From 8e6f8c372a91b8e8c54c8047a85a663e6b46af9a Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Tue, 15 Oct 2024 10:30:58 -0400 Subject: [PATCH 01/30] Added test workflow --- .../avm.res.network.p2s-vpn-gateway.yml | 88 +++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 .github/workflows/avm.res.network.p2s-vpn-gateway.yml diff --git a/.github/workflows/avm.res.network.p2s-vpn-gateway.yml b/.github/workflows/avm.res.network.p2s-vpn-gateway.yml new file mode 100644 index 0000000000..0c828516c1 --- /dev/null +++ b/.github/workflows/avm.res.network.p2s-vpn-gateway.yml @@ -0,0 +1,88 @@ +name: "avm.res.network.p2s-vpn-gateway" + +on: + workflow_dispatch: + inputs: + staticValidation: + type: boolean + description: "Execute static validation" + required: false + default: true + deploymentValidation: + type: boolean + description: "Execute deployment validation" + required: false + default: true + removeDeployment: + type: boolean + description: "Remove deployed module" + required: false + default: true + customLocation: + type: string + description: "Default location overwrite (e.g., eastus)" + required: false + push: + branches: + - main + paths: + - ".github/actions/templates/avm-**" + - ".github/workflows/avm.template.module.yml" + - ".github/workflows/avm.res.network.p2s-vpn-gateway.yml" + - "avm/res/network/p2s-vpn-gateway/**" + - "avm/utilities/pipelines/**" + - "!avm/utilities/pipelines/platform/**" + - "!*/**/README.md" + +env: + modulePath: "avm/res/network/p2s-vpn-gateway" + workflowPath: ".github/workflows/avm.res.network.p2s-vpn-gateway.yml" + +concurrency: + group: ${{ github.workflow }} + +jobs: + ########################### + # Initialize pipeline # + ########################### + job_initialize_pipeline: + runs-on: ubuntu-latest + name: "Initialize pipeline" + steps: + - name: "Checkout" + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: "Set input parameters to output variables" + id: get-workflow-param + uses: ./.github/actions/templates/avm-getWorkflowInput + with: + workflowPath: "${{ env.workflowPath}}" + - name: "Get module test file paths" + id: get-module-test-file-paths + uses: ./.github/actions/templates/avm-getModuleTestFiles + with: + modulePath: "${{ env.modulePath }}" + outputs: + workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }} + moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }} + psRuleModuleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.psRuleModuleTestFilePaths }} + modulePath: "${{ env.modulePath }}" + + ############################## + # Call reusable workflow # + ############################## + call-workflow-passing-data: + name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags + needs: + - job_initialize_pipeline + uses: ./.github/workflows/avm.template.module.yml + with: + workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}" + moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}" + psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}" + modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}" + secrets: inherit From 62bfbf9e144b2622f71228b3090f36a5202f8360 Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Fri, 18 Oct 2024 14:43:37 -0400 Subject: [PATCH 02/30] feat: Add p2s-vpn-gateway module to network resources This commit adds the p2s-vpn-gateway module to the network resources in the avm/res/network directory. The module allows for the deployment of a Virtual Hub P2S Gateway. It includes the necessary Bicep files, tests, and dependencies. --- .github/CODEOWNERS | 1 + .github/ISSUE_TEMPLATE/avm_module_issue.yml | 1 + avm/res/network/p2s-vpn-gateway/main.bicep | 146 ++++++++++++++++++ .../tests/e2e/defaults/dependencies.bicep | 53 +++++++ .../tests/e2e/defaults/main.test.bicep | 62 ++++++++ avm/res/network/p2s-vpn-gateway/version.json | 7 + 6 files changed, 270 insertions(+) create mode 100644 avm/res/network/p2s-vpn-gateway/main.bicep create mode 100644 avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/dependencies.bicep create mode 100644 avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep create mode 100644 avm/res/network/p2s-vpn-gateway/version.json diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 34070f3b2b..5d6afd5f50 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -128,6 +128,7 @@ /avm/res/network/network-manager/ @Azure/avm-res-network-networkmanager-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/res/network/network-security-group/ @Azure/avm-res-network-networksecuritygroup-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/res/network/network-watcher/ @Azure/avm-res-network-networkwatcher-module-owners-bicep @Azure/avm-module-reviewers-bicep +/avm/res/network/p2s-vpn-gateway/ @Azure/avm-res-network-p2s-vpn-gateway-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/res/network/private-dns-zone/ @Azure/avm-res-network-privatednszone-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/res/network/private-endpoint/ @Azure/avm-res-network-privateendpoint-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/res/network/private-link-service/ @Azure/avm-res-network-privatelinkservice-module-owners-bicep @Azure/avm-module-reviewers-bicep diff --git a/.github/ISSUE_TEMPLATE/avm_module_issue.yml b/.github/ISSUE_TEMPLATE/avm_module_issue.yml index 56d3fb70d3..1b7f82bde4 100644 --- a/.github/ISSUE_TEMPLATE/avm_module_issue.yml +++ b/.github/ISSUE_TEMPLATE/avm_module_issue.yml @@ -163,6 +163,7 @@ body: - "avm/res/network/network-manager" - "avm/res/network/network-security-group" - "avm/res/network/network-watcher" + - "avm/res/network/p2s-vpn-gateway" - "avm/res/network/private-dns-zone" - "avm/res/network/private-endpoint" - "avm/res/network/private-link-service" diff --git a/avm/res/network/p2s-vpn-gateway/main.bicep b/avm/res/network/p2s-vpn-gateway/main.bicep new file mode 100644 index 0000000000..4ce7b5169e --- /dev/null +++ b/avm/res/network/p2s-vpn-gateway/main.bicep @@ -0,0 +1,146 @@ +metadata name = 'P2S VPN Gateway' +metadata description = 'This module deploys a Virtual Hub P2S Gateway.' +metadata owner = 'Azure/module-maintainers' + +param name string + +param location string + +param customDnsServers array = [] + +param isRoutingPreferenceInternet bool? + +param virtualHubId string + +param vpnGatewayScaleUnit int? + +param vpnServerConfigurationId string? + +@description('Optional. Tags of the resource.') +param tags object? + +@description('Optional. The lock settings of the service.') +param lock lockType + +@description('Optional. Enable/Disable usage telemetry for module.') +param enableTelemetry bool = true + +#disable-next-line no-deployments-resources +resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableTelemetry) { + name: take( + '46d3xbcp.res.network-p2svpngateway.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}', + 64 + ) + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + outputs: { + telemetry: { + type: 'String' + value: 'For more information, see https://aka.ms/avm/TelemetryInfo' + } + } + } + } +} + +resource p2sVpnGateway 'Microsoft.Network/p2svpnGateways@2024-01-01' = { + name: name + location: location + tags: tags + properties: { + customDnsServers: customDnsServers + isRoutingPreferenceInternet: isRoutingPreferenceInternet + /*p2SConnectionConfigurations: [ + { + id: + name: + properties: { + enableInternetSecurity: + routingConfiguration: { + associatedRouteTable: { + id: + } + inboundRouteMap: { + id: + } + outboundRouteMap: { + id: + } + propagatedRouteTables: { + ids: [ + { + id: + } + ] + labels: [ + ] + } + vnetRoutes: { + staticRoutes: [ + { + addressPrefixes: [ + ] + name: + nextHopIpAddress: + } + ] + staticRoutesConfig: { + vnetLocalRouteOverrideCriteria: + } + } + } + vpnClientAddressPool: { + addressPrefixes: [ + ] + } + } + } + ]*/ + virtualHub: { + id: virtualHubId + } + vpnGatewayScaleUnit: vpnGatewayScaleUnit + vpnServerConfiguration: { + id: vpnServerConfigurationId + } + } +} + +resource vpnGateway_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' + properties: { + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' + ? 'Cannot delete resource or child resources.' + : 'Cannot delete or modify the resource or child resources.' + } + scope: p2sVpnGateway +} + +@description('The name of the user VPN configuration.') +output name string = p2sVpnGateway.name + +@description('The resource ID of the user VPN configuration.') +output resourceId string = p2sVpnGateway.id + +@description('The name of the resource group the user VPN configuration was deployed into.') +output resourceGroupName string = resourceGroup().name + +@description('The location the resource was deployed into.') +output location string = p2sVpnGateway.location + +// =============== // +// Definitions // +// =============== // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/dependencies.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/dependencies.bicep new file mode 100644 index 0000000000..cc63a8f1a9 --- /dev/null +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/dependencies.bicep @@ -0,0 +1,53 @@ +@description('Required. The name of the virtual WAN to create.') +param virtualWANName string + +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +resource virtualWan 'Microsoft.Network/virtualWans@2024-01-01' = { + name: virtualWANName + location: location +} + +resource vpnServerConfiguration 'Microsoft.Network/vpnServerConfigurations@2024-01-01' = { + name: '${virtualWANName}-${location}-vpnServerConfiguration' + location: location + properties: { + name: '${virtualWANName}-${location}-VPNConfig' + vpnAuthenticationTypes: [ + 'AAD' + ] + vpnProtocols: [ + 'OpenVPN' + ] + } +} + +resource virtualHub 'Microsoft.Network/virtualHubs@2024-01-01' = { + name: '${virtualWANName}-${location}-hub' + location: location + properties: { + addressPrefix: '10.0.0.0/23' + virtualWan: { + id: virtualWan.id + } + } +} + +@description('The resource ID of the created Virtual WAN.') +output virtualWANResourceId string = virtualWan.id + +@description('The name of the created Virtual WAN.') +output virtualWANName string = virtualWan.name + +@description('The resource ID of the created Virtual Hub.') +output virtualHubResourceId string = virtualHub.id + +@description('The name of the created Virtual Hub.') +output virtualHubName string = virtualHub.name + +@description('The resource ID of the created VPN Server Configuration.') +output vpnServerConfigurationResourceId string = vpnServerConfiguration.id + +@description('The name of the created VPN Server Configuration.') +output vpnServerConfigurationName string = vpnServerConfiguration.name diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep new file mode 100644 index 0000000000..c9b6091641 --- /dev/null +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep @@ -0,0 +1,62 @@ +targetScope = 'subscription' + +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-network.p2svpngateway-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'vscmin' + +@description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') +//param namePrefix string = '#_namePrefix_#' +param namePrefix string = 'erschef' + + + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: resourceLocation +} + +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' + params: { + virtualWANName: 'dep-${namePrefix}-vw-${serviceShort}' + location: resourceLocation + } +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [ + for iteration in ['init', 'idem']: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + location: resourceLocation + name: '${namePrefix}${serviceShort}p2sVpnGw' + virtualHubId: nestedDependencies.outputs.virtualHubResourceId + vpnServerConfigurationId: nestedDependencies.outputs.vpnServerConfigurationResourceId + } + } +] diff --git a/avm/res/network/p2s-vpn-gateway/version.json b/avm/res/network/p2s-vpn-gateway/version.json new file mode 100644 index 0000000000..7245f14872 --- /dev/null +++ b/avm/res/network/p2s-vpn-gateway/version.json @@ -0,0 +1,7 @@ +{ + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.1", + "pathFilters": [ + "./main.json" + ] + } \ No newline at end of file From 7a921e6445f2e2c9220cff049c499321ca57de93 Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Fri, 25 Oct 2024 15:20:09 -0400 Subject: [PATCH 03/30] Updated tests --- avm/res/network/p2s-vpn-gateway/main.bicep | 96 ++++++++++++------- .../tests/e2e/defaults/dependencies.bicep | 6 +- .../tests/e2e/defaults/main.test.bicep | 4 + .../tests/e2e/max/dependencies.bicep | 57 +++++++++++ .../tests/e2e/max/main.test.bicep | 78 +++++++++++++++ 5 files changed, 207 insertions(+), 34 deletions(-) create mode 100644 avm/res/network/p2s-vpn-gateway/tests/e2e/max/dependencies.bicep create mode 100644 avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep diff --git a/avm/res/network/p2s-vpn-gateway/main.bicep b/avm/res/network/p2s-vpn-gateway/main.bicep index 4ce7b5169e..79d2f4106f 100644 --- a/avm/res/network/p2s-vpn-gateway/main.bicep +++ b/avm/res/network/p2s-vpn-gateway/main.bicep @@ -2,19 +2,48 @@ metadata name = 'P2S VPN Gateway' metadata description = 'This module deploys a Virtual Hub P2S Gateway.' metadata owner = 'Azure/module-maintainers' +@description('Required. The name of the P2S VPN Gateway.') param name string -param location string +@description('Required. Location where all resources will be created.') +param location string = resourceGroup().location +@description('Optional. The custom DNS servers for the P2S VPN Gateway.') param customDnsServers array = [] +@description('Optional. The routing preference for the P2S VPN Gateway, Internet or Microsoft network.') param isRoutingPreferenceInternet bool? -param virtualHubId string +@description('Required. The name of the P2S Connection Configuration.') +param p2SConnectionConfigurationsName string? +@description('Optional. Enable/Disable Internet Security; "Propagate Default Route".') +param enableInternetSecurity bool? + +@description('Optional. The Resource ID of the associated Virtual Hub Route Table.') +param associatedRouteTableId string? + +@description('Optional. The Resource ID of the inbound route map.') +param inboundRouteMapId string? + +@description('Optional. The Resource ID of the outbound route map.') +param outboundRouteMapId string? + +param propagatedRouteTableIds array = [] + +param propagatedRouteTableLabels array = [] + +param vnetRoutesStaticRoutes vnetRoutesStaticRoutesType? +param vpnClientAddressPoolAddressPrefixes array = [] + +@description('Required. The resource ID of the gateways virtual hub.') +param virtualHubId string? + +@description('Optional. The scale unit of the VPN Gateway.') param vpnGatewayScaleUnit int? -param vpnServerConfigurationId string? +@description('Required. The resource ID of the VPN Server Configuration.') +param vpnServerConfigurationId string @description('Optional. Tags of the resource.') param tags object? @@ -54,52 +83,33 @@ resource p2sVpnGateway 'Microsoft.Network/p2svpnGateways@2024-01-01' = { properties: { customDnsServers: customDnsServers isRoutingPreferenceInternet: isRoutingPreferenceInternet - /*p2SConnectionConfigurations: [ + p2SConnectionConfigurations: [ { - id: - name: + name: p2SConnectionConfigurationsName properties: { - enableInternetSecurity: + enableInternetSecurity: enableInternetSecurity routingConfiguration: { associatedRouteTable: { - id: + id: associatedRouteTableId } inboundRouteMap: { - id: + id: inboundRouteMapId } outboundRouteMap: { - id: + id: outboundRouteMapId } propagatedRouteTables: { - ids: [ - { - id: - } - ] - labels: [ - ] - } - vnetRoutes: { - staticRoutes: [ - { - addressPrefixes: [ - ] - name: - nextHopIpAddress: - } - ] - staticRoutesConfig: { - vnetLocalRouteOverrideCriteria: - } + ids: propagatedRouteTableIds + labels: propagatedRouteTableLabels } + vnetRoutes: vnetRoutesStaticRoutes } vpnClientAddressPool: { - addressPrefixes: [ - ] + addressPrefixes: vpnClientAddressPoolAddressPrefixes } } } - ]*/ + ] virtualHub: { id: virtualHubId } @@ -144,3 +154,23 @@ type lockType = { @description('Optional. Specify the type of lock.') kind: ('CanNotDelete' | 'ReadOnly' | 'None')? }? + +type vnetRoutesStaticRoutesType = { + staticRoutes: [ + { + @description('Optional. The address prefixes of the static route.') + addressPrefixes: array? + + @description('Optional. The name of the static route.') + name: string? + + @description('Optional. The next hop IP of the static route.') + nextHopIpAddress: string? + } + ] + staticRoutesConfig: { + @description('Optional. ') + vnetLocalRouteOverrideCriteria: string? + } +} + diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/dependencies.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/dependencies.bicep index cc63a8f1a9..dfc78768e5 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/dependencies.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/dependencies.bicep @@ -13,7 +13,11 @@ resource vpnServerConfiguration 'Microsoft.Network/vpnServerConfigurations@2024- name: '${virtualWANName}-${location}-vpnServerConfiguration' location: location properties: { - name: '${virtualWANName}-${location}-VPNConfig' + aadAuthenticationParameters: { + aadAudience: '11111111-1234-4321-1234-111111111111' + aadIssuer: 'https://sts.windows.net/11111111-1111-1111-1111-111111111111/' + aadTenant: 'https://login.microsoftonline.com/11111111-1111-1111-1111-111111111111' + } vpnAuthenticationTypes: [ 'AAD' ] diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep index c9b6091641..97f75bb3f5 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep @@ -57,6 +57,10 @@ module testDeployment '../../../main.bicep' = [ name: '${namePrefix}${serviceShort}p2sVpnGw' virtualHubId: nestedDependencies.outputs.virtualHubResourceId vpnServerConfigurationId: nestedDependencies.outputs.vpnServerConfigurationResourceId + p2SConnectionConfigurationsName: 'p2sConnectionConfig1' + vpnClientAddressPoolAddressPrefixes: [ + '10.0.2.0/24' + ] } } ] diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/max/dependencies.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/max/dependencies.bicep new file mode 100644 index 0000000000..dfc78768e5 --- /dev/null +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/max/dependencies.bicep @@ -0,0 +1,57 @@ +@description('Required. The name of the virtual WAN to create.') +param virtualWANName string + +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +resource virtualWan 'Microsoft.Network/virtualWans@2024-01-01' = { + name: virtualWANName + location: location +} + +resource vpnServerConfiguration 'Microsoft.Network/vpnServerConfigurations@2024-01-01' = { + name: '${virtualWANName}-${location}-vpnServerConfiguration' + location: location + properties: { + aadAuthenticationParameters: { + aadAudience: '11111111-1234-4321-1234-111111111111' + aadIssuer: 'https://sts.windows.net/11111111-1111-1111-1111-111111111111/' + aadTenant: 'https://login.microsoftonline.com/11111111-1111-1111-1111-111111111111' + } + vpnAuthenticationTypes: [ + 'AAD' + ] + vpnProtocols: [ + 'OpenVPN' + ] + } +} + +resource virtualHub 'Microsoft.Network/virtualHubs@2024-01-01' = { + name: '${virtualWANName}-${location}-hub' + location: location + properties: { + addressPrefix: '10.0.0.0/23' + virtualWan: { + id: virtualWan.id + } + } +} + +@description('The resource ID of the created Virtual WAN.') +output virtualWANResourceId string = virtualWan.id + +@description('The name of the created Virtual WAN.') +output virtualWANName string = virtualWan.name + +@description('The resource ID of the created Virtual Hub.') +output virtualHubResourceId string = virtualHub.id + +@description('The name of the created Virtual Hub.') +output virtualHubName string = virtualHub.name + +@description('The resource ID of the created VPN Server Configuration.') +output vpnServerConfigurationResourceId string = vpnServerConfiguration.id + +@description('The name of the created VPN Server Configuration.') +output vpnServerConfigurationName string = vpnServerConfiguration.name diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep new file mode 100644 index 0000000000..4ddf1a5e8c --- /dev/null +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep @@ -0,0 +1,78 @@ +targetScope = 'subscription' + +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-network.p2svpngateway-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'vscmax' + +@description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') +//param namePrefix string = '#_namePrefix_#' +param namePrefix string = 'erschef' + + + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: resourceLocation +} + +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' + params: { + virtualWANName: 'dep-${namePrefix}-vw-${serviceShort}' + location: resourceLocation + } +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [ + for iteration in ['init', 'idem']: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + location: resourceLocation + name: '${namePrefix}${serviceShort}p2sVpnGw' + virtualHubId: nestedDependencies.outputs.virtualHubResourceId + vpnServerConfigurationId: nestedDependencies.outputs.vpnServerConfigurationResourceId + customDnsServers: [ + '10.50.10.50' + '10.50.50.50' + ] + isRoutingPreferenceInternet: false + p2SConnectionConfigurationsName: 'p2sConnectionConfig1' + enableInternetSecurity: false + vpnClientAddressPoolAddressPrefixes: [ + '10.0.2.0/24' + ] + vpnGatewayScaleUnit: 5 + propagatedRouteTableIds: [ + { + id: nestedDependencies.outputs.virtualHubResourceId + } + ] + } + } +] From f1dedfe9c213ea65f416b0a4f3a5a7c7dd478447 Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Fri, 1 Nov 2024 10:15:57 -0400 Subject: [PATCH 04/30] Max tests succeeding --- avm/res/network/p2s-vpn-gateway/main.bicep | 54 +++++++---- .../tests/e2e/max/dependencies.bicep | 93 +++++++++++++++++++ .../tests/e2e/max/main.test.bicep | 19 ++-- 3 files changed, 139 insertions(+), 27 deletions(-) diff --git a/avm/res/network/p2s-vpn-gateway/main.bicep b/avm/res/network/p2s-vpn-gateway/main.bicep index 79d2f4106f..30c4bbafa4 100644 --- a/avm/res/network/p2s-vpn-gateway/main.bicep +++ b/avm/res/network/p2s-vpn-gateway/main.bicep @@ -8,6 +8,16 @@ param name string @description('Required. Location where all resources will be created.') param location string = resourceGroup().location +@allowed([ + 'noneRouteTable' + 'defaultRouteTable' +]) +@description('Conditional. The name of the associated route table, required if deploying in a Secure Virtual Hub; cannot be a custom route table.') +param associatedRouteTableName string? + +@description('Conditional. The names of the route tables to propagate to the P2S VPN Gateway.') +param propagatedRouteTableNames array = [] + @description('Optional. The custom DNS servers for the P2S VPN Gateway.') param customDnsServers array = [] @@ -20,24 +30,19 @@ param p2SConnectionConfigurationsName string? @description('Optional. Enable/Disable Internet Security; "Propagate Default Route".') param enableInternetSecurity bool? -@description('Optional. The Resource ID of the associated Virtual Hub Route Table.') -param associatedRouteTableId string? - @description('Optional. The Resource ID of the inbound route map.') -param inboundRouteMapId string? +param inboundRouteMapResourceId string? @description('Optional. The Resource ID of the outbound route map.') -param outboundRouteMapId string? +param outboundRouteMapResourceId string? -param propagatedRouteTableIds array = [] - -param propagatedRouteTableLabels array = [] +param propagatedLabelNames array = [] param vnetRoutesStaticRoutes vnetRoutesStaticRoutesType? param vpnClientAddressPoolAddressPrefixes array = [] @description('Required. The resource ID of the gateways virtual hub.') -param virtualHubId string? +param virtualHubId string @description('Optional. The scale unit of the VPN Gateway.') param vpnGatewayScaleUnit int? @@ -54,6 +59,13 @@ param lock lockType @description('Optional. Enable/Disable usage telemetry for module.') param enableTelemetry bool = true +// =============== // + +@description('Extract the virtual hub name from the virtual hub ID.') +var virtualHubName = split(virtualHubId, '/')[8] + +// ============== // + #disable-next-line no-deployments-resources resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableTelemetry) { name: take( @@ -89,18 +101,22 @@ resource p2sVpnGateway 'Microsoft.Network/p2svpnGateways@2024-01-01' = { properties: { enableInternetSecurity: enableInternetSecurity routingConfiguration: { - associatedRouteTable: { - id: associatedRouteTableId - } - inboundRouteMap: { - id: inboundRouteMapId - } - outboundRouteMap: { - id: outboundRouteMapId + associatedRouteTable: { + id: resourceId('Microsoft.Network/virtualHubs/hubRouteTables','${virtualHubName}','${associatedRouteTableName}') } + inboundRouteMap: (!empty(inboundRouteMapResourceId)) ? { + id: inboundRouteMapResourceId + } : null + outboundRouteMap: (!empty(outboundRouteMapResourceId)) ? { + id: outboundRouteMapResourceId + } : null propagatedRouteTables: { - ids: propagatedRouteTableIds - labels: propagatedRouteTableLabels + ids: [ + for table in (propagatedRouteTableNames): { + id: resourceId('Microsoft.Network/virtualHubs/hubRouteTables','${virtualHubName}','${table}') + } + ] + labels: propagatedLabelNames } vnetRoutes: vnetRoutesStaticRoutes } diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/max/dependencies.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/max/dependencies.bicep index dfc78768e5..aa1bb60c57 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/max/dependencies.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/max/dependencies.bicep @@ -38,6 +38,78 @@ resource virtualHub 'Microsoft.Network/virtualHubs@2024-01-01' = { } } +resource hubRouteTable 'Microsoft.Network/virtualHubs/hubRouteTables@2024-01-01' = { + name: 'VPNRouteTable' + parent: virtualHub + properties: { + labels: [ + 'VPNRoutes' + ] + routes: [ + { + name: 'DefaultVPNRoute' + destinations: [ + '10.1.100.0/24' + ] + destinationType: 'CIDR' + nextHop: azureFirewall.id + nextHopType: 'ResourceId' + } + ] + } +} + +resource hubRouteMap 'Microsoft.Network/virtualHubs/routeMaps@2024-01-01' = { + name: 'VPNRouteMap' + parent: virtualHub + properties: { + rules: [ + { + actions: [ + { + parameters: [ + { + asPath: [ + '65051' + ] + } + ] + type: 'Add' + } + ] + matchCriteria: [ + { + asPath: [ + '65050' + ] + matchCondition: 'Equals' + } + ] + name: 'TestVPNRouteMap' + nextStepIfMatched: 'Continue' + } + ] + } +} +resource azureFirewall 'Microsoft.Network/azureFirewalls@2024-01-01' = { + name: '${virtualWANName}-${location}-hub' + location: location + properties: { + sku: { + name: 'AZFW_Hub' + tier: 'Premium' + } + virtualHub: { + id: virtualHub.id + } + hubIPAddresses: { + publicIPs: { + count: 1 + } + } + } +} + @description('The resource ID of the created Virtual WAN.') output virtualWANResourceId string = virtualWan.id @@ -55,3 +127,24 @@ output vpnServerConfigurationResourceId string = vpnServerConfiguration.id @description('The name of the created VPN Server Configuration.') output vpnServerConfigurationName string = vpnServerConfiguration.name + +@description('The resource ID of the created hub Azure Firewall') +output azureFirewallResourceId string = azureFirewall.id + +@description('The name of the created hub Azure Firewall') +output azureFirewallName string = azureFirewall.name + +@description('The resource ID of the created hub route table') +output hubRouteTableName string = hubRouteTable.name + +@description('The name of the created hub route table') +output hubRouteTableResourceId string = hubRouteTable.id + +@description('The labels for the created hub route table') +output hubRouteTableLabels string[] = hubRouteTable.properties.labels + +@description('The resource ID of the created hub route map') +output hubRouteMapResourceId string = hubRouteMap.id + +@description('The name of the created hub route map') +output hubRouteMapName string = hubRouteMap.name diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep index 4ddf1a5e8c..dd6a857cba 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep @@ -55,24 +55,27 @@ module testDeployment '../../../main.bicep' = [ params: { location: resourceLocation name: '${namePrefix}${serviceShort}p2sVpnGw' - virtualHubId: nestedDependencies.outputs.virtualHubResourceId - vpnServerConfigurationId: nestedDependencies.outputs.vpnServerConfigurationResourceId customDnsServers: [ '10.50.10.50' '10.50.50.50' ] isRoutingPreferenceInternet: false - p2SConnectionConfigurationsName: 'p2sConnectionConfig1' enableInternetSecurity: false + associatedRouteTableName: 'noneRouteTable' + inboundRouteMapResourceId: nestedDependencies.outputs.hubRouteMapResourceId + outboundRouteMapResourceId: nestedDependencies.outputs.hubRouteMapResourceId + propagatedRouteTableNames: [ + nestedDependencies.outputs.hubRouteTableName + ] + propagatedLabelNames: nestedDependencies.outputs.hubRouteTableLabels + //vnetRoutesStaticRoutes: WTF is this? vpnClientAddressPoolAddressPrefixes: [ '10.0.2.0/24' ] + virtualHubId: nestedDependencies.outputs.virtualHubResourceId vpnGatewayScaleUnit: 5 - propagatedRouteTableIds: [ - { - id: nestedDependencies.outputs.virtualHubResourceId - } - ] + vpnServerConfigurationId: nestedDependencies.outputs.vpnServerConfigurationResourceId + p2SConnectionConfigurationsName: 'p2sConnectionConfig1' } } ] From 8dc7ab204a86da05015ed71cacaaa2fe733e028e Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Fri, 8 Nov 2024 13:20:44 -0500 Subject: [PATCH 05/30] feat: Enhance P2S VPN Gateway configuration with new parameters and tests --- avm/res/network/p2s-vpn-gateway/main.bicep | 4 +- .../tests/e2e/defaults/main.test.bicep | 3 +- .../tests/e2e/max/main.test.bicep | 5 +- .../tests/e2e/waf-aligned/dependencies.bicep | 82 +++++++++++++++++++ .../tests/e2e/waf-aligned/main.test.bicep | 73 +++++++++++++++++ 5 files changed, 160 insertions(+), 7 deletions(-) create mode 100644 avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/dependencies.bicep create mode 100644 avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep diff --git a/avm/res/network/p2s-vpn-gateway/main.bicep b/avm/res/network/p2s-vpn-gateway/main.bicep index 30c4bbafa4..a8cfa029d8 100644 --- a/avm/res/network/p2s-vpn-gateway/main.bicep +++ b/avm/res/network/p2s-vpn-gateway/main.bicep @@ -36,9 +36,10 @@ param inboundRouteMapResourceId string? @description('Optional. The Resource ID of the outbound route map.') param outboundRouteMapResourceId string? +@description('Optional. The Labels to propagate routes to.') param propagatedLabelNames array = [] -param vnetRoutesStaticRoutes vnetRoutesStaticRoutesType? +@description('Required. The address prefixes for the VPN Client Address Pool.') param vpnClientAddressPoolAddressPrefixes array = [] @description('Required. The resource ID of the gateways virtual hub.') @@ -118,7 +119,6 @@ resource p2sVpnGateway 'Microsoft.Network/p2svpnGateways@2024-01-01' = { ] labels: propagatedLabelNames } - vnetRoutes: vnetRoutesStaticRoutes } vpnClientAddressPool: { addressPrefixes: vpnClientAddressPoolAddressPrefixes diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep index 97f75bb3f5..74d98be39a 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep @@ -18,8 +18,7 @@ param resourceLocation string = deployment().location param serviceShort string = 'vscmin' @description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') -//param namePrefix string = '#_namePrefix_#' -param namePrefix string = 'erschef' +param namePrefix string = '#_namePrefix_#' diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep index dd6a857cba..5acc25f822 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep @@ -18,8 +18,7 @@ param resourceLocation string = deployment().location param serviceShort string = 'vscmax' @description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') -//param namePrefix string = '#_namePrefix_#' -param namePrefix string = 'erschef' +param namePrefix string = '#_namePrefix_#' @@ -68,9 +67,9 @@ module testDeployment '../../../main.bicep' = [ nestedDependencies.outputs.hubRouteTableName ] propagatedLabelNames: nestedDependencies.outputs.hubRouteTableLabels - //vnetRoutesStaticRoutes: WTF is this? vpnClientAddressPoolAddressPrefixes: [ '10.0.2.0/24' + '10.0.3.0/24' ] virtualHubId: nestedDependencies.outputs.virtualHubResourceId vpnGatewayScaleUnit: 5 diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/dependencies.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/dependencies.bicep new file mode 100644 index 0000000000..c28dbefb5c --- /dev/null +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/dependencies.bicep @@ -0,0 +1,82 @@ +@description('Required. The name of the virtual WAN to create.') +param virtualWANName string + +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +resource virtualWan 'Microsoft.Network/virtualWans@2024-01-01' = { + name: virtualWANName + location: location +} + +resource vpnServerConfiguration 'Microsoft.Network/vpnServerConfigurations@2024-01-01' = { + name: '${virtualWANName}-${location}-vpnServerConfiguration' + location: location + properties: { + aadAuthenticationParameters: { + aadAudience: '11111111-1234-4321-1234-111111111111' + aadIssuer: 'https://sts.windows.net/11111111-1111-1111-1111-111111111111/' + aadTenant: 'https://login.microsoftonline.com/11111111-1111-1111-1111-111111111111' + } + vpnAuthenticationTypes: [ + 'AAD' + ] + vpnProtocols: [ + 'OpenVPN' + ] + } +} + +resource virtualHub 'Microsoft.Network/virtualHubs@2024-01-01' = { + name: '${virtualWANName}-${location}-hub' + location: location + properties: { + addressPrefix: '10.0.0.0/23' + virtualWan: { + id: virtualWan.id + } + } +} + +resource azureFirewall 'Microsoft.Network/azureFirewalls@2024-01-01' = { + name: '${virtualWANName}-${location}-hub' + location: location + properties: { + sku: { + name: 'AZFW_Hub' + tier: 'Premium' + } + virtualHub: { + id: virtualHub.id + } + hubIPAddresses: { + publicIPs: { + count: 1 + } + } + } +} + +@description('The resource ID of the created Virtual WAN.') +output virtualWANResourceId string = virtualWan.id + +@description('The name of the created Virtual WAN.') +output virtualWANName string = virtualWan.name + +@description('The resource ID of the created Virtual Hub.') +output virtualHubResourceId string = virtualHub.id + +@description('The name of the created Virtual Hub.') +output virtualHubName string = virtualHub.name + +@description('The resource ID of the created VPN Server Configuration.') +output vpnServerConfigurationResourceId string = vpnServerConfiguration.id + +@description('The name of the created VPN Server Configuration.') +output vpnServerConfigurationName string = vpnServerConfiguration.name + +@description('The resource ID of the created hub Azure Firewall') +output azureFirewallResourceId string = azureFirewall.id + +@description('The name of the created hub Azure Firewall') +output azureFirewallName string = azureFirewall.name diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep new file mode 100644 index 0000000000..9f8ca06637 --- /dev/null +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep @@ -0,0 +1,73 @@ +targetScope = 'subscription' + +metadata name = 'WAF-aligned' +metadata description = 'This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-network.p2svpngateway-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'vscwaf' + +@description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') +param namePrefix string = '#_namePrefix_#' + + + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: resourceLocation +} + +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' + params: { + virtualWANName: 'dep-${namePrefix}-vw-${serviceShort}' + location: resourceLocation + } +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [ + for iteration in ['init', 'idem']: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + location: resourceLocation + name: '${namePrefix}${serviceShort}p2sVpnGw' + customDnsServers: [ + '10.50.10.50' + '10.50.50.50' + ] + isRoutingPreferenceInternet: false + enableInternetSecurity: true + associatedRouteTableName: 'defaultRouteTable' + vpnClientAddressPoolAddressPrefixes: [ + '10.0.2.0/24' + ] + virtualHubId: nestedDependencies.outputs.virtualHubResourceId + vpnGatewayScaleUnit: 1 + vpnServerConfigurationId: nestedDependencies.outputs.vpnServerConfigurationResourceId + p2SConnectionConfigurationsName: 'p2sConnectionConfig1' + } + } +] From 55aa240608c36154b99fcc971f334308d1c2417f Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Fri, 8 Nov 2024 13:43:17 -0500 Subject: [PATCH 06/30] Forgot to run Set-AVMModule --- avm/res/network/p2s-vpn-gateway/README.md | 641 ++++++++++++++++++ avm/res/network/p2s-vpn-gateway/main.json | 336 +++++++++ .../tests/e2e/waf-aligned/main.test.bicep | 8 + 3 files changed, 985 insertions(+) create mode 100644 avm/res/network/p2s-vpn-gateway/README.md create mode 100644 avm/res/network/p2s-vpn-gateway/main.json diff --git a/avm/res/network/p2s-vpn-gateway/README.md b/avm/res/network/p2s-vpn-gateway/README.md new file mode 100644 index 0000000000..11018330c9 --- /dev/null +++ b/avm/res/network/p2s-vpn-gateway/README.md @@ -0,0 +1,641 @@ +# P2S VPN Gateway `[Microsoft.Network/p2svpnGateways]` + +This module deploys a Virtual Hub P2S Gateway. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Data Collection](#Data-Collection) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | +| `Microsoft.Network/p2svpnGateways` | [2024-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2024-01-01/p2svpnGateways) | + +## Usage examples + +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. + +>**Note**: To reference the module, please use the following syntax `br/public:avm/res/network/p2s-vpn-gateway:`. + +- [Using only defaults](#example-1-using-only-defaults) +- [Using only defaults](#example-2-using-only-defaults) +- [WAF-aligned](#example-3-waf-aligned) + +### Example 1: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. + + +
+ +via Bicep module + +```bicep +module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { + name: 'p2sVpnGatewayDeployment' + params: { + // Required parameters + name: 'vscminp2sVpnGw' + virtualHubId: '' + vpnServerConfigurationId: '' + // Non-required parameters + location: '' + p2SConnectionConfigurationsName: 'p2sConnectionConfig1' + vpnClientAddressPoolAddressPrefixes: [ + '10.0.2.0/24' + ] + } +} +``` + +
+

+ +

+ +via JSON parameters file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "vscminp2sVpnGw" + }, + "virtualHubId": { + "value": "" + }, + "vpnServerConfigurationId": { + "value": "" + }, + // Non-required parameters + "location": { + "value": "" + }, + "p2SConnectionConfigurationsName": { + "value": "p2sConnectionConfig1" + }, + "vpnClientAddressPoolAddressPrefixes": { + "value": [ + "10.0.2.0/24" + ] + } + } +} +``` + +
+

+ +

+ +via Bicep parameters file + +```bicep-params +using 'br/public:avm/res/network/p2s-vpn-gateway:' + +// Required parameters +param name = 'vscminp2sVpnGw' +param virtualHubId = '' +param vpnServerConfigurationId = '' +// Non-required parameters +param location = '' +p2SConnectionConfigurationsName: 'p2sConnectionConfig1' +param vpnClientAddressPoolAddressPrefixes = [ + '10.0.2.0/24' +] +``` + +
+

+ +### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. + + +

+ +via Bicep module + +```bicep +module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { + name: 'p2sVpnGatewayDeployment' + params: { + // Required parameters + name: 'vscmaxp2sVpnGw' + virtualHubId: '' + vpnServerConfigurationId: '' + // Non-required parameters + associatedRouteTableName: 'noneRouteTable' + customDnsServers: [ + '10.50.10.50' + '10.50.50.50' + ] + enableInternetSecurity: false + inboundRouteMapResourceId: '' + isRoutingPreferenceInternet: false + location: '' + outboundRouteMapResourceId: '' + p2SConnectionConfigurationsName: 'p2sConnectionConfig1' + propagatedLabelNames: '' + propagatedRouteTableNames: [ + '' + ] + vpnClientAddressPoolAddressPrefixes: [ + '10.0.2.0/24' + '10.0.3.0/24' + ] + vpnGatewayScaleUnit: 5 + } +} +``` + +
+

+ +

+ +via JSON parameters file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "vscmaxp2sVpnGw" + }, + "virtualHubId": { + "value": "" + }, + "vpnServerConfigurationId": { + "value": "" + }, + // Non-required parameters + "associatedRouteTableName": { + "value": "noneRouteTable" + }, + "customDnsServers": { + "value": [ + "10.50.10.50", + "10.50.50.50" + ] + }, + "enableInternetSecurity": { + "value": false + }, + "inboundRouteMapResourceId": { + "value": "" + }, + "isRoutingPreferenceInternet": { + "value": false + }, + "location": { + "value": "" + }, + "outboundRouteMapResourceId": { + "value": "" + }, + "p2SConnectionConfigurationsName": { + "value": "p2sConnectionConfig1" + }, + "propagatedLabelNames": { + "value": "" + }, + "propagatedRouteTableNames": { + "value": [ + "" + ] + }, + "vpnClientAddressPoolAddressPrefixes": { + "value": [ + "10.0.2.0/24", + "10.0.3.0/24" + ] + }, + "vpnGatewayScaleUnit": { + "value": 5 + } + } +} +``` + +
+

+ +

+ +via Bicep parameters file + +```bicep-params +using 'br/public:avm/res/network/p2s-vpn-gateway:' + +// Required parameters +param name = 'vscmaxp2sVpnGw' +param virtualHubId = '' +param vpnServerConfigurationId = '' +// Non-required parameters +param associatedRouteTableName = 'noneRouteTable' +param customDnsServers = [ + '10.50.10.50' + '10.50.50.50' +] +param enableInternetSecurity = false +param inboundRouteMapResourceId = '' +param isRoutingPreferenceInternet = false +param location = '' +param outboundRouteMapResourceId = '' +p2SConnectionConfigurationsName: 'p2sConnectionConfig1' +param propagatedLabelNames = '' +param propagatedRouteTableNames = [ + '' +] +param vpnClientAddressPoolAddressPrefixes = [ + '10.0.2.0/24' + '10.0.3.0/24' +] +param vpnGatewayScaleUnit = 5 +``` + +
+

+ +### Example 3: _WAF-aligned_ + +This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework. + + +

+ +via Bicep module + +```bicep +module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { + name: 'p2sVpnGatewayDeployment' + params: { + // Required parameters + name: 'vscwafp2sVpnGw' + virtualHubId: '' + vpnServerConfigurationId: '' + // Non-required parameters + associatedRouteTableName: 'defaultRouteTable' + customDnsServers: [ + '10.50.10.50' + '10.50.50.50' + ] + enableInternetSecurity: true + isRoutingPreferenceInternet: false + location: '' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } + p2SConnectionConfigurationsName: 'p2sConnectionConfig1' + tags: { + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + vpnClientAddressPoolAddressPrefixes: [ + '10.0.2.0/24' + ] + vpnGatewayScaleUnit: 1 + } +} +``` + +
+

+ +

+ +via JSON parameters file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "vscwafp2sVpnGw" + }, + "virtualHubId": { + "value": "" + }, + "vpnServerConfigurationId": { + "value": "" + }, + // Non-required parameters + "associatedRouteTableName": { + "value": "defaultRouteTable" + }, + "customDnsServers": { + "value": [ + "10.50.10.50", + "10.50.50.50" + ] + }, + "enableInternetSecurity": { + "value": true + }, + "isRoutingPreferenceInternet": { + "value": false + }, + "location": { + "value": "" + }, + "lock": { + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } + }, + "p2SConnectionConfigurationsName": { + "value": "p2sConnectionConfig1" + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "Role": "DeploymentValidation" + } + }, + "vpnClientAddressPoolAddressPrefixes": { + "value": [ + "10.0.2.0/24" + ] + }, + "vpnGatewayScaleUnit": { + "value": 1 + } + } +} +``` + +
+

+ +

+ +via Bicep parameters file + +```bicep-params +using 'br/public:avm/res/network/p2s-vpn-gateway:' + +// Required parameters +param name = 'vscwafp2sVpnGw' +param virtualHubId = '' +param vpnServerConfigurationId = '' +// Non-required parameters +param associatedRouteTableName = 'defaultRouteTable' +param customDnsServers = [ + '10.50.10.50' + '10.50.50.50' +] +param enableInternetSecurity = true +param isRoutingPreferenceInternet = false +param location = '' +param lock = { + kind: 'CanNotDelete' + name: 'myCustomLockName' +} +p2SConnectionConfigurationsName: 'p2sConnectionConfig1' +param tags = { + Environment: 'Non-Prod' + Role: 'DeploymentValidation' +} +param vpnClientAddressPoolAddressPrefixes = [ + '10.0.2.0/24' +] +param vpnGatewayScaleUnit = 1 +``` + +
+

+ +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`location`](#parameter-location) | string | Location where all resources will be created. | +| [`name`](#parameter-name) | string | The name of the P2S VPN Gateway. | +| [`p2SConnectionConfigurationsName`](#parameter-p2sconnectionconfigurationsname) | string | The name of the P2S Connection Configuration. | +| [`virtualHubId`](#parameter-virtualhubid) | string | The resource ID of the gateways virtual hub. | +| [`vpnClientAddressPoolAddressPrefixes`](#parameter-vpnclientaddresspooladdressprefixes) | array | The address prefixes for the VPN Client Address Pool. | +| [`vpnServerConfigurationId`](#parameter-vpnserverconfigurationid) | string | The resource ID of the VPN Server Configuration. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`associatedRouteTableName`](#parameter-associatedroutetablename) | string | The name of the associated route table, required if deploying in a Secure Virtual Hub; cannot be a custom route table. | +| [`propagatedRouteTableNames`](#parameter-propagatedroutetablenames) | array | The names of the route tables to propagate to the P2S VPN Gateway. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`customDnsServers`](#parameter-customdnsservers) | array | The custom DNS servers for the P2S VPN Gateway. | +| [`enableInternetSecurity`](#parameter-enableinternetsecurity) | bool | Enable/Disable Internet Security; "Propagate Default Route". | +| [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`inboundRouteMapResourceId`](#parameter-inboundroutemapresourceid) | string | The Resource ID of the inbound route map. | +| [`isRoutingPreferenceInternet`](#parameter-isroutingpreferenceinternet) | bool | The routing preference for the P2S VPN Gateway, Internet or Microsoft network. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | +| [`outboundRouteMapResourceId`](#parameter-outboundroutemapresourceid) | string | The Resource ID of the outbound route map. | +| [`propagatedLabelNames`](#parameter-propagatedlabelnames) | array | The Labels to propagate routes to. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`vpnGatewayScaleUnit`](#parameter-vpngatewayscaleunit) | int | The scale unit of the VPN Gateway. | + +### Parameter: `location` + +Location where all resources will be created. + +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the P2S VPN Gateway. + +- Required: Yes +- Type: string + +### Parameter: `p2SConnectionConfigurationsName` + +The name of the P2S Connection Configuration. + +- Required: No +- Type: string + +### Parameter: `virtualHubId` + +The resource ID of the gateways virtual hub. + +- Required: Yes +- Type: string + +### Parameter: `vpnClientAddressPoolAddressPrefixes` + +The address prefixes for the VPN Client Address Pool. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `vpnServerConfigurationId` + +The resource ID of the VPN Server Configuration. + +- Required: Yes +- Type: string + +### Parameter: `associatedRouteTableName` + +The name of the associated route table, required if deploying in a Secure Virtual Hub; cannot be a custom route table. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'defaultRouteTable' + 'noneRouteTable' + ] + ``` + +### Parameter: `propagatedRouteTableNames` + +The names of the route tables to propagate to the P2S VPN Gateway. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `customDnsServers` + +The custom DNS servers for the P2S VPN Gateway. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableInternetSecurity` + +Enable/Disable Internet Security; "Propagate Default Route". + +- Required: No +- Type: bool + +### Parameter: `enableTelemetry` + +Enable/Disable usage telemetry for module. + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `inboundRouteMapResourceId` + +The Resource ID of the inbound route map. + +- Required: No +- Type: string + +### Parameter: `isRoutingPreferenceInternet` + +The routing preference for the P2S VPN Gateway, Internet or Microsoft network. + +- Required: No +- Type: bool + +### Parameter: `lock` + +The lock settings of the service. + +- Required: No +- Type: object + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | + +### Parameter: `lock.kind` + +Specify the type of lock. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` + +### Parameter: `lock.name` + +Specify the name of lock. + +- Required: No +- Type: string + +### Parameter: `outboundRouteMapResourceId` + +The Resource ID of the outbound route map. + +- Required: No +- Type: string + +### Parameter: `propagatedLabelNames` + +The Labels to propagate routes to. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. + +- Required: No +- Type: object + +### Parameter: `vpnGatewayScaleUnit` + +The scale unit of the VPN Gateway. + +- Required: No +- Type: int + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the user VPN configuration. | +| `resourceGroupName` | string | The name of the resource group the user VPN configuration was deployed into. | +| `resourceId` | string | The resource ID of the user VPN configuration. | + +## Data Collection + +The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the [repository](https://aka.ms/avm/telemetry). There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at . You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices. diff --git a/avm/res/network/p2s-vpn-gateway/main.json b/avm/res/network/p2s-vpn-gateway/main.json new file mode 100644 index 0000000000..99caa90740 --- /dev/null +++ b/avm/res/network/p2s-vpn-gateway/main.json @@ -0,0 +1,336 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.31.34.60546", + "templateHash": "9392710229187395030" + }, + "name": "P2S VPN Gateway", + "description": "This module deploys a Virtual Hub P2S Gateway.", + "owner": "Azure/module-maintainers" + }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + }, + "vnetRoutesStaticRoutesType": { + "type": "object", + "properties": { + "staticRoutes": { + "type": "array", + "prefixItems": [ + { + "type": "object", + "properties": { + "addressPrefixes": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. The address prefixes of the static route." + } + }, + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the static route." + } + }, + "nextHopIpAddress": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The next hop IP of the static route." + } + } + } + } + ], + "items": false + }, + "staticRoutesConfig": { + "type": "object", + "properties": { + "vnetLocalRouteOverrideCriteria": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. " + } + } + } + } + } + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the P2S VPN Gateway." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Required. Location where all resources will be created." + } + }, + "associatedRouteTableName": { + "type": "string", + "nullable": true, + "allowedValues": [ + "noneRouteTable", + "defaultRouteTable" + ], + "metadata": { + "description": "Conditional. The name of the associated route table, required if deploying in a Secure Virtual Hub; cannot be a custom route table." + } + }, + "propagatedRouteTableNames": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Conditional. The names of the route tables to propagate to the P2S VPN Gateway." + } + }, + "customDnsServers": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. The custom DNS servers for the P2S VPN Gateway." + } + }, + "isRoutingPreferenceInternet": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. The routing preference for the P2S VPN Gateway, Internet or Microsoft network." + } + }, + "p2SConnectionConfigurationsName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Required. The name of the P2S Connection Configuration." + } + }, + "enableInternetSecurity": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Enable/Disable Internet Security; \"Propagate Default Route\"." + } + }, + "inboundRouteMapResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Resource ID of the inbound route map." + } + }, + "outboundRouteMapResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Resource ID of the outbound route map." + } + }, + "propagatedLabelNames": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. The Labels to propagate routes to." + } + }, + "vpnClientAddressPoolAddressPrefixes": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Required. The address prefixes for the VPN Client Address Pool." + } + }, + "virtualHubId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the gateways virtual hub." + } + }, + "vpnGatewayScaleUnit": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The scale unit of the VPN Gateway." + } + }, + "vpnServerConfigurationId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the VPN Server Configuration." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Tags of the resource." + } + }, + "lock": { + "$ref": "#/definitions/lockType", + "metadata": { + "description": "Optional. The lock settings of the service." + } + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } + } + }, + "variables": { + "virtualHubName": "[split(parameters('virtualHubId'), '/')[8]]" + }, + "resources": { + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2024-03-01", + "name": "[take(format('46d3xbcp.res.network-p2svpngateway.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4)), 64)]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, + "p2sVpnGateway": { + "type": "Microsoft.Network/p2svpnGateways", + "apiVersion": "2024-01-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "customDnsServers": "[parameters('customDnsServers')]", + "isRoutingPreferenceInternet": "[parameters('isRoutingPreferenceInternet')]", + "p2SConnectionConfigurations": [ + { + "name": "[parameters('p2SConnectionConfigurationsName')]", + "properties": { + "enableInternetSecurity": "[parameters('enableInternetSecurity')]", + "routingConfiguration": { + "associatedRouteTable": { + "id": "[resourceId('Microsoft.Network/virtualHubs/hubRouteTables', format('{0}', variables('virtualHubName')), format('{0}', parameters('associatedRouteTableName')))]" + }, + "inboundRouteMap": "[if(not(empty(parameters('inboundRouteMapResourceId'))), createObject('id', parameters('inboundRouteMapResourceId')), null())]", + "outboundRouteMap": "[if(not(empty(parameters('outboundRouteMapResourceId'))), createObject('id', parameters('outboundRouteMapResourceId')), null())]", + "propagatedRouteTables": { + "copy": [ + { + "name": "ids", + "count": "[length(parameters('propagatedRouteTableNames'))]", + "input": { + "id": "[resourceId('Microsoft.Network/virtualHubs/hubRouteTables', format('{0}', variables('virtualHubName')), format('{0}', parameters('propagatedRouteTableNames')[copyIndex('ids')]))]" + } + } + ], + "labels": "[parameters('propagatedLabelNames')]" + } + }, + "vpnClientAddressPool": { + "addressPrefixes": "[parameters('vpnClientAddressPoolAddressPrefixes')]" + } + } + } + ], + "virtualHub": { + "id": "[parameters('virtualHubId')]" + }, + "vpnGatewayScaleUnit": "[parameters('vpnGatewayScaleUnit')]", + "vpnServerConfiguration": { + "id": "[parameters('vpnServerConfigurationId')]" + } + } + }, + "vpnGateway_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Network/p2svpnGateways/{0}', parameters('name'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", + "properties": { + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + }, + "dependsOn": [ + "p2sVpnGateway" + ] + } + }, + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the user VPN configuration." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the user VPN configuration." + }, + "value": "[resourceId('Microsoft.Network/p2svpnGateways', parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the user VPN configuration was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference('p2sVpnGateway', '2024-01-01', 'full').location]" + } + } +} \ No newline at end of file diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep index 9f8ca06637..87ccec9d46 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep @@ -54,6 +54,14 @@ module testDeployment '../../../main.bicep' = [ params: { location: resourceLocation name: '${namePrefix}${serviceShort}p2sVpnGw' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } + tags: { + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } customDnsServers: [ '10.50.10.50' '10.50.50.50' From d1f3d5ce19b41fcdb17c6eca01e38967a1825542 Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Fri, 8 Nov 2024 14:48:00 -0500 Subject: [PATCH 07/30] fix: Update descriptions for route table parameters in P2S VPN Gateway configuration --- avm/res/network/p2s-vpn-gateway/main.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/avm/res/network/p2s-vpn-gateway/main.bicep b/avm/res/network/p2s-vpn-gateway/main.bicep index a8cfa029d8..2fe5686ba1 100644 --- a/avm/res/network/p2s-vpn-gateway/main.bicep +++ b/avm/res/network/p2s-vpn-gateway/main.bicep @@ -12,10 +12,10 @@ param location string = resourceGroup().location 'noneRouteTable' 'defaultRouteTable' ]) -@description('Conditional. The name of the associated route table, required if deploying in a Secure Virtual Hub; cannot be a custom route table.') +@description('Conditional. The name of the associated route table. Required if deploying in a Secure Virtual Hub; cannot be a custom route table.') param associatedRouteTableName string? -@description('Conditional. The names of the route tables to propagate to the P2S VPN Gateway.') +@description('Optional. The names of the route tables to propagate to the P2S VPN Gateway.') param propagatedRouteTableNames array = [] @description('Optional. The custom DNS servers for the P2S VPN Gateway.') From a897a160b17a6f97cf953adcfcce93352ce43ef4 Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Fri, 8 Nov 2024 15:28:17 -0500 Subject: [PATCH 08/30] fix: Update descriptions for route table parameters in P2S VPN Gateway documentation --- avm/res/network/p2s-vpn-gateway/README.md | 22 +++++++++++----------- avm/res/network/p2s-vpn-gateway/main.json | 6 +++--- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/avm/res/network/p2s-vpn-gateway/README.md b/avm/res/network/p2s-vpn-gateway/README.md index 11018330c9..64831eeac8 100644 --- a/avm/res/network/p2s-vpn-gateway/README.md +++ b/avm/res/network/p2s-vpn-gateway/README.md @@ -441,8 +441,7 @@ param vpnGatewayScaleUnit = 1 | Parameter | Type | Description | | :-- | :-- | :-- | -| [`associatedRouteTableName`](#parameter-associatedroutetablename) | string | The name of the associated route table, required if deploying in a Secure Virtual Hub; cannot be a custom route table. | -| [`propagatedRouteTableNames`](#parameter-propagatedroutetablenames) | array | The names of the route tables to propagate to the P2S VPN Gateway. | +| [`associatedRouteTableName`](#parameter-associatedroutetablename) | string | The name of the associated route table. Required if deploying in a Secure Virtual Hub; cannot be a custom route table. | **Optional parameters** @@ -456,6 +455,7 @@ param vpnGatewayScaleUnit = 1 | [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`outboundRouteMapResourceId`](#parameter-outboundroutemapresourceid) | string | The Resource ID of the outbound route map. | | [`propagatedLabelNames`](#parameter-propagatedlabelnames) | array | The Labels to propagate routes to. | +| [`propagatedRouteTableNames`](#parameter-propagatedroutetablenames) | array | The names of the route tables to propagate to the P2S VPN Gateway. | | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`vpnGatewayScaleUnit`](#parameter-vpngatewayscaleunit) | int | The scale unit of the VPN Gateway. | @@ -505,7 +505,7 @@ The resource ID of the VPN Server Configuration. ### Parameter: `associatedRouteTableName` -The name of the associated route table, required if deploying in a Secure Virtual Hub; cannot be a custom route table. +The name of the associated route table. Required if deploying in a Secure Virtual Hub; cannot be a custom route table. - Required: No - Type: string @@ -517,14 +517,6 @@ The name of the associated route table, required if deploying in a Secure Virtua ] ``` -### Parameter: `propagatedRouteTableNames` - -The names of the route tables to propagate to the P2S VPN Gateway. - -- Required: No -- Type: array -- Default: `[]` - ### Parameter: `customDnsServers` The custom DNS servers for the P2S VPN Gateway. @@ -613,6 +605,14 @@ The Labels to propagate routes to. - Type: array - Default: `[]` +### Parameter: `propagatedRouteTableNames` + +The names of the route tables to propagate to the P2S VPN Gateway. + +- Required: No +- Type: array +- Default: `[]` + ### Parameter: `tags` Tags of the resource. diff --git a/avm/res/network/p2s-vpn-gateway/main.json b/avm/res/network/p2s-vpn-gateway/main.json index 99caa90740..96af81c65a 100644 --- a/avm/res/network/p2s-vpn-gateway/main.json +++ b/avm/res/network/p2s-vpn-gateway/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.31.34.60546", - "templateHash": "9392710229187395030" + "templateHash": "91504486809439588" }, "name": "P2S VPN Gateway", "description": "This module deploys a Virtual Hub P2S Gateway.", @@ -110,14 +110,14 @@ "defaultRouteTable" ], "metadata": { - "description": "Conditional. The name of the associated route table, required if deploying in a Secure Virtual Hub; cannot be a custom route table." + "description": "Conditional. The name of the associated route table. Required if deploying in a Secure Virtual Hub; cannot be a custom route table." } }, "propagatedRouteTableNames": { "type": "array", "defaultValue": [], "metadata": { - "description": "Conditional. The names of the route tables to propagate to the P2S VPN Gateway." + "description": "Optional. The names of the route tables to propagate to the P2S VPN Gateway." } }, "customDnsServers": { From 86cba8c294442ebb8ab2ebf53ac62382b3028f73 Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Fri, 8 Nov 2024 15:39:21 -0500 Subject: [PATCH 09/30] fix: Remove P2S VPN Gateway from CODEOWNERS file --- .github/CODEOWNERS | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 6327f9204e..07dc4dad77 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -129,7 +129,6 @@ /avm/res/network/network-manager/ @Azure/avm-res-network-networkmanager-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/res/network/network-security-group/ @Azure/avm-res-network-networksecuritygroup-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/res/network/network-watcher/ @Azure/avm-res-network-networkwatcher-module-owners-bicep @Azure/avm-module-reviewers-bicep -/avm/res/network/p2s-vpn-gateway/ @Azure/avm-res-network-p2s-vpn-gateway-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/res/network/private-dns-zone/ @Azure/avm-res-network-privatednszone-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/res/network/private-endpoint/ @Azure/avm-res-network-privateendpoint-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/res/network/private-link-service/ @Azure/avm-res-network-privatelinkservice-module-owners-bicep @Azure/avm-module-reviewers-bicep From e47fae8ce7f4c2028fabf105fbc36bf879ef1c3c Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Fri, 8 Nov 2024 16:08:13 -0500 Subject: [PATCH 10/30] fix: Add P2S VPN Gateway to CODEOWNERS file --- .github/CODEOWNERS | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 07dc4dad77..6327f9204e 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -129,6 +129,7 @@ /avm/res/network/network-manager/ @Azure/avm-res-network-networkmanager-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/res/network/network-security-group/ @Azure/avm-res-network-networksecuritygroup-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/res/network/network-watcher/ @Azure/avm-res-network-networkwatcher-module-owners-bicep @Azure/avm-module-reviewers-bicep +/avm/res/network/p2s-vpn-gateway/ @Azure/avm-res-network-p2s-vpn-gateway-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/res/network/private-dns-zone/ @Azure/avm-res-network-privatednszone-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/res/network/private-endpoint/ @Azure/avm-res-network-privateendpoint-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/res/network/private-link-service/ @Azure/avm-res-network-privatelinkservice-module-owners-bicep @Azure/avm-module-reviewers-bicep From 2a7d45c024774b34f661c2cff99b26e2862a69ac Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Mon, 11 Nov 2024 13:52:05 -0800 Subject: [PATCH 11/30] fix: Update CODEOWNERS entry for P2S VPN Gateway module --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 6327f9204e..45e53dbfc7 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -129,7 +129,7 @@ /avm/res/network/network-manager/ @Azure/avm-res-network-networkmanager-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/res/network/network-security-group/ @Azure/avm-res-network-networksecuritygroup-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/res/network/network-watcher/ @Azure/avm-res-network-networkwatcher-module-owners-bicep @Azure/avm-module-reviewers-bicep -/avm/res/network/p2s-vpn-gateway/ @Azure/avm-res-network-p2s-vpn-gateway-module-owners-bicep @Azure/avm-module-reviewers-bicep +/avm/res/network/p2s-vpn-gateway/ @Azure/avm-res-network-p2svpngateway-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/res/network/private-dns-zone/ @Azure/avm-res-network-privatednszone-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/res/network/private-endpoint/ @Azure/avm-res-network-privateendpoint-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/res/network/private-link-service/ @Azure/avm-res-network-privatelinkservice-module-owners-bicep @Azure/avm-module-reviewers-bicep From 1251942c36aa9435eb93a512c7e24d43b1c39b79 Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Mon, 11 Nov 2024 16:18:12 -0800 Subject: [PATCH 12/30] fix: Add associatedRouteTableName parameter to P2S VPN Gateway module and tests --- avm/res/network/p2s-vpn-gateway/README.md | 5 +++++ .../p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep | 1 + 2 files changed, 6 insertions(+) diff --git a/avm/res/network/p2s-vpn-gateway/README.md b/avm/res/network/p2s-vpn-gateway/README.md index 64831eeac8..b5010162b8 100644 --- a/avm/res/network/p2s-vpn-gateway/README.md +++ b/avm/res/network/p2s-vpn-gateway/README.md @@ -47,6 +47,7 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { virtualHubId: '' vpnServerConfigurationId: '' // Non-required parameters + associatedRouteTableName: 'test' location: '' p2SConnectionConfigurationsName: 'p2sConnectionConfig1' vpnClientAddressPoolAddressPrefixes: [ @@ -79,6 +80,9 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "value": "" }, // Non-required parameters + "associatedRouteTableName": { + "value": "test" + }, "location": { "value": "" }, @@ -109,6 +113,7 @@ param name = 'vscminp2sVpnGw' param virtualHubId = '' param vpnServerConfigurationId = '' // Non-required parameters +param associatedRouteTableName = 'test' param location = '' p2SConnectionConfigurationsName: 'p2sConnectionConfig1' param vpnClientAddressPoolAddressPrefixes = [ diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep index 74d98be39a..c4bc145eeb 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep @@ -57,6 +57,7 @@ module testDeployment '../../../main.bicep' = [ virtualHubId: nestedDependencies.outputs.virtualHubResourceId vpnServerConfigurationId: nestedDependencies.outputs.vpnServerConfigurationResourceId p2SConnectionConfigurationsName: 'p2sConnectionConfig1' + associatedRouteTableName: 'test' vpnClientAddressPoolAddressPrefixes: [ '10.0.2.0/24' ] From a95c663daec55275402ac4e2ab3e87b80c9289ff Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Tue, 12 Nov 2024 09:19:37 -0800 Subject: [PATCH 13/30] fix: Update associatedRouteTableName parameter to use 'defaultRouteTable' in P2S VPN Gateway module and tests --- avm/res/network/p2s-vpn-gateway/README.md | 6 +++--- .../p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/avm/res/network/p2s-vpn-gateway/README.md b/avm/res/network/p2s-vpn-gateway/README.md index b5010162b8..96392671eb 100644 --- a/avm/res/network/p2s-vpn-gateway/README.md +++ b/avm/res/network/p2s-vpn-gateway/README.md @@ -47,7 +47,7 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { virtualHubId: '' vpnServerConfigurationId: '' // Non-required parameters - associatedRouteTableName: 'test' + associatedRouteTableName: 'defaultRouteTable' location: '' p2SConnectionConfigurationsName: 'p2sConnectionConfig1' vpnClientAddressPoolAddressPrefixes: [ @@ -81,7 +81,7 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { }, // Non-required parameters "associatedRouteTableName": { - "value": "test" + "value": "defaultRouteTable" }, "location": { "value": "" @@ -113,7 +113,7 @@ param name = 'vscminp2sVpnGw' param virtualHubId = '' param vpnServerConfigurationId = '' // Non-required parameters -param associatedRouteTableName = 'test' +param associatedRouteTableName = 'defaultRouteTable' param location = '' p2SConnectionConfigurationsName: 'p2sConnectionConfig1' param vpnClientAddressPoolAddressPrefixes = [ diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep index c4bc145eeb..90ae58b912 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep @@ -57,7 +57,7 @@ module testDeployment '../../../main.bicep' = [ virtualHubId: nestedDependencies.outputs.virtualHubResourceId vpnServerConfigurationId: nestedDependencies.outputs.vpnServerConfigurationResourceId p2SConnectionConfigurationsName: 'p2sConnectionConfig1' - associatedRouteTableName: 'test' + associatedRouteTableName: 'defaultRouteTable' vpnClientAddressPoolAddressPrefixes: [ '10.0.2.0/24' ] From d6f2b3d7b597886f5a8d7a4b49a9680fd2c03615 Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Mon, 18 Nov 2024 11:22:40 -0500 Subject: [PATCH 14/30] fix: Reorder parameters in P2S VPN Gateway tests for consistency and clarity --- .../p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep | 8 ++++---- .../tests/e2e/waf-aligned/main.test.bicep | 9 ++------- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep index 90ae58b912..7a0d7ba6cd 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep @@ -52,15 +52,15 @@ module testDeployment '../../../main.bicep' = [ scope: resourceGroup name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' params: { - location: resourceLocation name: '${namePrefix}${serviceShort}p2sVpnGw' - virtualHubId: nestedDependencies.outputs.virtualHubResourceId - vpnServerConfigurationId: nestedDependencies.outputs.vpnServerConfigurationResourceId + location: resourceLocation p2SConnectionConfigurationsName: 'p2sConnectionConfig1' - associatedRouteTableName: 'defaultRouteTable' vpnClientAddressPoolAddressPrefixes: [ '10.0.2.0/24' ] + associatedRouteTableName: 'defaultRouteTable' + virtualHubId: nestedDependencies.outputs.virtualHubResourceId + vpnServerConfigurationId: nestedDependencies.outputs.vpnServerConfigurationResourceId } } ] diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep index 87ccec9d46..f855bc1486 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep @@ -52,8 +52,8 @@ module testDeployment '../../../main.bicep' = [ scope: resourceGroup name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' params: { - location: resourceLocation name: '${namePrefix}${serviceShort}p2sVpnGw' + location: resourceLocation lock: { kind: 'CanNotDelete' name: 'myCustomLockName' @@ -62,10 +62,7 @@ module testDeployment '../../../main.bicep' = [ Environment: 'Non-Prod' Role: 'DeploymentValidation' } - customDnsServers: [ - '10.50.10.50' - '10.50.50.50' - ] + p2SConnectionConfigurationsName: 'p2sConnectionConfig1' isRoutingPreferenceInternet: false enableInternetSecurity: true associatedRouteTableName: 'defaultRouteTable' @@ -73,9 +70,7 @@ module testDeployment '../../../main.bicep' = [ '10.0.2.0/24' ] virtualHubId: nestedDependencies.outputs.virtualHubResourceId - vpnGatewayScaleUnit: 1 vpnServerConfigurationId: nestedDependencies.outputs.vpnServerConfigurationResourceId - p2SConnectionConfigurationsName: 'p2sConnectionConfig1' } } ] From 1b17d950b946f519df4b925ced4309f55d0dc1f0 Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Mon, 18 Nov 2024 11:38:30 -0500 Subject: [PATCH 15/30] fix: Remove custom DNS servers and VPN gateway scale unit from P2S VPN Gateway module and documentation --- avm/res/network/p2s-vpn-gateway/README.md | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/avm/res/network/p2s-vpn-gateway/README.md b/avm/res/network/p2s-vpn-gateway/README.md index 96392671eb..8034b210a5 100644 --- a/avm/res/network/p2s-vpn-gateway/README.md +++ b/avm/res/network/p2s-vpn-gateway/README.md @@ -296,10 +296,6 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { vpnServerConfigurationId: '' // Non-required parameters associatedRouteTableName: 'defaultRouteTable' - customDnsServers: [ - '10.50.10.50' - '10.50.50.50' - ] enableInternetSecurity: true isRoutingPreferenceInternet: false location: '' @@ -315,7 +311,6 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { vpnClientAddressPoolAddressPrefixes: [ '10.0.2.0/24' ] - vpnGatewayScaleUnit: 1 } } ``` @@ -346,12 +341,6 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "associatedRouteTableName": { "value": "defaultRouteTable" }, - "customDnsServers": { - "value": [ - "10.50.10.50", - "10.50.50.50" - ] - }, "enableInternetSecurity": { "value": true }, @@ -380,9 +369,6 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "value": [ "10.0.2.0/24" ] - }, - "vpnGatewayScaleUnit": { - "value": 1 } } } @@ -404,10 +390,6 @@ param virtualHubId = '' param vpnServerConfigurationId = '' // Non-required parameters param associatedRouteTableName = 'defaultRouteTable' -param customDnsServers = [ - '10.50.10.50' - '10.50.50.50' -] param enableInternetSecurity = true param isRoutingPreferenceInternet = false param location = '' @@ -423,7 +405,6 @@ param tags = { param vpnClientAddressPoolAddressPrefixes = [ '10.0.2.0/24' ] -param vpnGatewayScaleUnit = 1 ``` From d4921e2568a570b047a79e7561567e009ed8bbdd Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Mon, 25 Nov 2024 10:44:13 -0500 Subject: [PATCH 16/30] feat: Enhance P2S VPN Gateway with static route configuration and output for Azure Firewall private IP --- avm/res/network/p2s-vpn-gateway/README.md | 162 +++++++++++++----- avm/res/network/p2s-vpn-gateway/main.bicep | 24 ++- avm/res/network/p2s-vpn-gateway/main.json | 44 +++-- .../tests/e2e/defaults/main.test.bicep | 4 +- .../tests/e2e/max/dependencies.bicep | 3 + .../tests/e2e/max/main.test.bicep | 22 ++- .../tests/e2e/waf-aligned/main.test.bicep | 8 +- 7 files changed, 192 insertions(+), 75 deletions(-) diff --git a/avm/res/network/p2s-vpn-gateway/README.md b/avm/res/network/p2s-vpn-gateway/README.md index 8034b210a5..e8c6bd6543 100644 --- a/avm/res/network/p2s-vpn-gateway/README.md +++ b/avm/res/network/p2s-vpn-gateway/README.md @@ -26,7 +26,7 @@ The following section provides usage examples for the module, which were used to >**Note**: To reference the module, please use the following syntax `br/public:avm/res/network/p2s-vpn-gateway:`. - [Using only defaults](#example-1-using-only-defaults) -- [Using only defaults](#example-2-using-only-defaults) +- [Using large parameter set](#example-2-using-large-parameter-set) - [WAF-aligned](#example-3-waf-aligned) ### Example 1: _Using only defaults_ @@ -44,8 +44,8 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { params: { // Required parameters name: 'vscminp2sVpnGw' - virtualHubId: '' - vpnServerConfigurationId: '' + virtualHubResourceId: '' + vpnServerConfigurationResourceId: '' // Non-required parameters associatedRouteTableName: 'defaultRouteTable' location: '' @@ -73,11 +73,11 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "name": { "value": "vscminp2sVpnGw" }, - "virtualHubId": { - "value": "" + "virtualHubResourceId": { + "value": "" }, - "vpnServerConfigurationId": { - "value": "" + "vpnServerConfigurationResourceId": { + "value": "" }, // Non-required parameters "associatedRouteTableName": { @@ -110,8 +110,8 @@ using 'br/public:avm/res/network/p2s-vpn-gateway:' // Required parameters param name = 'vscminp2sVpnGw' -param virtualHubId = '' -param vpnServerConfigurationId = '' +param virtualHubResourceId = '' +param vpnServerConfigurationResourceId = '' // Non-required parameters param associatedRouteTableName = 'defaultRouteTable' param location = '' @@ -124,9 +124,9 @@ param vpnClientAddressPoolAddressPrefixes = [

-### Example 2: _Using only defaults_ +### Example 2: _Using large parameter set_ -This instance deploys the module with the minimum set of required parameters. +This instance deploys the module with most of its features enabled.

@@ -139,8 +139,8 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { params: { // Required parameters name: 'vscmaxp2sVpnGw' - virtualHubId: '' - vpnServerConfigurationId: '' + virtualHubResourceId: '' + vpnServerConfigurationResourceId: '' // Non-required parameters associatedRouteTableName: 'noneRouteTable' customDnsServers: [ @@ -157,6 +157,20 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { propagatedRouteTableNames: [ '' ] + vnetRoutesStaticRoutes: { + staticRoutes: [ + { + addressPrefixes: [ + '10.1.101.0/24' + ] + name: 'staticRoute1' + nextHopIpAddress: '' + } + ] + staticRoutesConfig: { + vnetLocalRouteOverrideCriteria: 'Allow' + } + } vpnClientAddressPoolAddressPrefixes: [ '10.0.2.0/24' '10.0.3.0/24' @@ -182,11 +196,11 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "name": { "value": "vscmaxp2sVpnGw" }, - "virtualHubId": { - "value": "" + "virtualHubResourceId": { + "value": "" }, - "vpnServerConfigurationId": { - "value": "" + "vpnServerConfigurationResourceId": { + "value": "" }, // Non-required parameters "associatedRouteTableName": { @@ -224,6 +238,22 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "" ] }, + "vnetRoutesStaticRoutes": { + "value": { + "staticRoutes": [ + { + "addressPrefixes": [ + "10.1.101.0/24" + ], + "name": "staticRoute1", + "nextHopIpAddress": "" + } + ], + "staticRoutesConfig": { + "vnetLocalRouteOverrideCriteria": "Allow" + } + } + }, "vpnClientAddressPoolAddressPrefixes": { "value": [ "10.0.2.0/24", @@ -249,8 +279,8 @@ using 'br/public:avm/res/network/p2s-vpn-gateway:' // Required parameters param name = 'vscmaxp2sVpnGw' -param virtualHubId = '' -param vpnServerConfigurationId = '' +param virtualHubResourceId = '' +param vpnServerConfigurationResourceId = '' // Non-required parameters param associatedRouteTableName = 'noneRouteTable' param customDnsServers = [ @@ -267,6 +297,20 @@ param propagatedLabelNames = '' param propagatedRouteTableNames = [ '' ] +param vnetRoutesStaticRoutes = { + staticRoutes: [ + { + addressPrefixes: [ + '10.1.101.0/24' + ] + name: 'staticRoute1' + nextHopIpAddress: '' + } + ] + staticRoutesConfig: { + vnetLocalRouteOverrideCriteria: 'Allow' + } +} param vpnClientAddressPoolAddressPrefixes = [ '10.0.2.0/24' '10.0.3.0/24' @@ -292,8 +336,8 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { params: { // Required parameters name: 'vscwafp2sVpnGw' - virtualHubId: '' - vpnServerConfigurationId: '' + virtualHubResourceId: '' + vpnServerConfigurationResourceId: '' // Non-required parameters associatedRouteTableName: 'defaultRouteTable' enableInternetSecurity: true @@ -304,10 +348,6 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { name: 'myCustomLockName' } p2SConnectionConfigurationsName: 'p2sConnectionConfig1' - tags: { - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } vpnClientAddressPoolAddressPrefixes: [ '10.0.2.0/24' ] @@ -331,11 +371,11 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "name": { "value": "vscwafp2sVpnGw" }, - "virtualHubId": { - "value": "" + "virtualHubResourceId": { + "value": "" }, - "vpnServerConfigurationId": { - "value": "" + "vpnServerConfigurationResourceId": { + "value": "" }, // Non-required parameters "associatedRouteTableName": { @@ -359,12 +399,6 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "p2SConnectionConfigurationsName": { "value": "p2sConnectionConfig1" }, - "tags": { - "value": { - "Environment": "Non-Prod", - "Role": "DeploymentValidation" - } - }, "vpnClientAddressPoolAddressPrefixes": { "value": [ "10.0.2.0/24" @@ -386,8 +420,8 @@ using 'br/public:avm/res/network/p2s-vpn-gateway:' // Required parameters param name = 'vscwafp2sVpnGw' -param virtualHubId = '' -param vpnServerConfigurationId = '' +param virtualHubResourceId = '' +param vpnServerConfigurationResourceId = '' // Non-required parameters param associatedRouteTableName = 'defaultRouteTable' param enableInternetSecurity = true @@ -398,10 +432,6 @@ param lock = { name: 'myCustomLockName' } p2SConnectionConfigurationsName: 'p2sConnectionConfig1' -param tags = { - Environment: 'Non-Prod' - Role: 'DeploymentValidation' -} param vpnClientAddressPoolAddressPrefixes = [ '10.0.2.0/24' ] @@ -419,9 +449,9 @@ param vpnClientAddressPoolAddressPrefixes = [ | [`location`](#parameter-location) | string | Location where all resources will be created. | | [`name`](#parameter-name) | string | The name of the P2S VPN Gateway. | | [`p2SConnectionConfigurationsName`](#parameter-p2sconnectionconfigurationsname) | string | The name of the P2S Connection Configuration. | -| [`virtualHubId`](#parameter-virtualhubid) | string | The resource ID of the gateways virtual hub. | +| [`virtualHubResourceId`](#parameter-virtualhubresourceid) | string | The resource ID of the gateways virtual hub. | | [`vpnClientAddressPoolAddressPrefixes`](#parameter-vpnclientaddresspooladdressprefixes) | array | The address prefixes for the VPN Client Address Pool. | -| [`vpnServerConfigurationId`](#parameter-vpnserverconfigurationid) | string | The resource ID of the VPN Server Configuration. | +| [`vpnServerConfigurationResourceId`](#parameter-vpnserverconfigurationresourceid) | string | The resource ID of the VPN Server Configuration. | **Conditional parameters** @@ -443,6 +473,7 @@ param vpnClientAddressPoolAddressPrefixes = [ | [`propagatedLabelNames`](#parameter-propagatedlabelnames) | array | The Labels to propagate routes to. | | [`propagatedRouteTableNames`](#parameter-propagatedroutetablenames) | array | The names of the route tables to propagate to the P2S VPN Gateway. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`vnetRoutesStaticRoutes`](#parameter-vnetroutesstaticroutes) | object | The routes from the virtual hub to virtual network connections. | | [`vpnGatewayScaleUnit`](#parameter-vpngatewayscaleunit) | int | The scale unit of the VPN Gateway. | ### Parameter: `location` @@ -467,7 +498,7 @@ The name of the P2S Connection Configuration. - Required: No - Type: string -### Parameter: `virtualHubId` +### Parameter: `virtualHubResourceId` The resource ID of the gateways virtual hub. @@ -482,7 +513,7 @@ The address prefixes for the VPN Client Address Pool. - Type: array - Default: `[]` -### Parameter: `vpnServerConfigurationId` +### Parameter: `vpnServerConfigurationResourceId` The resource ID of the VPN Server Configuration. @@ -606,6 +637,47 @@ Tags of the resource. - Required: No - Type: object +### Parameter: `vnetRoutesStaticRoutes` + +The routes from the virtual hub to virtual network connections. + +- Required: No +- Type: object + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`staticRoutes`](#parameter-vnetroutesstaticroutesstaticroutes) | array | The static route configuration for the P2S VPN Gateway. | +| [`staticRoutesConfig`](#parameter-vnetroutesstaticroutesstaticroutesconfig) | object | The static route configuration for the P2S VPN Gateway. | + +### Parameter: `vnetRoutesStaticRoutes.staticRoutes` + +The static route configuration for the P2S VPN Gateway. + +- Required: Yes +- Type: array + +### Parameter: `vnetRoutesStaticRoutes.staticRoutesConfig` + +The static route configuration for the P2S VPN Gateway. + +- Required: Yes +- Type: object + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`vnetLocalRouteOverrideCriteria`](#parameter-vnetroutesstaticroutesstaticroutesconfigvnetlocalrouteoverridecriteria) | string | Determines whether the NVA in a SPOKE VNET is bypassed for traffic with destination in spoke. | + +### Parameter: `vnetRoutesStaticRoutes.staticRoutesConfig.vnetLocalRouteOverrideCriteria` + +Determines whether the NVA in a SPOKE VNET is bypassed for traffic with destination in spoke. + +- Required: No +- Type: string + ### Parameter: `vpnGatewayScaleUnit` The scale unit of the VPN Gateway. diff --git a/avm/res/network/p2s-vpn-gateway/main.bicep b/avm/res/network/p2s-vpn-gateway/main.bicep index 2fe5686ba1..17d4ccc184 100644 --- a/avm/res/network/p2s-vpn-gateway/main.bicep +++ b/avm/res/network/p2s-vpn-gateway/main.bicep @@ -16,7 +16,7 @@ param location string = resourceGroup().location param associatedRouteTableName string? @description('Optional. The names of the route tables to propagate to the P2S VPN Gateway.') -param propagatedRouteTableNames array = [] +param propagatedRouteTableNames string[] = [] @description('Optional. The custom DNS servers for the P2S VPN Gateway.') param customDnsServers array = [] @@ -37,19 +37,22 @@ param inboundRouteMapResourceId string? param outboundRouteMapResourceId string? @description('Optional. The Labels to propagate routes to.') -param propagatedLabelNames array = [] +param propagatedLabelNames string[] = [] + +@description('Optional. The routes from the virtual hub to virtual network connections.') +param vnetRoutesStaticRoutes vnetRoutesStaticRoutesType? @description('Required. The address prefixes for the VPN Client Address Pool.') param vpnClientAddressPoolAddressPrefixes array = [] @description('Required. The resource ID of the gateways virtual hub.') -param virtualHubId string +param virtualHubResourceId string @description('Optional. The scale unit of the VPN Gateway.') param vpnGatewayScaleUnit int? @description('Required. The resource ID of the VPN Server Configuration.') -param vpnServerConfigurationId string +param vpnServerConfigurationResourceId string @description('Optional. Tags of the resource.') param tags object? @@ -63,7 +66,7 @@ param enableTelemetry bool = true // =============== // @description('Extract the virtual hub name from the virtual hub ID.') -var virtualHubName = split(virtualHubId, '/')[8] +var virtualHubName = split(virtualHubResourceId, '/')[8] // ============== // @@ -119,6 +122,7 @@ resource p2sVpnGateway 'Microsoft.Network/p2svpnGateways@2024-01-01' = { ] labels: propagatedLabelNames } + vnetRoutes: vnetRoutesStaticRoutes } vpnClientAddressPool: { addressPrefixes: vpnClientAddressPoolAddressPrefixes @@ -127,11 +131,11 @@ resource p2sVpnGateway 'Microsoft.Network/p2svpnGateways@2024-01-01' = { } ] virtualHub: { - id: virtualHubId + id: virtualHubResourceId } vpnGatewayScaleUnit: vpnGatewayScaleUnit vpnServerConfiguration: { - id: vpnServerConfigurationId + id: vpnServerConfigurationResourceId } } } @@ -171,7 +175,10 @@ type lockType = { kind: ('CanNotDelete' | 'ReadOnly' | 'None')? }? +@export() +@description('Optional. A Type representing the VNET static routes for the P2S VPN Gateway.') type vnetRoutesStaticRoutesType = { + @description('Optional. The static route configuration for the P2S VPN Gateway.') staticRoutes: [ { @description('Optional. The address prefixes of the static route.') @@ -184,8 +191,9 @@ type vnetRoutesStaticRoutesType = { nextHopIpAddress: string? } ] + @description('Optional. The static route configuration for the P2S VPN Gateway.') staticRoutesConfig: { - @description('Optional. ') + @description('Optional. Determines whether the NVA in a SPOKE VNET is bypassed for traffic with destination in spoke.') vnetLocalRouteOverrideCriteria: string? } } diff --git a/avm/res/network/p2s-vpn-gateway/main.json b/avm/res/network/p2s-vpn-gateway/main.json index 96af81c65a..8c3abb0242 100644 --- a/avm/res/network/p2s-vpn-gateway/main.json +++ b/avm/res/network/p2s-vpn-gateway/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.34.60546", - "templateHash": "91504486809439588" + "version": "0.31.92.45157", + "templateHash": "12497552485897757858" }, "name": "P2S VPN Gateway", "description": "This module deploys a Virtual Hub P2S Gateway.", @@ -71,7 +71,10 @@ } } ], - "items": false + "items": false, + "metadata": { + "description": "Optional. The static route configuration for the P2S VPN Gateway." + } }, "staticRoutesConfig": { "type": "object", @@ -80,11 +83,18 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. " + "description": "Optional. Determines whether the NVA in a SPOKE VNET is bypassed for traffic with destination in spoke." } } + }, + "metadata": { + "description": "Optional. The static route configuration for the P2S VPN Gateway." } } + }, + "metadata": { + "__bicep_export!": true, + "description": "Optional. A Type representing the VNET static routes for the P2S VPN Gateway." } } }, @@ -115,6 +125,9 @@ }, "propagatedRouteTableNames": { "type": "array", + "items": { + "type": "string" + }, "defaultValue": [], "metadata": { "description": "Optional. The names of the route tables to propagate to the P2S VPN Gateway." @@ -164,11 +177,21 @@ }, "propagatedLabelNames": { "type": "array", + "items": { + "type": "string" + }, "defaultValue": [], "metadata": { "description": "Optional. The Labels to propagate routes to." } }, + "vnetRoutesStaticRoutes": { + "$ref": "#/definitions/vnetRoutesStaticRoutesType", + "nullable": true, + "metadata": { + "description": "Optional. The routes from the virtual hub to virtual network connections." + } + }, "vpnClientAddressPoolAddressPrefixes": { "type": "array", "defaultValue": [], @@ -176,7 +199,7 @@ "description": "Required. The address prefixes for the VPN Client Address Pool." } }, - "virtualHubId": { + "virtualHubResourceId": { "type": "string", "metadata": { "description": "Required. The resource ID of the gateways virtual hub." @@ -189,7 +212,7 @@ "description": "Optional. The scale unit of the VPN Gateway." } }, - "vpnServerConfigurationId": { + "vpnServerConfigurationResourceId": { "type": "string", "metadata": { "description": "Required. The resource ID of the VPN Server Configuration." @@ -217,7 +240,7 @@ } }, "variables": { - "virtualHubName": "[split(parameters('virtualHubId'), '/')[8]]" + "virtualHubName": "[split(parameters('virtualHubResourceId'), '/')[8]]" }, "resources": { "avmTelemetry": { @@ -271,7 +294,8 @@ } ], "labels": "[parameters('propagatedLabelNames')]" - } + }, + "vnetRoutes": "[parameters('vnetRoutesStaticRoutes')]" }, "vpnClientAddressPool": { "addressPrefixes": "[parameters('vpnClientAddressPoolAddressPrefixes')]" @@ -280,11 +304,11 @@ } ], "virtualHub": { - "id": "[parameters('virtualHubId')]" + "id": "[parameters('virtualHubResourceId')]" }, "vpnGatewayScaleUnit": "[parameters('vpnGatewayScaleUnit')]", "vpnServerConfiguration": { - "id": "[parameters('vpnServerConfigurationId')]" + "id": "[parameters('vpnServerConfigurationResourceId')]" } } }, diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep index 7a0d7ba6cd..25e1fd01b5 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep @@ -59,8 +59,8 @@ module testDeployment '../../../main.bicep' = [ '10.0.2.0/24' ] associatedRouteTableName: 'defaultRouteTable' - virtualHubId: nestedDependencies.outputs.virtualHubResourceId - vpnServerConfigurationId: nestedDependencies.outputs.vpnServerConfigurationResourceId + virtualHubResourceId: nestedDependencies.outputs.virtualHubResourceId + vpnServerConfigurationResourceId: nestedDependencies.outputs.vpnServerConfigurationResourceId } } ] diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/max/dependencies.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/max/dependencies.bicep index aa1bb60c57..3cff87c9ec 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/max/dependencies.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/max/dependencies.bicep @@ -134,6 +134,9 @@ output azureFirewallResourceId string = azureFirewall.id @description('The name of the created hub Azure Firewall') output azureFirewallName string = azureFirewall.name +@description('The private IP address of the created hub Azure Firewall') +output azureFirewallPrivateIp string = azureFirewall.properties.ipConfigurations[0].properties.privateIPAddress + @description('The resource ID of the created hub route table') output hubRouteTableName string = hubRouteTable.name diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep index 5acc25f822..f46c17c316 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using only defaults' -metadata description = 'This instance deploys the module with the minimum set of required parameters.' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' // ========== // // Parameters // @@ -67,13 +67,27 @@ module testDeployment '../../../main.bicep' = [ nestedDependencies.outputs.hubRouteTableName ] propagatedLabelNames: nestedDependencies.outputs.hubRouteTableLabels + vnetRoutesStaticRoutes: { + staticRoutes: [ + { + name: 'staticRoute1' + addressPrefixes: [ + '10.1.101.0/24' + ] + nextHopIpAddress: nestedDependencies.outputs.azureFirewallPrivateIp + } + ] + staticRoutesConfig: { + vnetLocalRouteOverrideCriteria: 'Allow' + } + } vpnClientAddressPoolAddressPrefixes: [ '10.0.2.0/24' '10.0.3.0/24' ] - virtualHubId: nestedDependencies.outputs.virtualHubResourceId + virtualHubResourceId: nestedDependencies.outputs.virtualHubResourceId vpnGatewayScaleUnit: 5 - vpnServerConfigurationId: nestedDependencies.outputs.vpnServerConfigurationResourceId + vpnServerConfigurationResourceId: nestedDependencies.outputs.vpnServerConfigurationResourceId p2SConnectionConfigurationsName: 'p2sConnectionConfig1' } } diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep index f855bc1486..a074013a82 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep @@ -58,10 +58,6 @@ module testDeployment '../../../main.bicep' = [ kind: 'CanNotDelete' name: 'myCustomLockName' } - tags: { - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } p2SConnectionConfigurationsName: 'p2sConnectionConfig1' isRoutingPreferenceInternet: false enableInternetSecurity: true @@ -69,8 +65,8 @@ module testDeployment '../../../main.bicep' = [ vpnClientAddressPoolAddressPrefixes: [ '10.0.2.0/24' ] - virtualHubId: nestedDependencies.outputs.virtualHubResourceId - vpnServerConfigurationId: nestedDependencies.outputs.vpnServerConfigurationResourceId + virtualHubResourceId: nestedDependencies.outputs.virtualHubResourceId + vpnServerConfigurationResourceId: nestedDependencies.outputs.vpnServerConfigurationResourceId } } ] From e8e0dce16d94a3ab4b06aea8f4c9a396b2e350cd Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Mon, 25 Nov 2024 11:44:42 -0500 Subject: [PATCH 17/30] fix: Update P2S VPN Gateway test parameters to use tags for environment and role --- .../p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep index a074013a82..fb73b89aea 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep @@ -54,9 +54,9 @@ module testDeployment '../../../main.bicep' = [ params: { name: '${namePrefix}${serviceShort}p2sVpnGw' location: resourceLocation - lock: { - kind: 'CanNotDelete' - name: 'myCustomLockName' + tags: { + Environment: 'Non-Prod' + Role: 'DeploymentValidation' } p2SConnectionConfigurationsName: 'p2sConnectionConfig1' isRoutingPreferenceInternet: false From 290186cd56c2ea20c4c92d6bfc8129db39237fad Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Mon, 25 Nov 2024 11:45:48 -0500 Subject: [PATCH 18/30] fix: Remove lock configuration and add tags for environment and role in P2S VPN Gateway module --- avm/res/network/p2s-vpn-gateway/README.md | 28 +++++++++++------------ 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/avm/res/network/p2s-vpn-gateway/README.md b/avm/res/network/p2s-vpn-gateway/README.md index e8c6bd6543..91331a5eb1 100644 --- a/avm/res/network/p2s-vpn-gateway/README.md +++ b/avm/res/network/p2s-vpn-gateway/README.md @@ -343,11 +343,11 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { enableInternetSecurity: true isRoutingPreferenceInternet: false location: '' - lock: { - kind: 'CanNotDelete' - name: 'myCustomLockName' - } p2SConnectionConfigurationsName: 'p2sConnectionConfig1' + tags: { + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } vpnClientAddressPoolAddressPrefixes: [ '10.0.2.0/24' ] @@ -390,15 +390,15 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "location": { "value": "" }, - "lock": { - "value": { - "kind": "CanNotDelete", - "name": "myCustomLockName" - } - }, "p2SConnectionConfigurationsName": { "value": "p2sConnectionConfig1" }, + "tags": { + "value": { + "Environment": "Non-Prod", + "Role": "DeploymentValidation" + } + }, "vpnClientAddressPoolAddressPrefixes": { "value": [ "10.0.2.0/24" @@ -427,11 +427,11 @@ param associatedRouteTableName = 'defaultRouteTable' param enableInternetSecurity = true param isRoutingPreferenceInternet = false param location = '' -param lock = { - kind: 'CanNotDelete' - name: 'myCustomLockName' -} p2SConnectionConfigurationsName: 'p2sConnectionConfig1' +param tags = { + Environment: 'Non-Prod' + Role: 'DeploymentValidation' +} param vpnClientAddressPoolAddressPrefixes = [ '10.0.2.0/24' ] From f40e2f21363f658657ef71b4b91ad96c97055a05 Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Mon, 25 Nov 2024 12:48:15 -0500 Subject: [PATCH 19/30] fix: Update P2S VPN Gateway parameters to make location optional and ensure p2SConnectionConfigurationsName is required --- avm/res/network/p2s-vpn-gateway/README.md | 50 +++++++++++----------- avm/res/network/p2s-vpn-gateway/main.bicep | 4 +- avm/res/network/p2s-vpn-gateway/main.json | 5 +-- 3 files changed, 29 insertions(+), 30 deletions(-) diff --git a/avm/res/network/p2s-vpn-gateway/README.md b/avm/res/network/p2s-vpn-gateway/README.md index 91331a5eb1..58fe2585a9 100644 --- a/avm/res/network/p2s-vpn-gateway/README.md +++ b/avm/res/network/p2s-vpn-gateway/README.md @@ -44,12 +44,12 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { params: { // Required parameters name: 'vscminp2sVpnGw' + p2SConnectionConfigurationsName: 'p2sConnectionConfig1' virtualHubResourceId: '' vpnServerConfigurationResourceId: '' // Non-required parameters associatedRouteTableName: 'defaultRouteTable' location: '' - p2SConnectionConfigurationsName: 'p2sConnectionConfig1' vpnClientAddressPoolAddressPrefixes: [ '10.0.2.0/24' ] @@ -73,6 +73,9 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "name": { "value": "vscminp2sVpnGw" }, + "p2SConnectionConfigurationsName": { + "value": "p2sConnectionConfig1" + }, "virtualHubResourceId": { "value": "" }, @@ -86,9 +89,6 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "location": { "value": "" }, - "p2SConnectionConfigurationsName": { - "value": "p2sConnectionConfig1" - }, "vpnClientAddressPoolAddressPrefixes": { "value": [ "10.0.2.0/24" @@ -110,12 +110,12 @@ using 'br/public:avm/res/network/p2s-vpn-gateway:' // Required parameters param name = 'vscminp2sVpnGw' +p2SConnectionConfigurationsName: 'p2sConnectionConfig1' param virtualHubResourceId = '' param vpnServerConfigurationResourceId = '' // Non-required parameters param associatedRouteTableName = 'defaultRouteTable' param location = '' -p2SConnectionConfigurationsName: 'p2sConnectionConfig1' param vpnClientAddressPoolAddressPrefixes = [ '10.0.2.0/24' ] @@ -139,6 +139,7 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { params: { // Required parameters name: 'vscmaxp2sVpnGw' + p2SConnectionConfigurationsName: 'p2sConnectionConfig1' virtualHubResourceId: '' vpnServerConfigurationResourceId: '' // Non-required parameters @@ -152,7 +153,6 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { isRoutingPreferenceInternet: false location: '' outboundRouteMapResourceId: '' - p2SConnectionConfigurationsName: 'p2sConnectionConfig1' propagatedLabelNames: '' propagatedRouteTableNames: [ '' @@ -196,6 +196,9 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "name": { "value": "vscmaxp2sVpnGw" }, + "p2SConnectionConfigurationsName": { + "value": "p2sConnectionConfig1" + }, "virtualHubResourceId": { "value": "" }, @@ -227,9 +230,6 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "outboundRouteMapResourceId": { "value": "" }, - "p2SConnectionConfigurationsName": { - "value": "p2sConnectionConfig1" - }, "propagatedLabelNames": { "value": "" }, @@ -279,6 +279,7 @@ using 'br/public:avm/res/network/p2s-vpn-gateway:' // Required parameters param name = 'vscmaxp2sVpnGw' +p2SConnectionConfigurationsName: 'p2sConnectionConfig1' param virtualHubResourceId = '' param vpnServerConfigurationResourceId = '' // Non-required parameters @@ -292,7 +293,6 @@ param inboundRouteMapResourceId = '' param isRoutingPreferenceInternet = false param location = '' param outboundRouteMapResourceId = '' -p2SConnectionConfigurationsName: 'p2sConnectionConfig1' param propagatedLabelNames = '' param propagatedRouteTableNames = [ '' @@ -336,6 +336,7 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { params: { // Required parameters name: 'vscwafp2sVpnGw' + p2SConnectionConfigurationsName: 'p2sConnectionConfig1' virtualHubResourceId: '' vpnServerConfigurationResourceId: '' // Non-required parameters @@ -343,7 +344,6 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { enableInternetSecurity: true isRoutingPreferenceInternet: false location: '' - p2SConnectionConfigurationsName: 'p2sConnectionConfig1' tags: { Environment: 'Non-Prod' Role: 'DeploymentValidation' @@ -371,6 +371,9 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "name": { "value": "vscwafp2sVpnGw" }, + "p2SConnectionConfigurationsName": { + "value": "p2sConnectionConfig1" + }, "virtualHubResourceId": { "value": "" }, @@ -390,9 +393,6 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "location": { "value": "" }, - "p2SConnectionConfigurationsName": { - "value": "p2sConnectionConfig1" - }, "tags": { "value": { "Environment": "Non-Prod", @@ -420,6 +420,7 @@ using 'br/public:avm/res/network/p2s-vpn-gateway:' // Required parameters param name = 'vscwafp2sVpnGw' +p2SConnectionConfigurationsName: 'p2sConnectionConfig1' param virtualHubResourceId = '' param vpnServerConfigurationResourceId = '' // Non-required parameters @@ -427,7 +428,6 @@ param associatedRouteTableName = 'defaultRouteTable' param enableInternetSecurity = true param isRoutingPreferenceInternet = false param location = '' -p2SConnectionConfigurationsName: 'p2sConnectionConfig1' param tags = { Environment: 'Non-Prod' Role: 'DeploymentValidation' @@ -446,7 +446,6 @@ param vpnClientAddressPoolAddressPrefixes = [ | Parameter | Type | Description | | :-- | :-- | :-- | -| [`location`](#parameter-location) | string | Location where all resources will be created. | | [`name`](#parameter-name) | string | The name of the P2S VPN Gateway. | | [`p2SConnectionConfigurationsName`](#parameter-p2sconnectionconfigurationsname) | string | The name of the P2S Connection Configuration. | | [`virtualHubResourceId`](#parameter-virtualhubresourceid) | string | The resource ID of the gateways virtual hub. | @@ -468,6 +467,7 @@ param vpnClientAddressPoolAddressPrefixes = [ | [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`inboundRouteMapResourceId`](#parameter-inboundroutemapresourceid) | string | The Resource ID of the inbound route map. | | [`isRoutingPreferenceInternet`](#parameter-isroutingpreferenceinternet) | bool | The routing preference for the P2S VPN Gateway, Internet or Microsoft network. | +| [`location`](#parameter-location) | string | Location where all resources will be created. | | [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`outboundRouteMapResourceId`](#parameter-outboundroutemapresourceid) | string | The Resource ID of the outbound route map. | | [`propagatedLabelNames`](#parameter-propagatedlabelnames) | array | The Labels to propagate routes to. | @@ -476,14 +476,6 @@ param vpnClientAddressPoolAddressPrefixes = [ | [`vnetRoutesStaticRoutes`](#parameter-vnetroutesstaticroutes) | object | The routes from the virtual hub to virtual network connections. | | [`vpnGatewayScaleUnit`](#parameter-vpngatewayscaleunit) | int | The scale unit of the VPN Gateway. | -### Parameter: `location` - -Location where all resources will be created. - -- Required: No -- Type: string -- Default: `[resourceGroup().location]` - ### Parameter: `name` The name of the P2S VPN Gateway. @@ -495,7 +487,7 @@ The name of the P2S VPN Gateway. The name of the P2S Connection Configuration. -- Required: No +- Required: Yes - Type: string ### Parameter: `virtualHubResourceId` @@ -571,6 +563,14 @@ The routing preference for the P2S VPN Gateway, Internet or Microsoft network. - Required: No - Type: bool +### Parameter: `location` + +Location where all resources will be created. + +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + ### Parameter: `lock` The lock settings of the service. diff --git a/avm/res/network/p2s-vpn-gateway/main.bicep b/avm/res/network/p2s-vpn-gateway/main.bicep index 17d4ccc184..d95fc07d91 100644 --- a/avm/res/network/p2s-vpn-gateway/main.bicep +++ b/avm/res/network/p2s-vpn-gateway/main.bicep @@ -5,7 +5,7 @@ metadata owner = 'Azure/module-maintainers' @description('Required. The name of the P2S VPN Gateway.') param name string -@description('Required. Location where all resources will be created.') +@description('Optional. Location where all resources will be created.') param location string = resourceGroup().location @allowed([ @@ -25,7 +25,7 @@ param customDnsServers array = [] param isRoutingPreferenceInternet bool? @description('Required. The name of the P2S Connection Configuration.') -param p2SConnectionConfigurationsName string? +param p2SConnectionConfigurationsName string @description('Optional. Enable/Disable Internet Security; "Propagate Default Route".') param enableInternetSecurity bool? diff --git a/avm/res/network/p2s-vpn-gateway/main.json b/avm/res/network/p2s-vpn-gateway/main.json index 8c3abb0242..10641e83fa 100644 --- a/avm/res/network/p2s-vpn-gateway/main.json +++ b/avm/res/network/p2s-vpn-gateway/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.31.92.45157", - "templateHash": "12497552485897757858" + "templateHash": "7924437135032484571" }, "name": "P2S VPN Gateway", "description": "This module deploys a Virtual Hub P2S Gateway.", @@ -109,7 +109,7 @@ "type": "string", "defaultValue": "[resourceGroup().location]", "metadata": { - "description": "Required. Location where all resources will be created." + "description": "Optional. Location where all resources will be created." } }, "associatedRouteTableName": { @@ -149,7 +149,6 @@ }, "p2SConnectionConfigurationsName": { "type": "string", - "nullable": true, "metadata": { "description": "Required. The name of the P2S Connection Configuration." } From e82865bc58f922389ca05a597c1ef10eafd42979 Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Mon, 25 Nov 2024 13:04:42 -0500 Subject: [PATCH 20/30] fix: Update vpnClientAddressPoolAddressPrefixes parameter to be optional in documentation and Bicep template --- avm/res/network/p2s-vpn-gateway/README.md | 18 +++++++++--------- avm/res/network/p2s-vpn-gateway/main.bicep | 2 +- avm/res/network/p2s-vpn-gateway/main.json | 4 ++-- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/avm/res/network/p2s-vpn-gateway/README.md b/avm/res/network/p2s-vpn-gateway/README.md index 58fe2585a9..fa59f1872b 100644 --- a/avm/res/network/p2s-vpn-gateway/README.md +++ b/avm/res/network/p2s-vpn-gateway/README.md @@ -449,7 +449,6 @@ param vpnClientAddressPoolAddressPrefixes = [ | [`name`](#parameter-name) | string | The name of the P2S VPN Gateway. | | [`p2SConnectionConfigurationsName`](#parameter-p2sconnectionconfigurationsname) | string | The name of the P2S Connection Configuration. | | [`virtualHubResourceId`](#parameter-virtualhubresourceid) | string | The resource ID of the gateways virtual hub. | -| [`vpnClientAddressPoolAddressPrefixes`](#parameter-vpnclientaddresspooladdressprefixes) | array | The address prefixes for the VPN Client Address Pool. | | [`vpnServerConfigurationResourceId`](#parameter-vpnserverconfigurationresourceid) | string | The resource ID of the VPN Server Configuration. | **Conditional parameters** @@ -474,6 +473,7 @@ param vpnClientAddressPoolAddressPrefixes = [ | [`propagatedRouteTableNames`](#parameter-propagatedroutetablenames) | array | The names of the route tables to propagate to the P2S VPN Gateway. | | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`vnetRoutesStaticRoutes`](#parameter-vnetroutesstaticroutes) | object | The routes from the virtual hub to virtual network connections. | +| [`vpnClientAddressPoolAddressPrefixes`](#parameter-vpnclientaddresspooladdressprefixes) | array | The address prefixes for the VPN Client Address Pool. | | [`vpnGatewayScaleUnit`](#parameter-vpngatewayscaleunit) | int | The scale unit of the VPN Gateway. | ### Parameter: `name` @@ -497,14 +497,6 @@ The resource ID of the gateways virtual hub. - Required: Yes - Type: string -### Parameter: `vpnClientAddressPoolAddressPrefixes` - -The address prefixes for the VPN Client Address Pool. - -- Required: No -- Type: array -- Default: `[]` - ### Parameter: `vpnServerConfigurationResourceId` The resource ID of the VPN Server Configuration. @@ -678,6 +670,14 @@ Determines whether the NVA in a SPOKE VNET is bypassed for traffic with destinat - Required: No - Type: string +### Parameter: `vpnClientAddressPoolAddressPrefixes` + +The address prefixes for the VPN Client Address Pool. + +- Required: No +- Type: array +- Default: `[]` + ### Parameter: `vpnGatewayScaleUnit` The scale unit of the VPN Gateway. diff --git a/avm/res/network/p2s-vpn-gateway/main.bicep b/avm/res/network/p2s-vpn-gateway/main.bicep index d95fc07d91..8d84a5a475 100644 --- a/avm/res/network/p2s-vpn-gateway/main.bicep +++ b/avm/res/network/p2s-vpn-gateway/main.bicep @@ -42,7 +42,7 @@ param propagatedLabelNames string[] = [] @description('Optional. The routes from the virtual hub to virtual network connections.') param vnetRoutesStaticRoutes vnetRoutesStaticRoutesType? -@description('Required. The address prefixes for the VPN Client Address Pool.') +@description('Optional. The address prefixes for the VPN Client Address Pool.') param vpnClientAddressPoolAddressPrefixes array = [] @description('Required. The resource ID of the gateways virtual hub.') diff --git a/avm/res/network/p2s-vpn-gateway/main.json b/avm/res/network/p2s-vpn-gateway/main.json index 10641e83fa..2dbe4d4d1a 100644 --- a/avm/res/network/p2s-vpn-gateway/main.json +++ b/avm/res/network/p2s-vpn-gateway/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.31.92.45157", - "templateHash": "7924437135032484571" + "templateHash": "16702048568126491308" }, "name": "P2S VPN Gateway", "description": "This module deploys a Virtual Hub P2S Gateway.", @@ -195,7 +195,7 @@ "type": "array", "defaultValue": [], "metadata": { - "description": "Required. The address prefixes for the VPN Client Address Pool." + "description": "Optional. The address prefixes for the VPN Client Address Pool." } }, "virtualHubResourceId": { From 53818530686ecfe32b4f78fdeef3a32f1d6e2c15 Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Mon, 25 Nov 2024 14:10:03 -0500 Subject: [PATCH 21/30] feat: Add optional static route configuration for P2S VPN Gateway --- avm/res/network/p2s-vpn-gateway/README.md | 38 ++++++++++++- avm/res/network/p2s-vpn-gateway/main.bicep | 20 ++++--- avm/res/network/p2s-vpn-gateway/main.json | 54 ++++++++++--------- .../tests/e2e/waf-aligned/main.test.bicep | 3 ++ 4 files changed, 76 insertions(+), 39 deletions(-) diff --git a/avm/res/network/p2s-vpn-gateway/README.md b/avm/res/network/p2s-vpn-gateway/README.md index fa59f1872b..bd8d321422 100644 --- a/avm/res/network/p2s-vpn-gateway/README.md +++ b/avm/res/network/p2s-vpn-gateway/README.md @@ -348,6 +348,7 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { Environment: 'Non-Prod' Role: 'DeploymentValidation' } + vnetRoutesStaticRoutes: {} vpnClientAddressPoolAddressPrefixes: [ '10.0.2.0/24' ] @@ -399,6 +400,9 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "Role": "DeploymentValidation" } }, + "vnetRoutesStaticRoutes": { + "value": {} + }, "vpnClientAddressPoolAddressPrefixes": { "value": [ "10.0.2.0/24" @@ -432,6 +436,7 @@ param tags = { Environment: 'Non-Prod' Role: 'DeploymentValidation' } +param vnetRoutesStaticRoutes = {} param vpnClientAddressPoolAddressPrefixes = [ '10.0.2.0/24' ] @@ -647,14 +652,43 @@ The routes from the virtual hub to virtual network connections. The static route configuration for the P2S VPN Gateway. -- Required: Yes +- Required: No +- Type: array + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`addressPrefixes`](#parameter-vnetroutesstaticroutesstaticroutesaddressprefixes) | array | The address prefixes of the static route. | +| [`name`](#parameter-vnetroutesstaticroutesstaticroutesname) | string | The name of the static route. | +| [`nextHopIpAddress`](#parameter-vnetroutesstaticroutesstaticroutesnexthopipaddress) | string | The next hop IP of the static route. | + +### Parameter: `vnetRoutesStaticRoutes.staticRoutes.addressPrefixes` + +The address prefixes of the static route. + +- Required: No - Type: array +### Parameter: `vnetRoutesStaticRoutes.staticRoutes.name` + +The name of the static route. + +- Required: No +- Type: string + +### Parameter: `vnetRoutesStaticRoutes.staticRoutes.nextHopIpAddress` + +The next hop IP of the static route. + +- Required: No +- Type: string + ### Parameter: `vnetRoutesStaticRoutes.staticRoutesConfig` The static route configuration for the P2S VPN Gateway. -- Required: Yes +- Required: No - Type: object **Optional parameters** diff --git a/avm/res/network/p2s-vpn-gateway/main.bicep b/avm/res/network/p2s-vpn-gateway/main.bicep index 8d84a5a475..f6ed9c3c59 100644 --- a/avm/res/network/p2s-vpn-gateway/main.bicep +++ b/avm/res/network/p2s-vpn-gateway/main.bicep @@ -179,22 +179,20 @@ type lockType = { @description('Optional. A Type representing the VNET static routes for the P2S VPN Gateway.') type vnetRoutesStaticRoutesType = { @description('Optional. The static route configuration for the P2S VPN Gateway.') - staticRoutes: [ - { - @description('Optional. The address prefixes of the static route.') - addressPrefixes: array? + staticRoutes: { + @description('Optional. The address prefixes of the static route.') + addressPrefixes: string[]? - @description('Optional. The name of the static route.') - name: string? + @description('Optional. The name of the static route.') + name: string? - @description('Optional. The next hop IP of the static route.') - nextHopIpAddress: string? - } - ] + @description('Optional. The next hop IP of the static route.') + nextHopIpAddress: string? + }[]? @description('Optional. The static route configuration for the P2S VPN Gateway.') staticRoutesConfig: { @description('Optional. Determines whether the NVA in a SPOKE VNET is bypassed for traffic with destination in spoke.') vnetLocalRouteOverrideCriteria: string? - } + }? } diff --git a/avm/res/network/p2s-vpn-gateway/main.json b/avm/res/network/p2s-vpn-gateway/main.json index 2dbe4d4d1a..7c1883555e 100644 --- a/avm/res/network/p2s-vpn-gateway/main.json +++ b/avm/res/network/p2s-vpn-gateway/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.31.92.45157", - "templateHash": "16702048568126491308" + "templateHash": "18201468322189687463" }, "name": "P2S VPN Gateway", "description": "This module deploys a Virtual Hub P2S Gateway.", @@ -43,35 +43,36 @@ "properties": { "staticRoutes": { "type": "array", - "prefixItems": [ - { - "type": "object", - "properties": { - "addressPrefixes": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. The address prefixes of the static route." - } - }, - "name": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name of the static route." - } + "items": { + "type": "object", + "properties": { + "addressPrefixes": { + "type": "array", + "items": { + "type": "string" }, - "nextHopIpAddress": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The next hop IP of the static route." - } + "nullable": true, + "metadata": { + "description": "Optional. The address prefixes of the static route." + } + }, + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the static route." + } + }, + "nextHopIpAddress": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The next hop IP of the static route." } } } - ], - "items": false, + }, + "nullable": true, "metadata": { "description": "Optional. The static route configuration for the P2S VPN Gateway." } @@ -87,6 +88,7 @@ } } }, + "nullable": true, "metadata": { "description": "Optional. The static route configuration for the P2S VPN Gateway." } diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep index fb73b89aea..d04e38c159 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep @@ -65,6 +65,9 @@ module testDeployment '../../../main.bicep' = [ vpnClientAddressPoolAddressPrefixes: [ '10.0.2.0/24' ] + vnetRoutesStaticRoutes: { + + } virtualHubResourceId: nestedDependencies.outputs.virtualHubResourceId vpnServerConfigurationResourceId: nestedDependencies.outputs.vpnServerConfigurationResourceId } From d4047976e88c7905047b7f6fdcf4bbec8a447594 Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Mon, 25 Nov 2024 16:42:17 -0500 Subject: [PATCH 22/30] fix: Update output for Azure Firewall private IP to use hubIPAddresses property --- .../network/p2s-vpn-gateway/tests/e2e/max/dependencies.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/max/dependencies.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/max/dependencies.bicep index 3cff87c9ec..0c1c2921e0 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/max/dependencies.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/max/dependencies.bicep @@ -135,7 +135,7 @@ output azureFirewallResourceId string = azureFirewall.id output azureFirewallName string = azureFirewall.name @description('The private IP address of the created hub Azure Firewall') -output azureFirewallPrivateIp string = azureFirewall.properties.ipConfigurations[0].properties.privateIPAddress +output azureFirewallPrivateIp string = azureFirewall.properties.hubIPAddresses.privateIPAddress @description('The resource ID of the created hub route table') output hubRouteTableName string = hubRouteTable.name From 4365765453ecd8912d2fab8d760b66abd3a94861 Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Tue, 26 Nov 2024 21:46:44 -0500 Subject: [PATCH 23/30] fix: Add dependency on hubRouteTable for VPNRouteMap and clean up unused static routes in tests --- .../tests/e2e/max/dependencies.bicep | 3 +++ .../tests/e2e/max/main.test.bicep | 17 +---------------- 2 files changed, 4 insertions(+), 16 deletions(-) diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/max/dependencies.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/max/dependencies.bicep index 0c1c2921e0..0d76871948 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/max/dependencies.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/max/dependencies.bicep @@ -62,6 +62,9 @@ resource hubRouteTable 'Microsoft.Network/virtualHubs/hubRouteTables@2024-01-01' resource hubRouteMap 'Microsoft.Network/virtualHubs/routeMaps@2024-01-01' = { name: 'VPNRouteMap' parent: virtualHub + dependsOn: [ + hubRouteTable + ] properties: { rules: [ { diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep index f46c17c316..d52b47fb1c 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep @@ -21,7 +21,6 @@ param serviceShort string = 'vscmax' param namePrefix string = '#_namePrefix_#' - // ============ // // Dependencies // // ============ // @@ -67,20 +66,6 @@ module testDeployment '../../../main.bicep' = [ nestedDependencies.outputs.hubRouteTableName ] propagatedLabelNames: nestedDependencies.outputs.hubRouteTableLabels - vnetRoutesStaticRoutes: { - staticRoutes: [ - { - name: 'staticRoute1' - addressPrefixes: [ - '10.1.101.0/24' - ] - nextHopIpAddress: nestedDependencies.outputs.azureFirewallPrivateIp - } - ] - staticRoutesConfig: { - vnetLocalRouteOverrideCriteria: 'Allow' - } - } vpnClientAddressPoolAddressPrefixes: [ '10.0.2.0/24' '10.0.3.0/24' @@ -88,7 +73,7 @@ module testDeployment '../../../main.bicep' = [ virtualHubResourceId: nestedDependencies.outputs.virtualHubResourceId vpnGatewayScaleUnit: 5 vpnServerConfigurationResourceId: nestedDependencies.outputs.vpnServerConfigurationResourceId - p2SConnectionConfigurationsName: 'p2sConnectionConfig1' + p2SConnectionConfigurationsName: 'p2sConnectionConfig' } } ] From 218ba14bbfb1539818203ed4900b749469690bcd Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Wed, 27 Nov 2024 08:51:55 -0500 Subject: [PATCH 24/30] fix: Update p2SConnectionConfigurationsName to remove suffix and clean up unused static routes in README --- avm/res/network/p2s-vpn-gateway/README.md | 50 ++--------------------- 1 file changed, 3 insertions(+), 47 deletions(-) diff --git a/avm/res/network/p2s-vpn-gateway/README.md b/avm/res/network/p2s-vpn-gateway/README.md index bd8d321422..2636ad21c3 100644 --- a/avm/res/network/p2s-vpn-gateway/README.md +++ b/avm/res/network/p2s-vpn-gateway/README.md @@ -139,7 +139,7 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { params: { // Required parameters name: 'vscmaxp2sVpnGw' - p2SConnectionConfigurationsName: 'p2sConnectionConfig1' + p2SConnectionConfigurationsName: 'p2sConnectionConfig' virtualHubResourceId: '' vpnServerConfigurationResourceId: '' // Non-required parameters @@ -157,20 +157,6 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { propagatedRouteTableNames: [ '' ] - vnetRoutesStaticRoutes: { - staticRoutes: [ - { - addressPrefixes: [ - '10.1.101.0/24' - ] - name: 'staticRoute1' - nextHopIpAddress: '' - } - ] - staticRoutesConfig: { - vnetLocalRouteOverrideCriteria: 'Allow' - } - } vpnClientAddressPoolAddressPrefixes: [ '10.0.2.0/24' '10.0.3.0/24' @@ -197,7 +183,7 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "value": "vscmaxp2sVpnGw" }, "p2SConnectionConfigurationsName": { - "value": "p2sConnectionConfig1" + "value": "p2sConnectionConfig" }, "virtualHubResourceId": { "value": "" @@ -238,22 +224,6 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "" ] }, - "vnetRoutesStaticRoutes": { - "value": { - "staticRoutes": [ - { - "addressPrefixes": [ - "10.1.101.0/24" - ], - "name": "staticRoute1", - "nextHopIpAddress": "" - } - ], - "staticRoutesConfig": { - "vnetLocalRouteOverrideCriteria": "Allow" - } - } - }, "vpnClientAddressPoolAddressPrefixes": { "value": [ "10.0.2.0/24", @@ -279,7 +249,7 @@ using 'br/public:avm/res/network/p2s-vpn-gateway:' // Required parameters param name = 'vscmaxp2sVpnGw' -p2SConnectionConfigurationsName: 'p2sConnectionConfig1' +p2SConnectionConfigurationsName: 'p2sConnectionConfig' param virtualHubResourceId = '' param vpnServerConfigurationResourceId = '' // Non-required parameters @@ -297,20 +267,6 @@ param propagatedLabelNames = '' param propagatedRouteTableNames = [ '' ] -param vnetRoutesStaticRoutes = { - staticRoutes: [ - { - addressPrefixes: [ - '10.1.101.0/24' - ] - name: 'staticRoute1' - nextHopIpAddress: '' - } - ] - staticRoutesConfig: { - vnetLocalRouteOverrideCriteria: 'Allow' - } -} param vpnClientAddressPoolAddressPrefixes = [ '10.0.2.0/24' '10.0.3.0/24' From a0cdc9cbbd350d6fd4fd819a53e91d05c5975420 Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Wed, 27 Nov 2024 10:57:26 -0500 Subject: [PATCH 25/30] fix: Comment out unused vpnClientAddressPoolAddressPrefixes in Bicep test file --- .../network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep index 25e1fd01b5..5cb045c429 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep @@ -55,10 +55,11 @@ module testDeployment '../../../main.bicep' = [ name: '${namePrefix}${serviceShort}p2sVpnGw' location: resourceLocation p2SConnectionConfigurationsName: 'p2sConnectionConfig1' - vpnClientAddressPoolAddressPrefixes: [ + /*vpnClientAddressPoolAddressPrefixes: [ '10.0.2.0/24' ] associatedRouteTableName: 'defaultRouteTable' + */ virtualHubResourceId: nestedDependencies.outputs.virtualHubResourceId vpnServerConfigurationResourceId: nestedDependencies.outputs.vpnServerConfigurationResourceId } From e9d61641256c02e6cb40f76722df38becfa5d6dc Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Sun, 1 Dec 2024 21:19:54 -0500 Subject: [PATCH 26/30] fix: Update p2SConnectionConfigurationsName and vpnServerConfigurationResourceId to be optional in Bicep files --- avm/res/network/p2s-vpn-gateway/README.md | 81 +++++++++---------- avm/res/network/p2s-vpn-gateway/main.bicep | 6 +- avm/res/network/p2s-vpn-gateway/main.json | 6 +- .../tests/e2e/defaults/main.test.bicep | 4 +- 4 files changed, 46 insertions(+), 51 deletions(-) diff --git a/avm/res/network/p2s-vpn-gateway/README.md b/avm/res/network/p2s-vpn-gateway/README.md index 2636ad21c3..7a1c41b1bb 100644 --- a/avm/res/network/p2s-vpn-gateway/README.md +++ b/avm/res/network/p2s-vpn-gateway/README.md @@ -44,15 +44,14 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { params: { // Required parameters name: 'vscminp2sVpnGw' - p2SConnectionConfigurationsName: 'p2sConnectionConfig1' virtualHubResourceId: '' - vpnServerConfigurationResourceId: '' // Non-required parameters associatedRouteTableName: 'defaultRouteTable' - location: '' + p2SConnectionConfigurationsName: 'p2sConnectionConfig1' vpnClientAddressPoolAddressPrefixes: [ '10.0.2.0/24' ] + vpnServerConfigurationResourceId: '' } } ``` @@ -73,26 +72,23 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "name": { "value": "vscminp2sVpnGw" }, - "p2SConnectionConfigurationsName": { - "value": "p2sConnectionConfig1" - }, "virtualHubResourceId": { "value": "" }, - "vpnServerConfigurationResourceId": { - "value": "" - }, // Non-required parameters "associatedRouteTableName": { "value": "defaultRouteTable" }, - "location": { - "value": "" + "p2SConnectionConfigurationsName": { + "value": "p2sConnectionConfig1" }, "vpnClientAddressPoolAddressPrefixes": { "value": [ "10.0.2.0/24" ] + }, + "vpnServerConfigurationResourceId": { + "value": "" } } } @@ -110,15 +106,14 @@ using 'br/public:avm/res/network/p2s-vpn-gateway:' // Required parameters param name = 'vscminp2sVpnGw' -p2SConnectionConfigurationsName: 'p2sConnectionConfig1' param virtualHubResourceId = '' -param vpnServerConfigurationResourceId = '' // Non-required parameters param associatedRouteTableName = 'defaultRouteTable' -param location = '' +p2SConnectionConfigurationsName: 'p2sConnectionConfig1' param vpnClientAddressPoolAddressPrefixes = [ '10.0.2.0/24' ] +param vpnServerConfigurationResourceId = '' ```
@@ -139,9 +134,7 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { params: { // Required parameters name: 'vscmaxp2sVpnGw' - p2SConnectionConfigurationsName: 'p2sConnectionConfig' virtualHubResourceId: '' - vpnServerConfigurationResourceId: '' // Non-required parameters associatedRouteTableName: 'noneRouteTable' customDnsServers: [ @@ -153,6 +146,7 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { isRoutingPreferenceInternet: false location: '' outboundRouteMapResourceId: '' + p2SConnectionConfigurationsName: 'p2sConnectionConfig' propagatedLabelNames: '' propagatedRouteTableNames: [ '' @@ -162,6 +156,7 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { '10.0.3.0/24' ] vpnGatewayScaleUnit: 5 + vpnServerConfigurationResourceId: '' } } ``` @@ -182,15 +177,9 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "name": { "value": "vscmaxp2sVpnGw" }, - "p2SConnectionConfigurationsName": { - "value": "p2sConnectionConfig" - }, "virtualHubResourceId": { "value": "" }, - "vpnServerConfigurationResourceId": { - "value": "" - }, // Non-required parameters "associatedRouteTableName": { "value": "noneRouteTable" @@ -216,6 +205,9 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "outboundRouteMapResourceId": { "value": "" }, + "p2SConnectionConfigurationsName": { + "value": "p2sConnectionConfig" + }, "propagatedLabelNames": { "value": "" }, @@ -232,6 +224,9 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { }, "vpnGatewayScaleUnit": { "value": 5 + }, + "vpnServerConfigurationResourceId": { + "value": "" } } } @@ -249,9 +244,7 @@ using 'br/public:avm/res/network/p2s-vpn-gateway:' // Required parameters param name = 'vscmaxp2sVpnGw' -p2SConnectionConfigurationsName: 'p2sConnectionConfig' param virtualHubResourceId = '' -param vpnServerConfigurationResourceId = '' // Non-required parameters param associatedRouteTableName = 'noneRouteTable' param customDnsServers = [ @@ -263,6 +256,7 @@ param inboundRouteMapResourceId = '' param isRoutingPreferenceInternet = false param location = '' param outboundRouteMapResourceId = '' +p2SConnectionConfigurationsName: 'p2sConnectionConfig' param propagatedLabelNames = '' param propagatedRouteTableNames = [ '' @@ -272,6 +266,7 @@ param vpnClientAddressPoolAddressPrefixes = [ '10.0.3.0/24' ] param vpnGatewayScaleUnit = 5 +param vpnServerConfigurationResourceId = '' ``` @@ -292,14 +287,13 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { params: { // Required parameters name: 'vscwafp2sVpnGw' - p2SConnectionConfigurationsName: 'p2sConnectionConfig1' virtualHubResourceId: '' - vpnServerConfigurationResourceId: '' // Non-required parameters associatedRouteTableName: 'defaultRouteTable' enableInternetSecurity: true isRoutingPreferenceInternet: false location: '' + p2SConnectionConfigurationsName: 'p2sConnectionConfig1' tags: { Environment: 'Non-Prod' Role: 'DeploymentValidation' @@ -308,6 +302,7 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { vpnClientAddressPoolAddressPrefixes: [ '10.0.2.0/24' ] + vpnServerConfigurationResourceId: '' } } ``` @@ -328,15 +323,9 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "name": { "value": "vscwafp2sVpnGw" }, - "p2SConnectionConfigurationsName": { - "value": "p2sConnectionConfig1" - }, "virtualHubResourceId": { "value": "" }, - "vpnServerConfigurationResourceId": { - "value": "" - }, // Non-required parameters "associatedRouteTableName": { "value": "defaultRouteTable" @@ -350,6 +339,9 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "location": { "value": "" }, + "p2SConnectionConfigurationsName": { + "value": "p2sConnectionConfig1" + }, "tags": { "value": { "Environment": "Non-Prod", @@ -363,6 +355,9 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "value": [ "10.0.2.0/24" ] + }, + "vpnServerConfigurationResourceId": { + "value": "" } } } @@ -380,14 +375,13 @@ using 'br/public:avm/res/network/p2s-vpn-gateway:' // Required parameters param name = 'vscwafp2sVpnGw' -p2SConnectionConfigurationsName: 'p2sConnectionConfig1' param virtualHubResourceId = '' -param vpnServerConfigurationResourceId = '' // Non-required parameters param associatedRouteTableName = 'defaultRouteTable' param enableInternetSecurity = true param isRoutingPreferenceInternet = false param location = '' +p2SConnectionConfigurationsName: 'p2sConnectionConfig1' param tags = { Environment: 'Non-Prod' Role: 'DeploymentValidation' @@ -396,6 +390,7 @@ param vnetRoutesStaticRoutes = {} param vpnClientAddressPoolAddressPrefixes = [ '10.0.2.0/24' ] +param vpnServerConfigurationResourceId = '' ``` @@ -408,7 +403,6 @@ param vpnClientAddressPoolAddressPrefixes = [ | Parameter | Type | Description | | :-- | :-- | :-- | | [`name`](#parameter-name) | string | The name of the P2S VPN Gateway. | -| [`p2SConnectionConfigurationsName`](#parameter-p2sconnectionconfigurationsname) | string | The name of the P2S Connection Configuration. | | [`virtualHubResourceId`](#parameter-virtualhubresourceid) | string | The resource ID of the gateways virtual hub. | | [`vpnServerConfigurationResourceId`](#parameter-vpnserverconfigurationresourceid) | string | The resource ID of the VPN Server Configuration. | @@ -430,6 +424,7 @@ param vpnClientAddressPoolAddressPrefixes = [ | [`location`](#parameter-location) | string | Location where all resources will be created. | | [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`outboundRouteMapResourceId`](#parameter-outboundroutemapresourceid) | string | The Resource ID of the outbound route map. | +| [`p2SConnectionConfigurationsName`](#parameter-p2sconnectionconfigurationsname) | string | The name of the P2S Connection Configuration. | | [`propagatedLabelNames`](#parameter-propagatedlabelnames) | array | The Labels to propagate routes to. | | [`propagatedRouteTableNames`](#parameter-propagatedroutetablenames) | array | The names of the route tables to propagate to the P2S VPN Gateway. | | [`tags`](#parameter-tags) | object | Tags of the resource. | @@ -444,13 +439,6 @@ The name of the P2S VPN Gateway. - Required: Yes - Type: string -### Parameter: `p2SConnectionConfigurationsName` - -The name of the P2S Connection Configuration. - -- Required: Yes -- Type: string - ### Parameter: `virtualHubResourceId` The resource ID of the gateways virtual hub. @@ -462,7 +450,7 @@ The resource ID of the gateways virtual hub. The resource ID of the VPN Server Configuration. -- Required: Yes +- Required: No - Type: string ### Parameter: `associatedRouteTableName` @@ -567,6 +555,13 @@ The Resource ID of the outbound route map. - Required: No - Type: string +### Parameter: `p2SConnectionConfigurationsName` + +The name of the P2S Connection Configuration. + +- Required: No +- Type: string + ### Parameter: `propagatedLabelNames` The Labels to propagate routes to. diff --git a/avm/res/network/p2s-vpn-gateway/main.bicep b/avm/res/network/p2s-vpn-gateway/main.bicep index f6ed9c3c59..6b31d54a48 100644 --- a/avm/res/network/p2s-vpn-gateway/main.bicep +++ b/avm/res/network/p2s-vpn-gateway/main.bicep @@ -24,8 +24,8 @@ param customDnsServers array = [] @description('Optional. The routing preference for the P2S VPN Gateway, Internet or Microsoft network.') param isRoutingPreferenceInternet bool? -@description('Required. The name of the P2S Connection Configuration.') -param p2SConnectionConfigurationsName string +@description('Optional. The name of the P2S Connection Configuration.') +param p2SConnectionConfigurationsName string? @description('Optional. Enable/Disable Internet Security; "Propagate Default Route".') param enableInternetSecurity bool? @@ -52,7 +52,7 @@ param virtualHubResourceId string param vpnGatewayScaleUnit int? @description('Required. The resource ID of the VPN Server Configuration.') -param vpnServerConfigurationResourceId string +param vpnServerConfigurationResourceId string? @description('Optional. Tags of the resource.') param tags object? diff --git a/avm/res/network/p2s-vpn-gateway/main.json b/avm/res/network/p2s-vpn-gateway/main.json index 7c1883555e..7a962c5114 100644 --- a/avm/res/network/p2s-vpn-gateway/main.json +++ b/avm/res/network/p2s-vpn-gateway/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.31.92.45157", - "templateHash": "18201468322189687463" + "templateHash": "6406689213274600377" }, "name": "P2S VPN Gateway", "description": "This module deploys a Virtual Hub P2S Gateway.", @@ -151,8 +151,9 @@ }, "p2SConnectionConfigurationsName": { "type": "string", + "nullable": true, "metadata": { - "description": "Required. The name of the P2S Connection Configuration." + "description": "Optional. The name of the P2S Connection Configuration." } }, "enableInternetSecurity": { @@ -215,6 +216,7 @@ }, "vpnServerConfigurationResourceId": { "type": "string", + "nullable": true, "metadata": { "description": "Required. The resource ID of the VPN Server Configuration." } diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep index 5cb045c429..183d242c7a 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep @@ -53,13 +53,11 @@ module testDeployment '../../../main.bicep' = [ name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' params: { name: '${namePrefix}${serviceShort}p2sVpnGw' - location: resourceLocation p2SConnectionConfigurationsName: 'p2sConnectionConfig1' - /*vpnClientAddressPoolAddressPrefixes: [ + vpnClientAddressPoolAddressPrefixes: [ '10.0.2.0/24' ] associatedRouteTableName: 'defaultRouteTable' - */ virtualHubResourceId: nestedDependencies.outputs.virtualHubResourceId vpnServerConfigurationResourceId: nestedDependencies.outputs.vpnServerConfigurationResourceId } From 6bb00269f3e020603a781a5dee7711b9fb2db07d Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Sun, 1 Dec 2024 21:28:03 -0500 Subject: [PATCH 27/30] fix: Update vpnServerConfigurationResourceId to be optional in README, Bicep, and JSON files --- avm/res/network/p2s-vpn-gateway/README.md | 16 ++++++++-------- avm/res/network/p2s-vpn-gateway/main.bicep | 2 +- avm/res/network/p2s-vpn-gateway/main.json | 4 ++-- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/avm/res/network/p2s-vpn-gateway/README.md b/avm/res/network/p2s-vpn-gateway/README.md index 7a1c41b1bb..fbbef9eda9 100644 --- a/avm/res/network/p2s-vpn-gateway/README.md +++ b/avm/res/network/p2s-vpn-gateway/README.md @@ -404,7 +404,6 @@ param vpnServerConfigurationResourceId = '' | :-- | :-- | :-- | | [`name`](#parameter-name) | string | The name of the P2S VPN Gateway. | | [`virtualHubResourceId`](#parameter-virtualhubresourceid) | string | The resource ID of the gateways virtual hub. | -| [`vpnServerConfigurationResourceId`](#parameter-vpnserverconfigurationresourceid) | string | The resource ID of the VPN Server Configuration. | **Conditional parameters** @@ -431,6 +430,7 @@ param vpnServerConfigurationResourceId = '' | [`vnetRoutesStaticRoutes`](#parameter-vnetroutesstaticroutes) | object | The routes from the virtual hub to virtual network connections. | | [`vpnClientAddressPoolAddressPrefixes`](#parameter-vpnclientaddresspooladdressprefixes) | array | The address prefixes for the VPN Client Address Pool. | | [`vpnGatewayScaleUnit`](#parameter-vpngatewayscaleunit) | int | The scale unit of the VPN Gateway. | +| [`vpnServerConfigurationResourceId`](#parameter-vpnserverconfigurationresourceid) | string | The resource ID of the VPN Server Configuration. | ### Parameter: `name` @@ -446,13 +446,6 @@ The resource ID of the gateways virtual hub. - Required: Yes - Type: string -### Parameter: `vpnServerConfigurationResourceId` - -The resource ID of the VPN Server Configuration. - -- Required: No -- Type: string - ### Parameter: `associatedRouteTableName` The name of the associated route table. Required if deploying in a Secure Virtual Hub; cannot be a custom route table. @@ -670,6 +663,13 @@ The scale unit of the VPN Gateway. - Required: No - Type: int +### Parameter: `vpnServerConfigurationResourceId` + +The resource ID of the VPN Server Configuration. + +- Required: No +- Type: string + ## Outputs | Output | Type | Description | diff --git a/avm/res/network/p2s-vpn-gateway/main.bicep b/avm/res/network/p2s-vpn-gateway/main.bicep index 6b31d54a48..5b07a878de 100644 --- a/avm/res/network/p2s-vpn-gateway/main.bicep +++ b/avm/res/network/p2s-vpn-gateway/main.bicep @@ -51,7 +51,7 @@ param virtualHubResourceId string @description('Optional. The scale unit of the VPN Gateway.') param vpnGatewayScaleUnit int? -@description('Required. The resource ID of the VPN Server Configuration.') +@description('Optional. The resource ID of the VPN Server Configuration.') param vpnServerConfigurationResourceId string? @description('Optional. Tags of the resource.') diff --git a/avm/res/network/p2s-vpn-gateway/main.json b/avm/res/network/p2s-vpn-gateway/main.json index 7a962c5114..f44b743f2c 100644 --- a/avm/res/network/p2s-vpn-gateway/main.json +++ b/avm/res/network/p2s-vpn-gateway/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.31.92.45157", - "templateHash": "6406689213274600377" + "templateHash": "7595899390827367592" }, "name": "P2S VPN Gateway", "description": "This module deploys a Virtual Hub P2S Gateway.", @@ -218,7 +218,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Required. The resource ID of the VPN Server Configuration." + "description": "Optional. The resource ID of the VPN Server Configuration." } }, "tags": { From 3fd2899b8d96dcac54f79c9ab053385427dd65dc Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Thu, 5 Dec 2024 09:29:23 -0500 Subject: [PATCH 28/30] fix: Remove unused vnetRoutesStaticRoutes from README and test files --- avm/res/network/p2s-vpn-gateway/README.md | 5 ----- .../p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep | 3 --- 2 files changed, 8 deletions(-) diff --git a/avm/res/network/p2s-vpn-gateway/README.md b/avm/res/network/p2s-vpn-gateway/README.md index fbbef9eda9..135a325b68 100644 --- a/avm/res/network/p2s-vpn-gateway/README.md +++ b/avm/res/network/p2s-vpn-gateway/README.md @@ -298,7 +298,6 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { Environment: 'Non-Prod' Role: 'DeploymentValidation' } - vnetRoutesStaticRoutes: {} vpnClientAddressPoolAddressPrefixes: [ '10.0.2.0/24' ] @@ -348,9 +347,6 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "Role": "DeploymentValidation" } }, - "vnetRoutesStaticRoutes": { - "value": {} - }, "vpnClientAddressPoolAddressPrefixes": { "value": [ "10.0.2.0/24" @@ -386,7 +382,6 @@ param tags = { Environment: 'Non-Prod' Role: 'DeploymentValidation' } -param vnetRoutesStaticRoutes = {} param vpnClientAddressPoolAddressPrefixes = [ '10.0.2.0/24' ] diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep index d04e38c159..fb73b89aea 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep @@ -65,9 +65,6 @@ module testDeployment '../../../main.bicep' = [ vpnClientAddressPoolAddressPrefixes: [ '10.0.2.0/24' ] - vnetRoutesStaticRoutes: { - - } virtualHubResourceId: nestedDependencies.outputs.virtualHubResourceId vpnServerConfigurationResourceId: nestedDependencies.outputs.vpnServerConfigurationResourceId } From 8d42cc33b8ff0e8e1254fb91cc8dad4881f28e5d Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Fri, 6 Dec 2024 11:55:44 -0500 Subject: [PATCH 29/30] fix: Update serviceShort parameter to use 'npvgmin' in Bicep test files --- .../network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep | 2 +- avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep | 2 +- .../p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep index 183d242c7a..f87a9ffc1a 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/defaults/main.test.bicep @@ -15,7 +15,7 @@ param resourceGroupName string = 'dep-${namePrefix}-network.p2svpngateway-${serv param resourceLocation string = deployment().location @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'vscmin' +param serviceShort string = 'npvgmin' @description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') param namePrefix string = '#_namePrefix_#' diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep index d52b47fb1c..273a8726ef 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep @@ -15,7 +15,7 @@ param resourceGroupName string = 'dep-${namePrefix}-network.p2svpngateway-${serv param resourceLocation string = deployment().location @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'vscmax' +param serviceShort string = 'npvgmin' @description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') param namePrefix string = '#_namePrefix_#' diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep index fb73b89aea..d55dd01e3c 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep @@ -15,7 +15,7 @@ param resourceGroupName string = 'dep-${namePrefix}-network.p2svpngateway-${serv param resourceLocation string = deployment().location @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'vscwaf' +param serviceShort string = 'npvgmin' @description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') param namePrefix string = '#_namePrefix_#' From cee5d3e372a9670801cf11f6c2551a911da7c2eb Mon Sep 17 00:00:00 2001 From: erschef_microsoft Date: Tue, 10 Dec 2024 10:24:47 -0500 Subject: [PATCH 30/30] fix: Update VPN gateway names and serviceShort parameters in README and test files --- avm/res/network/p2s-vpn-gateway/README.md | 18 +++++++++--------- .../tests/e2e/max/main.test.bicep | 2 +- .../tests/e2e/waf-aligned/main.test.bicep | 2 +- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/avm/res/network/p2s-vpn-gateway/README.md b/avm/res/network/p2s-vpn-gateway/README.md index 135a325b68..3b174d1308 100644 --- a/avm/res/network/p2s-vpn-gateway/README.md +++ b/avm/res/network/p2s-vpn-gateway/README.md @@ -43,7 +43,7 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { name: 'p2sVpnGatewayDeployment' params: { // Required parameters - name: 'vscminp2sVpnGw' + name: 'npvgminp2sVpnGw' virtualHubResourceId: '' // Non-required parameters associatedRouteTableName: 'defaultRouteTable' @@ -70,7 +70,7 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "parameters": { // Required parameters "name": { - "value": "vscminp2sVpnGw" + "value": "npvgminp2sVpnGw" }, "virtualHubResourceId": { "value": "" @@ -105,7 +105,7 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { using 'br/public:avm/res/network/p2s-vpn-gateway:' // Required parameters -param name = 'vscminp2sVpnGw' +param name = 'npvgminp2sVpnGw' param virtualHubResourceId = '' // Non-required parameters param associatedRouteTableName = 'defaultRouteTable' @@ -133,7 +133,7 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { name: 'p2sVpnGatewayDeployment' params: { // Required parameters - name: 'vscmaxp2sVpnGw' + name: 'npvgmaxp2sVpnGw' virtualHubResourceId: '' // Non-required parameters associatedRouteTableName: 'noneRouteTable' @@ -175,7 +175,7 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "parameters": { // Required parameters "name": { - "value": "vscmaxp2sVpnGw" + "value": "npvgmaxp2sVpnGw" }, "virtualHubResourceId": { "value": "" @@ -243,7 +243,7 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { using 'br/public:avm/res/network/p2s-vpn-gateway:' // Required parameters -param name = 'vscmaxp2sVpnGw' +param name = 'npvgmaxp2sVpnGw' param virtualHubResourceId = '' // Non-required parameters param associatedRouteTableName = 'noneRouteTable' @@ -286,7 +286,7 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { name: 'p2sVpnGatewayDeployment' params: { // Required parameters - name: 'vscwafp2sVpnGw' + name: 'npvgwafp2sVpnGw' virtualHubResourceId: '' // Non-required parameters associatedRouteTableName: 'defaultRouteTable' @@ -320,7 +320,7 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { "parameters": { // Required parameters "name": { - "value": "vscwafp2sVpnGw" + "value": "npvgwafp2sVpnGw" }, "virtualHubResourceId": { "value": "" @@ -370,7 +370,7 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:' = { using 'br/public:avm/res/network/p2s-vpn-gateway:' // Required parameters -param name = 'vscwafp2sVpnGw' +param name = 'npvgwafp2sVpnGw' param virtualHubResourceId = '' // Non-required parameters param associatedRouteTableName = 'defaultRouteTable' diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep index 273a8726ef..3395943aa6 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/max/main.test.bicep @@ -15,7 +15,7 @@ param resourceGroupName string = 'dep-${namePrefix}-network.p2svpngateway-${serv param resourceLocation string = deployment().location @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'npvgmin' +param serviceShort string = 'npvgmax' @description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') param namePrefix string = '#_namePrefix_#' diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep index d55dd01e3c..f1f9984226 100644 --- a/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep @@ -15,7 +15,7 @@ param resourceGroupName string = 'dep-${namePrefix}-network.p2svpngateway-${serv param resourceLocation string = deployment().location @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'npvgmin' +param serviceShort string = 'npvgwaf' @description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') param namePrefix string = '#_namePrefix_#'