From 8ebf35608f246cca3204bcb69c9984b909b0d41c Mon Sep 17 00:00:00 2001 From: Jack Tracey <41163455+jtracey93@users.noreply.github.com> Date: Wed, 9 Feb 2022 07:44:40 +0000 Subject: [PATCH] Fix Missing Parameters from Parameters File for Hub Networking (#136) --- .../bicep/modules/hubNetworking/README.md | 48 ++++++++++--------- .../modules/hubNetworking/hubNetworking.bicep | 4 +- .../hubNetworking.parameters.example.json | 6 +++ 3 files changed, 33 insertions(+), 25 deletions(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/README.md b/infra-as-code/bicep/modules/hubNetworking/README.md index 053f28ef0..db4de0df0 100644 --- a/infra-as-code/bicep/modules/hubNetworking/README.md +++ b/infra-as-code/bicep/modules/hubNetworking/README.md @@ -16,29 +16,31 @@ Module deploys the following resources: The module requires the following inputs: - | Parameter | Type | Default | Description | Requirement | Example | - | ---------------------------- | ------ | ---------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------- | ---------------------------- | - | parBastionEnabled | bool | true | Switch to enable deployment of Bastion Service | None | true | - | parDdosEnabled | bool | true | Switch to enable deployment of distributed denial of service attacks service | None | true | - | parAzureFirewallEnabled | bool | true | Switch to enable deployment of Azure Firewall | None | true | - | parPrivateDNSZonesEnabled | bool | true | Switch to enable deployment of Azure Private DNS Zones | None | true | - | parPrivateDnsZones | array | See example parameters file [`hubNetworking.parameters.json`](hubNetworking.parameters.example.json) | Array of DNS Zones to provision in Hub Virtual Network. Default: All known Azure Private DNS Zones except for: `privatelink.batch.azure.com`, `privatelink.azmk8s.io` and `privatelink.siterecovery.windowsazure.com` as these are region specific, which you can add to the parameters file with the required region in the zone name that you wish to deploy for. For more details on private DNS Zones please refer to the above link. | None | See Default | - | parCompanyPrefix | string | alz | Prefix value which will be pre-appended to all resource names | 1-10 char | alz | - | parDdosPlanName | string | ${parCompanyPrefix}-DDos-Plan | Name which will be associated with distributed denial of service protection plan | 1-80 char | alz-DDos-Plan | - | parBastionName | string | ${parCompanyPrefix}-bastion | Name which will be associated with Bastion Service. | 1-80 char | alz-bastion | - | parBastionSku | string | Standard | SKU or Tier of Bastion Service to deploy | Standard or Basic | Standard | - | parPublicIPSku | string | Standard | SKU or Tier of Public IP to deploy | Standard or Basic | Standard | - | parTags | object | Empty Array [] | List of tags (Key Value Pairs) to be applied to resources | None | environment: 'development' | - | parHubNetworkAddressPrefix | string | 10.10.0.0/16 | CIDR range for Hub Network | CIDR Notation | 10.10.0.0/16 | - | parHubNetworkName | string | ${parCompanyPrefix}-hub-${resourceGroup().location} | Name prefix for Virtual Network. Prefix will be appended with the region. | 2-50 char | alz-hub-eastus2 | - | parAzureFirewallName | string | ${parCompanyPrefix}-azure-firewall | Name associated with Azure Firewall | 1-80 char | alz-azure-firewall | - | parAzureFirewallTier | string | Standard | Tier associated with the Firewall to be deployed. | Standard or Premium | Premium | - | parHubRouteTableName | string | ${parCompanyPrefix}-hub-routetable | Name of route table to be associated with Hub Network | 1-80 char | alz-hub-routetable | - | parVpnGatewayConfig | object | See example parameters file [`hubNetworking.parameters.json`](hubNetworking.parameters.example.json) | Configuration for VPN virtual network gateway to be deployed. If a VPN virtual network gateway is not desired an empty object should be used as the input parameter in the parameter file, i.e. "parVpnGatewayConfig": {"value": {} }''' | None | See Default | - | parExpressRouteGatewayConfig | object | See example parameters file [`hubNetworking.parameters.json`](hubNetworking.parameters.example.json) | Configuration for ExpressRoute virtual network gateway to be deployed. If a ExpressRoute virtual network gateway is not desired an empty object should be used as the input parameter in the parameter file, i.e. "parExpressRouteGatewayConfig": {"value": {} }''' | None | See Default | - | parSubnets | array | See example parameters file [`hubNetworking.parameters.json`](hubNetworking.parameters.example.json) | Array of objects to provide for a dynamic set of subnets | Must provide array of objects | See Default | - | parDNSServerIPArray | array | Empty Array [] | Array of DNS Server IP addresses for VNet. | None | `['10.10.1.4', '10.10.2.4']` | - | parTelemetryOptOut | bool | false | Set Parameter to true to Opt-out of deployment telemetry | None | false | + | Parameter | Type | Default | Description | Requirement | Example | + | ----------------------------- | ------ | ---------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------- | ---------------------------- | + | parBastionEnabled | bool | true | Switch to enable deployment of Bastion Service | None | true | + | parDdosEnabled | bool | true | Switch to enable deployment of distributed denial of service attacks service | None | true | + | parAzureFirewallEnabled | bool | true | Switch to enable deployment of Azure Firewall | None | true | + | parPrivateDNSZonesEnabled | bool | true | Switch to enable deployment of Azure Private DNS Zones | None | true | + | parPrivateDnsZones | array | See example parameters file [`hubNetworking.parameters.json`](hubNetworking.parameters.example.json) | Array of DNS Zones to provision in Hub Virtual Network. Default: All known Azure Private DNS Zones except for: `privatelink.batch.azure.com`, `privatelink.azmk8s.io` and `privatelink.siterecovery.windowsazure.com` as these are region specific, which you can add to the parameters file with the required region in the zone name that you wish to deploy for. For more details on private DNS Zones please refer to the above link. | None | See Default | + | parCompanyPrefix | string | alz | Prefix value which will be pre-appended to all resource names | 1-10 char | alz | + | parDdosPlanName | string | ${parCompanyPrefix}-DDos-Plan | Name which will be associated with distributed denial of service protection plan | 1-80 char | alz-DDos-Plan | + | parBastionName | string | ${parCompanyPrefix}-bastion | Name which will be associated with Bastion Service. | 1-80 char | alz-bastion | + | parBastionSku | string | Standard | SKU or Tier of Bastion Service to deploy | Standard or Basic | Standard | + | parPublicIPSku | string | Standard | SKU or Tier of Public IP to deploy | Standard or Basic | Standard | + | parTags | object | Empty Array [] | List of tags (Key Value Pairs) to be applied to resources | None | environment: 'development' | + | parHubNetworkAddressPrefix | string | 10.10.0.0/16 | CIDR range for Hub Network | CIDR Notation | 10.10.0.0/16 | + | parHubNetworkName | string | ${parCompanyPrefix}-hub-${resourceGroup().location} | Name prefix for Virtual Network. Prefix will be appended with the region. | 2-50 char | alz-hub-eastus2 | + | parAzureFirewallName | string | ${parCompanyPrefix}-azure-firewall | Name associated with Azure Firewall | 1-80 char | alz-azure-firewall | + | parAzureFirewallTier | string | Standard | Tier associated with the Firewall to be deployed. | Standard or Premium | Premium | + | parHubRouteTableName | string | ${parCompanyPrefix}-hub-routetable | Name of route table to be associated with Hub Network | 1-80 char | alz-hub-routetable | + | parVpnGatewayConfig | object | See example parameters file [`hubNetworking.parameters.json`](hubNetworking.parameters.example.json) | Configuration for VPN virtual network gateway to be deployed. If a VPN virtual network gateway is not desired an empty object should be used as the input parameter in the parameter file, i.e. "parVpnGatewayConfig": {"value": {} }''' | None | See Default | + | parExpressRouteGatewayConfig | object | See example parameters file [`hubNetworking.parameters.json`](hubNetworking.parameters.example.json) | Configuration for ExpressRoute virtual network gateway to be deployed. If a ExpressRoute virtual network gateway is not desired an empty object should be used as the input parameter in the parameter file, i.e. "parExpressRouteGatewayConfig": {"value": {} }''' | None | See Default | + | parSubnets | array | See example parameters file [`hubNetworking.parameters.json`](hubNetworking.parameters.example.json) | Array of objects to provide for a dynamic set of subnets | Must provide array of objects | See Default | + | parDNSServerIPArray | array | Empty Array [] | Array of DNS Server IP addresses for VNet. | None | `['10.10.1.4', '10.10.2.4']` | + | parNetworkDNSEnableProxy | bool | true | Switch which enables DNS Proxy to be enabled on the Azure Firewall | None | true | + | parDisableBGPRoutePropagation | bool | false | Switch which allows BGP Propagation to be disabled on the route tables | None | false | + | parTelemetryOptOut | bool | false | Set Parameter to true to Opt-out of deployment telemetry | None | false | ## Outputs diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index 7b1c98eb7..6f1f8352b 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -25,10 +25,10 @@ param parDDoSPlanName string = '${parCompanyPrefix}-DDoS-Plan' @description('Switch which allows Azure Firewall deployment to be disabled. Default: true') param parAzureFirewallEnabled bool = true -@description('Switch which allos DNS Proxy to be enabled on the virtual network. Default: true') +@description('Switch which enables DNS Proxy to be enabled on the Azure Firewall. Default: true') param parNetworkDNSEnableProxy bool = true -@description('Switch which allows BGP Propagation to be disabled on the routes: Default: false') +@description('Switch which allows BGP Propagation to be disabled on the route tables: Default: false') param parDisableBGPRoutePropagation bool = false @description('Switch which allows Private DNS Zones to be disabled. Default: true') diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.parameters.example.json b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.parameters.example.json index c63e5db6e..c9d691678 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.parameters.example.json +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.parameters.example.json @@ -151,6 +151,12 @@ "parDNSServerIPArray": { "value": [] }, + "parNetworkDNSEnableProxy": { + "value": true + }, + "parDisableBGPRoutePropagation": { + "value": false + }, "parTelemetryOptOut": { "value": false }