From 53818530686ecfe32b4f78fdeef3a32f1d6e2c15 Mon Sep 17 00:00:00 2001
From: erschef_microsoft <erschef@microsoft.com>
Date: Mon, 25 Nov 2024 14:10:03 -0500
Subject: [PATCH] feat: Add optional static route configuration for P2S VPN
 Gateway

---
 avm/res/network/p2s-vpn-gateway/README.md     | 38 ++++++++++++-
 avm/res/network/p2s-vpn-gateway/main.bicep    | 20 ++++---
 avm/res/network/p2s-vpn-gateway/main.json     | 54 ++++++++++---------
 .../tests/e2e/waf-aligned/main.test.bicep     |  3 ++
 4 files changed, 76 insertions(+), 39 deletions(-)

diff --git a/avm/res/network/p2s-vpn-gateway/README.md b/avm/res/network/p2s-vpn-gateway/README.md
index fa59f1872b..bd8d321422 100644
--- a/avm/res/network/p2s-vpn-gateway/README.md
+++ b/avm/res/network/p2s-vpn-gateway/README.md
@@ -348,6 +348,7 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:<version>' = {
       Environment: 'Non-Prod'
       Role: 'DeploymentValidation'
     }
+    vnetRoutesStaticRoutes: {}
     vpnClientAddressPoolAddressPrefixes: [
       '10.0.2.0/24'
     ]
@@ -399,6 +400,9 @@ module p2sVpnGateway 'br/public:avm/res/network/p2s-vpn-gateway:<version>' = {
         "Role": "DeploymentValidation"
       }
     },
+    "vnetRoutesStaticRoutes": {
+      "value": {}
+    },
     "vpnClientAddressPoolAddressPrefixes": {
       "value": [
         "10.0.2.0/24"
@@ -432,6 +436,7 @@ param tags = {
   Environment: 'Non-Prod'
   Role: 'DeploymentValidation'
 }
+param vnetRoutesStaticRoutes = {}
 param vpnClientAddressPoolAddressPrefixes = [
   '10.0.2.0/24'
 ]
@@ -647,14 +652,43 @@ The routes from the virtual hub to virtual network connections.
 
 The static route configuration for the P2S VPN Gateway.
 
-- Required: Yes
+- Required: No
+- Type: array
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`addressPrefixes`](#parameter-vnetroutesstaticroutesstaticroutesaddressprefixes) | array | The address prefixes of the static route. |
+| [`name`](#parameter-vnetroutesstaticroutesstaticroutesname) | string | The name of the static route. |
+| [`nextHopIpAddress`](#parameter-vnetroutesstaticroutesstaticroutesnexthopipaddress) | string | The next hop IP of the static route. |
+
+### Parameter: `vnetRoutesStaticRoutes.staticRoutes.addressPrefixes`
+
+The address prefixes of the static route.
+
+- Required: No
 - Type: array
 
+### Parameter: `vnetRoutesStaticRoutes.staticRoutes.name`
+
+The name of the static route.
+
+- Required: No
+- Type: string
+
+### Parameter: `vnetRoutesStaticRoutes.staticRoutes.nextHopIpAddress`
+
+The next hop IP of the static route.
+
+- Required: No
+- Type: string
+
 ### Parameter: `vnetRoutesStaticRoutes.staticRoutesConfig`
 
 The static route configuration for the P2S VPN Gateway.
 
-- Required: Yes
+- Required: No
 - Type: object
 
 **Optional parameters**
diff --git a/avm/res/network/p2s-vpn-gateway/main.bicep b/avm/res/network/p2s-vpn-gateway/main.bicep
index 8d84a5a475..f6ed9c3c59 100644
--- a/avm/res/network/p2s-vpn-gateway/main.bicep
+++ b/avm/res/network/p2s-vpn-gateway/main.bicep
@@ -179,22 +179,20 @@ type lockType = {
 @description('Optional. A Type representing the VNET static routes for the P2S VPN Gateway.')
 type vnetRoutesStaticRoutesType = {
   @description('Optional. The static route configuration for the P2S VPN Gateway.')
-  staticRoutes: [
-    {
-      @description('Optional. The address prefixes of the static route.')
-      addressPrefixes: array?
+  staticRoutes: {
+    @description('Optional. The address prefixes of the static route.')
+    addressPrefixes: string[]?
 
-      @description('Optional. The name of the static route.')
-      name: string?
+    @description('Optional. The name of the static route.')
+    name: string?
 
-      @description('Optional. The next hop IP of the static route.')
-      nextHopIpAddress: string?
-    }
-  ]
+    @description('Optional. The next hop IP of the static route.')
+    nextHopIpAddress: string?
+  }[]?
   @description('Optional. The static route configuration for the P2S VPN Gateway.')
   staticRoutesConfig: {
     @description('Optional. Determines whether the NVA in a SPOKE VNET is bypassed for traffic with destination in spoke.')
     vnetLocalRouteOverrideCriteria: string?
-  }
+  }?
 }
 
diff --git a/avm/res/network/p2s-vpn-gateway/main.json b/avm/res/network/p2s-vpn-gateway/main.json
index 2dbe4d4d1a..7c1883555e 100644
--- a/avm/res/network/p2s-vpn-gateway/main.json
+++ b/avm/res/network/p2s-vpn-gateway/main.json
@@ -6,7 +6,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.31.92.45157",
-      "templateHash": "16702048568126491308"
+      "templateHash": "18201468322189687463"
     },
     "name": "P2S VPN Gateway",
     "description": "This module deploys a Virtual Hub P2S Gateway.",
@@ -43,35 +43,36 @@
       "properties": {
         "staticRoutes": {
           "type": "array",
-          "prefixItems": [
-            {
-              "type": "object",
-              "properties": {
-                "addressPrefixes": {
-                  "type": "array",
-                  "nullable": true,
-                  "metadata": {
-                    "description": "Optional. The address prefixes of the static route."
-                  }
-                },
-                "name": {
-                  "type": "string",
-                  "nullable": true,
-                  "metadata": {
-                    "description": "Optional. The name of the static route."
-                  }
+          "items": {
+            "type": "object",
+            "properties": {
+              "addressPrefixes": {
+                "type": "array",
+                "items": {
+                  "type": "string"
                 },
-                "nextHopIpAddress": {
-                  "type": "string",
-                  "nullable": true,
-                  "metadata": {
-                    "description": "Optional. The next hop IP of the static route."
-                  }
+                "nullable": true,
+                "metadata": {
+                  "description": "Optional. The address prefixes of the static route."
+                }
+              },
+              "name": {
+                "type": "string",
+                "nullable": true,
+                "metadata": {
+                  "description": "Optional. The name of the static route."
+                }
+              },
+              "nextHopIpAddress": {
+                "type": "string",
+                "nullable": true,
+                "metadata": {
+                  "description": "Optional. The next hop IP of the static route."
                 }
               }
             }
-          ],
-          "items": false,
+          },
+          "nullable": true,
           "metadata": {
             "description": "Optional. The static route configuration for the P2S VPN Gateway."
           }
@@ -87,6 +88,7 @@
               }
             }
           },
+          "nullable": true,
           "metadata": {
             "description": "Optional. The static route configuration for the P2S VPN Gateway."
           }
diff --git a/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep b/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep
index fb73b89aea..d04e38c159 100644
--- a/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep
+++ b/avm/res/network/p2s-vpn-gateway/tests/e2e/waf-aligned/main.test.bicep
@@ -65,6 +65,9 @@ module testDeployment '../../../main.bicep' = [
       vpnClientAddressPoolAddressPrefixes: [
         '10.0.2.0/24'
       ]
+      vnetRoutesStaticRoutes: {
+        
+      }
       virtualHubResourceId: nestedDependencies.outputs.virtualHubResourceId
       vpnServerConfigurationResourceId: nestedDependencies.outputs.vpnServerConfigurationResourceId
     }