example-3-waf-aligned)

### Example 1: _Using only defaults_

Expand Down Expand Up @@ -77,9 +78,9 @@ module serviceEndpointPolicy 'br/public:avm/res/network/service-endpoint-policy:
</details>
<p>

### Example 2: _WAF-aligned_
### Example 2: _Using large parameter set_

This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.
This instance deploys the module with most of its features enabled.


<details>
Expand All @@ -91,13 +92,32 @@ module serviceEndpointPolicy 'br/public:avm/res/network/service-endpoint-policy:
name: 'serviceEndpointPolicyDeployment'
params: {
// Required parameters
name: 'nsepwaf001'
name: 'nsepmax001'
// Non-required parameters
location: '<location>'
lock: {
kind: 'CanNotDelete'
name: 'myCustomLockName'
}
roleAssignments: [
{
name: '36fbc5db-13e9-4bda-9594-1b1cc9db2d6d'
principalId: '<principalId>'
principalType: 'ServicePrincipal'
roleDefinitionIdOrName: 'Owner'
}
{
name: '<name>'
principalId: '<principalId>'
principalType: 'ServicePrincipal'
roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
}
{
principalId: '<principalId>'
principalType: 'ServicePrincipal'
roleDefinitionIdOrName: '<roleDefinitionIdOrName>'
}
]
tags: {
Environment: 'Non-Prod'
'hidden-title': 'This is visible in the resource name'
Expand All @@ -121,7 +141,7 @@ module serviceEndpointPolicy 'br/public:avm/res/network/service-endpoint-policy:
"parameters": {
// Required parameters
"name": {
"value": "nsepwaf001"
"value": "nsepmax001"
},
// Non-required parameters
"location": {
Expand All @@ -133,6 +153,87 @@ module serviceEndpointPolicy 'br/public:avm/res/network/service-endpoint-policy:
"name": "myCustomLockName"
}
},
"roleAssignments": {
"value": [
{
"name": "36fbc5db-13e9-4bda-9594-1b1cc9db2d6d",
"principalId": "<principalId>",
"principalType": "ServicePrincipal",
"roleDefinitionIdOrName": "Owner"
},
{
"name": "<name>",
"principalId": "<principalId>",
"principalType": "ServicePrincipal",
"roleDefinitionIdOrName": "b24988ac-6180-42a0-ab88-20f7382dd24c"
},
{
"principalId": "<principalId>",
"principalType": "ServicePrincipal",
"roleDefinitionIdOrName": "<roleDefinitionIdOrName>"
}
]
},
"tags": {
"value": {
"Environment": "Non-Prod",
"hidden-title": "This is visible in the resource name",
"Role": "DeploymentValidation"
}
}
}
}
```

</details>
<p>

### Example 3: _WAF-aligned_

This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.


<details>

<summary>via Bicep module</summary>

```bicep
module serviceEndpointPolicy 'br/public:avm/res/network/service-endpoint-policy:<version>' = {
name: 'serviceEndpointPolicyDeployment'
params: {
// Required parameters
name: 'nsepwaf001'
// Non-required parameters
location: '<location>'
tags: {
Environment: 'Non-Prod'
'hidden-title': 'This is visible in the resource name'
Role: 'DeploymentValidation'
}
}
}
```

</details>
<p>

<details>

<summary>via JSON Parameter file</summary>

```json
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
// Required parameters
"name": {
"value": "nsepwaf001"
},
// Non-required parameters
"location": {
"value": "<location>"
},
"tags": {
"value": {
"Environment": "Non-Prod",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,12 @@ metadata description = 'This instance deploys the module with the minimum set of

@description('Optional. The name of the resource group to deploy for testing purposes.')
@maxLength(90)
// e.g., for a module 'network/private-endpoint' you could use 'dep-dev-network.privateendpoints-${serviceShort}-rg'
param resourceGroupName string = 'dep-${namePrefix}-network.serviceendpointpolicy-${serviceShort}-rg'

@description('Optional. The location to deploy resources to.')
param resourceLocation string = deployment().location

@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
// e.g., for a module 'network/private-endpoint' you could use 'npe' as a prefix and then 'waf' as a suffix for the waf-aligned test
param serviceShort string = 'nsepmin'

@description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.')
Expand All @@ -42,7 +40,6 @@ module testDeployment '../../../main.bicep' = [
scope: resourceGroup
name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}'
params: {
// You parameters go here
name: '${namePrefix}${serviceShort}001'
location: resourceLocation
}
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
@description('Optional. The location to deploy to.')
param location string = resourceGroup().location

@description('Required. The name of the Managed Identity to create.')
param managedIdentityName string

resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
name: managedIdentityName
location: location
}

@description('The principal ID of the created Managed Identity.')
output managedIdentityPrincipalId string = managedIdentity.properties.principalId
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
targetScope = 'subscription'

metadata name = 'Using large parameter set'
metadata description = 'This instance deploys the module with most of its features enabled.'

// ========== //
// Parameters //
// ========== //

@description('Optional. The name of the resource group to deploy for testing purposes.')
@maxLength(90)
param resourceGroupName string = 'dep-${namePrefix}-network.serviceendpointpolicy-${serviceShort}-rg'

@description('Optional. The location to deploy resources to.')
param resourceLocation string = deployment().location

@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
param serviceShort string = 'nsepmax'

@description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.')
param namePrefix string = '#_namePrefix_#'

// ============ //
// Dependencies //
// ============ //

// General resources
// =================
resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
name: resourceGroupName
location: resourceLocation
}

module nestedDependencies 'dependencies.bicep' = {
scope: resourceGroup
name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies'
params: {
managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'
location: resourceLocation
}
}

// ============== //
// Test Execution //
// ============== //
@batchSize(1)
module testDeployment '../../../main.bicep' = [
for iteration in ['init', 'idem']: {
scope: resourceGroup
name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}'
params: {
name: '${namePrefix}${serviceShort}001'
location: resourceLocation
lock: {
kind: 'CanNotDelete'
name: 'myCustomLockName'
}
roleAssignments: [
{
name: '36fbc5db-13e9-4bda-9594-1b1cc9db2d6d'
roleDefinitionIdOrName: 'Owner'
principalId: nestedDependencies.outputs.managedIdentityPrincipalId
principalType: 'ServicePrincipal'
}
{
name: guid('Custom seed ${namePrefix}${serviceShort}')
roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
principalId: nestedDependencies.outputs.managedIdentityPrincipalId
principalType: 'ServicePrincipal'
}
{
roleDefinitionIdOrName: subscriptionResourceId(
'Microsoft.Authorization/roleDefinitions',
'acdd72a7-3385-48ef-bd42-f606fba81ae7'
)
principalId: nestedDependencies.outputs.managedIdentityPrincipalId
principalType: 'ServicePrincipal'
}
]
tags: {
'hidden-title': 'This is visible in the resource name'
Environment: 'Non-Prod'
Role: 'DeploymentValidation'
}
}
}
]
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,12 @@ metadata description = 'This instance deploys the module in alignment with the b

@description('Optional. The name of the resource group to deploy for testing purposes.')
@maxLength(90)
// e.g., for a module 'network/private-endpoint' you could use 'dep-dev-network.privateendpoints-${serviceShort}-rg'
param resourceGroupName string = 'dep-${namePrefix}-network.serviceendpointpolicy-${serviceShort}-rg'

@description('Optional. The location to deploy resources to.')
param resourceLocation string = deployment().location

@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
// e.g., for a module 'network/private-endpoint' you could use 'npe' as a prefix and then 'waf' as a suffix for the waf-aligned test
param serviceShort string = 'nsepwaf'

@description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.')
Expand All @@ -42,13 +40,8 @@ module testDeployment '../../../main.bicep' = [
scope: resourceGroup
name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}'
params: {
// You parameters go here
name: '${namePrefix}${serviceShort}001'
location: resourceLocation
lock: {
kind: 'CanNotDelete'
name: 'myCustomLockName'
}
tags: {
'hidden-title': 'This is visible in the resource name'
Environment: 'Non-Prod'
Expand Down
8 changes: 4 additions & 4 deletions avm/res/network/trafficmanagerprofile/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -257,7 +257,7 @@ module trafficmanagerprofile 'br/public:avm/res/network/trafficmanagerprofile:<v
{
name: 'webApp01Endpoint'
properties: {
endpointLocation: 'eastus'
endpointLocation: '<endpointLocation>'
endpointStatus: 'Enabled'
priority: 1
targetResourceId: '<targetResourceId>'
Expand All @@ -268,7 +268,7 @@ module trafficmanagerprofile 'br/public:avm/res/network/trafficmanagerprofile:<v
{
name: 'webApp02Endpoint'
properties: {
endpointLocation: 'westus'
endpointLocation: '<endpointLocation>'
endpointStatus: 'Enabled'
priority: 2
targetResourceId: '<targetResourceId>'
Expand Down Expand Up @@ -334,7 +334,7 @@ module trafficmanagerprofile 'br/public:avm/res/network/trafficmanagerprofile:<v
{
"name": "webApp01Endpoint",
"properties": {
"endpointLocation": "eastus",
"endpointLocation": "<endpointLocation>",
"endpointStatus": "Enabled",
"priority": 1,
"targetResourceId": "<targetResourceId>",
Expand All @@ -345,7 +345,7 @@ module trafficmanagerprofile 'br/public:avm/res/network/trafficmanagerprofile:<v
{
"name": "webApp02Endpoint",
"properties": {
"endpointLocation": "westus",
"endpointLocation": "<endpointLocation>",
"endpointStatus": "Enabled",
"priority": 2,
"targetResourceId": "<targetResourceId>",
Expand Down
4 changes: 2 additions & 2 deletions avm/res/network/trafficmanagerprofile/main.json
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "2090813965996228671"
"version": "0.30.23.60470",
"templateHash": "5539048151819308545"
},
"name": "Traffic Manager Profiles",
"description": "This module deploys a Traffic Manager Profile.",
Expand Down
Loading

0 comments on commit 7a69b4e

Please sign in to comment.