Feat: Add Resource Locking to ALZ Bicep Modules (#712)

* Initial Commit * feat: Adding resource lock functionality * fix: Updated with custom Type definitions * feat: Added Resource Locks * feat: Added resource lock option * Feat: Added Resource Lock Option * doc: Manually generated parameter MD files * Generate Parameter Markdowns [DaFitRobsta/f019dff0] * Generate Parameter Markdowns [DaFitRobsta/f019dff0] * Standardize to camel case for DDoS * Generate Parameter Markdowns [oZakari/5e40e5ad] * Update infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep LGTM Co-authored-by: Zach Trocinski <30884663+oZakari@users.noreply.github.com> * Update infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep Thanks for finding this! Co-authored-by: Zach Trocinski <30884663+oZakari@users.noreply.github.com> * Update infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep LGTM Co-authored-by: Zach Trocinski <30884663+oZakari@users.noreply.github.com> * Update infra-as-code/bicep/modules/publicIp/publicIp.bicep LGTM Co-authored-by: Zach Trocinski <30884663+oZakari@users.noreply.github.com> * fix: old parameter values removed * fix: removed extra parameter. /azp run validateazcloud --------- Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Zach Trocinski <ztrocinski@outlook.com> Co-authored-by: Zach Trocinski <30884663+oZakari@users.noreply.github.com>
Azure · Jan 29, 2024 · 759030a · 759030a
1 parent db0abf4
commit 759030a
Show file tree

Hide file tree

Showing 31 changed files with 1,492 additions and 0 deletions.
diff --git a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md
@@ -9,9 +9,11 @@ Parameter name | Required | Description
 parLocation    | No       | The Azure Region to deploy the resources into.
 parCompanyPrefix | No       | Prefix value which will be prepended to all resource names.
 parHubNetworkName | No       | Name for Hub Network.
+parGlobalResourceLock | No       | Global Resource Lock Configuration used for all resources deployed in this module.
 parHubNetworkAddressPrefix | No       | The IP address range for Hub Network.
 parSubnets     | No       | The name, IP address range, network security group, route table and delegation serviceName for each subnet in the virtual networks.
 parDnsServerIps | No       | Array of DNS Server IP addresses for VNet.
+parVirtualNetworkLock | No       | Resource Lock Configuration for Virtual Network.
 parPublicIpSku | No       | Public IP Address SKU.
 parPublicIpPrefix | No       | Optional Prefix for Public IPs. Include a succedent dash if required. Example: prefix-
 parPublicIpSuffix | No       | Optional Suffix for Public IPs. Include a preceding dash if required. Example: -suffix
@@ -20,8 +22,10 @@ parAzBastionName | No       | Name Associated with Bastion Service.
 parAzBastionSku | No       | Azure Bastion SKU.
 parAzBastionTunneling | No       | Switch to enable/disable Bastion native client support. This is only supported when the Standard SKU is used for Bastion as documented here: https://learn.microsoft.com/azure/bastion/native-client
 parAzBastionNsgName | No       | Name for Azure Bastion Subnet NSG.
+parBastionLock | No       | Resource Lock Configuration for Bastion.
 parDdosEnabled | No       | Switch to enable/disable DDoS Network Protection deployment.
 parDdosPlanName | No       | DDoS Plan Name.
+parDdosLock    | No       | Resource Lock Configuration for DDoS Plan.
 parAzFirewallEnabled | No       | Switch to enable/disable Azure Firewall deployment.
 parAzFirewallName | No       | Azure Firewall Name.
 parAzFirewallPoliciesName | No       | Azure Firewall Policies Name.
@@ -32,17 +36,21 @@ parAzErGatewayAvailabilityZones | No       | Availability Zones to deploy the VP
 parAzVpnGatewayAvailabilityZones | No       | Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP.
 parAzFirewallDnsProxyEnabled | No       | Switch to enable/disable Azure Firewall DNS Proxy.
 parAzFirewallDnsServers | No       | Array of custom DNS servers used by Azure Firewall
+parAzureFirewallLock | No       | Resource Lock Configuration for Azure Firewall.
 parHubRouteTableName | No       | Name of Route table to create for the default route of Hub.
 parDisableBgpRoutePropagation | No       | Switch to enable/disable BGP Propagation on route table.
+parHubRouteTableLock | No       | Resource Lock Configuration for Hub Route Table.
 parPrivateDnsZonesEnabled | No       | Switch to enable/disable Private DNS Zones deployment.
 parPrivateDnsZonesResourceGroup | No       | Resource Group Name for Private DNS Zones.
 parPrivateDnsZones | No       | Array of DNS Zones to provision in Hub Virtual Network. Default: All known Azure Private DNS Zones
 parPrivateDnsZoneAutoMergeAzureBackupZone | No       | Set Parameter to false to skip the addition of a Private DNS Zone for Azure Backup.
 parVirtualNetworkIdToLinkFailover | No       | Resource ID of Failover VNet for Private DNS Zone VNet Failover Links
+parPrivateDNSZonesLock | No       | Resource Lock Configuration for Private DNS Zone(s).
 parVpnGatewayEnabled | No       | Switch to enable/disable VPN virtual network gateway deployment.
 parVpnGatewayConfig | No       | Configuration for VPN virtual network gateway to be deployed.
 parExpressRouteGatewayEnabled | No       | Switch to enable/disable ExpressRoute virtual network gateway deployment.
 parExpressRouteGatewayConfig | No       | Configuration for ExpressRoute virtual network gateway to be deployed.
+parVirtualNetworkGatewayLock | No       | Resource Lock Configuration for ExpressRoute Virtual Network Gateway.
 parTags        | No       | Tags you would like to be applied to all resources in this module.
 parTelemetryOptOut | No       | Set Parameter to true to Opt-out of deployment telemetry.
 parBastionOutboundSshRdpPorts | No       | Define outbound destination ports or ranges for SSH or RDP that you want to access from Azure Bastion.
@@ -71,6 +79,14 @@ Name for Hub Network.
 
 - Default value: `[format('{0}-hub-{1}', parameters('parCompanyPrefix'), parameters('parLocation'))]`
 
+### parGlobalResourceLock
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Global Resource Lock Configuration used for all resources deployed in this module.
+
+- Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Networking Module.}`
+
 ### parHubNetworkAddressPrefix
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
@@ -93,6 +109,14 @@ The name, IP address range, network security group, route table and delegation s
 
 Array of DNS Server IP addresses for VNet.
 
+### parVirtualNetworkLock
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Resource Lock Configuration for Virtual Network.
+
+- Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Networking Module.}`
+
 ### parPublicIpSku
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
@@ -159,6 +183,14 @@ Name for Azure Bastion Subnet NSG.
 
 - Default value: `nsg-AzureBastionSubnet`
 
+### parBastionLock
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Resource Lock Configuration for Bastion.
+
+- Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Networking Module.}`
+
 ### parDdosEnabled
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
@@ -175,6 +207,14 @@ DDoS Plan Name.
 
 - Default value: `[format('{0}-ddos-plan', parameters('parCompanyPrefix'))]`
 
+### parDdosLock
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Resource Lock Configuration for DDoS Plan.
+
+- Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Networking Module.}`
+
 ### parAzFirewallEnabled
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
@@ -257,6 +297,14 @@ Switch to enable/disable Azure Firewall DNS Proxy.
 
 Array of custom DNS servers used by Azure Firewall
 
+### parAzureFirewallLock
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Resource Lock Configuration for Azure Firewall.
+
+- Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Networking Module.}`
+
 ### parHubRouteTableName
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
@@ -273,6 +321,14 @@ Switch to enable/disable BGP Propagation on route table.
 
 - Default value: `False`
 
+### parHubRouteTableLock
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Resource Lock Configuration for Hub Route Table.
+
+- Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Networking Module.}`
+
 ### parPrivateDnsZonesEnabled
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
@@ -311,6 +367,14 @@ Set Parameter to false to skip the addition of a Private DNS Zone for Azure Back
 
 Resource ID of Failover VNet for Private DNS Zone VNet Failover Links
 
+### parPrivateDNSZonesLock
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Resource Lock Configuration for Private DNS Zone(s).
+
+- Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Networking Module.}`
+
 ### parVpnGatewayEnabled
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
@@ -343,6 +407,14 @@ Configuration for ExpressRoute virtual network gateway to be deployed.
 
 - Default value: `@{name=[format('{0}-ExpressRoute-Gateway', parameters('parCompanyPrefix'))]; gatewayType=ExpressRoute; sku=ErGw1AZ; vpnType=RouteBased; vpnGatewayGeneration=None; enableBgp=False; activeActive=False; enableBgpRouteTranslationForNat=False; enableDnsForwarding=False; bgpPeeringAddress=; bgpsettings=}`
 
+### parVirtualNetworkGatewayLock
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Resource Lock Configuration for ExpressRoute Virtual Network Gateway.
+
+- Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Networking Module.}`
+
 ### parTags
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
@@ -398,6 +470,12 @@ outHubVirtualNetworkId | string |
         "parHubNetworkName": {
             "value": "[format('{0}-hub-{1}', parameters('parCompanyPrefix'), parameters('parLocation'))]"
         },
+        "parGlobalResourceLock": {
+            "value": {
+                "kind": "None",
+                "notes": "This lock was created by the ALZ Bicep Hub Networking Module."
+            }
+        },
         "parHubNetworkAddressPrefix": {
             "value": "10.10.0.0/16"
         },
@@ -432,6 +510,12 @@ outHubVirtualNetworkId | string |
         "parDnsServerIps": {
             "value": []
         },
+        "parVirtualNetworkLock": {
+            "value": {
+                "kind": "None",
+                "notes": "This lock was created by the ALZ Bicep Hub Networking Module."
+            }
+        },
         "parPublicIpSku": {
             "value": "Standard"
         },
@@ -456,12 +540,24 @@ outHubVirtualNetworkId | string |
         "parAzBastionNsgName": {
             "value": "nsg-AzureBastionSubnet"
         },
+        "parBastionLock": {
+            "value": {
+                "kind": "None",
+                "notes": "This lock was created by the ALZ Bicep Hub Networking Module."
+            }
+        },
         "parDdosEnabled": {
             "value": true
         },
         "parDdosPlanName": {
             "value": "[format('{0}-ddos-plan', parameters('parCompanyPrefix'))]"
         },
+        "parDdosLock": {
+            "value": {
+                "kind": "None",
+                "notes": "This lock was created by the ALZ Bicep Hub Networking Module."
+            }
+        },
         "parAzFirewallEnabled": {
             "value": true
         },
@@ -492,12 +588,24 @@ outHubVirtualNetworkId | string |
         "parAzFirewallDnsServers": {
             "value": []
         },
+        "parAzureFirewallLock": {
+            "value": {
+                "kind": "None",
+                "notes": "This lock was created by the ALZ Bicep Hub Networking Module."
+            }
+        },
         "parHubRouteTableName": {
             "value": "[format('{0}-hub-routetable', parameters('parCompanyPrefix'))]"
         },
         "parDisableBgpRoutePropagation": {
             "value": false
         },
+        "parHubRouteTableLock": {
+            "value": {
+                "kind": "None",
+                "notes": "This lock was created by the ALZ Bicep Hub Networking Module."
+            }
+        },
         "parPrivateDnsZonesEnabled": {
             "value": true
         },
@@ -581,6 +689,12 @@ outHubVirtualNetworkId | string |
         "parVirtualNetworkIdToLinkFailover": {
             "value": ""
         },
+        "parPrivateDNSZonesLock": {
+            "value": {
+                "kind": "None",
+                "notes": "This lock was created by the ALZ Bicep Hub Networking Module."
+            }
+        },
         "parVpnGatewayEnabled": {
             "value": true
         },
@@ -626,6 +740,12 @@ outHubVirtualNetworkId | string |
                 }
             }
         },
+        "parVirtualNetworkGatewayLock": {
+            "value": {
+                "kind": "None",
+                "notes": "This lock was created by the ALZ Bicep Hub Networking Module."
+            }
+        },
         "parTags": {
             "value": {}
         },