diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index bec55369c..71a91f2b5 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -313,13 +313,13 @@ var varZtnP1CuaId = '3ab23b1e-c5c5-42d4-b163-1402384ba2db' var varZtnP1Trigger = (parDdosEnabled && parAzFirewallEnabled && (parAzFirewallTier == 'Premium')) ? true : false //DDos Protection plan will only be enabled if parDdosEnabled is true. -resource resDdosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2021-08-01' = if (parDdosEnabled) { +resource resDdosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2023-02-01' = if (parDdosEnabled) { name: parDdosPlanName location: parLocation tags: parTags } -resource resHubVnet 'Microsoft.Network/virtualNetworks@2021-08-01' = { +resource resHubVnet 'Microsoft.Network/virtualNetworks@2023-02-01' = { dependsOn: [ resBastionNsg ] @@ -360,12 +360,12 @@ module modBastionPublicIp '../publicIp/publicIp.bicep' = if (parAzBastionEnabled } } -resource resBastionSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2021-08-01' existing = { +resource resBastionSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2023-02-01' existing = { parent: resHubVnet name: 'AzureBastionSubnet' } -resource resBastionNsg 'Microsoft.Network/networkSecurityGroups@2021-08-01' = if (parAzBastionEnabled) { +resource resBastionNsg 'Microsoft.Network/networkSecurityGroups@2023-02-01' = { name: parAzBastionNsgName location: parLocation tags: parTags @@ -517,7 +517,7 @@ resource resBastionNsg 'Microsoft.Network/networkSecurityGroups@2021-08-01' = if // AzureBastionSubnet is required to deploy Bastion service. This subnet must exist in the parsubnets array if you enable Bastion Service. // There is a minimum subnet requirement of /27 prefix. // If you are deploying standard this needs to be larger. https://docs.microsoft.com/en-us/azure/bastion/configuration-settings#subnet -resource resBastion 'Microsoft.Network/bastionHosts@2021-08-01' = if (parAzBastionEnabled) { +resource resBastion 'Microsoft.Network/bastionHosts@2023-02-01' = if (parAzBastionEnabled) { location: parLocation name: parAzBastionName tags: parTags @@ -542,7 +542,7 @@ resource resBastion 'Microsoft.Network/bastionHosts@2021-08-01' = if (parAzBasti } } -resource resGatewaySubnetRef 'Microsoft.Network/virtualNetworks/subnets@2021-08-01' existing = { +resource resGatewaySubnetRef 'Microsoft.Network/virtualNetworks/subnets@2023-02-01' existing = { parent: resHubVnet name: 'GatewaySubnet' } @@ -566,7 +566,7 @@ module modGatewayPublicIp '../publicIp/publicIp.bicep' = [for (gateway, i) in va }] //Minumum subnet size is /27 supporting documentation https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub -resource resGateway 'Microsoft.Network/virtualNetworkGateways@2022-07-01' = [for (gateway, i) in varGwConfig: if ((gateway.name != 'noconfigVpn') && (gateway.name != 'noconfigEr')) { +resource resGateway 'Microsoft.Network/virtualNetworkGateways@2023-02-01' = [for (gateway, i) in varGwConfig: if ((gateway.name != 'noconfigVpn') && (gateway.name != 'noconfigEr')) { name: gateway.name location: parLocation tags: parTags @@ -600,12 +600,12 @@ resource resGateway 'Microsoft.Network/virtualNetworkGateways@2022-07-01' = [for } }] -resource resAzureFirewallSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2021-08-01' existing = { +resource resAzureFirewallSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2023-02-01' existing = { parent: resHubVnet name: 'AzureFirewallSubnet' } -resource resAzureFirewallMgmtSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2021-08-01' existing = if (parAzFirewallEnabled && (contains(map(parSubnets, subnets => subnets.name), 'AzureFirewallManagementSubnet'))) { +resource resAzureFirewallMgmtSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2023-02-01' existing = if (parAzFirewallEnabled && (contains(map(parSubnets, subnets => subnets.name), 'AzureFirewallManagementSubnet'))) { parent: resHubVnet name: 'AzureFirewallManagementSubnet' } @@ -646,7 +646,7 @@ module modAzureFirewallMgmtPublicIp '../publicIp/publicIp.bicep' = if (parAzFire } } -resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2021-08-01' = if (parAzFirewallEnabled) { +resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = if (parAzFirewallEnabled) { name: parAzFirewallPoliciesName location: parLocation tags: parTags @@ -666,7 +666,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2021-08-01' = i // AzureFirewallSubnet is required to deploy Azure Firewall . This subnet must exist in the parsubnets array if you deploy. // There is a minimum subnet requirement of /26 prefix. -resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2021-08-01' = if (parAzFirewallEnabled) { +resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2023-02-01' = if (parAzFirewallEnabled) { dependsOn: [ resGateway ] @@ -731,7 +731,7 @@ resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2021-08-01' = if (pa } //If Azure Firewall is enabled we will deploy a RouteTable to redirect Traffic to the Firewall. -resource resHubRouteTable 'Microsoft.Network/routeTables@2021-08-01' = if (parAzFirewallEnabled) { +resource resHubRouteTable 'Microsoft.Network/routeTables@2023-02-01' = if (parAzFirewallEnabled) { name: parHubRouteTableName location: parLocation tags: parTags diff --git a/infra-as-code/bicep/modules/publicIp/publicIp.bicep b/infra-as-code/bicep/modules/publicIp/publicIp.bicep index 03b67f496..2c4cc2d39 100644 --- a/infra-as-code/bicep/modules/publicIp/publicIp.bicep +++ b/infra-as-code/bicep/modules/publicIp/publicIp.bicep @@ -30,7 +30,7 @@ param parTelemetryOptOut bool = false // Customer Usage Attribution Id var varCuaid = '3f85b84c-6bad-4c42-86bf-11c233241c22' -resource resPublicIp 'Microsoft.Network/publicIPAddresses@2021-08-01' ={ +resource resPublicIp 'Microsoft.Network/publicIPAddresses@2023-02-01' ={ name: parPublicIpName tags: parTags location: parLocation diff --git a/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep b/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep index bc6060d44..67946db5f 100644 --- a/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep +++ b/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep @@ -36,7 +36,7 @@ var varCuaid = '0c428583-f2a1-4448-975c-2d6262fd193a' //If Ddos parameter is true Ddos will be Enabled on the Virtual Network //If Azure Firewall is enabled and Network DNS Proxy is enabled DNS will be configured to point to AzureFirewall -resource resSpokeVirtualNetwork 'Microsoft.Network/virtualNetworks@2021-08-01' = { +resource resSpokeVirtualNetwork 'Microsoft.Network/virtualNetworks@2023-02-01' = { name: parSpokeNetworkName location: parLocation tags: parTags @@ -56,7 +56,7 @@ resource resSpokeVirtualNetwork 'Microsoft.Network/virtualNetworks@2021-08-01' = } } -resource resSpokeToHubRouteTable 'Microsoft.Network/routeTables@2021-08-01' = if (!empty(parNextHopIpAddress)) { +resource resSpokeToHubRouteTable 'Microsoft.Network/routeTables@2023-02-01' = if (!empty(parNextHopIpAddress)) { name: parSpokeToHubRouteTableName location: parLocation tags: parTags diff --git a/infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep b/infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep index 9b34c76de..d27fdb1b5 100644 --- a/infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep +++ b/infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep @@ -28,7 +28,7 @@ param parTelemetryOptOut bool = false // Customer Usage Attribution Id var varCuaId = 'ab8e3b12-b0fa-40aa-8630-e3f7699e2142' -resource resVirtualNetworkPeer 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2021-08-01' = { +resource resVirtualNetworkPeer 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2023-02-01' = { name: '${parSourceVirtualNetworkName}/peer-to-${parDestinationVirtualNetworkName}' properties: { allowVirtualNetworkAccess: parAllowVirtualNetworkAccess diff --git a/infra-as-code/bicep/modules/vnetPeeringVwan/hubVirtualNetworkConnection.bicep b/infra-as-code/bicep/modules/vnetPeeringVwan/hubVirtualNetworkConnection.bicep index 6b028add7..e60b08d9a 100644 --- a/infra-as-code/bicep/modules/vnetPeeringVwan/hubVirtualNetworkConnection.bicep +++ b/infra-as-code/bicep/modules/vnetPeeringVwan/hubVirtualNetworkConnection.bicep @@ -13,7 +13,7 @@ var varSpokeVnetName = split(parRemoteVirtualNetworkResourceId, '/')[8] var varVnetPeeringVwanName = '${varVwanHubName}/${varSpokeVnetName}-vhc' -resource resVnetPeeringVwan 'Microsoft.Network/virtualHubs/hubVirtualNetworkConnections@2021-08-01' = if (!empty(parVirtualWanHubResourceId) && !empty(parRemoteVirtualNetworkResourceId)) { +resource resVnetPeeringVwan 'Microsoft.Network/virtualHubs/hubVirtualNetworkConnections@2023-02-01' = if (!empty(parVirtualWanHubResourceId) && !empty(parRemoteVirtualNetworkResourceId)) { name: varVnetPeeringVwanName properties: { remoteVirtualNetwork: { diff --git a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md index 4e5bdb7bd..921212b1a 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md +++ b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md @@ -281,7 +281,7 @@ outPrivateDnsZonesNames | array | "parExpressRouteGatewayEnabled": true, "parAzFirewallEnabled": true, "parVirtualHubAddressPrefix": "10.100.0.0/23", - "parHubLocation": "eastus", + "parHubLocation": "[parameters('parLocation')]", "parHubRoutingPreference": "ExpressRoute", "parVirtualRouterAutoScaleConfiguration": 2 } diff --git a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep index bb90ad0f9..dba3ffa8a 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep +++ b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep @@ -43,7 +43,7 @@ param parVirtualWanHubs array = [ { parExpressRouteGatewayEnabled: true parAzFirewallEnabled: true parVirtualHubAddressPrefix: '10.100.0.0/23' - parHubLocation: 'eastus' + parHubLocation: parLocation parHubRoutingPreference: 'ExpressRoute' //allowed values are 'ASN','VpnGateway','ExpressRoute'. parVirtualRouterAutoScaleConfiguration: 2 //minimum capacity should be between 2 to 50 } @@ -177,7 +177,7 @@ var varZtnP1CuaId = '3ab23b1e-c5c5-42d4-b163-1402384ba2db' var varZtnP1Trigger = (parDdosEnabled && !(contains(map(parVirtualWanHubs, hub => hub.parAzFirewallEnabled), false)) && (parAzFirewallTier == 'Premium')) ? true : false // Virtual WAN resource -resource resVwan 'Microsoft.Network/virtualWans@2022-01-01' = { +resource resVwan 'Microsoft.Network/virtualWans@2023-02-01' = { name: parVirtualWanName location: parLocation tags: parTags @@ -189,7 +189,7 @@ resource resVwan 'Microsoft.Network/virtualWans@2022-01-01' = { } } -resource resVhub 'Microsoft.Network/virtualHubs@2022-01-01' = [for hub in parVirtualWanHubs: if (parVirtualHubEnabled && !empty(hub.parVirtualHubAddressPrefix)) { +resource resVhub 'Microsoft.Network/virtualHubs@2023-02-01' = [for hub in parVirtualWanHubs: if (parVirtualHubEnabled && !empty(hub.parVirtualHubAddressPrefix)) { name: '${parVirtualWanHubName}-${hub.parHubLocation}' location: hub.parHubLocation tags: parTags @@ -206,7 +206,7 @@ resource resVhub 'Microsoft.Network/virtualHubs@2022-01-01' = [for hub in parVir } }] -resource resVhubRouteTable 'Microsoft.Network/virtualHubs/hubRouteTables@2022-01-01' = [for (hub, i) in parVirtualWanHubs: if (parVirtualHubEnabled && hub.parAzFirewallEnabled) { +resource resVhubRouteTable 'Microsoft.Network/virtualHubs/hubRouteTables@2023-02-01' = [for (hub, i) in parVirtualWanHubs: if (parVirtualHubEnabled && hub.parAzFirewallEnabled) { parent: resVhub[i] name: 'defaultRouteTable' properties: { @@ -227,7 +227,7 @@ resource resVhubRouteTable 'Microsoft.Network/virtualHubs/hubRouteTables@2022-01 } }] -resource resVpnGateway 'Microsoft.Network/vpnGateways@2022-09-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parVpnGatewayEnabled)) { +resource resVpnGateway 'Microsoft.Network/vpnGateways@2023-02-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parVpnGatewayEnabled)) { dependsOn: resVhub name: '${parVpnGatewayName}-${hub.parHubLocation}' location: hub.parHubLocation @@ -245,7 +245,7 @@ resource resVpnGateway 'Microsoft.Network/vpnGateways@2022-09-01' = [for (hub, i } }] -resource resErGateway 'Microsoft.Network/expressRouteGateways@2022-09-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parExpressRouteGatewayEnabled)) { +resource resErGateway 'Microsoft.Network/expressRouteGateways@2023-02-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parExpressRouteGatewayEnabled)) { dependsOn: resVhub name: '${parExpressRouteGatewayName}-${hub.parHubLocation}' location: hub.parHubLocation @@ -262,7 +262,7 @@ resource resErGateway 'Microsoft.Network/expressRouteGateways@2022-09-01' = [for } }] -resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2022-05-01' = if (parVirtualHubEnabled && parVirtualWanHubs[0].parAzFirewallEnabled) { +resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = if (parVirtualHubEnabled && parVirtualWanHubs[0].parAzFirewallEnabled) { name: parAzFirewallPoliciesName location: parLocation tags: parTags @@ -280,7 +280,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2022-05-01' = i } } -resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2022-05-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parAzFirewallEnabled)) { +resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2023-02-01' = [for (hub, i) in parVirtualWanHubs: if ((parVirtualHubEnabled) && (hub.parAzFirewallEnabled)) { name: '${parAzFirewallName}-${hub.parHubLocation}' location: hub.parHubLocation tags: parTags @@ -305,7 +305,7 @@ resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2022-05-01' = [for ( }] // DDoS plan is deployed even though not supported to attach to Virtual WAN today as per https://docs.microsoft.com/azure/firewall-manager/overview#known-issues - However, it can still be linked via policy to spoke VNets etc. -resource resDdosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2021-08-01' = if (parDdosEnabled) { +resource resDdosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2023-02-01' = if (parDdosEnabled) { name: parDdosPlanName location: parLocation tags: parTags diff --git a/tests/pipelines/bicep-build-to-validate.yml b/tests/pipelines/bicep-build-to-validate.yml index 86515afb4..5de0a3fb4 100644 --- a/tests/pipelines/bicep-build-to-validate.yml +++ b/tests/pipelines/bicep-build-to-validate.yml @@ -242,7 +242,7 @@ jobs: inputs: targetType: "inline" script: | - az deployment group create --resource-group $(ResourceGroupName) --template-file infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep --parameters @infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json parVirtualNetworkIdToLink="/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.Network/virtualNetworks/vnet-spoke" + az deployment group create --resource-group $(ResourceGroupName) --template-file infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep --parameters parVirtualNetworkIdToLink="/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.Network/virtualNetworks/vnet-spoke" - task: Bash@3 displayName: Az CLI Deploy vWan Network connection for PR