From 9091b631fc21493383fbaea927073d937b4b3a2f Mon Sep 17 00:00:00 2001 From: Kris Baranek <20225789+krbar@users.noreply.github.com> Date: Wed, 4 Sep 2024 12:12:19 +0200 Subject: [PATCH 01/18] Add YAML file --- ....service-networking.traffic-controller.yml | 88 +++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 .github/workflows/avm.res.service-networking.traffic-controller.yml diff --git a/.github/workflows/avm.res.service-networking.traffic-controller.yml b/.github/workflows/avm.res.service-networking.traffic-controller.yml new file mode 100644 index 0000000000..775de7a740 --- /dev/null +++ b/.github/workflows/avm.res.service-networking.traffic-controller.yml @@ -0,0 +1,88 @@ +name: "avm.res.service-networking.traffic-controller" + +on: + workflow_dispatch: + inputs: + staticValidation: + type: boolean + description: "Execute static validation" + required: false + default: true + deploymentValidation: + type: boolean + description: "Execute deployment validation" + required: false + default: true + removeDeployment: + type: boolean + description: "Remove deployed module" + required: false + default: true + customLocation: + type: string + description: "Default location overwrite (e.g., eastus)" + required: false + push: + branches: + - main + paths: + - ".github/actions/templates/avm-**" + - ".github/workflows/avm.template.module.yml" + - ".github/workflows/avm.res.service-networking.traffic-controller.yml" + - "avm/res/service-networking/traffic-controller/**" + - "avm/utilities/pipelines/**" + - "!avm/utilities/pipelines/platform/**" + - "!*/**/README.md" + +env: + modulePath: "avm/res/service-networking/traffic-controller" + workflowPath: ".github/workflows/avm.res.service-networking.traffic-controller.yml" + +concurrency: + group: ${{ github.workflow }} + +jobs: + ########################### + # Initialize pipeline # + ########################### + job_initialize_pipeline: + runs-on: ubuntu-latest + name: "Initialize pipeline" + steps: + - name: "Checkout" + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: "Set input parameters to output variables" + id: get-workflow-param + uses: ./.github/actions/templates/avm-getWorkflowInput + with: + workflowPath: "${{ env.workflowPath}}" + - name: "Get module test file paths" + id: get-module-test-file-paths + uses: ./.github/actions/templates/avm-getModuleTestFiles + with: + modulePath: "${{ env.modulePath }}" + outputs: + workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }} + moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }} + psRuleModuleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.psRuleModuleTestFilePaths }} + modulePath: "${{ env.modulePath }}" + + ############################## + # Call reusable workflow # + ############################## + call-workflow-passing-data: + name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags + needs: + - job_initialize_pipeline + uses: ./.github/workflows/avm.template.module.yml + with: + workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}" + moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}" + psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}" + modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}" + secrets: inherit From a9ae92fc6cdb59aecf49aa40f4466b3e585aafa0 Mon Sep 17 00:00:00 2001 From: Kris Baranek <20225789+krbar@users.noreply.github.com> Date: Wed, 4 Sep 2024 13:16:19 +0200 Subject: [PATCH 02/18] Initial working version --- .../traffic-controller/README.md | 272 ++++++++++++++++++ .../traffic-controller/frontend/README.md | 76 +++++ .../traffic-controller/frontend/main.bicep | 47 +++ .../traffic-controller/frontend/main.json | 67 +++++ .../traffic-controller/main.bicep | 79 +++++ .../traffic-controller/main.json | 200 +++++++++++++ .../tests/e2e/defaults/main.test.bicep | 48 ++++ .../tests/e2e/max/main.test.bicep | 58 ++++ .../tests/e2e/waf-aligned/main.test.bicep | 48 ++++ .../traffic-controller/version.json | 7 + 10 files changed, 902 insertions(+) create mode 100644 avm/res/service-networking/traffic-controller/README.md create mode 100644 avm/res/service-networking/traffic-controller/frontend/README.md create mode 100644 avm/res/service-networking/traffic-controller/frontend/main.bicep create mode 100644 avm/res/service-networking/traffic-controller/frontend/main.json create mode 100644 avm/res/service-networking/traffic-controller/main.bicep create mode 100644 avm/res/service-networking/traffic-controller/main.json create mode 100644 avm/res/service-networking/traffic-controller/tests/e2e/defaults/main.test.bicep create mode 100644 avm/res/service-networking/traffic-controller/tests/e2e/max/main.test.bicep create mode 100644 avm/res/service-networking/traffic-controller/tests/e2e/waf-aligned/main.test.bicep create mode 100644 avm/res/service-networking/traffic-controller/version.json diff --git a/avm/res/service-networking/traffic-controller/README.md b/avm/res/service-networking/traffic-controller/README.md new file mode 100644 index 0000000000..e6393e7b70 --- /dev/null +++ b/avm/res/service-networking/traffic-controller/README.md @@ -0,0 +1,272 @@ +# Application Gateway for Containers `[Microsoft.ServiceNetworking/trafficControllers]` + +This module deploys an Application Gateway for Containers + +## Navigation + +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) +- [Data Collection](#Data-Collection) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.ServiceNetworking/trafficControllers` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/2023-11-01/trafficControllers) | +| `Microsoft.ServiceNetworking/trafficControllers/frontends` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/2023-11-01/trafficControllers/frontends) | + +## Usage examples + +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. + +>**Note**: To reference the module, please use the following syntax `br/public:avm/res/service-networking/traffic-controller:`. + +- [Using only defaults](#example-1-using-only-defaults) +- [Using large parameter set](#example-2-using-large-parameter-set) +- [WAF-aligned](#example-3-waf-aligned) + +### Example 1: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. + + +
+ +via Bicep module + +```bicep +module trafficController 'br/public:avm/res/service-networking/traffic-controller:' = { + name: 'trafficControllerDeployment' + params: { + // Required parameters + name: 'sntcmin001' + // Non-required parameters + location: '' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "sntcmin001" + }, + // Non-required parameters + "location": { + "value": "" + } + } +} +``` + +
+

+ +### Example 2: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. + + +

+ +via Bicep module + +```bicep +module trafficController 'br/public:avm/res/service-networking/traffic-controller:' = { + name: 'trafficControllerDeployment' + params: { + // Required parameters + name: 'sntcmax001' + // Non-required parameters + frontends: [ + { + name: 'frontend1' + } + ] + location: '' + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "sntcmax001" + }, + // Non-required parameters + "frontends": { + "value": [ + { + "name": "frontend1" + } + ] + }, + "location": { + "value": "" + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + } +} +``` + +
+

+ +### Example 3: _WAF-aligned_ + +This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework. + + +

+ +via Bicep module + +```bicep +module trafficController 'br/public:avm/res/service-networking/traffic-controller:' = { + name: 'trafficControllerDeployment' + params: { + // Required parameters + name: 'sntcwaf001' + // Non-required parameters + location: '' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "sntcwaf001" + }, + // Non-required parameters + "location": { + "value": "" + } + } +} +``` + +
+

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Application Gateway for Containers to create. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`frontends`](#parameter-frontends) | array | List of Application Gateway for Containers frontends. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`tags`](#parameter-tags) | object | Resource tags. | + +### Parameter: `name` + +Name of the Application Gateway for Containers to create. + +- Required: Yes +- Type: string + +### Parameter: `enableTelemetry` + +Enable/Disable usage telemetry for module. + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `frontends` + +List of Application Gateway for Containers frontends. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. + +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `tags` + +Resource tags. + +- Required: No +- Type: object + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the Application Gateway for Containers. | +| `resourceId` | string | The resource ID of the Application Gateway for Containers. | + +## Cross-referenced modules + +_None_ + +## Data Collection + +The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the [repository](https://aka.ms/avm/telemetry). There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at . You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices. diff --git a/avm/res/service-networking/traffic-controller/frontend/README.md b/avm/res/service-networking/traffic-controller/frontend/README.md new file mode 100644 index 0000000000..e7f4e2553e --- /dev/null +++ b/avm/res/service-networking/traffic-controller/frontend/README.md @@ -0,0 +1,76 @@ +# Application Gateway for Containers Frontend `[Microsoft.ServiceNetworking/trafficControllers/frontends]` + +This module deploys an Application Gateway for Containers Frontend + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) +- [Data Collection](#Data-Collection) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.ServiceNetworking/trafficControllers/frontends` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/2023-11-01/trafficControllers/frontends) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the frontend to create. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`trafficControllerName`](#parameter-trafficcontrollername) | string | The name of the parent Application Gateway for Containers instance. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`location`](#parameter-location) | string | Location for all Resources. | + +### Parameter: `name` + +Name of the frontend to create. + +- Required: Yes +- Type: string + +### Parameter: `trafficControllerName` + +The name of the parent Application Gateway for Containers instance. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `location` + +Location for all Resources. + +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the frontend. | +| `resourceGroupName` | string | The name of the resource group the resource was created in. | +| `resourceId` | string | The resource ID of the frontend. | + +## Cross-referenced modules + +_None_ + +## Data Collection + +The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the [repository](https://aka.ms/avm/telemetry). There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at . You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices. diff --git a/avm/res/service-networking/traffic-controller/frontend/main.bicep b/avm/res/service-networking/traffic-controller/frontend/main.bicep new file mode 100644 index 0000000000..5a26956c64 --- /dev/null +++ b/avm/res/service-networking/traffic-controller/frontend/main.bicep @@ -0,0 +1,47 @@ +metadata name = 'Application Gateway for Containers Frontend' +metadata description = 'This module deploys an Application Gateway for Containers Frontend' +metadata owner = 'Azure/module-maintainers' + +@description('Required. Name of the frontend to create.') +param name string + +@description('Optional. Location for all Resources.') +param location string = resourceGroup().location + +@description('Conditional. The name of the parent Application Gateway for Containers instance. Required if the template is used in a standalone deployment.') +param trafficControllerName string + +// ============== // +// Resources // +// ============== // + +resource trafficController 'Microsoft.ServiceNetworking/trafficControllers@2023-11-01' existing = { + name: trafficControllerName +} + +resource frontend 'Microsoft.ServiceNetworking/trafficControllers/frontends@2023-11-01' = { + name: name + parent: trafficController + location: location + properties: {} +} + +// ============ // +// Outputs // +// ============ // + +@description('The resource ID of the frontend.') +output resourceId string = frontend.id + +@description('The name of the frontend.') +output name string = frontend.name + +@description('The name of the resource group the resource was created in.') +output resourceGroupName string = resourceGroup().name + +// ================ // +// Definitions // +// ================ // +// +// Add your User-defined-types here, if any +// diff --git a/avm/res/service-networking/traffic-controller/frontend/main.json b/avm/res/service-networking/traffic-controller/frontend/main.json new file mode 100644 index 0000000000..f9701a5450 --- /dev/null +++ b/avm/res/service-networking/traffic-controller/frontend/main.json @@ -0,0 +1,67 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.29.47.4906", + "templateHash": "11544265930509739079" + }, + "name": "Application Gateway for Containers Frontend", + "description": "This module deploys an Application Gateway for Containers Frontend", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the frontend to create." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all Resources." + } + }, + "trafficControllerName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent Application Gateway for Containers instance. Required if the template is used in a standalone deployment." + } + } + }, + "resources": [ + { + "type": "Microsoft.ServiceNetworking/trafficControllers/frontends", + "apiVersion": "2023-11-01", + "name": "[format('{0}/{1}', parameters('trafficControllerName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": {} + } + ], + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the frontend." + }, + "value": "[resourceId('Microsoft.ServiceNetworking/trafficControllers/frontends', parameters('trafficControllerName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the frontend." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the resource was created in." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/avm/res/service-networking/traffic-controller/main.bicep b/avm/res/service-networking/traffic-controller/main.bicep new file mode 100644 index 0000000000..75c1c57cea --- /dev/null +++ b/avm/res/service-networking/traffic-controller/main.bicep @@ -0,0 +1,79 @@ +metadata name = 'Application Gateway for Containers' +metadata description = 'This module deploys an Application Gateway for Containers' +metadata owner = 'Azure/module-maintainers' + +@description('Required. Name of the Application Gateway for Containers to create.') +param name string + +@description('Optional. Location for all Resources.') +param location string = resourceGroup().location + +@description('Optional. Enable/Disable usage telemetry for module.') +param enableTelemetry bool = true + +@description('Optional. Resource tags.') +param tags object? + +@description('Optional. List of Application Gateway for Containers frontends.') +param frontends array = [] + +// ============== // +// Resources // +// ============== // + +#disable-next-line no-deployments-resources +resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableTelemetry) { + name: '46d3xbcp.res.servicenetworking-trafficcontroller.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + outputs: { + telemetry: { + type: 'String' + value: 'For more information, see https://aka.ms/avm/TelemetryInfo' + } + } + } + } +} + +resource trafficController 'Microsoft.ServiceNetworking/trafficControllers@2023-11-01' = { + name: name + location: location + tags: tags + properties: {} +} + +module trafficController_frontends 'frontend/main.bicep' = [ + for (frontend, index) in frontends: { + name: '${uniqueString(deployment().name, location)}-TrafficController-Frontend-${index}' + params: { + trafficControllerName: trafficController.name + name: frontend.name + location: location + } + } +] + +// ============ // +// Outputs // +// ============ // + +@description('The resource ID of the Application Gateway for Containers.') +output resourceId string = trafficController.id + +@description('The name of the Application Gateway for Containers.') +output name string = trafficController.name + +@description('The location the resource was deployed into.') +output location string = trafficController.location + +// ================ // +// Definitions // +// ================ // +// +// Add your User-defined-types here, if any +// diff --git a/avm/res/service-networking/traffic-controller/main.json b/avm/res/service-networking/traffic-controller/main.json new file mode 100644 index 0000000000..9c87d06ebf --- /dev/null +++ b/avm/res/service-networking/traffic-controller/main.json @@ -0,0 +1,200 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.29.47.4906", + "templateHash": "13148817521333721065" + }, + "name": "Application Gateway for Containers", + "description": "This module deploys an Application Gateway for Containers", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the Application Gateway for Containers to create." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all Resources." + } + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Resource tags." + } + }, + "frontends": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. List of Application Gateway for Containers frontends." + } + } + }, + "resources": { + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2024-03-01", + "name": "[format('46d3xbcp.res.servicenetworking-trafficcontroller.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, + "trafficController": { + "type": "Microsoft.ServiceNetworking/trafficControllers", + "apiVersion": "2023-11-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": {} + }, + "trafficController_frontends": { + "copy": { + "name": "trafficController_frontends", + "count": "[length(parameters('frontends'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-TrafficController-Frontend-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "trafficControllerName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "[parameters('frontends')[copyIndex()].name]" + }, + "location": { + "value": "[parameters('location')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.29.47.4906", + "templateHash": "11544265930509739079" + }, + "name": "Application Gateway for Containers Frontend", + "description": "This module deploys an Application Gateway for Containers Frontend", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the frontend to create." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all Resources." + } + }, + "trafficControllerName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent Application Gateway for Containers instance. Required if the template is used in a standalone deployment." + } + } + }, + "resources": [ + { + "type": "Microsoft.ServiceNetworking/trafficControllers/frontends", + "apiVersion": "2023-11-01", + "name": "[format('{0}/{1}', parameters('trafficControllerName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": {} + } + ], + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the frontend." + }, + "value": "[resourceId('Microsoft.ServiceNetworking/trafficControllers/frontends', parameters('trafficControllerName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the frontend." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the resource was created in." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "trafficController" + ] + } + }, + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the Application Gateway for Containers." + }, + "value": "[resourceId('Microsoft.ServiceNetworking/trafficControllers', parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the Application Gateway for Containers." + }, + "value": "[parameters('name')]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference('trafficController', '2023-11-01', 'full').location]" + } + } +} \ No newline at end of file diff --git a/avm/res/service-networking/traffic-controller/tests/e2e/defaults/main.test.bicep b/avm/res/service-networking/traffic-controller/tests/e2e/defaults/main.test.bicep new file mode 100644 index 0000000000..58fdf1020f --- /dev/null +++ b/avm/res/service-networking/traffic-controller/tests/e2e/defaults/main.test.bicep @@ -0,0 +1,48 @@ +targetScope = 'subscription' + +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-servicenetworking-trafficcontrollers-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'sntcmin' + +@description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') +param namePrefix string = '#_namePrefix_#' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: resourceLocation +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [ + for iteration in ['init', 'idem']: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + name: '${namePrefix}${serviceShort}001' + location: resourceLocation + } + } +] diff --git a/avm/res/service-networking/traffic-controller/tests/e2e/max/main.test.bicep b/avm/res/service-networking/traffic-controller/tests/e2e/max/main.test.bicep new file mode 100644 index 0000000000..5c1f4bc663 --- /dev/null +++ b/avm/res/service-networking/traffic-controller/tests/e2e/max/main.test.bicep @@ -0,0 +1,58 @@ +targetScope = 'subscription' + +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-servicenetworking-trafficcontrollers-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'sntcmax' + +@description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') +param namePrefix string = '#_namePrefix_#' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: resourceLocation +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [ + for iteration in ['init', 'idem']: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + name: '${namePrefix}${serviceShort}001' + location: resourceLocation + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + frontends: [ + { + name: 'frontend1' + } + ] + } + } +] diff --git a/avm/res/service-networking/traffic-controller/tests/e2e/waf-aligned/main.test.bicep b/avm/res/service-networking/traffic-controller/tests/e2e/waf-aligned/main.test.bicep new file mode 100644 index 0000000000..2008cdbc8d --- /dev/null +++ b/avm/res/service-networking/traffic-controller/tests/e2e/waf-aligned/main.test.bicep @@ -0,0 +1,48 @@ +targetScope = 'subscription' + +metadata name = 'WAF-aligned' +metadata description = 'This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-servicenetworking-trafficcontrollers-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'sntcwaf' + +@description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') +param namePrefix string = '#_namePrefix_#' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: resourceLocation +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [ + for iteration in ['init', 'idem']: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + name: '${namePrefix}${serviceShort}001' + location: resourceLocation + } + } +] diff --git a/avm/res/service-networking/traffic-controller/version.json b/avm/res/service-networking/traffic-controller/version.json new file mode 100644 index 0000000000..8def869ede --- /dev/null +++ b/avm/res/service-networking/traffic-controller/version.json @@ -0,0 +1,7 @@ +{ + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.1", + "pathFilters": [ + "./main.json" + ] +} From 14017d89f8a40553935df149b64d0f99a9ce82ef Mon Sep 17 00:00:00 2001 From: Kris Baranek <20225789+krbar@users.noreply.github.com> Date: Wed, 4 Sep 2024 16:29:08 +0200 Subject: [PATCH 03/18] Add association child module --- .../traffic-controller/README.md | 66 ++++++- .../traffic-controller/association/README.md | 89 ++++++++++ .../traffic-controller/association/main.bicep | 55 ++++++ .../traffic-controller/association/main.json | 78 +++++++++ .../traffic-controller/main.bicep | 35 +++- .../traffic-controller/main.json | 163 +++++++++++++++++- .../tests/e2e/max/dependencies.bicep | 55 ++++++ .../tests/e2e/max/main.test.bicep | 19 ++ 8 files changed, 549 insertions(+), 11 deletions(-) create mode 100644 avm/res/service-networking/traffic-controller/association/README.md create mode 100644 avm/res/service-networking/traffic-controller/association/main.bicep create mode 100644 avm/res/service-networking/traffic-controller/association/main.json create mode 100644 avm/res/service-networking/traffic-controller/tests/e2e/max/dependencies.bicep diff --git a/avm/res/service-networking/traffic-controller/README.md b/avm/res/service-networking/traffic-controller/README.md index e6393e7b70..ddfe9cdaf4 100644 --- a/avm/res/service-networking/traffic-controller/README.md +++ b/avm/res/service-networking/traffic-controller/README.md @@ -16,6 +16,7 @@ This module deploys an Application Gateway for Containers | Resource Type | API Version | | :-- | :-- | | `Microsoft.ServiceNetworking/trafficControllers` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/2023-11-01/trafficControllers) | +| `Microsoft.ServiceNetworking/trafficControllers/associations` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/2023-11-01/trafficControllers/associations) | | `Microsoft.ServiceNetworking/trafficControllers/frontends` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/2023-11-01/trafficControllers/frontends) | ## Usage examples @@ -94,6 +95,16 @@ module trafficController 'br/public:avm/res/service-networking/traffic-controlle // Required parameters name: 'sntcmax001' // Non-required parameters + associations: [ + { + name: 'association1' + subnetResourceId: '' + } + { + name: 'association2' + subnetResourceId: '' + } + ] frontends: [ { name: 'frontend1' @@ -126,6 +137,18 @@ module trafficController 'br/public:avm/res/service-networking/traffic-controlle "value": "sntcmax001" }, // Non-required parameters + "associations": { + "value": [ + { + "name": "association1", + "subnetResourceId": "" + }, + { + "name": "association2", + "subnetResourceId": "" + } + ] + }, "frontends": { "value": [ { @@ -211,6 +234,7 @@ module trafficController 'br/public:avm/res/service-networking/traffic-controlle | Parameter | Type | Description | | :-- | :-- | :-- | +| [`associations`](#parameter-associations) | array | List of Application Gateway for Containers associations. | | [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`frontends`](#parameter-frontends) | array | List of Application Gateway for Containers frontends. | | [`location`](#parameter-location) | string | Location for all Resources. | @@ -223,6 +247,34 @@ Name of the Application Gateway for Containers to create. - Required: Yes - Type: string +### Parameter: `associations` + +List of Application Gateway for Containers associations. + +- Required: No +- Type: array + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-associationsname) | string | The name of the Application Gateway for Containers association. | +| [`subnetResourceId`](#parameter-associationssubnetresourceid) | string | The resource ID of the subnet to associate with the Application Gateway for Containers. | + +### Parameter: `associations.name` + +The name of the Application Gateway for Containers association. + +- Required: Yes +- Type: string + +### Parameter: `associations.subnetResourceId` + +The resource ID of the subnet to associate with the Application Gateway for Containers. + +- Required: Yes +- Type: string + ### Parameter: `enableTelemetry` Enable/Disable usage telemetry for module. @@ -237,7 +289,19 @@ List of Application Gateway for Containers frontends. - Required: No - Type: array -- Default: `[]` + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-frontendsname) | string | The name of the Application Gateway for Containers frontend. | + +### Parameter: `frontends.name` + +The name of the Application Gateway for Containers frontend. + +- Required: Yes +- Type: string ### Parameter: `location` diff --git a/avm/res/service-networking/traffic-controller/association/README.md b/avm/res/service-networking/traffic-controller/association/README.md new file mode 100644 index 0000000000..9bc6cc25dc --- /dev/null +++ b/avm/res/service-networking/traffic-controller/association/README.md @@ -0,0 +1,89 @@ +# Application Gateway for Containers Association `[Microsoft.ServiceNetworking/trafficControllers/associations]` + +This module deploys an Application Gateway for Containers Association + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) +- [Data Collection](#Data-Collection) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.ServiceNetworking/trafficControllers/associations` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/2023-11-01/trafficControllers/associations) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the association to create. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`trafficControllerName`](#parameter-trafficcontrollername) | string | The name of the parent Application Gateway for Containers instance. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`location`](#parameter-location) | string | Location for all Resources. | + +**Reuired parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-subnetresourceid) | string | The resource ID of the subnet to associate with the traffic controller. | + +### Parameter: `name` + +Name of the association to create. + +- Required: Yes +- Type: string + +### Parameter: `trafficControllerName` + +The name of the parent Application Gateway for Containers instance. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `location` + +Location for all Resources. + +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `subnetResourceId` + +The resource ID of the subnet to associate with the traffic controller. + +- Required: Yes +- Type: string + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the association. | +| `resourceGroupName` | string | The name of the resource group the resource was created in. | +| `resourceId` | string | The resource ID of the association. | + +## Cross-referenced modules + +_None_ + +## Data Collection + +The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the [repository](https://aka.ms/avm/telemetry). There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at . You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices. diff --git a/avm/res/service-networking/traffic-controller/association/main.bicep b/avm/res/service-networking/traffic-controller/association/main.bicep new file mode 100644 index 0000000000..30b1938eae --- /dev/null +++ b/avm/res/service-networking/traffic-controller/association/main.bicep @@ -0,0 +1,55 @@ +metadata name = 'Application Gateway for Containers Association' +metadata description = 'This module deploys an Application Gateway for Containers Association' +metadata owner = 'Azure/module-maintainers' + +@description('Required. Name of the association to create.') +param name string + +@description('Optional. Location for all Resources.') +param location string = resourceGroup().location + +@description('Conditional. The name of the parent Application Gateway for Containers instance. Required if the template is used in a standalone deployment.') +param trafficControllerName string + +@description('Reuired. The resource ID of the subnet to associate with the traffic controller.') +param subnetResourceId string + +// ============== // +// Resources // +// ============== // + +resource trafficController 'Microsoft.ServiceNetworking/trafficControllers@2023-11-01' existing = { + name: trafficControllerName +} + +resource association 'Microsoft.ServiceNetworking/trafficControllers/associations@2023-11-01' = { + name: name + parent: trafficController + location: location + properties: { + associationType: 'subnets' + subnet: { + id: subnetResourceId + } + } +} + +// ============ // +// Outputs // +// ============ // + +@description('The resource ID of the association.') +output resourceId string = association.id + +@description('The name of the association.') +output name string = association.name + +@description('The name of the resource group the resource was created in.') +output resourceGroupName string = resourceGroup().name + +// ================ // +// Definitions // +// ================ // +// +// Add your User-defined-types here, if any +// diff --git a/avm/res/service-networking/traffic-controller/association/main.json b/avm/res/service-networking/traffic-controller/association/main.json new file mode 100644 index 0000000000..6016818956 --- /dev/null +++ b/avm/res/service-networking/traffic-controller/association/main.json @@ -0,0 +1,78 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.29.47.4906", + "templateHash": "18286127970808905958" + }, + "name": "Application Gateway for Containers Association", + "description": "This module deploys an Application Gateway for Containers Association", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the association to create." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all Resources." + } + }, + "trafficControllerName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent Application Gateway for Containers instance. Required if the template is used in a standalone deployment." + } + }, + "subnetResourceId": { + "type": "string", + "metadata": { + "description": "Reuired. The resource ID of the subnet to associate with the traffic controller." + } + } + }, + "resources": [ + { + "type": "Microsoft.ServiceNetworking/trafficControllers/associations", + "apiVersion": "2023-11-01", + "name": "[format('{0}/{1}', parameters('trafficControllerName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "associationType": "subnets", + "subnet": { + "id": "[parameters('subnetResourceId')]" + } + } + } + ], + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the association." + }, + "value": "[resourceId('Microsoft.ServiceNetworking/trafficControllers/associations', parameters('trafficControllerName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the association." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the resource was created in." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/avm/res/service-networking/traffic-controller/main.bicep b/avm/res/service-networking/traffic-controller/main.bicep index 75c1c57cea..4e3dbd786f 100644 --- a/avm/res/service-networking/traffic-controller/main.bicep +++ b/avm/res/service-networking/traffic-controller/main.bicep @@ -15,7 +15,10 @@ param enableTelemetry bool = true param tags object? @description('Optional. List of Application Gateway for Containers frontends.') -param frontends array = [] +param frontends frontendType + +@description('Optional. List of Application Gateway for Containers associations.') +param associations associationType // ============== // // Resources // @@ -48,7 +51,7 @@ resource trafficController 'Microsoft.ServiceNetworking/trafficControllers@2023- } module trafficController_frontends 'frontend/main.bicep' = [ - for (frontend, index) in frontends: { + for (frontend, index) in (frontends ?? []): { name: '${uniqueString(deployment().name, location)}-TrafficController-Frontend-${index}' params: { trafficControllerName: trafficController.name @@ -58,6 +61,18 @@ module trafficController_frontends 'frontend/main.bicep' = [ } ] +module trafficController_associations 'association/main.bicep' = [ + for (association, index) in (associations ?? []): { + name: '${uniqueString(deployment().name, location)}-TrafficController-Association-${index}' + params: { + trafficControllerName: trafficController.name + name: association.name + location: location + subnetResourceId: association.subnetResourceId + } + } +] + // ============ // // Outputs // // ============ // @@ -74,6 +89,16 @@ output location string = trafficController.location // ================ // // Definitions // // ================ // -// -// Add your User-defined-types here, if any -// + +type frontendType = { + @description('Required. The name of the Application Gateway for Containers frontend.') + name: string +}[]? + +type associationType = { + @description('Required. The name of the Application Gateway for Containers association.') + name: string + + @description('Required. The resource ID of the subnet to associate with the Application Gateway for Containers.') + subnetResourceId: string +}[]? diff --git a/avm/res/service-networking/traffic-controller/main.json b/avm/res/service-networking/traffic-controller/main.json index 9c87d06ebf..0ea70f0ba5 100644 --- a/avm/res/service-networking/traffic-controller/main.json +++ b/avm/res/service-networking/traffic-controller/main.json @@ -6,12 +6,50 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "13148817521333721065" + "templateHash": "7748518319617700673" }, "name": "Application Gateway for Containers", "description": "This module deploys an Application Gateway for Containers", "owner": "Azure/module-maintainers" }, + "definitions": { + "frontendType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the Application Gateway for Containers frontend." + } + } + } + }, + "nullable": true + }, + "associationType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the Application Gateway for Containers association." + } + }, + "subnetResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the subnet to associate with the Application Gateway for Containers." + } + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -41,11 +79,16 @@ } }, "frontends": { - "type": "array", - "defaultValue": [], + "$ref": "#/definitions/frontendType", "metadata": { "description": "Optional. List of Application Gateway for Containers frontends." } + }, + "associations": { + "$ref": "#/definitions/associationType", + "metadata": { + "description": "Optional. List of Application Gateway for Containers associations." + } } }, "resources": { @@ -80,7 +123,7 @@ "trafficController_frontends": { "copy": { "name": "trafficController_frontends", - "count": "[length(parameters('frontends'))]" + "count": "[length(coalesce(parameters('frontends'), createArray()))]" }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -95,7 +138,7 @@ "value": "[parameters('name')]" }, "name": { - "value": "[parameters('frontends')[copyIndex()].name]" + "value": "[coalesce(parameters('frontends'), createArray())[copyIndex()].name]" }, "location": { "value": "[parameters('location')]" @@ -172,6 +215,116 @@ "dependsOn": [ "trafficController" ] + }, + "trafficController_associations": { + "copy": { + "name": "trafficController_associations", + "count": "[length(coalesce(parameters('associations'), createArray()))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-TrafficController-Association-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "trafficControllerName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "[coalesce(parameters('associations'), createArray())[copyIndex()].name]" + }, + "location": { + "value": "[parameters('location')]" + }, + "subnetResourceId": { + "value": "[coalesce(parameters('associations'), createArray())[copyIndex()].subnetResourceId]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.29.47.4906", + "templateHash": "18286127970808905958" + }, + "name": "Application Gateway for Containers Association", + "description": "This module deploys an Application Gateway for Containers Association", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the association to create." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all Resources." + } + }, + "trafficControllerName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent Application Gateway for Containers instance. Required if the template is used in a standalone deployment." + } + }, + "subnetResourceId": { + "type": "string", + "metadata": { + "description": "Reuired. The resource ID of the subnet to associate with the traffic controller." + } + } + }, + "resources": [ + { + "type": "Microsoft.ServiceNetworking/trafficControllers/associations", + "apiVersion": "2023-11-01", + "name": "[format('{0}/{1}', parameters('trafficControllerName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "associationType": "subnets", + "subnet": { + "id": "[parameters('subnetResourceId')]" + } + } + } + ], + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the association." + }, + "value": "[resourceId('Microsoft.ServiceNetworking/trafficControllers/associations', parameters('trafficControllerName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the association." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the resource was created in." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "trafficController" + ] } }, "outputs": { diff --git a/avm/res/service-networking/traffic-controller/tests/e2e/max/dependencies.bicep b/avm/res/service-networking/traffic-controller/tests/e2e/max/dependencies.bicep new file mode 100644 index 0000000000..6e9f5a0621 --- /dev/null +++ b/avm/res/service-networking/traffic-controller/tests/e2e/max/dependencies.bicep @@ -0,0 +1,55 @@ +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +var addressPrefix = '10.0.0.0/16' + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + addressPrefix + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 24, 0) + delegations: [ + { + name: 'Microsoft.ServiceNetworking.trafficControllers' + properties: { + serviceName: 'Microsoft.ServiceNetworking/trafficControllers' + } + } + ] + } + } + { + name: 'customSubnet-1' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 24, 1) + delegations: [ + { + name: 'Microsoft.ServiceNetworking.trafficControllers' + properties: { + serviceName: 'Microsoft.ServiceNetworking/trafficControllers' + } + } + ] + } + } + ] + } +} + +@description('The resource ID of the created default Virtual Network Subnet.') +output defaultSubnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The resource ID of the created custom Virtual Network Subnet.') +output customSubnetResourceId string = virtualNetwork.properties.subnets[1].id diff --git a/avm/res/service-networking/traffic-controller/tests/e2e/max/main.test.bicep b/avm/res/service-networking/traffic-controller/tests/e2e/max/main.test.bicep index 5c1f4bc663..20b7eaf233 100644 --- a/avm/res/service-networking/traffic-controller/tests/e2e/max/main.test.bicep +++ b/avm/res/service-networking/traffic-controller/tests/e2e/max/main.test.bicep @@ -31,6 +31,15 @@ resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { location: resourceLocation } +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' + params: { + location: resourceLocation + virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' + } +} + // ============== // // Test Execution // // ============== // @@ -53,6 +62,16 @@ module testDeployment '../../../main.bicep' = [ name: 'frontend1' } ] + associations: [ + { + name: 'association1' + subnetResourceId: nestedDependencies.outputs.defaultSubnetResourceId + } + { + name: 'association2' + subnetResourceId: nestedDependencies.outputs.customSubnetResourceId + } + ] } } ] From 44df773ed55a94f1b6fdb06a962e5d79fe78cb8d Mon Sep 17 00:00:00 2001 From: Kris Baranek <20225789+krbar@users.noreply.github.com> Date: Wed, 4 Sep 2024 16:30:52 +0200 Subject: [PATCH 04/18] Add diag, rbac, locks --- .../traffic-controller/README.md | 374 ++++++++++++++++++ .../traffic-controller/main.bicep | 181 +++++++++ .../traffic-controller/main.json | 355 ++++++++++++++++- .../tests/e2e/max/dependencies.bicep | 13 +- .../tests/e2e/max/main.test.bicep | 68 +++- 5 files changed, 984 insertions(+), 7 deletions(-) diff --git a/avm/res/service-networking/traffic-controller/README.md b/avm/res/service-networking/traffic-controller/README.md index ddfe9cdaf4..9a4033fe64 100644 --- a/avm/res/service-networking/traffic-controller/README.md +++ b/avm/res/service-networking/traffic-controller/README.md @@ -15,6 +15,9 @@ This module deploys an Application Gateway for Containers | Resource Type | API Version | | :-- | :-- | +| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | +| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.ServiceNetworking/trafficControllers` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/2023-11-01/trafficControllers) | | `Microsoft.ServiceNetworking/trafficControllers/associations` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/2023-11-01/trafficControllers/associations) | | `Microsoft.ServiceNetworking/trafficControllers/frontends` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/2023-11-01/trafficControllers/frontends) | @@ -105,12 +108,52 @@ module trafficController 'br/public:avm/res/service-networking/traffic-controlle subnetResourceId: '' } ] + diagnosticSettings: [ + { + eventHubAuthorizationRuleResourceId: '' + eventHubName: '' + metricCategories: [ + { + category: 'AllMetrics' + } + ] + name: 'customSetting' + storageAccountResourceId: '' + workspaceResourceId: '' + } + ] frontends: [ { name: 'frontend1' } + { + name: 'frontend2' + } ] location: '' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } + roleAssignments: [ + { + name: 'b60b8539-9af5-4208-b75d-f44d1f39b9f8' + principalId: '' + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Owner' + } + { + name: '' + principalId: '' + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c' + } + { + principalId: '' + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: '' + } + ] tags: { Environment: 'Non-Prod' 'hidden-title': 'This is visible in the resource name' @@ -149,16 +192,62 @@ module trafficController 'br/public:avm/res/service-networking/traffic-controlle } ] }, + "diagnosticSettings": { + "value": [ + { + "eventHubAuthorizationRuleResourceId": "", + "eventHubName": "", + "metricCategories": [ + { + "category": "AllMetrics" + } + ], + "name": "customSetting", + "storageAccountResourceId": "", + "workspaceResourceId": "" + } + ] + }, "frontends": { "value": [ { "name": "frontend1" + }, + { + "name": "frontend2" } ] }, "location": { "value": "" }, + "lock": { + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } + }, + "roleAssignments": { + "value": [ + { + "name": "b60b8539-9af5-4208-b75d-f44d1f39b9f8", + "principalId": "", + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Owner" + }, + { + "name": "", + "principalId": "", + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "b24988ac-6180-42a0-ab88-20f7382dd24c" + }, + { + "principalId": "", + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "" + } + ] + }, "tags": { "value": { "Environment": "Non-Prod", @@ -235,9 +324,12 @@ module trafficController 'br/public:avm/res/service-networking/traffic-controlle | Parameter | Type | Description | | :-- | :-- | :-- | | [`associations`](#parameter-associations) | array | List of Application Gateway for Containers associations. | +| [`diagnosticSettings`](#parameter-diagnosticsettings) | array | The diagnostic settings of the service. | | [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`frontends`](#parameter-frontends) | array | List of Application Gateway for Containers frontends. | | [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | | [`tags`](#parameter-tags) | object | Resource tags. | ### Parameter: `name` @@ -275,6 +367,152 @@ The resource ID of the subnet to associate with the Application Gateway for Cont - Required: Yes - Type: string +### Parameter: `diagnosticSettings` + +The diagnostic settings of the service. + +- Required: No +- Type: array + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to `[]` to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of metrics that will be streamed. "allMetrics" includes all possible metrics for the resource. Set to `[]` to disable metric collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | + +### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. + +- Required: No +- Type: string + +### Parameter: `diagnosticSettings.eventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. + +- Required: No +- Type: string + +### Parameter: `diagnosticSettings.logAnalyticsDestinationType` + +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` + +### Parameter: `diagnosticSettings.logCategoriesAndGroups` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to `[]` to disable log collection. + +- Required: No +- Type: array + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | string | Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | +| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | string | Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to `allLogs` to collect all logs. | +| [`enabled`](#parameter-diagnosticsettingslogcategoriesandgroupsenabled) | bool | Enable or disable the category explicitly. Default is `true`. | + +### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` + +Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. + +- Required: No +- Type: string + +### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` + +Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to `allLogs` to collect all logs. + +- Required: No +- Type: string + +### Parameter: `diagnosticSettings.logCategoriesAndGroups.enabled` + +Enable or disable the category explicitly. Default is `true`. + +- Required: No +- Type: bool + +### Parameter: `diagnosticSettings.marketplacePartnerResourceId` + +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. + +- Required: No +- Type: string + +### Parameter: `diagnosticSettings.metricCategories` + +The name of metrics that will be streamed. "allMetrics" includes all possible metrics for the resource. Set to `[]` to disable metric collection. + +- Required: No +- Type: array + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | string | Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to `AllMetrics` to collect all metrics. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enabled`](#parameter-diagnosticsettingsmetriccategoriesenabled) | bool | Enable or disable the category explicitly. Default is `true`. | + +### Parameter: `diagnosticSettings.metricCategories.category` + +Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to `AllMetrics` to collect all metrics. + +- Required: Yes +- Type: string + +### Parameter: `diagnosticSettings.metricCategories.enabled` + +Enable or disable the category explicitly. Default is `true`. + +- Required: No +- Type: bool + +### Parameter: `diagnosticSettings.name` + +The name of diagnostic setting. + +- Required: No +- Type: string + +### Parameter: `diagnosticSettings.storageAccountResourceId` + +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. + +- Required: No +- Type: string + +### Parameter: `diagnosticSettings.workspaceResourceId` + +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. + +- Required: No +- Type: string + ### Parameter: `enableTelemetry` Enable/Disable usage telemetry for module. @@ -311,6 +549,139 @@ Location for all Resources. - Type: string - Default: `[resourceGroup().location]` +### Parameter: `lock` + +The lock settings of the service. + +- Required: No +- Type: object + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | + +### Parameter: `lock.kind` + +Specify the type of lock. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` + +### Parameter: `lock.name` + +Specify the name of lock. + +- Required: No +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignments to create. + +- Required: No +- Type: array + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container". | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`name`](#parameter-roleassignmentsname) | string | The name (as GUID) of the role assignment. If not provided, a GUID will be generated. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `roleAssignments.roleDefinitionIdOrName` + +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + +### Parameter: `roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container". + +- Required: No +- Type: string + +### Parameter: `roleAssignments.conditionVersion` + +Version of the condition. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` + +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` + +The Resource Id of the delegated managed identity resource. + +- Required: No +- Type: string + +### Parameter: `roleAssignments.description` + +The description of the role assignment. + +- Required: No +- Type: string + +### Parameter: `roleAssignments.name` + +The name (as GUID) of the role assignment. If not provided, a GUID will be generated. + +- Required: No +- Type: string + +### Parameter: `roleAssignments.principalType` + +The principal type of the assigned principal ID. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` + ### Parameter: `tags` Resource tags. @@ -323,6 +694,9 @@ Resource tags. | Output | Type | Description | | :-- | :-- | :-- | +| `associationResourceIds` | array | The resource Ids of the Application Gateway for Containers associations. | +| `configurationEndpoints` | array | The configuration endpoints of the Application Gateway for Containers. | +| `frontendResourceIds` | array | The resource Ids of the Application Gateway for Containers frontends. | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the Application Gateway for Containers. | | `resourceId` | string | The resource ID of the Application Gateway for Containers. | diff --git a/avm/res/service-networking/traffic-controller/main.bicep b/avm/res/service-networking/traffic-controller/main.bicep index 4e3dbd786f..5f213666cb 100644 --- a/avm/res/service-networking/traffic-controller/main.bicep +++ b/avm/res/service-networking/traffic-controller/main.bicep @@ -14,12 +14,46 @@ param enableTelemetry bool = true @description('Optional. Resource tags.') param tags object? +@description('Optional. The lock settings of the service.') +param lock lockType + +@description('Optional. The diagnostic settings of the service.') +param diagnosticSettings diagnosticSettingType + +@description('Optional. Array of role assignments to create.') +param roleAssignments roleAssignmentType + @description('Optional. List of Application Gateway for Containers frontends.') param frontends frontendType @description('Optional. List of Application Gateway for Containers associations.') param associations associationType +var builtInRoleNames = { + Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') + Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') + Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') + 'Role Based Access Control Administrator': subscriptionResourceId( + 'Microsoft.Authorization/roleDefinitions', + 'f58310d9-a9f6-439a-9e8d-f62e7b41a168' + ) + 'User Access Administrator': subscriptionResourceId( + 'Microsoft.Authorization/roleDefinitions', + '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9' + ) +} + +var formattedRoleAssignments = [ + for (roleAssignment, index) in (roleAssignments ?? []): union(roleAssignment, { + roleDefinitionId: builtInRoleNames[?roleAssignment.roleDefinitionIdOrName] ?? (contains( + roleAssignment.roleDefinitionIdOrName, + '/providers/Microsoft.Authorization/roleDefinitions/' + ) + ? roleAssignment.roleDefinitionIdOrName + : subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleAssignment.roleDefinitionIdOrName)) + }) +] + // ============== // // Resources // // ============== // @@ -50,6 +84,66 @@ resource trafficController 'Microsoft.ServiceNetworking/trafficControllers@2023- properties: {} } +resource trafficController_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' + properties: { + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' + ? 'Cannot delete resource or child resources.' + : 'Cannot delete or modify the resource or child resources.' + } + scope: trafficController +} + +resource trafficController_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = [ + for (diagnosticSetting, index) in (diagnosticSettings ?? []): { + name: diagnosticSetting.?name ?? '${name}-diagnosticSettings' + properties: { + storageAccountId: diagnosticSetting.?storageAccountResourceId + workspaceId: diagnosticSetting.?workspaceResourceId + eventHubAuthorizationRuleId: diagnosticSetting.?eventHubAuthorizationRuleResourceId + eventHubName: diagnosticSetting.?eventHubName + metrics: [ + for group in (diagnosticSetting.?metricCategories ?? [{ category: 'AllMetrics' }]): { + category: group.category + enabled: group.?enabled ?? true + timeGrain: null + } + ] + logs: [ + for group in (diagnosticSetting.?logCategoriesAndGroups ?? [{ categoryGroup: 'allLogs' }]): { + categoryGroup: group.?categoryGroup + category: group.?category + enabled: group.?enabled ?? true + } + ] + marketplacePartnerId: diagnosticSetting.?marketplacePartnerResourceId + logAnalyticsDestinationType: diagnosticSetting.?logAnalyticsDestinationType + } + scope: trafficController + } +] + +resource trafficController_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ + for (roleAssignment, index) in (formattedRoleAssignments ?? []): { + name: roleAssignment.?name ?? guid( + trafficController.id, + roleAssignment.principalId, + roleAssignment.roleDefinitionId + ) + properties: { + roleDefinitionId: roleAssignment.roleDefinitionId + principalId: roleAssignment.principalId + description: roleAssignment.?description + principalType: roleAssignment.?principalType + condition: roleAssignment.?condition + conditionVersion: !empty(roleAssignment.?condition) ? (roleAssignment.?conditionVersion ?? '2.0') : null // Must only be set if condtion is set + delegatedManagedIdentityResourceId: roleAssignment.?delegatedManagedIdentityResourceId + } + scope: trafficController + } +] + module trafficController_frontends 'frontend/main.bicep' = [ for (frontend, index) in (frontends ?? []): { name: '${uniqueString(deployment().name, location)}-TrafficController-Frontend-${index}' @@ -86,6 +180,15 @@ output name string = trafficController.name @description('The location the resource was deployed into.') output location string = trafficController.location +@description('The configuration endpoints of the Application Gateway for Containers.') +output configurationEndpoints string[] = trafficController.properties.configurationEndpoints + +@description('The resource Ids of the Application Gateway for Containers associations.') +output associationResourceIds array = trafficController.properties.associations + +@description('The resource Ids of the Application Gateway for Containers frontends.') +output frontendResourceIds array = trafficController.properties.frontends + // ================ // // Definitions // // ================ // @@ -102,3 +205,81 @@ type associationType = { @description('Required. The resource ID of the subnet to associate with the Application Gateway for Containers.') subnetResourceId: string }[]? + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? + +type roleAssignmentType = { + @description('Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated.') + name: string? + + @description('Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') + roleDefinitionIdOrName: string + + @description('Required. The principal ID of the principal (user/group/identity) to assign the role to.') + principalId: string + + @description('Optional. The principal type of the assigned principal ID.') + principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device')? + + @description('Optional. The description of the role assignment.') + description: string? + + @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container".') + condition: string? + + @description('Optional. Version of the condition.') + conditionVersion: '2.0'? + + @description('Optional. The Resource Id of the delegated managed identity resource.') + delegatedManagedIdentityResourceId: string? +}[]? + +type diagnosticSettingType = { + @description('Optional. The name of diagnostic setting.') + name: string? + + @description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to `[]` to disable log collection.') + logCategoriesAndGroups: { + @description('Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here.') + category: string? + + @description('Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to `allLogs` to collect all logs.') + categoryGroup: string? + + @description('Optional. Enable or disable the category explicitly. Default is `true`.') + enabled: bool? + }[]? + + @description('Optional. The name of metrics that will be streamed. "allMetrics" includes all possible metrics for the resource. Set to `[]` to disable metric collection.') + metricCategories: { + @description('Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to `AllMetrics` to collect all metrics.') + category: string + + @description('Optional. Enable or disable the category explicitly. Default is `true`.') + enabled: bool? + }[]? + + @description('Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.') + logAnalyticsDestinationType: ('Dedicated' | 'AzureDiagnostics')? + + @description('Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') + workspaceResourceId: string? + + @description('Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') + storageAccountResourceId: string? + + @description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') + eventHubAuthorizationRuleResourceId: string? + + @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') + eventHubName: string? + + @description('Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.') + marketplacePartnerResourceId: string? +}[]? diff --git a/avm/res/service-networking/traffic-controller/main.json b/avm/res/service-networking/traffic-controller/main.json index 0ea70f0ba5..882ae1e59d 100644 --- a/avm/res/service-networking/traffic-controller/main.json +++ b/avm/res/service-networking/traffic-controller/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "7748518319617700673" + "templateHash": "134004223883340990" }, "name": "Application Gateway for Containers", "description": "This module deploys an Application Gateway for Containers", @@ -48,6 +48,224 @@ } }, "nullable": true + }, + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + }, + "roleAssignmentType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "principalId": { + "type": "string", + "metadata": { + "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." + } + }, + "principalType": { + "type": "string", + "allowedValues": [ + "Device", + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ], + "nullable": true, + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "allowedValues": [ + "2.0" + ], + "nullable": true, + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Resource Id of the delegated managed identity resource." + } + } + } + }, + "nullable": true + }, + "diagnosticSettingType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of diagnostic setting." + } + }, + "logCategoriesAndGroups": { + "type": "array", + "items": { + "type": "object", + "properties": { + "category": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here." + } + }, + "categoryGroup": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to `allLogs` to collect all logs." + } + }, + "enabled": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Enable or disable the category explicitly. Default is `true`." + } + } + } + }, + "nullable": true, + "metadata": { + "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to `[]` to disable log collection." + } + }, + "metricCategories": { + "type": "array", + "items": { + "type": "object", + "properties": { + "category": { + "type": "string", + "metadata": { + "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to `AllMetrics` to collect all metrics." + } + }, + "enabled": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Enable or disable the category explicitly. Default is `true`." + } + } + } + }, + "nullable": true, + "metadata": { + "description": "Optional. The name of metrics that will be streamed. \"allMetrics\" includes all possible metrics for the resource. Set to `[]` to disable metric collection." + } + }, + "logAnalyticsDestinationType": { + "type": "string", + "allowedValues": [ + "AzureDiagnostics", + "Dedicated" + ], + "nullable": true, + "metadata": { + "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type." + } + }, + "workspaceResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "storageAccountResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "eventHubAuthorizationRuleResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." + } + }, + "eventHubName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "marketplacePartnerResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs." + } + } + } + }, + "nullable": true } }, "parameters": { @@ -78,6 +296,24 @@ "description": "Optional. Resource tags." } }, + "lock": { + "$ref": "#/definitions/lockType", + "metadata": { + "description": "Optional. The lock settings of the service." + } + }, + "diagnosticSettings": { + "$ref": "#/definitions/diagnosticSettingType", + "metadata": { + "description": "Optional. The diagnostic settings of the service." + } + }, + "roleAssignments": { + "$ref": "#/definitions/roleAssignmentType", + "metadata": { + "description": "Optional. Array of role assignments to create." + } + }, "frontends": { "$ref": "#/definitions/frontendType", "metadata": { @@ -91,6 +327,22 @@ } } }, + "variables": { + "copy": [ + { + "name": "formattedRoleAssignments", + "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]", + "input": "[union(coalesce(parameters('roleAssignments'), createArray())[copyIndex('formattedRoleAssignments')], createObject('roleDefinitionId', coalesce(tryGet(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex('formattedRoleAssignments')].roleDefinitionIdOrName), if(contains(coalesce(parameters('roleAssignments'), createArray())[copyIndex('formattedRoleAssignments')].roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/'), coalesce(parameters('roleAssignments'), createArray())[copyIndex('formattedRoleAssignments')].roleDefinitionIdOrName, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', coalesce(parameters('roleAssignments'), createArray())[copyIndex('formattedRoleAssignments')].roleDefinitionIdOrName)))))]" + } + ], + "builtInRoleNames": { + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Role Based Access Control Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]" + } + }, "resources": { "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", @@ -120,6 +372,83 @@ "tags": "[parameters('tags')]", "properties": {} }, + "trafficController_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.ServiceNetworking/trafficControllers/{0}', parameters('name'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", + "properties": { + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + }, + "dependsOn": [ + "trafficController" + ] + }, + "trafficController_diagnosticSettings": { + "copy": { + "name": "trafficController_diagnosticSettings", + "count": "[length(coalesce(parameters('diagnosticSettings'), createArray()))]" + }, + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "scope": "[format('Microsoft.ServiceNetworking/trafficControllers/{0}', parameters('name'))]", + "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", + "properties": { + "copy": [ + { + "name": "metrics", + "count": "[length(coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories'), createArray(createObject('category', 'AllMetrics'))))]", + "input": { + "category": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories'), createArray(createObject('category', 'AllMetrics')))[copyIndex('metrics')].category]", + "enabled": "[coalesce(tryGet(coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories'), createArray(createObject('category', 'AllMetrics')))[copyIndex('metrics')], 'enabled'), true())]", + "timeGrain": null + } + }, + { + "name": "logs", + "count": "[length(coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups'), createArray(createObject('categoryGroup', 'allLogs'))))]", + "input": { + "categoryGroup": "[tryGet(coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups'), createArray(createObject('categoryGroup', 'allLogs')))[copyIndex('logs')], 'categoryGroup')]", + "category": "[tryGet(coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups'), createArray(createObject('categoryGroup', 'allLogs')))[copyIndex('logs')], 'category')]", + "enabled": "[coalesce(tryGet(coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups'), createArray(createObject('categoryGroup', 'allLogs')))[copyIndex('logs')], 'enabled'), true())]" + } + } + ], + "storageAccountId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'storageAccountResourceId')]", + "workspaceId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'workspaceResourceId')]", + "eventHubAuthorizationRuleId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubAuthorizationRuleResourceId')]", + "eventHubName": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubName')]", + "marketplacePartnerId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'marketplacePartnerResourceId')]", + "logAnalyticsDestinationType": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logAnalyticsDestinationType')]" + }, + "dependsOn": [ + "trafficController" + ] + }, + "trafficController_roleAssignments": { + "copy": { + "name": "trafficController_roleAssignments", + "count": "[length(coalesce(variables('formattedRoleAssignments'), createArray()))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.ServiceNetworking/trafficControllers/{0}', parameters('name'))]", + "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.ServiceNetworking/trafficControllers', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", + "properties": { + "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", + "principalId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId]", + "description": "[tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'description')]", + "principalType": "[tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'principalType')]", + "condition": "[tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'condition')]", + "conditionVersion": "[if(not(empty(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]", + "delegatedManagedIdentityResourceId": "[tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]" + }, + "dependsOn": [ + "trafficController" + ] + }, "trafficController_frontends": { "copy": { "name": "trafficController_frontends", @@ -348,6 +677,30 @@ "description": "The location the resource was deployed into." }, "value": "[reference('trafficController', '2023-11-01', 'full').location]" + }, + "configurationEndpoints": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "The configuration endpoints of the Application Gateway for Containers." + }, + "value": "[reference('trafficController').configurationEndpoints]" + }, + "associationResourceIds": { + "type": "array", + "metadata": { + "description": "The resource Ids of the Application Gateway for Containers associations." + }, + "value": "[reference('trafficController').associations]" + }, + "frontendResourceIds": { + "type": "array", + "metadata": { + "description": "The resource Ids of the Application Gateway for Containers frontends." + }, + "value": "[reference('trafficController').frontends]" } } } \ No newline at end of file diff --git a/avm/res/service-networking/traffic-controller/tests/e2e/max/dependencies.bicep b/avm/res/service-networking/traffic-controller/tests/e2e/max/dependencies.bicep index 6e9f5a0621..912509d00a 100644 --- a/avm/res/service-networking/traffic-controller/tests/e2e/max/dependencies.bicep +++ b/avm/res/service-networking/traffic-controller/tests/e2e/max/dependencies.bicep @@ -1,12 +1,20 @@ @description('Optional. The location to deploy resources to.') param location string = resourceGroup().location +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + @description('Required. The name of the Virtual Network to create.') param virtualNetworkName string var addressPrefix = '10.0.0.0/16' -resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { + name: managedIdentityName + location: location +} + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-01-01' = { name: virtualNetworkName location: location properties: { @@ -48,6 +56,9 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { } } +@description('The resource ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId + @description('The resource ID of the created default Virtual Network Subnet.') output defaultSubnetResourceId string = virtualNetwork.properties.subnets[0].id diff --git a/avm/res/service-networking/traffic-controller/tests/e2e/max/main.test.bicep b/avm/res/service-networking/traffic-controller/tests/e2e/max/main.test.bicep index 20b7eaf233..e62e4614e7 100644 --- a/avm/res/service-networking/traffic-controller/tests/e2e/max/main.test.bicep +++ b/avm/res/service-networking/traffic-controller/tests/e2e/max/main.test.bicep @@ -36,10 +36,25 @@ module nestedDependencies 'dependencies.bicep' = { name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' params: { location: resourceLocation + managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}' virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' } } +// Diagnostics +// =========== +module diagnosticDependencies '../../../../../../utilities/e2e-template-assets/templates/diagnostic.dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-diagnosticDependencies' + params: { + storageAccountName: 'dep${namePrefix}diasa${serviceShort}01' + logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}' + eventHubNamespaceEventHubName: 'dep-${namePrefix}-evh-${serviceShort}' + eventHubNamespaceName: 'dep-${namePrefix}-evhns-${serviceShort}' + location: resourceLocation + } +} + // ============== // // Test Execution // // ============== // @@ -52,15 +67,13 @@ module testDeployment '../../../main.bicep' = [ params: { name: '${namePrefix}${serviceShort}001' location: resourceLocation - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } frontends: [ { name: 'frontend1' } + { + name: 'frontend2' + } ] associations: [ { @@ -72,6 +85,51 @@ module testDeployment '../../../main.bicep' = [ subnetResourceId: nestedDependencies.outputs.customSubnetResourceId } ] + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } + roleAssignments: [ + { + name: 'b60b8539-9af5-4208-b75d-f44d1f39b9f8' + roleDefinitionIdOrName: 'Owner' + principalId: nestedDependencies.outputs.managedIdentityPrincipalId + principalType: 'ServicePrincipal' + } + { + name: guid('Custom seed ${namePrefix}${serviceShort}') + roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c' + principalId: nestedDependencies.outputs.managedIdentityPrincipalId + principalType: 'ServicePrincipal' + } + { + roleDefinitionIdOrName: subscriptionResourceId( + 'Microsoft.Authorization/roleDefinitions', + 'acdd72a7-3385-48ef-bd42-f606fba81ae7' + ) + principalId: nestedDependencies.outputs.managedIdentityPrincipalId + principalType: 'ServicePrincipal' + } + ] + diagnosticSettings: [ + { + name: 'customSetting' + metricCategories: [ + { + category: 'AllMetrics' + } + ] + eventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName + eventHubAuthorizationRuleResourceId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId + storageAccountResourceId: diagnosticDependencies.outputs.storageAccountResourceId + workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId + } + ] } } ] From 188d4e8ac7c843affbe067d618740f5ffe1c12ee Mon Sep 17 00:00:00 2001 From: Kris Baranek <20225789+krbar@users.noreply.github.com> Date: Wed, 4 Sep 2024 16:51:46 +0200 Subject: [PATCH 05/18] update outputs, batchSize = 1 for associations --- .../traffic-controller/README.md | 2 + .../traffic-controller/association/README.md | 1 + .../traffic-controller/association/main.bicep | 3 ++ .../traffic-controller/association/main.json | 9 +++- .../traffic-controller/frontend/README.md | 1 + .../traffic-controller/frontend/main.bicep | 3 ++ .../traffic-controller/frontend/main.json | 9 +++- .../traffic-controller/main.bicep | 19 +++++++ .../traffic-controller/main.json | 52 +++++++++++++++++-- 9 files changed, 93 insertions(+), 6 deletions(-) diff --git a/avm/res/service-networking/traffic-controller/README.md b/avm/res/service-networking/traffic-controller/README.md index 9a4033fe64..ea8c53afb7 100644 --- a/avm/res/service-networking/traffic-controller/README.md +++ b/avm/res/service-networking/traffic-controller/README.md @@ -695,8 +695,10 @@ Resource tags. | Output | Type | Description | | :-- | :-- | :-- | | `associationResourceIds` | array | The resource Ids of the Application Gateway for Containers associations. | +| `associations` | array | The associations of the Application Gateway for Containers. | | `configurationEndpoints` | array | The configuration endpoints of the Application Gateway for Containers. | | `frontendResourceIds` | array | The resource Ids of the Application Gateway for Containers frontends. | +| `frontends` | array | The frontends of the Application Gateway for Containers. | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the Application Gateway for Containers. | | `resourceId` | string | The resource ID of the Application Gateway for Containers. | diff --git a/avm/res/service-networking/traffic-controller/association/README.md b/avm/res/service-networking/traffic-controller/association/README.md index 9bc6cc25dc..e99cc7cbc4 100644 --- a/avm/res/service-networking/traffic-controller/association/README.md +++ b/avm/res/service-networking/traffic-controller/association/README.md @@ -79,6 +79,7 @@ The resource ID of the subnet to associate with the traffic controller. | `name` | string | The name of the association. | | `resourceGroupName` | string | The name of the resource group the resource was created in. | | `resourceId` | string | The resource ID of the association. | +| `subnetResourceId` | string | The resource ID of the associated subnet. | ## Cross-referenced modules diff --git a/avm/res/service-networking/traffic-controller/association/main.bicep b/avm/res/service-networking/traffic-controller/association/main.bicep index 30b1938eae..fbe439fe94 100644 --- a/avm/res/service-networking/traffic-controller/association/main.bicep +++ b/avm/res/service-networking/traffic-controller/association/main.bicep @@ -47,6 +47,9 @@ output name string = association.name @description('The name of the resource group the resource was created in.') output resourceGroupName string = resourceGroup().name +@description('The resource ID of the associated subnet.') +output subnetResourceId string = association.properties.subnet.id + // ================ // // Definitions // // ================ // diff --git a/avm/res/service-networking/traffic-controller/association/main.json b/avm/res/service-networking/traffic-controller/association/main.json index 6016818956..c4b076d35b 100644 --- a/avm/res/service-networking/traffic-controller/association/main.json +++ b/avm/res/service-networking/traffic-controller/association/main.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "18286127970808905958" + "templateHash": "13830191223102804829" }, "name": "Application Gateway for Containers Association", "description": "This module deploys an Application Gateway for Containers Association", @@ -73,6 +73,13 @@ "description": "The name of the resource group the resource was created in." }, "value": "[resourceGroup().name]" + }, + "subnetResourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the associated subnet." + }, + "value": "[reference(resourceId('Microsoft.ServiceNetworking/trafficControllers/associations', parameters('trafficControllerName'), parameters('name')), '2023-11-01').subnet.id]" } } } \ No newline at end of file diff --git a/avm/res/service-networking/traffic-controller/frontend/README.md b/avm/res/service-networking/traffic-controller/frontend/README.md index e7f4e2553e..90d67c01ad 100644 --- a/avm/res/service-networking/traffic-controller/frontend/README.md +++ b/avm/res/service-networking/traffic-controller/frontend/README.md @@ -63,6 +63,7 @@ Location for all Resources. | Output | Type | Description | | :-- | :-- | :-- | +| `fqdn` | string | The FQDN of the frontend. | | `name` | string | The name of the frontend. | | `resourceGroupName` | string | The name of the resource group the resource was created in. | | `resourceId` | string | The resource ID of the frontend. | diff --git a/avm/res/service-networking/traffic-controller/frontend/main.bicep b/avm/res/service-networking/traffic-controller/frontend/main.bicep index 5a26956c64..e466ea4d31 100644 --- a/avm/res/service-networking/traffic-controller/frontend/main.bicep +++ b/avm/res/service-networking/traffic-controller/frontend/main.bicep @@ -39,6 +39,9 @@ output name string = frontend.name @description('The name of the resource group the resource was created in.') output resourceGroupName string = resourceGroup().name +@description('The FQDN of the frontend.') +output fqdn string = frontend.properties.fqdn + // ================ // // Definitions // // ================ // diff --git a/avm/res/service-networking/traffic-controller/frontend/main.json b/avm/res/service-networking/traffic-controller/frontend/main.json index f9701a5450..60970770d0 100644 --- a/avm/res/service-networking/traffic-controller/frontend/main.json +++ b/avm/res/service-networking/traffic-controller/frontend/main.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "11544265930509739079" + "templateHash": "15229634960628564975" }, "name": "Application Gateway for Containers Frontend", "description": "This module deploys an Application Gateway for Containers Frontend", @@ -62,6 +62,13 @@ "description": "The name of the resource group the resource was created in." }, "value": "[resourceGroup().name]" + }, + "fqdn": { + "type": "string", + "metadata": { + "description": "The FQDN of the frontend." + }, + "value": "[reference(resourceId('Microsoft.ServiceNetworking/trafficControllers/frontends', parameters('trafficControllerName'), parameters('name')), '2023-11-01').fqdn]" } } } \ No newline at end of file diff --git a/avm/res/service-networking/traffic-controller/main.bicep b/avm/res/service-networking/traffic-controller/main.bicep index 5f213666cb..7854861063 100644 --- a/avm/res/service-networking/traffic-controller/main.bicep +++ b/avm/res/service-networking/traffic-controller/main.bicep @@ -155,6 +155,7 @@ module trafficController_frontends 'frontend/main.bicep' = [ } ] +@batchSize(1) module trafficController_associations 'association/main.bicep' = [ for (association, index) in (associations ?? []): { name: '${uniqueString(deployment().name, location)}-TrafficController-Association-${index}' @@ -189,6 +190,24 @@ output associationResourceIds array = trafficController.properties.associations @description('The resource Ids of the Application Gateway for Containers frontends.') output frontendResourceIds array = trafficController.properties.frontends +@description('The frontends of the Application Gateway for Containers.') +output frontends array = [ + for (frontend, i) in (!empty(frontends) ? array(frontends) : []): { + name: trafficController_frontends[i].outputs.name + resourceId: trafficController_frontends[i].outputs.resourceId + fqdn: trafficController_frontends[i].outputs.fqdn + } +] + +@description('The associations of the Application Gateway for Containers.') +output associations array = [ + for (association, i) in (!empty(associations) ? array(associations) : []): { + name: trafficController_associations[i].outputs.name + resourceId: trafficController_associations[i].outputs.resourceId + subnetResourceId: trafficController_associations[i].outputs.subnetResourceId + } +] + // ================ // // Definitions // // ================ // diff --git a/avm/res/service-networking/traffic-controller/main.json b/avm/res/service-networking/traffic-controller/main.json index 882ae1e59d..02419323d9 100644 --- a/avm/res/service-networking/traffic-controller/main.json +++ b/avm/res/service-networking/traffic-controller/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "134004223883340990" + "templateHash": "17520170210972736649" }, "name": "Application Gateway for Containers", "description": "This module deploys an Application Gateway for Containers", @@ -480,7 +480,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "11544265930509739079" + "templateHash": "15229634960628564975" }, "name": "Application Gateway for Containers Frontend", "description": "This module deploys an Application Gateway for Containers Frontend", @@ -537,6 +537,13 @@ "description": "The name of the resource group the resource was created in." }, "value": "[resourceGroup().name]" + }, + "fqdn": { + "type": "string", + "metadata": { + "description": "The FQDN of the frontend." + }, + "value": "[reference(resourceId('Microsoft.ServiceNetworking/trafficControllers/frontends', parameters('trafficControllerName'), parameters('name')), '2023-11-01').fqdn]" } } } @@ -548,7 +555,9 @@ "trafficController_associations": { "copy": { "name": "trafficController_associations", - "count": "[length(coalesce(parameters('associations'), createArray()))]" + "count": "[length(coalesce(parameters('associations'), createArray()))]", + "mode": "serial", + "batchSize": 1 }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -579,7 +588,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "18286127970808905958" + "templateHash": "13830191223102804829" }, "name": "Application Gateway for Containers Association", "description": "This module deploys an Application Gateway for Containers Association", @@ -647,6 +656,13 @@ "description": "The name of the resource group the resource was created in." }, "value": "[resourceGroup().name]" + }, + "subnetResourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the associated subnet." + }, + "value": "[reference(resourceId('Microsoft.ServiceNetworking/trafficControllers/associations', parameters('trafficControllerName'), parameters('name')), '2023-11-01').subnet.id]" } } } @@ -701,6 +717,34 @@ "description": "The resource Ids of the Application Gateway for Containers frontends." }, "value": "[reference('trafficController').frontends]" + }, + "frontends": { + "type": "array", + "metadata": { + "description": "The frontends of the Application Gateway for Containers." + }, + "copy": { + "count": "[length(if(not(empty(parameters('frontends'))), array(parameters('frontends')), createArray()))]", + "input": { + "name": "[reference(format('trafficController_frontends[{0}]', copyIndex())).outputs.name.value]", + "resourceId": "[reference(format('trafficController_frontends[{0}]', copyIndex())).outputs.resourceId.value]", + "fqdn": "[reference(format('trafficController_frontends[{0}]', copyIndex())).outputs.fqdn.value]" + } + } + }, + "associations": { + "type": "array", + "metadata": { + "description": "The associations of the Application Gateway for Containers." + }, + "copy": { + "count": "[length(if(not(empty(parameters('associations'))), array(parameters('associations')), createArray()))]", + "input": { + "name": "[reference(format('trafficController_associations[{0}]', copyIndex())).outputs.name.value]", + "resourceId": "[reference(format('trafficController_associations[{0}]', copyIndex())).outputs.resourceId.value]", + "subnetResourceId": "[reference(format('trafficController_associations[{0}]', copyIndex())).outputs.subnetResourceId.value]" + } + } } } } \ No newline at end of file From 9fb824f9bdb40abc10f5a3df3db4f2d316974712 Mon Sep 17 00:00:00 2001 From: Kris Baranek <20225789+krbar@users.noreply.github.com> Date: Wed, 4 Sep 2024 16:55:56 +0200 Subject: [PATCH 06/18] update waf-aligned test case --- .../tests/e2e/waf-aligned/dependencies.bicep | 55 +++++++++++++++++++ .../tests/e2e/waf-aligned/main.test.bicep | 54 ++++++++++++++++++ 2 files changed, 109 insertions(+) create mode 100644 avm/res/service-networking/traffic-controller/tests/e2e/waf-aligned/dependencies.bicep diff --git a/avm/res/service-networking/traffic-controller/tests/e2e/waf-aligned/dependencies.bicep b/avm/res/service-networking/traffic-controller/tests/e2e/waf-aligned/dependencies.bicep new file mode 100644 index 0000000000..d0c4267c29 --- /dev/null +++ b/avm/res/service-networking/traffic-controller/tests/e2e/waf-aligned/dependencies.bicep @@ -0,0 +1,55 @@ +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +var addressPrefix = '10.0.0.0/16' + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-01-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + addressPrefix + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 24, 0) + delegations: [ + { + name: 'Microsoft.ServiceNetworking.trafficControllers' + properties: { + serviceName: 'Microsoft.ServiceNetworking/trafficControllers' + } + } + ] + } + } + { + name: 'customSubnet-1' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 24, 1) + delegations: [ + { + name: 'Microsoft.ServiceNetworking.trafficControllers' + properties: { + serviceName: 'Microsoft.ServiceNetworking/trafficControllers' + } + } + ] + } + } + ] + } +} + +@description('The resource ID of the created default Virtual Network Subnet.') +output defaultSubnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The resource ID of the created custom Virtual Network Subnet.') +output customSubnetResourceId string = virtualNetwork.properties.subnets[1].id diff --git a/avm/res/service-networking/traffic-controller/tests/e2e/waf-aligned/main.test.bicep b/avm/res/service-networking/traffic-controller/tests/e2e/waf-aligned/main.test.bicep index 2008cdbc8d..cc1fc5c70c 100644 --- a/avm/res/service-networking/traffic-controller/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/service-networking/traffic-controller/tests/e2e/waf-aligned/main.test.bicep @@ -31,6 +31,29 @@ resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { location: resourceLocation } +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' + params: { + location: resourceLocation + virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' + } +} + +// Diagnostics +// =========== +module diagnosticDependencies '../../../../../../utilities/e2e-template-assets/templates/diagnostic.dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-diagnosticDependencies' + params: { + storageAccountName: 'dep${namePrefix}diasa${serviceShort}01' + logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}' + eventHubNamespaceEventHubName: 'dep-${namePrefix}-evh-${serviceShort}' + eventHubNamespaceName: 'dep-${namePrefix}-evhns-${serviceShort}' + location: resourceLocation + } +} + // ============== // // Test Execution // // ============== // @@ -43,6 +66,37 @@ module testDeployment '../../../main.bicep' = [ params: { name: '${namePrefix}${serviceShort}001' location: resourceLocation + frontends: [ + { + name: 'frontend1' + } + { + name: 'frontend2' + } + ] + associations: [ + { + name: 'association1' + subnetResourceId: nestedDependencies.outputs.defaultSubnetResourceId + } + { + name: 'association2' + subnetResourceId: nestedDependencies.outputs.customSubnetResourceId + } + ] + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + diagnosticSettings: [ + { + eventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName + eventHubAuthorizationRuleResourceId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId + storageAccountResourceId: diagnosticDependencies.outputs.storageAccountResourceId + workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId + } + ] } } ] From 42898026a66bd197459b8cbe5e23064a6a29282e Mon Sep 17 00:00:00 2001 From: Kris Baranek <20225789+krbar@users.noreply.github.com> Date: Wed, 4 Sep 2024 17:18:30 +0200 Subject: [PATCH 07/18] testing with one association due to limitations --- .../traffic-controller/README.md | 70 ++++++++++++++++--- .../traffic-controller/main.bicep | 1 - .../traffic-controller/main.json | 6 +- .../tests/e2e/max/main.test.bicep | 4 -- .../tests/e2e/waf-aligned/main.test.bicep | 4 -- 5 files changed, 64 insertions(+), 21 deletions(-) diff --git a/avm/res/service-networking/traffic-controller/README.md b/avm/res/service-networking/traffic-controller/README.md index ea8c53afb7..d85b29ad35 100644 --- a/avm/res/service-networking/traffic-controller/README.md +++ b/avm/res/service-networking/traffic-controller/README.md @@ -103,10 +103,6 @@ module trafficController 'br/public:avm/res/service-networking/traffic-controlle name: 'association1' subnetResourceId: '' } - { - name: 'association2' - subnetResourceId: '' - } ] diagnosticSettings: [ { @@ -185,10 +181,6 @@ module trafficController 'br/public:avm/res/service-networking/traffic-controlle { "name": "association1", "subnetResourceId": "" - }, - { - "name": "association2", - "subnetResourceId": "" } ] }, @@ -278,7 +270,34 @@ module trafficController 'br/public:avm/res/service-networking/traffic-controlle // Required parameters name: 'sntcwaf001' // Non-required parameters + associations: [ + { + name: 'association1' + subnetResourceId: '' + } + ] + diagnosticSettings: [ + { + eventHubAuthorizationRuleResourceId: '' + eventHubName: '' + storageAccountResourceId: '' + workspaceResourceId: '' + } + ] + frontends: [ + { + name: 'frontend1' + } + { + name: 'frontend2' + } + ] location: '' + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } } } ``` @@ -300,8 +319,43 @@ module trafficController 'br/public:avm/res/service-networking/traffic-controlle "value": "sntcwaf001" }, // Non-required parameters + "associations": { + "value": [ + { + "name": "association1", + "subnetResourceId": "" + } + ] + }, + "diagnosticSettings": { + "value": [ + { + "eventHubAuthorizationRuleResourceId": "", + "eventHubName": "", + "storageAccountResourceId": "", + "workspaceResourceId": "" + } + ] + }, + "frontends": { + "value": [ + { + "name": "frontend1" + }, + { + "name": "frontend2" + } + ] + }, "location": { "value": "" + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } } } } diff --git a/avm/res/service-networking/traffic-controller/main.bicep b/avm/res/service-networking/traffic-controller/main.bicep index 7854861063..e2aaaf8960 100644 --- a/avm/res/service-networking/traffic-controller/main.bicep +++ b/avm/res/service-networking/traffic-controller/main.bicep @@ -155,7 +155,6 @@ module trafficController_frontends 'frontend/main.bicep' = [ } ] -@batchSize(1) module trafficController_associations 'association/main.bicep' = [ for (association, index) in (associations ?? []): { name: '${uniqueString(deployment().name, location)}-TrafficController-Association-${index}' diff --git a/avm/res/service-networking/traffic-controller/main.json b/avm/res/service-networking/traffic-controller/main.json index 02419323d9..a0de7e0a07 100644 --- a/avm/res/service-networking/traffic-controller/main.json +++ b/avm/res/service-networking/traffic-controller/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "17520170210972736649" + "templateHash": "17736752067873572874" }, "name": "Application Gateway for Containers", "description": "This module deploys an Application Gateway for Containers", @@ -555,9 +555,7 @@ "trafficController_associations": { "copy": { "name": "trafficController_associations", - "count": "[length(coalesce(parameters('associations'), createArray()))]", - "mode": "serial", - "batchSize": 1 + "count": "[length(coalesce(parameters('associations'), createArray()))]" }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", diff --git a/avm/res/service-networking/traffic-controller/tests/e2e/max/main.test.bicep b/avm/res/service-networking/traffic-controller/tests/e2e/max/main.test.bicep index e62e4614e7..0194e2aded 100644 --- a/avm/res/service-networking/traffic-controller/tests/e2e/max/main.test.bicep +++ b/avm/res/service-networking/traffic-controller/tests/e2e/max/main.test.bicep @@ -80,10 +80,6 @@ module testDeployment '../../../main.bicep' = [ name: 'association1' subnetResourceId: nestedDependencies.outputs.defaultSubnetResourceId } - { - name: 'association2' - subnetResourceId: nestedDependencies.outputs.customSubnetResourceId - } ] tags: { 'hidden-title': 'This is visible in the resource name' diff --git a/avm/res/service-networking/traffic-controller/tests/e2e/waf-aligned/main.test.bicep b/avm/res/service-networking/traffic-controller/tests/e2e/waf-aligned/main.test.bicep index cc1fc5c70c..499b6a760a 100644 --- a/avm/res/service-networking/traffic-controller/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/service-networking/traffic-controller/tests/e2e/waf-aligned/main.test.bicep @@ -79,10 +79,6 @@ module testDeployment '../../../main.bicep' = [ name: 'association1' subnetResourceId: nestedDependencies.outputs.defaultSubnetResourceId } - { - name: 'association2' - subnetResourceId: nestedDependencies.outputs.customSubnetResourceId - } ] tags: { 'hidden-title': 'This is visible in the resource name' From 4509a19ba2d2bb52a398409e2dc5f0aadd9bad1d Mon Sep 17 00:00:00 2001 From: Kris Baranek <20225789+krbar@users.noreply.github.com> Date: Wed, 4 Sep 2024 17:19:40 +0200 Subject: [PATCH 08/18] remove unnecessary outputs --- .../traffic-controller/README.md | 2 -- .../traffic-controller/main.bicep | 6 ------ .../traffic-controller/main.json | 16 +--------------- 3 files changed, 1 insertion(+), 23 deletions(-) diff --git a/avm/res/service-networking/traffic-controller/README.md b/avm/res/service-networking/traffic-controller/README.md index d85b29ad35..69c313b665 100644 --- a/avm/res/service-networking/traffic-controller/README.md +++ b/avm/res/service-networking/traffic-controller/README.md @@ -748,10 +748,8 @@ Resource tags. | Output | Type | Description | | :-- | :-- | :-- | -| `associationResourceIds` | array | The resource Ids of the Application Gateway for Containers associations. | | `associations` | array | The associations of the Application Gateway for Containers. | | `configurationEndpoints` | array | The configuration endpoints of the Application Gateway for Containers. | -| `frontendResourceIds` | array | The resource Ids of the Application Gateway for Containers frontends. | | `frontends` | array | The frontends of the Application Gateway for Containers. | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the Application Gateway for Containers. | diff --git a/avm/res/service-networking/traffic-controller/main.bicep b/avm/res/service-networking/traffic-controller/main.bicep index e2aaaf8960..ced9b0e298 100644 --- a/avm/res/service-networking/traffic-controller/main.bicep +++ b/avm/res/service-networking/traffic-controller/main.bicep @@ -183,12 +183,6 @@ output location string = trafficController.location @description('The configuration endpoints of the Application Gateway for Containers.') output configurationEndpoints string[] = trafficController.properties.configurationEndpoints -@description('The resource Ids of the Application Gateway for Containers associations.') -output associationResourceIds array = trafficController.properties.associations - -@description('The resource Ids of the Application Gateway for Containers frontends.') -output frontendResourceIds array = trafficController.properties.frontends - @description('The frontends of the Application Gateway for Containers.') output frontends array = [ for (frontend, i) in (!empty(frontends) ? array(frontends) : []): { diff --git a/avm/res/service-networking/traffic-controller/main.json b/avm/res/service-networking/traffic-controller/main.json index a0de7e0a07..53aa26bff4 100644 --- a/avm/res/service-networking/traffic-controller/main.json +++ b/avm/res/service-networking/traffic-controller/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "17736752067873572874" + "templateHash": "13124242633763720321" }, "name": "Application Gateway for Containers", "description": "This module deploys an Application Gateway for Containers", @@ -702,20 +702,6 @@ }, "value": "[reference('trafficController').configurationEndpoints]" }, - "associationResourceIds": { - "type": "array", - "metadata": { - "description": "The resource Ids of the Application Gateway for Containers associations." - }, - "value": "[reference('trafficController').associations]" - }, - "frontendResourceIds": { - "type": "array", - "metadata": { - "description": "The resource Ids of the Application Gateway for Containers frontends." - }, - "value": "[reference('trafficController').frontends]" - }, "frontends": { "type": "array", "metadata": { From 5fef92701343d95f7d8363dbdf7baf350d4c6f53 Mon Sep 17 00:00:00 2001 From: Kris Baranek <20225789+krbar@users.noreply.github.com> Date: Wed, 4 Sep 2024 22:03:50 +0200 Subject: [PATCH 09/18] api versions, new test case --- .../traffic-controller/README.md | 116 ++++++++++++++++-- .../traffic-controller/association/README.md | 2 +- .../traffic-controller/association/main.bicep | 4 +- .../traffic-controller/association/main.json | 6 +- .../traffic-controller/frontend/README.md | 2 +- .../traffic-controller/frontend/main.bicep | 4 +- .../traffic-controller/frontend/main.json | 6 +- .../traffic-controller/main.bicep | 2 +- .../traffic-controller/main.json | 18 +-- .../tests/e2e/defaults/main.test.bicep | 2 +- .../tests/e2e/max/dependencies.bicep | 17 --- .../tests/e2e/max/main.test.bicep | 4 +- .../tests/e2e/mlt-assoc/dependencies.bicep | 72 +++++++++++ .../tests/e2e/mlt-assoc/main.test.bicep | 80 ++++++++++++ 14 files changed, 286 insertions(+), 49 deletions(-) create mode 100644 avm/res/service-networking/traffic-controller/tests/e2e/mlt-assoc/dependencies.bicep create mode 100644 avm/res/service-networking/traffic-controller/tests/e2e/mlt-assoc/main.test.bicep diff --git a/avm/res/service-networking/traffic-controller/README.md b/avm/res/service-networking/traffic-controller/README.md index 69c313b665..38fae7e420 100644 --- a/avm/res/service-networking/traffic-controller/README.md +++ b/avm/res/service-networking/traffic-controller/README.md @@ -9,6 +9,7 @@ This module deploys an Application Gateway for Containers - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) +- [Notes](#Notes) - [Data Collection](#Data-Collection) ## Resource Types @@ -18,9 +19,9 @@ This module deploys an Application Gateway for Containers | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.ServiceNetworking/trafficControllers` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/2023-11-01/trafficControllers) | -| `Microsoft.ServiceNetworking/trafficControllers/associations` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/2023-11-01/trafficControllers/associations) | -| `Microsoft.ServiceNetworking/trafficControllers/frontends` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/2023-11-01/trafficControllers/frontends) | +| `Microsoft.ServiceNetworking/trafficControllers` | [2024-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/trafficControllers) | +| `Microsoft.ServiceNetworking/trafficControllers/associations` | [2024-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/trafficControllers/associations) | +| `Microsoft.ServiceNetworking/trafficControllers/frontends` | [2024-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/trafficControllers/frontends) | ## Usage examples @@ -32,7 +33,8 @@ The following section provides usage examples for the module, which were used to - [Using only defaults](#example-1-using-only-defaults) - [Using large parameter set](#example-2-using-large-parameter-set) -- [WAF-aligned](#example-3-waf-aligned) +- [Using multiple associations](#example-3-using-multiple-associations) +- [WAF-aligned](#example-4-waf-aligned) ### Example 1: _Using only defaults_ @@ -133,7 +135,7 @@ module trafficController 'br/public:avm/res/service-networking/traffic-controlle } roleAssignments: [ { - name: 'b60b8539-9af5-4208-b75d-f44d1f39b9f8' + name: '8346d536-fca9-4629-abd4-28b05be89682' principalId: '' principalType: 'ServicePrincipal' roleDefinitionIdOrName: 'Owner' @@ -222,7 +224,7 @@ module trafficController 'br/public:avm/res/service-networking/traffic-controlle "roleAssignments": { "value": [ { - "name": "b60b8539-9af5-4208-b75d-f44d1f39b9f8", + "name": "8346d536-fca9-4629-abd4-28b05be89682", "principalId": "", "principalType": "ServicePrincipal", "roleDefinitionIdOrName": "Owner" @@ -254,7 +256,103 @@ module trafficController 'br/public:avm/res/service-networking/traffic-controlle

-### Example 3: _WAF-aligned_ +### Example 3: _Using multiple associations_ + +This instance deploys the module with multiple associations. + + +

+ +via Bicep module + +```bicep +module trafficController 'br/public:avm/res/service-networking/traffic-controller:' = { + name: 'trafficControllerDeployment' + params: { + // Required parameters + name: 'sntcma001' + // Non-required parameters + associations: [ + { + name: 'association1' + subnetResourceId: '' + } + { + name: 'association2' + subnetResourceId: '' + } + { + name: 'association3' + subnetResourceId: '' + } + ] + frontends: [ + { + name: 'frontend1' + } + { + name: 'frontend2' + } + ] + location: '' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "sntcma001" + }, + // Non-required parameters + "associations": { + "value": [ + { + "name": "association1", + "subnetResourceId": "" + }, + { + "name": "association2", + "subnetResourceId": "" + }, + { + "name": "association3", + "subnetResourceId": "" + } + ] + }, + "frontends": { + "value": [ + { + "name": "frontend1" + }, + { + "name": "frontend2" + } + ] + }, + "location": { + "value": "" + } + } +} +``` + +
+

+ +### Example 4: _WAF-aligned_ This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework. @@ -759,6 +857,10 @@ Resource tags. _None_ +## Notes + +> **Limitation**: This resource is not idempotent when deployed with more than one association. The deployment will fail if the resource already exists. + ## Data Collection The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the [repository](https://aka.ms/avm/telemetry). There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at . You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices. diff --git a/avm/res/service-networking/traffic-controller/association/README.md b/avm/res/service-networking/traffic-controller/association/README.md index e99cc7cbc4..ba263a1ded 100644 --- a/avm/res/service-networking/traffic-controller/association/README.md +++ b/avm/res/service-networking/traffic-controller/association/README.md @@ -14,7 +14,7 @@ This module deploys an Application Gateway for Containers Association | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ServiceNetworking/trafficControllers/associations` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/2023-11-01/trafficControllers/associations) | +| `Microsoft.ServiceNetworking/trafficControllers/associations` | [2024-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/trafficControllers/associations) | ## Parameters diff --git a/avm/res/service-networking/traffic-controller/association/main.bicep b/avm/res/service-networking/traffic-controller/association/main.bicep index fbe439fe94..f6ece5736f 100644 --- a/avm/res/service-networking/traffic-controller/association/main.bicep +++ b/avm/res/service-networking/traffic-controller/association/main.bicep @@ -18,11 +18,11 @@ param subnetResourceId string // Resources // // ============== // -resource trafficController 'Microsoft.ServiceNetworking/trafficControllers@2023-11-01' existing = { +resource trafficController 'Microsoft.ServiceNetworking/trafficControllers@2024-05-01-preview' existing = { name: trafficControllerName } -resource association 'Microsoft.ServiceNetworking/trafficControllers/associations@2023-11-01' = { +resource association 'Microsoft.ServiceNetworking/trafficControllers/associations@2024-05-01-preview' = { name: name parent: trafficController location: location diff --git a/avm/res/service-networking/traffic-controller/association/main.json b/avm/res/service-networking/traffic-controller/association/main.json index c4b076d35b..cdc65a45a6 100644 --- a/avm/res/service-networking/traffic-controller/association/main.json +++ b/avm/res/service-networking/traffic-controller/association/main.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "13830191223102804829" + "templateHash": "7986846506079673422" }, "name": "Application Gateway for Containers Association", "description": "This module deploys an Application Gateway for Containers Association", @@ -41,7 +41,7 @@ "resources": [ { "type": "Microsoft.ServiceNetworking/trafficControllers/associations", - "apiVersion": "2023-11-01", + "apiVersion": "2024-05-01-preview", "name": "[format('{0}/{1}', parameters('trafficControllerName'), parameters('name'))]", "location": "[parameters('location')]", "properties": { @@ -79,7 +79,7 @@ "metadata": { "description": "The resource ID of the associated subnet." }, - "value": "[reference(resourceId('Microsoft.ServiceNetworking/trafficControllers/associations', parameters('trafficControllerName'), parameters('name')), '2023-11-01').subnet.id]" + "value": "[reference(resourceId('Microsoft.ServiceNetworking/trafficControllers/associations', parameters('trafficControllerName'), parameters('name')), '2024-05-01-preview').subnet.id]" } } } \ No newline at end of file diff --git a/avm/res/service-networking/traffic-controller/frontend/README.md b/avm/res/service-networking/traffic-controller/frontend/README.md index 90d67c01ad..682b2d7c66 100644 --- a/avm/res/service-networking/traffic-controller/frontend/README.md +++ b/avm/res/service-networking/traffic-controller/frontend/README.md @@ -14,7 +14,7 @@ This module deploys an Application Gateway for Containers Frontend | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ServiceNetworking/trafficControllers/frontends` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/2023-11-01/trafficControllers/frontends) | +| `Microsoft.ServiceNetworking/trafficControllers/frontends` | [2024-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/trafficControllers/frontends) | ## Parameters diff --git a/avm/res/service-networking/traffic-controller/frontend/main.bicep b/avm/res/service-networking/traffic-controller/frontend/main.bicep index e466ea4d31..ffcde1299a 100644 --- a/avm/res/service-networking/traffic-controller/frontend/main.bicep +++ b/avm/res/service-networking/traffic-controller/frontend/main.bicep @@ -15,11 +15,11 @@ param trafficControllerName string // Resources // // ============== // -resource trafficController 'Microsoft.ServiceNetworking/trafficControllers@2023-11-01' existing = { +resource trafficController 'Microsoft.ServiceNetworking/trafficControllers@2024-05-01-preview' existing = { name: trafficControllerName } -resource frontend 'Microsoft.ServiceNetworking/trafficControllers/frontends@2023-11-01' = { +resource frontend 'Microsoft.ServiceNetworking/trafficControllers/frontends@2024-05-01-preview' = { name: name parent: trafficController location: location diff --git a/avm/res/service-networking/traffic-controller/frontend/main.json b/avm/res/service-networking/traffic-controller/frontend/main.json index 60970770d0..a4e7b11ced 100644 --- a/avm/res/service-networking/traffic-controller/frontend/main.json +++ b/avm/res/service-networking/traffic-controller/frontend/main.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "15229634960628564975" + "templateHash": "9632611076475736751" }, "name": "Application Gateway for Containers Frontend", "description": "This module deploys an Application Gateway for Containers Frontend", @@ -35,7 +35,7 @@ "resources": [ { "type": "Microsoft.ServiceNetworking/trafficControllers/frontends", - "apiVersion": "2023-11-01", + "apiVersion": "2024-05-01-preview", "name": "[format('{0}/{1}', parameters('trafficControllerName'), parameters('name'))]", "location": "[parameters('location')]", "properties": {} @@ -68,7 +68,7 @@ "metadata": { "description": "The FQDN of the frontend." }, - "value": "[reference(resourceId('Microsoft.ServiceNetworking/trafficControllers/frontends', parameters('trafficControllerName'), parameters('name')), '2023-11-01').fqdn]" + "value": "[reference(resourceId('Microsoft.ServiceNetworking/trafficControllers/frontends', parameters('trafficControllerName'), parameters('name')), '2024-05-01-preview').fqdn]" } } } \ No newline at end of file diff --git a/avm/res/service-networking/traffic-controller/main.bicep b/avm/res/service-networking/traffic-controller/main.bicep index ced9b0e298..ed4dc950bf 100644 --- a/avm/res/service-networking/traffic-controller/main.bicep +++ b/avm/res/service-networking/traffic-controller/main.bicep @@ -77,7 +77,7 @@ resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableT } } -resource trafficController 'Microsoft.ServiceNetworking/trafficControllers@2023-11-01' = { +resource trafficController 'Microsoft.ServiceNetworking/trafficControllers@2024-05-01-preview' = { name: name location: location tags: tags diff --git a/avm/res/service-networking/traffic-controller/main.json b/avm/res/service-networking/traffic-controller/main.json index 53aa26bff4..409f750006 100644 --- a/avm/res/service-networking/traffic-controller/main.json +++ b/avm/res/service-networking/traffic-controller/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "13124242633763720321" + "templateHash": "10289782131577390458" }, "name": "Application Gateway for Containers", "description": "This module deploys an Application Gateway for Containers", @@ -366,7 +366,7 @@ }, "trafficController": { "type": "Microsoft.ServiceNetworking/trafficControllers", - "apiVersion": "2023-11-01", + "apiVersion": "2024-05-01-preview", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -480,7 +480,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "15229634960628564975" + "templateHash": "9632611076475736751" }, "name": "Application Gateway for Containers Frontend", "description": "This module deploys an Application Gateway for Containers Frontend", @@ -510,7 +510,7 @@ "resources": [ { "type": "Microsoft.ServiceNetworking/trafficControllers/frontends", - "apiVersion": "2023-11-01", + "apiVersion": "2024-05-01-preview", "name": "[format('{0}/{1}', parameters('trafficControllerName'), parameters('name'))]", "location": "[parameters('location')]", "properties": {} @@ -543,7 +543,7 @@ "metadata": { "description": "The FQDN of the frontend." }, - "value": "[reference(resourceId('Microsoft.ServiceNetworking/trafficControllers/frontends', parameters('trafficControllerName'), parameters('name')), '2023-11-01').fqdn]" + "value": "[reference(resourceId('Microsoft.ServiceNetworking/trafficControllers/frontends', parameters('trafficControllerName'), parameters('name')), '2024-05-01-preview').fqdn]" } } } @@ -586,7 +586,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "13830191223102804829" + "templateHash": "7986846506079673422" }, "name": "Application Gateway for Containers Association", "description": "This module deploys an Application Gateway for Containers Association", @@ -622,7 +622,7 @@ "resources": [ { "type": "Microsoft.ServiceNetworking/trafficControllers/associations", - "apiVersion": "2023-11-01", + "apiVersion": "2024-05-01-preview", "name": "[format('{0}/{1}', parameters('trafficControllerName'), parameters('name'))]", "location": "[parameters('location')]", "properties": { @@ -660,7 +660,7 @@ "metadata": { "description": "The resource ID of the associated subnet." }, - "value": "[reference(resourceId('Microsoft.ServiceNetworking/trafficControllers/associations', parameters('trafficControllerName'), parameters('name')), '2023-11-01').subnet.id]" + "value": "[reference(resourceId('Microsoft.ServiceNetworking/trafficControllers/associations', parameters('trafficControllerName'), parameters('name')), '2024-05-01-preview').subnet.id]" } } } @@ -690,7 +690,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('trafficController', '2023-11-01', 'full').location]" + "value": "[reference('trafficController', '2024-05-01-preview', 'full').location]" }, "configurationEndpoints": { "type": "array", diff --git a/avm/res/service-networking/traffic-controller/tests/e2e/defaults/main.test.bicep b/avm/res/service-networking/traffic-controller/tests/e2e/defaults/main.test.bicep index 58fdf1020f..3204196c73 100644 --- a/avm/res/service-networking/traffic-controller/tests/e2e/defaults/main.test.bicep +++ b/avm/res/service-networking/traffic-controller/tests/e2e/defaults/main.test.bicep @@ -26,7 +26,7 @@ param namePrefix string = '#_namePrefix_#' // General resources // ================= -resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { +resource resourceGroup 'Microsoft.Resources/resourceGroups@2024-03-01' = { name: resourceGroupName location: resourceLocation } diff --git a/avm/res/service-networking/traffic-controller/tests/e2e/max/dependencies.bicep b/avm/res/service-networking/traffic-controller/tests/e2e/max/dependencies.bicep index 912509d00a..ee481bbc78 100644 --- a/avm/res/service-networking/traffic-controller/tests/e2e/max/dependencies.bicep +++ b/avm/res/service-networking/traffic-controller/tests/e2e/max/dependencies.bicep @@ -38,20 +38,6 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-01-01' = { ] } } - { - name: 'customSubnet-1' - properties: { - addressPrefix: cidrSubnet(addressPrefix, 24, 1) - delegations: [ - { - name: 'Microsoft.ServiceNetworking.trafficControllers' - properties: { - serviceName: 'Microsoft.ServiceNetworking/trafficControllers' - } - } - ] - } - } ] } } @@ -61,6 +47,3 @@ output managedIdentityPrincipalId string = managedIdentity.properties.principalI @description('The resource ID of the created default Virtual Network Subnet.') output defaultSubnetResourceId string = virtualNetwork.properties.subnets[0].id - -@description('The resource ID of the created custom Virtual Network Subnet.') -output customSubnetResourceId string = virtualNetwork.properties.subnets[1].id diff --git a/avm/res/service-networking/traffic-controller/tests/e2e/max/main.test.bicep b/avm/res/service-networking/traffic-controller/tests/e2e/max/main.test.bicep index 0194e2aded..c7f8d41b96 100644 --- a/avm/res/service-networking/traffic-controller/tests/e2e/max/main.test.bicep +++ b/avm/res/service-networking/traffic-controller/tests/e2e/max/main.test.bicep @@ -26,7 +26,7 @@ param namePrefix string = '#_namePrefix_#' // General resources // ================= -resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { +resource resourceGroup 'Microsoft.Resources/resourceGroups@2024-03-01' = { name: resourceGroupName location: resourceLocation } @@ -92,7 +92,7 @@ module testDeployment '../../../main.bicep' = [ } roleAssignments: [ { - name: 'b60b8539-9af5-4208-b75d-f44d1f39b9f8' + name: '8346d536-fca9-4629-abd4-28b05be89682' roleDefinitionIdOrName: 'Owner' principalId: nestedDependencies.outputs.managedIdentityPrincipalId principalType: 'ServicePrincipal' diff --git a/avm/res/service-networking/traffic-controller/tests/e2e/mlt-assoc/dependencies.bicep b/avm/res/service-networking/traffic-controller/tests/e2e/mlt-assoc/dependencies.bicep new file mode 100644 index 0000000000..e826ccf12d --- /dev/null +++ b/avm/res/service-networking/traffic-controller/tests/e2e/mlt-assoc/dependencies.bicep @@ -0,0 +1,72 @@ +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +var addressPrefix = '10.0.0.0/16' + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-01-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + addressPrefix + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 24, 0) + delegations: [ + { + name: 'Microsoft.ServiceNetworking.trafficControllers' + properties: { + serviceName: 'Microsoft.ServiceNetworking/trafficControllers' + } + } + ] + } + } + { + name: 'customSubnet-1' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 24, 1) + delegations: [ + { + name: 'Microsoft.ServiceNetworking.trafficControllers' + properties: { + serviceName: 'Microsoft.ServiceNetworking/trafficControllers' + } + } + ] + } + } + { + name: 'customSubnet-2' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 24, 2) + delegations: [ + { + name: 'Microsoft.ServiceNetworking.trafficControllers' + properties: { + serviceName: 'Microsoft.ServiceNetworking/trafficControllers' + } + } + ] + } + } + ] + } +} + +@description('The resource ID of the created default Virtual Network Subnet.') +output defaultSubnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The resource ID of the created custom Virtual Network Subnet.') +output customSubnetResourceId string = virtualNetwork.properties.subnets[1].id + +@description('The resource ID of the created custom Virtual Network Subnet.') +output customSubnet2ResourceId string = virtualNetwork.properties.subnets[2].id diff --git a/avm/res/service-networking/traffic-controller/tests/e2e/mlt-assoc/main.test.bicep b/avm/res/service-networking/traffic-controller/tests/e2e/mlt-assoc/main.test.bicep new file mode 100644 index 0000000000..83b86a7aac --- /dev/null +++ b/avm/res/service-networking/traffic-controller/tests/e2e/mlt-assoc/main.test.bicep @@ -0,0 +1,80 @@ +targetScope = 'subscription' + +metadata name = 'Using multiple associations' +metadata description = 'This instance deploys the module with multiple associations.' +metadata note = 'Please note that this test is not idempotent. When deploying multiple associations, the deployment will fail on the second deployment attempt.' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-servicenetworking-trafficcontrollers-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'sntcma' + +@description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') +param namePrefix string = '#_namePrefix_#' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2024-03-01' = { + name: resourceGroupName + location: resourceLocation +} + +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' + params: { + location: resourceLocation + virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' + } +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [ + for iteration in ['init', 'idem']: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + name: '${namePrefix}${serviceShort}001' + location: resourceLocation + frontends: [ + { + name: 'frontend1' + } + { + name: 'frontend2' + } + ] + associations: [ + { + name: 'association1' + subnetResourceId: nestedDependencies.outputs.defaultSubnetResourceId + } + { + name: 'association2' + subnetResourceId: nestedDependencies.outputs.customSubnetResourceId + } + { + name: 'association3' + subnetResourceId: nestedDependencies.outputs.customSubnet2ResourceId + } + ] + } + } +] From 1ad34a3b48e45f3c8fa801ea19ca31a927900838 Mon Sep 17 00:00:00 2001 From: Kris Baranek <20225789+krbar@users.noreply.github.com> Date: Wed, 4 Sep 2024 22:12:07 +0200 Subject: [PATCH 10/18] Revert api version --- .../traffic-controller/README.md | 6 +++--- .../traffic-controller/association/README.md | 2 +- .../traffic-controller/association/main.bicep | 4 ++-- .../traffic-controller/association/main.json | 6 +++--- .../traffic-controller/frontend/README.md | 2 +- .../traffic-controller/frontend/main.bicep | 4 ++-- .../traffic-controller/frontend/main.json | 6 +++--- .../traffic-controller/main.bicep | 2 +- .../traffic-controller/main.json | 18 +++++++++--------- 9 files changed, 25 insertions(+), 25 deletions(-) diff --git a/avm/res/service-networking/traffic-controller/README.md b/avm/res/service-networking/traffic-controller/README.md index 38fae7e420..fa96378bff 100644 --- a/avm/res/service-networking/traffic-controller/README.md +++ b/avm/res/service-networking/traffic-controller/README.md @@ -19,9 +19,9 @@ This module deploys an Application Gateway for Containers | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.ServiceNetworking/trafficControllers` | [2024-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/trafficControllers) | -| `Microsoft.ServiceNetworking/trafficControllers/associations` | [2024-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/trafficControllers/associations) | -| `Microsoft.ServiceNetworking/trafficControllers/frontends` | [2024-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/trafficControllers/frontends) | +| `Microsoft.ServiceNetworking/trafficControllers` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/2023-11-01/trafficControllers) | +| `Microsoft.ServiceNetworking/trafficControllers/associations` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/2023-11-01/trafficControllers/associations) | +| `Microsoft.ServiceNetworking/trafficControllers/frontends` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/2023-11-01/trafficControllers/frontends) | ## Usage examples diff --git a/avm/res/service-networking/traffic-controller/association/README.md b/avm/res/service-networking/traffic-controller/association/README.md index ba263a1ded..e99cc7cbc4 100644 --- a/avm/res/service-networking/traffic-controller/association/README.md +++ b/avm/res/service-networking/traffic-controller/association/README.md @@ -14,7 +14,7 @@ This module deploys an Application Gateway for Containers Association | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ServiceNetworking/trafficControllers/associations` | [2024-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/trafficControllers/associations) | +| `Microsoft.ServiceNetworking/trafficControllers/associations` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/2023-11-01/trafficControllers/associations) | ## Parameters diff --git a/avm/res/service-networking/traffic-controller/association/main.bicep b/avm/res/service-networking/traffic-controller/association/main.bicep index f6ece5736f..fbe439fe94 100644 --- a/avm/res/service-networking/traffic-controller/association/main.bicep +++ b/avm/res/service-networking/traffic-controller/association/main.bicep @@ -18,11 +18,11 @@ param subnetResourceId string // Resources // // ============== // -resource trafficController 'Microsoft.ServiceNetworking/trafficControllers@2024-05-01-preview' existing = { +resource trafficController 'Microsoft.ServiceNetworking/trafficControllers@2023-11-01' existing = { name: trafficControllerName } -resource association 'Microsoft.ServiceNetworking/trafficControllers/associations@2024-05-01-preview' = { +resource association 'Microsoft.ServiceNetworking/trafficControllers/associations@2023-11-01' = { name: name parent: trafficController location: location diff --git a/avm/res/service-networking/traffic-controller/association/main.json b/avm/res/service-networking/traffic-controller/association/main.json index cdc65a45a6..c4b076d35b 100644 --- a/avm/res/service-networking/traffic-controller/association/main.json +++ b/avm/res/service-networking/traffic-controller/association/main.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "7986846506079673422" + "templateHash": "13830191223102804829" }, "name": "Application Gateway for Containers Association", "description": "This module deploys an Application Gateway for Containers Association", @@ -41,7 +41,7 @@ "resources": [ { "type": "Microsoft.ServiceNetworking/trafficControllers/associations", - "apiVersion": "2024-05-01-preview", + "apiVersion": "2023-11-01", "name": "[format('{0}/{1}', parameters('trafficControllerName'), parameters('name'))]", "location": "[parameters('location')]", "properties": { @@ -79,7 +79,7 @@ "metadata": { "description": "The resource ID of the associated subnet." }, - "value": "[reference(resourceId('Microsoft.ServiceNetworking/trafficControllers/associations', parameters('trafficControllerName'), parameters('name')), '2024-05-01-preview').subnet.id]" + "value": "[reference(resourceId('Microsoft.ServiceNetworking/trafficControllers/associations', parameters('trafficControllerName'), parameters('name')), '2023-11-01').subnet.id]" } } } \ No newline at end of file diff --git a/avm/res/service-networking/traffic-controller/frontend/README.md b/avm/res/service-networking/traffic-controller/frontend/README.md index 682b2d7c66..90d67c01ad 100644 --- a/avm/res/service-networking/traffic-controller/frontend/README.md +++ b/avm/res/service-networking/traffic-controller/frontend/README.md @@ -14,7 +14,7 @@ This module deploys an Application Gateway for Containers Frontend | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ServiceNetworking/trafficControllers/frontends` | [2024-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/trafficControllers/frontends) | +| `Microsoft.ServiceNetworking/trafficControllers/frontends` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceNetworking/2023-11-01/trafficControllers/frontends) | ## Parameters diff --git a/avm/res/service-networking/traffic-controller/frontend/main.bicep b/avm/res/service-networking/traffic-controller/frontend/main.bicep index ffcde1299a..e466ea4d31 100644 --- a/avm/res/service-networking/traffic-controller/frontend/main.bicep +++ b/avm/res/service-networking/traffic-controller/frontend/main.bicep @@ -15,11 +15,11 @@ param trafficControllerName string // Resources // // ============== // -resource trafficController 'Microsoft.ServiceNetworking/trafficControllers@2024-05-01-preview' existing = { +resource trafficController 'Microsoft.ServiceNetworking/trafficControllers@2023-11-01' existing = { name: trafficControllerName } -resource frontend 'Microsoft.ServiceNetworking/trafficControllers/frontends@2024-05-01-preview' = { +resource frontend 'Microsoft.ServiceNetworking/trafficControllers/frontends@2023-11-01' = { name: name parent: trafficController location: location diff --git a/avm/res/service-networking/traffic-controller/frontend/main.json b/avm/res/service-networking/traffic-controller/frontend/main.json index a4e7b11ced..60970770d0 100644 --- a/avm/res/service-networking/traffic-controller/frontend/main.json +++ b/avm/res/service-networking/traffic-controller/frontend/main.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "9632611076475736751" + "templateHash": "15229634960628564975" }, "name": "Application Gateway for Containers Frontend", "description": "This module deploys an Application Gateway for Containers Frontend", @@ -35,7 +35,7 @@ "resources": [ { "type": "Microsoft.ServiceNetworking/trafficControllers/frontends", - "apiVersion": "2024-05-01-preview", + "apiVersion": "2023-11-01", "name": "[format('{0}/{1}', parameters('trafficControllerName'), parameters('name'))]", "location": "[parameters('location')]", "properties": {} @@ -68,7 +68,7 @@ "metadata": { "description": "The FQDN of the frontend." }, - "value": "[reference(resourceId('Microsoft.ServiceNetworking/trafficControllers/frontends', parameters('trafficControllerName'), parameters('name')), '2024-05-01-preview').fqdn]" + "value": "[reference(resourceId('Microsoft.ServiceNetworking/trafficControllers/frontends', parameters('trafficControllerName'), parameters('name')), '2023-11-01').fqdn]" } } } \ No newline at end of file diff --git a/avm/res/service-networking/traffic-controller/main.bicep b/avm/res/service-networking/traffic-controller/main.bicep index ed4dc950bf..ced9b0e298 100644 --- a/avm/res/service-networking/traffic-controller/main.bicep +++ b/avm/res/service-networking/traffic-controller/main.bicep @@ -77,7 +77,7 @@ resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableT } } -resource trafficController 'Microsoft.ServiceNetworking/trafficControllers@2024-05-01-preview' = { +resource trafficController 'Microsoft.ServiceNetworking/trafficControllers@2023-11-01' = { name: name location: location tags: tags diff --git a/avm/res/service-networking/traffic-controller/main.json b/avm/res/service-networking/traffic-controller/main.json index 409f750006..53aa26bff4 100644 --- a/avm/res/service-networking/traffic-controller/main.json +++ b/avm/res/service-networking/traffic-controller/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "10289782131577390458" + "templateHash": "13124242633763720321" }, "name": "Application Gateway for Containers", "description": "This module deploys an Application Gateway for Containers", @@ -366,7 +366,7 @@ }, "trafficController": { "type": "Microsoft.ServiceNetworking/trafficControllers", - "apiVersion": "2024-05-01-preview", + "apiVersion": "2023-11-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -480,7 +480,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "9632611076475736751" + "templateHash": "15229634960628564975" }, "name": "Application Gateway for Containers Frontend", "description": "This module deploys an Application Gateway for Containers Frontend", @@ -510,7 +510,7 @@ "resources": [ { "type": "Microsoft.ServiceNetworking/trafficControllers/frontends", - "apiVersion": "2024-05-01-preview", + "apiVersion": "2023-11-01", "name": "[format('{0}/{1}', parameters('trafficControllerName'), parameters('name'))]", "location": "[parameters('location')]", "properties": {} @@ -543,7 +543,7 @@ "metadata": { "description": "The FQDN of the frontend." }, - "value": "[reference(resourceId('Microsoft.ServiceNetworking/trafficControllers/frontends', parameters('trafficControllerName'), parameters('name')), '2024-05-01-preview').fqdn]" + "value": "[reference(resourceId('Microsoft.ServiceNetworking/trafficControllers/frontends', parameters('trafficControllerName'), parameters('name')), '2023-11-01').fqdn]" } } } @@ -586,7 +586,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "7986846506079673422" + "templateHash": "13830191223102804829" }, "name": "Application Gateway for Containers Association", "description": "This module deploys an Application Gateway for Containers Association", @@ -622,7 +622,7 @@ "resources": [ { "type": "Microsoft.ServiceNetworking/trafficControllers/associations", - "apiVersion": "2024-05-01-preview", + "apiVersion": "2023-11-01", "name": "[format('{0}/{1}', parameters('trafficControllerName'), parameters('name'))]", "location": "[parameters('location')]", "properties": { @@ -660,7 +660,7 @@ "metadata": { "description": "The resource ID of the associated subnet." }, - "value": "[reference(resourceId('Microsoft.ServiceNetworking/trafficControllers/associations', parameters('trafficControllerName'), parameters('name')), '2024-05-01-preview').subnet.id]" + "value": "[reference(resourceId('Microsoft.ServiceNetworking/trafficControllers/associations', parameters('trafficControllerName'), parameters('name')), '2023-11-01').subnet.id]" } } } @@ -690,7 +690,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('trafficController', '2024-05-01-preview', 'full').location]" + "value": "[reference('trafficController', '2023-11-01', 'full').location]" }, "configurationEndpoints": { "type": "array", From 8bb835547d19d61fc0b74b401cda76d0ee5d0175 Mon Sep 17 00:00:00 2001 From: Kris Baranek <20225789+krbar@users.noreply.github.com> Date: Wed, 4 Sep 2024 22:24:42 +0200 Subject: [PATCH 11/18] Remove multiple associations test --- .../traffic-controller/README.md | 111 ++---------------- .../traffic-controller/main.bicep | 2 +- .../traffic-controller/main.json | 4 +- .../tests/e2e/max/main.test.bicep | 2 +- .../tests/e2e/mlt-assoc/dependencies.bicep | 72 ------------ .../tests/e2e/mlt-assoc/main.test.bicep | 80 ------------- .../tests/e2e/waf-aligned/dependencies.bicep | 17 --- 7 files changed, 11 insertions(+), 277 deletions(-) delete mode 100644 avm/res/service-networking/traffic-controller/tests/e2e/mlt-assoc/dependencies.bicep delete mode 100644 avm/res/service-networking/traffic-controller/tests/e2e/mlt-assoc/main.test.bicep diff --git a/avm/res/service-networking/traffic-controller/README.md b/avm/res/service-networking/traffic-controller/README.md index fa96378bff..209766b3af 100644 --- a/avm/res/service-networking/traffic-controller/README.md +++ b/avm/res/service-networking/traffic-controller/README.md @@ -33,8 +33,7 @@ The following section provides usage examples for the module, which were used to - [Using only defaults](#example-1-using-only-defaults) - [Using large parameter set](#example-2-using-large-parameter-set) -- [Using multiple associations](#example-3-using-multiple-associations) -- [WAF-aligned](#example-4-waf-aligned) +- [WAF-aligned](#example-3-waf-aligned) ### Example 1: _Using only defaults_ @@ -135,7 +134,7 @@ module trafficController 'br/public:avm/res/service-networking/traffic-controlle } roleAssignments: [ { - name: '8346d536-fca9-4629-abd4-28b05be89682' + name: 'a6931c52-0b79-4fe9-ad3d-72188dfff379' principalId: '' principalType: 'ServicePrincipal' roleDefinitionIdOrName: 'Owner' @@ -224,7 +223,7 @@ module trafficController 'br/public:avm/res/service-networking/traffic-controlle "roleAssignments": { "value": [ { - "name": "8346d536-fca9-4629-abd4-28b05be89682", + "name": "a6931c52-0b79-4fe9-ad3d-72188dfff379", "principalId": "", "principalType": "ServicePrincipal", "roleDefinitionIdOrName": "Owner" @@ -256,103 +255,7 @@ module trafficController 'br/public:avm/res/service-networking/traffic-controlle

-### Example 3: _Using multiple associations_ - -This instance deploys the module with multiple associations. - - -

- -via Bicep module - -```bicep -module trafficController 'br/public:avm/res/service-networking/traffic-controller:' = { - name: 'trafficControllerDeployment' - params: { - // Required parameters - name: 'sntcma001' - // Non-required parameters - associations: [ - { - name: 'association1' - subnetResourceId: '' - } - { - name: 'association2' - subnetResourceId: '' - } - { - name: 'association3' - subnetResourceId: '' - } - ] - frontends: [ - { - name: 'frontend1' - } - { - name: 'frontend2' - } - ] - location: '' - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "sntcma001" - }, - // Non-required parameters - "associations": { - "value": [ - { - "name": "association1", - "subnetResourceId": "" - }, - { - "name": "association2", - "subnetResourceId": "" - }, - { - "name": "association3", - "subnetResourceId": "" - } - ] - }, - "frontends": { - "value": [ - { - "name": "frontend1" - }, - { - "name": "frontend2" - } - ] - }, - "location": { - "value": "" - } - } -} -``` - -
-

- -### Example 4: _WAF-aligned_ +### Example 3: _WAF-aligned_ This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework. @@ -475,7 +378,7 @@ module trafficController 'br/public:avm/res/service-networking/traffic-controlle | Parameter | Type | Description | | :-- | :-- | :-- | -| [`associations`](#parameter-associations) | array | List of Application Gateway for Containers associations. | +| [`associations`](#parameter-associations) | array | List of Application Gateway for Containers associations. At this time, the number of associations is limited to 1 | | [`diagnosticSettings`](#parameter-diagnosticsettings) | array | The diagnostic settings of the service. | | [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`frontends`](#parameter-frontends) | array | List of Application Gateway for Containers frontends. | @@ -493,7 +396,7 @@ Name of the Application Gateway for Containers to create. ### Parameter: `associations` -List of Application Gateway for Containers associations. +List of Application Gateway for Containers associations. At this time, the number of associations is limited to 1 - Required: No - Type: array @@ -859,7 +762,7 @@ _None_ ## Notes -> **Limitation**: This resource is not idempotent when deployed with more than one association. The deployment will fail if the resource already exists. +> **Limitation**: At this time, the number of associations is limited to 1 (Source: [Application Gateway for Containers associations](https://learn.microsoft.com/en-us/azure/application-gateway/for-containers/application-gateway-for-containers-components#application-gateway-for-containers-associations)) ## Data Collection diff --git a/avm/res/service-networking/traffic-controller/main.bicep b/avm/res/service-networking/traffic-controller/main.bicep index ced9b0e298..77ac1ee436 100644 --- a/avm/res/service-networking/traffic-controller/main.bicep +++ b/avm/res/service-networking/traffic-controller/main.bicep @@ -26,7 +26,7 @@ param roleAssignments roleAssignmentType @description('Optional. List of Application Gateway for Containers frontends.') param frontends frontendType -@description('Optional. List of Application Gateway for Containers associations.') +@description('Optional. List of Application Gateway for Containers associations. At this time, the number of associations is limited to 1') param associations associationType var builtInRoleNames = { diff --git a/avm/res/service-networking/traffic-controller/main.json b/avm/res/service-networking/traffic-controller/main.json index 53aa26bff4..fd706eefd4 100644 --- a/avm/res/service-networking/traffic-controller/main.json +++ b/avm/res/service-networking/traffic-controller/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "13124242633763720321" + "templateHash": "15660297707775550584" }, "name": "Application Gateway for Containers", "description": "This module deploys an Application Gateway for Containers", @@ -323,7 +323,7 @@ "associations": { "$ref": "#/definitions/associationType", "metadata": { - "description": "Optional. List of Application Gateway for Containers associations." + "description": "Optional. List of Application Gateway for Containers associations. At this time, the number of associations is limited to 1" } } }, diff --git a/avm/res/service-networking/traffic-controller/tests/e2e/max/main.test.bicep b/avm/res/service-networking/traffic-controller/tests/e2e/max/main.test.bicep index c7f8d41b96..3636eeb929 100644 --- a/avm/res/service-networking/traffic-controller/tests/e2e/max/main.test.bicep +++ b/avm/res/service-networking/traffic-controller/tests/e2e/max/main.test.bicep @@ -92,7 +92,7 @@ module testDeployment '../../../main.bicep' = [ } roleAssignments: [ { - name: '8346d536-fca9-4629-abd4-28b05be89682' + name: 'a6931c52-0b79-4fe9-ad3d-72188dfff379' roleDefinitionIdOrName: 'Owner' principalId: nestedDependencies.outputs.managedIdentityPrincipalId principalType: 'ServicePrincipal' diff --git a/avm/res/service-networking/traffic-controller/tests/e2e/mlt-assoc/dependencies.bicep b/avm/res/service-networking/traffic-controller/tests/e2e/mlt-assoc/dependencies.bicep deleted file mode 100644 index e826ccf12d..0000000000 --- a/avm/res/service-networking/traffic-controller/tests/e2e/mlt-assoc/dependencies.bicep +++ /dev/null @@ -1,72 +0,0 @@ -@description('Optional. The location to deploy resources to.') -param location string = resourceGroup().location - -@description('Required. The name of the Virtual Network to create.') -param virtualNetworkName string - -var addressPrefix = '10.0.0.0/16' - -resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-01-01' = { - name: virtualNetworkName - location: location - properties: { - addressSpace: { - addressPrefixes: [ - addressPrefix - ] - } - subnets: [ - { - name: 'defaultSubnet' - properties: { - addressPrefix: cidrSubnet(addressPrefix, 24, 0) - delegations: [ - { - name: 'Microsoft.ServiceNetworking.trafficControllers' - properties: { - serviceName: 'Microsoft.ServiceNetworking/trafficControllers' - } - } - ] - } - } - { - name: 'customSubnet-1' - properties: { - addressPrefix: cidrSubnet(addressPrefix, 24, 1) - delegations: [ - { - name: 'Microsoft.ServiceNetworking.trafficControllers' - properties: { - serviceName: 'Microsoft.ServiceNetworking/trafficControllers' - } - } - ] - } - } - { - name: 'customSubnet-2' - properties: { - addressPrefix: cidrSubnet(addressPrefix, 24, 2) - delegations: [ - { - name: 'Microsoft.ServiceNetworking.trafficControllers' - properties: { - serviceName: 'Microsoft.ServiceNetworking/trafficControllers' - } - } - ] - } - } - ] - } -} - -@description('The resource ID of the created default Virtual Network Subnet.') -output defaultSubnetResourceId string = virtualNetwork.properties.subnets[0].id - -@description('The resource ID of the created custom Virtual Network Subnet.') -output customSubnetResourceId string = virtualNetwork.properties.subnets[1].id - -@description('The resource ID of the created custom Virtual Network Subnet.') -output customSubnet2ResourceId string = virtualNetwork.properties.subnets[2].id diff --git a/avm/res/service-networking/traffic-controller/tests/e2e/mlt-assoc/main.test.bicep b/avm/res/service-networking/traffic-controller/tests/e2e/mlt-assoc/main.test.bicep deleted file mode 100644 index 83b86a7aac..0000000000 --- a/avm/res/service-networking/traffic-controller/tests/e2e/mlt-assoc/main.test.bicep +++ /dev/null @@ -1,80 +0,0 @@ -targetScope = 'subscription' - -metadata name = 'Using multiple associations' -metadata description = 'This instance deploys the module with multiple associations.' -metadata note = 'Please note that this test is not idempotent. When deploying multiple associations, the deployment will fail on the second deployment attempt.' - -// ========== // -// Parameters // -// ========== // - -@description('Optional. The name of the resource group to deploy for testing purposes.') -@maxLength(90) -param resourceGroupName string = 'dep-${namePrefix}-servicenetworking-trafficcontrollers-${serviceShort}-rg' - -@description('Optional. The location to deploy resources to.') -param resourceLocation string = deployment().location - -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'sntcma' - -@description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') -param namePrefix string = '#_namePrefix_#' - -// ============ // -// Dependencies // -// ============ // - -// General resources -// ================= -resource resourceGroup 'Microsoft.Resources/resourceGroups@2024-03-01' = { - name: resourceGroupName - location: resourceLocation -} - -module nestedDependencies 'dependencies.bicep' = { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' - params: { - location: resourceLocation - virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' - } -} - -// ============== // -// Test Execution // -// ============== // - -@batchSize(1) -module testDeployment '../../../main.bicep' = [ - for iteration in ['init', 'idem']: { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' - params: { - name: '${namePrefix}${serviceShort}001' - location: resourceLocation - frontends: [ - { - name: 'frontend1' - } - { - name: 'frontend2' - } - ] - associations: [ - { - name: 'association1' - subnetResourceId: nestedDependencies.outputs.defaultSubnetResourceId - } - { - name: 'association2' - subnetResourceId: nestedDependencies.outputs.customSubnetResourceId - } - { - name: 'association3' - subnetResourceId: nestedDependencies.outputs.customSubnet2ResourceId - } - ] - } - } -] diff --git a/avm/res/service-networking/traffic-controller/tests/e2e/waf-aligned/dependencies.bicep b/avm/res/service-networking/traffic-controller/tests/e2e/waf-aligned/dependencies.bicep index d0c4267c29..c71e8b7ac8 100644 --- a/avm/res/service-networking/traffic-controller/tests/e2e/waf-aligned/dependencies.bicep +++ b/avm/res/service-networking/traffic-controller/tests/e2e/waf-aligned/dependencies.bicep @@ -30,26 +30,9 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-01-01' = { ] } } - { - name: 'customSubnet-1' - properties: { - addressPrefix: cidrSubnet(addressPrefix, 24, 1) - delegations: [ - { - name: 'Microsoft.ServiceNetworking.trafficControllers' - properties: { - serviceName: 'Microsoft.ServiceNetworking/trafficControllers' - } - } - ] - } - } ] } } @description('The resource ID of the created default Virtual Network Subnet.') output defaultSubnetResourceId string = virtualNetwork.properties.subnets[0].id - -@description('The resource ID of the created custom Virtual Network Subnet.') -output customSubnetResourceId string = virtualNetwork.properties.subnets[1].id From 1a27887c1c890bc89f1df791de5af27c6753deaa Mon Sep 17 00:00:00 2001 From: Kris Baranek <20225789+krbar@users.noreply.github.com> Date: Wed, 4 Sep 2024 22:27:31 +0200 Subject: [PATCH 12/18] Update CODEOWNERS/issule template --- .github/CODEOWNERS | 1 + .github/ISSUE_TEMPLATE/avm_module_issue.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 431863270c..f9a3258c35 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -139,6 +139,7 @@ /avm/res/search/search-service/ @Azure/avm-res-search-searchservice-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/res/service-bus/namespace/ @Azure/avm-res-servicebus-namespace-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/res/service-fabric/cluster/ @Azure/avm-res-servicefabric-cluster-module-owners-bicep @Azure/avm-module-reviewers-bicep +/avm/res/service-networking/traffic-controller/ @Azure/avm-res-servicenetworking-trafficcontroller-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/res/signal-r-service/signal-r/ @Azure/avm-res-signalrservice-signalr-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/res/signal-r-service/web-pub-sub/ @Azure/avm-res-signalrservice-webpubsub-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/res/sql/instance-pool/ @Azure/avm-res-sql-instancepool-module-owners-bicep @Azure/avm-module-reviewers-bicep diff --git a/.github/ISSUE_TEMPLATE/avm_module_issue.yml b/.github/ISSUE_TEMPLATE/avm_module_issue.yml index 10db46eb59..d41da401d0 100644 --- a/.github/ISSUE_TEMPLATE/avm_module_issue.yml +++ b/.github/ISSUE_TEMPLATE/avm_module_issue.yml @@ -174,6 +174,7 @@ body: - "avm/res/search/search-service" - "avm/res/service-bus/namespace" - "avm/res/service-fabric/cluster" + - "avm/res/service-networking/traffic-controller" - "avm/res/signal-r-service/signal-r" - "avm/res/signal-r-service/web-pub-sub" - "avm/res/sql/instance-pool" From e6f8fbd27480b3b8363700aaa6c492f893fda935 Mon Sep 17 00:00:00 2001 From: Kris Baranek <20225789+krbar@users.noreply.github.com> Date: Wed, 4 Sep 2024 22:30:40 +0200 Subject: [PATCH 13/18] Add missing resourceGroupName output --- avm/res/service-networking/traffic-controller/README.md | 1 + avm/res/service-networking/traffic-controller/main.bicep | 3 +++ avm/res/service-networking/traffic-controller/main.json | 9 ++++++++- 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/avm/res/service-networking/traffic-controller/README.md b/avm/res/service-networking/traffic-controller/README.md index 209766b3af..07efbfd179 100644 --- a/avm/res/service-networking/traffic-controller/README.md +++ b/avm/res/service-networking/traffic-controller/README.md @@ -754,6 +754,7 @@ Resource tags. | `frontends` | array | The frontends of the Application Gateway for Containers. | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the Application Gateway for Containers. | +| `resourceGroupName` | string | The name of the resource group the resource was created in. | | `resourceId` | string | The resource ID of the Application Gateway for Containers. | ## Cross-referenced modules diff --git a/avm/res/service-networking/traffic-controller/main.bicep b/avm/res/service-networking/traffic-controller/main.bicep index 77ac1ee436..1b07c833d5 100644 --- a/avm/res/service-networking/traffic-controller/main.bicep +++ b/avm/res/service-networking/traffic-controller/main.bicep @@ -177,6 +177,9 @@ output resourceId string = trafficController.id @description('The name of the Application Gateway for Containers.') output name string = trafficController.name +@description('The name of the resource group the resource was created in.') +output resourceGroupName string = resourceGroup().name + @description('The location the resource was deployed into.') output location string = trafficController.location diff --git a/avm/res/service-networking/traffic-controller/main.json b/avm/res/service-networking/traffic-controller/main.json index fd706eefd4..e3589cb47d 100644 --- a/avm/res/service-networking/traffic-controller/main.json +++ b/avm/res/service-networking/traffic-controller/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "15660297707775550584" + "templateHash": "8148243425150230458" }, "name": "Application Gateway for Containers", "description": "This module deploys an Application Gateway for Containers", @@ -685,6 +685,13 @@ }, "value": "[parameters('name')]" }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the resource was created in." + }, + "value": "[resourceGroup().name]" + }, "location": { "type": "string", "metadata": { From 907364279196658dfe5d49f0c9dc50693449765b Mon Sep 17 00:00:00 2001 From: Kris Baranek <20225789+krbar@users.noreply.github.com> Date: Wed, 4 Sep 2024 22:48:07 +0200 Subject: [PATCH 14/18] Add missing dot, limit number of associations --- avm/res/service-networking/traffic-controller/README.md | 4 ++-- avm/res/service-networking/traffic-controller/main.bicep | 3 ++- avm/res/service-networking/traffic-controller/main.json | 7 ++++--- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/avm/res/service-networking/traffic-controller/README.md b/avm/res/service-networking/traffic-controller/README.md index 07efbfd179..5ccafe59d2 100644 --- a/avm/res/service-networking/traffic-controller/README.md +++ b/avm/res/service-networking/traffic-controller/README.md @@ -378,7 +378,7 @@ module trafficController 'br/public:avm/res/service-networking/traffic-controlle | Parameter | Type | Description | | :-- | :-- | :-- | -| [`associations`](#parameter-associations) | array | List of Application Gateway for Containers associations. At this time, the number of associations is limited to 1 | +| [`associations`](#parameter-associations) | array | List of Application Gateway for Containers associations. At this time, the number of associations is limited to 1. | | [`diagnosticSettings`](#parameter-diagnosticsettings) | array | The diagnostic settings of the service. | | [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`frontends`](#parameter-frontends) | array | List of Application Gateway for Containers frontends. | @@ -396,7 +396,7 @@ Name of the Application Gateway for Containers to create. ### Parameter: `associations` -List of Application Gateway for Containers associations. At this time, the number of associations is limited to 1 +List of Application Gateway for Containers associations. At this time, the number of associations is limited to 1. - Required: No - Type: array diff --git a/avm/res/service-networking/traffic-controller/main.bicep b/avm/res/service-networking/traffic-controller/main.bicep index 1b07c833d5..2ac083b224 100644 --- a/avm/res/service-networking/traffic-controller/main.bicep +++ b/avm/res/service-networking/traffic-controller/main.bicep @@ -26,7 +26,7 @@ param roleAssignments roleAssignmentType @description('Optional. List of Application Gateway for Containers frontends.') param frontends frontendType -@description('Optional. List of Application Gateway for Containers associations. At this time, the number of associations is limited to 1') +@description('Optional. List of Application Gateway for Containers associations. At this time, the number of associations is limited to 1.') param associations associationType var builtInRoleNames = { @@ -213,6 +213,7 @@ type frontendType = { name: string }[]? +@maxLength(1) type associationType = { @description('Required. The name of the Application Gateway for Containers association.') name: string diff --git a/avm/res/service-networking/traffic-controller/main.json b/avm/res/service-networking/traffic-controller/main.json index e3589cb47d..69803432a5 100644 --- a/avm/res/service-networking/traffic-controller/main.json +++ b/avm/res/service-networking/traffic-controller/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "8148243425150230458" + "templateHash": "12596859376760798164" }, "name": "Application Gateway for Containers", "description": "This module deploys an Application Gateway for Containers", @@ -47,7 +47,8 @@ } } }, - "nullable": true + "nullable": true, + "maxLength": 1 }, "lockType": { "type": "object", @@ -323,7 +324,7 @@ "associations": { "$ref": "#/definitions/associationType", "metadata": { - "description": "Optional. List of Application Gateway for Containers associations. At this time, the number of associations is limited to 1" + "description": "Optional. List of Application Gateway for Containers associations. At this time, the number of associations is limited to 1." } } }, From 6a86739185018ea58498c92aaaec30f8f65510ca Mon Sep 17 00:00:00 2001 From: Kris Baranek <20225789+krbar@users.noreply.github.com> Date: Tue, 1 Oct 2024 02:11:48 +0200 Subject: [PATCH 15/18] Update README/ARM --- .../service-networking/traffic-controller/README.md | 13 ++++++------- .../traffic-controller/association/README.md | 11 ----------- .../traffic-controller/association/main.json | 4 ++-- .../traffic-controller/frontend/README.md | 11 ----------- .../traffic-controller/frontend/main.json | 4 ++-- .../service-networking/traffic-controller/main.json | 12 ++++++------ 6 files changed, 16 insertions(+), 39 deletions(-) diff --git a/avm/res/service-networking/traffic-controller/README.md b/avm/res/service-networking/traffic-controller/README.md index 5ccafe59d2..ce5cb08d93 100644 --- a/avm/res/service-networking/traffic-controller/README.md +++ b/avm/res/service-networking/traffic-controller/README.md @@ -8,7 +8,6 @@ This module deploys an Application Gateway for Containers - [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) -- [Cross-referenced modules](#Cross-referenced-modules) - [Notes](#Notes) - [Data Collection](#Data-Collection) @@ -365,7 +364,6 @@ module trafficController 'br/public:avm/res/service-networking/traffic-controlle

- ## Parameters **Required parameters** @@ -646,6 +644,12 @@ Array of role assignments to create. - Required: No - Type: array +- Roles configurable by name: + - `'Contributor'` + - `'Owner'` + - `'Reader'` + - `'Role Based Access Control Administrator'` + - `'User Access Administrator'` **Required parameters** @@ -744,7 +748,6 @@ Resource tags. - Required: No - Type: object - ## Outputs | Output | Type | Description | @@ -757,10 +760,6 @@ Resource tags. | `resourceGroupName` | string | The name of the resource group the resource was created in. | | `resourceId` | string | The resource ID of the Application Gateway for Containers. | -## Cross-referenced modules - -_None_ - ## Notes > **Limitation**: At this time, the number of associations is limited to 1 (Source: [Application Gateway for Containers associations](https://learn.microsoft.com/en-us/azure/application-gateway/for-containers/application-gateway-for-containers-components#application-gateway-for-containers-associations)) diff --git a/avm/res/service-networking/traffic-controller/association/README.md b/avm/res/service-networking/traffic-controller/association/README.md index e99cc7cbc4..87488abfe2 100644 --- a/avm/res/service-networking/traffic-controller/association/README.md +++ b/avm/res/service-networking/traffic-controller/association/README.md @@ -7,8 +7,6 @@ This module deploys an Application Gateway for Containers Association - [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) -- [Cross-referenced modules](#Cross-referenced-modules) -- [Data Collection](#Data-Collection) ## Resource Types @@ -71,7 +69,6 @@ The resource ID of the subnet to associate with the traffic controller. - Required: Yes - Type: string - ## Outputs | Output | Type | Description | @@ -80,11 +77,3 @@ The resource ID of the subnet to associate with the traffic controller. | `resourceGroupName` | string | The name of the resource group the resource was created in. | | `resourceId` | string | The resource ID of the association. | | `subnetResourceId` | string | The resource ID of the associated subnet. | - -## Cross-referenced modules - -_None_ - -## Data Collection - -The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the [repository](https://aka.ms/avm/telemetry). There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at . You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices. diff --git a/avm/res/service-networking/traffic-controller/association/main.json b/avm/res/service-networking/traffic-controller/association/main.json index c4b076d35b..638bc670f4 100644 --- a/avm/res/service-networking/traffic-controller/association/main.json +++ b/avm/res/service-networking/traffic-controller/association/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.29.47.4906", - "templateHash": "13830191223102804829" + "version": "0.30.23.60470", + "templateHash": "17751059838446450774" }, "name": "Application Gateway for Containers Association", "description": "This module deploys an Application Gateway for Containers Association", diff --git a/avm/res/service-networking/traffic-controller/frontend/README.md b/avm/res/service-networking/traffic-controller/frontend/README.md index 90d67c01ad..c9447a6ba3 100644 --- a/avm/res/service-networking/traffic-controller/frontend/README.md +++ b/avm/res/service-networking/traffic-controller/frontend/README.md @@ -7,8 +7,6 @@ This module deploys an Application Gateway for Containers Frontend - [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) -- [Cross-referenced modules](#Cross-referenced-modules) -- [Data Collection](#Data-Collection) ## Resource Types @@ -58,7 +56,6 @@ Location for all Resources. - Type: string - Default: `[resourceGroup().location]` - ## Outputs | Output | Type | Description | @@ -67,11 +64,3 @@ Location for all Resources. | `name` | string | The name of the frontend. | | `resourceGroupName` | string | The name of the resource group the resource was created in. | | `resourceId` | string | The resource ID of the frontend. | - -## Cross-referenced modules - -_None_ - -## Data Collection - -The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the [repository](https://aka.ms/avm/telemetry). There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at . You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices. diff --git a/avm/res/service-networking/traffic-controller/frontend/main.json b/avm/res/service-networking/traffic-controller/frontend/main.json index 60970770d0..f3fb57ad7e 100644 --- a/avm/res/service-networking/traffic-controller/frontend/main.json +++ b/avm/res/service-networking/traffic-controller/frontend/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.29.47.4906", - "templateHash": "15229634960628564975" + "version": "0.30.23.60470", + "templateHash": "12093954076612099884" }, "name": "Application Gateway for Containers Frontend", "description": "This module deploys an Application Gateway for Containers Frontend", diff --git a/avm/res/service-networking/traffic-controller/main.json b/avm/res/service-networking/traffic-controller/main.json index 69803432a5..aa85cfc38c 100644 --- a/avm/res/service-networking/traffic-controller/main.json +++ b/avm/res/service-networking/traffic-controller/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.29.47.4906", - "templateHash": "12596859376760798164" + "version": "0.30.23.60470", + "templateHash": "13555357375349247834" }, "name": "Application Gateway for Containers", "description": "This module deploys an Application Gateway for Containers", @@ -480,8 +480,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.29.47.4906", - "templateHash": "15229634960628564975" + "version": "0.30.23.60470", + "templateHash": "12093954076612099884" }, "name": "Application Gateway for Containers Frontend", "description": "This module deploys an Application Gateway for Containers Frontend", @@ -586,8 +586,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.29.47.4906", - "templateHash": "13830191223102804829" + "version": "0.30.23.60470", + "templateHash": "17751059838446450774" }, "name": "Application Gateway for Containers Association", "description": "This module deploys an Application Gateway for Containers Association", From 39cb977af948839d9fe0ab9c2824f27dbd963e5f Mon Sep 17 00:00:00 2001 From: Kris Baranek <20225789+krbar@users.noreply.github.com> Date: Tue, 1 Oct 2024 21:34:21 +0200 Subject: [PATCH 16/18] Removed unnecessary comments Co-authored-by: Alexander Sehr --- .../traffic-controller/frontend/main.bicep | 6 ------ 1 file changed, 6 deletions(-) diff --git a/avm/res/service-networking/traffic-controller/frontend/main.bicep b/avm/res/service-networking/traffic-controller/frontend/main.bicep index e466ea4d31..ff1b703a07 100644 --- a/avm/res/service-networking/traffic-controller/frontend/main.bicep +++ b/avm/res/service-networking/traffic-controller/frontend/main.bicep @@ -42,9 +42,3 @@ output resourceGroupName string = resourceGroup().name @description('The FQDN of the frontend.') output fqdn string = frontend.properties.fqdn -// ================ // -// Definitions // -// ================ // -// -// Add your User-defined-types here, if any -// From 52b01f72feb2912f781e6bbc80d0500408e83f1f Mon Sep 17 00:00:00 2001 From: Kris Baranek <20225789+krbar@users.noreply.github.com> Date: Tue, 1 Oct 2024 21:34:31 +0200 Subject: [PATCH 17/18] Removed unnecessary comments Co-authored-by: Alexander Sehr --- .../traffic-controller/association/main.bicep | 7 ------- 1 file changed, 7 deletions(-) diff --git a/avm/res/service-networking/traffic-controller/association/main.bicep b/avm/res/service-networking/traffic-controller/association/main.bicep index fbe439fe94..70cc047a29 100644 --- a/avm/res/service-networking/traffic-controller/association/main.bicep +++ b/avm/res/service-networking/traffic-controller/association/main.bicep @@ -49,10 +49,3 @@ output resourceGroupName string = resourceGroup().name @description('The resource ID of the associated subnet.') output subnetResourceId string = association.properties.subnet.id - -// ================ // -// Definitions // -// ================ // -// -// Add your User-defined-types here, if any -// From 673432e3f832522cdcdb33e84eb8e6b787d89044 Mon Sep 17 00:00:00 2001 From: Kris Baranek <20225789+krbar@users.noreply.github.com> Date: Tue, 1 Oct 2024 21:37:12 +0200 Subject: [PATCH 18/18] Removed empty line --- .../service-networking/traffic-controller/frontend/main.bicep | 1 - 1 file changed, 1 deletion(-) diff --git a/avm/res/service-networking/traffic-controller/frontend/main.bicep b/avm/res/service-networking/traffic-controller/frontend/main.bicep index ff1b703a07..973eb532a7 100644 --- a/avm/res/service-networking/traffic-controller/frontend/main.bicep +++ b/avm/res/service-networking/traffic-controller/frontend/main.bicep @@ -41,4 +41,3 @@ output resourceGroupName string = resourceGroup().name @description('The FQDN of the frontend.') output fqdn string = frontend.properties.fqdn -