From 2827a5cae289c27bfa54a28be6ccaff4d24238fe Mon Sep 17 00:00:00 2001 From: Olli Janatuinen Date: Fri, 22 Jul 2022 11:47:33 +0000 Subject: [PATCH 1/5] Use latest API versions in all modules --- .../modules/hubNetworking/hubNetworking.bicep | 18 +++++++++--------- .../bicep/modules/publicIp/publicIp.bicep | 2 +- .../roleAssignmentManagementGroup.bicep | 2 +- .../roleAssignmentSubscription.bicep | 2 +- .../spokeNetworking/spokeNetworking.bicep | 4 ++-- .../modules/vnetPeering/vnetPeering.bicep | 2 +- .../hubVirtualNetworkConnection.bicep | 2 +- .../vwanConnectivity/vwanConnectivity.bicep | 10 +++++----- 8 files changed, 21 insertions(+), 21 deletions(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index 1aa219be3..e1acf88c9 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -223,14 +223,14 @@ var varGwConfig = [ // Customer Usage Attribution Id var varCuaid = '2686e846-5fdc-4d4f-b533-16dcb09d6e6c' -resource resDdosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2021-02-01' = if (parDdosEnabled) { +resource resDdosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2021-08-01' = if (parDdosEnabled) { name: parDdosPlanName location: parLocation tags: parTags } //DDos Protection plan will only be enabled if parDdosEnabled is true. -resource resHubVnet 'Microsoft.Network/virtualNetworks@2021-02-01' = { +resource resHubVnet 'Microsoft.Network/virtualNetworks@2021-08-01' = { dependsOn: [ resBastionNsg ] @@ -271,7 +271,7 @@ module modBastionPublicIp '../publicIp/publicIp.bicep' = if (parAzBastionEnabled } } -resource resBastionSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2021-02-01' existing = { +resource resBastionSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2021-08-01' existing = { parent: resHubVnet name: 'AzureBastionSubnet' } @@ -405,7 +405,7 @@ resource resBastionNsg 'Microsoft.Network/networkSecurityGroups@2021-08-01' = { // AzureBastionSubnet is required to deploy Bastion service. This subnet must exist in the parsubnets array if you enable Bastion Service. // There is a minimum subnet requirement of /27 prefix. // If you are deploying standard this needs to be larger. https://docs.microsoft.com/en-us/azure/bastion/configuration-settings#subnet -resource resBastion 'Microsoft.Network/bastionHosts@2021-02-01' = if (parAzBastionEnabled) { +resource resBastion 'Microsoft.Network/bastionHosts@2021-08-01' = if (parAzBastionEnabled) { location: parLocation name: parAzBastionName tags: parTags @@ -430,7 +430,7 @@ resource resBastion 'Microsoft.Network/bastionHosts@2021-02-01' = if (parAzBasti } } -resource resGatewaySubnetRef 'Microsoft.Network/virtualNetworks/subnets@2021-02-01' existing = { +resource resGatewaySubnetRef 'Microsoft.Network/virtualNetworks/subnets@2021-08-01' existing = { parent: resHubVnet name: 'GatewaySubnet' } @@ -487,7 +487,7 @@ resource resGateway 'Microsoft.Network/virtualNetworkGateways@2021-02-01' = [for } }] -resource resAzureFirewallSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2021-02-01' existing = { +resource resAzureFirewallSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2021-08-01' existing = { parent: resHubVnet name: 'AzureFirewallSubnet' } @@ -510,7 +510,7 @@ module modAzureFirewallPublicIp '../publicIp/publicIp.bicep' = if (parAzFirewall } } -resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2021-05-01' = if (parAzFirewallEnabled) { +resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2021-08-01' = if (parAzFirewallEnabled) { name: parAzFirewallPoliciesName location: parLocation tags: parTags @@ -526,7 +526,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2021-05-01' = i // AzureFirewallSubnet is required to deploy Azure Firewall . This subnet must exist in the parsubnets array if you deploy. // There is a minimum subnet requirement of /26 prefix. -resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2021-05-01' = if (parAzFirewallEnabled) { +resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2021-08-01' = if (parAzFirewallEnabled) { name: parAzFirewallName location: parLocation tags: parTags @@ -556,7 +556,7 @@ resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2021-05-01' = if (pa } //If Azure Firewall is enabled we will deploy a RouteTable to redirect Traffic to the Firewall. -resource resHubRouteTable 'Microsoft.Network/routeTables@2021-02-01' = if (parAzFirewallEnabled) { +resource resHubRouteTable 'Microsoft.Network/routeTables@2021-08-01' = if (parAzFirewallEnabled) { name: parHubRouteTableName location: parLocation tags: parTags diff --git a/infra-as-code/bicep/modules/publicIp/publicIp.bicep b/infra-as-code/bicep/modules/publicIp/publicIp.bicep index 6866f470d..9b13a49cb 100644 --- a/infra-as-code/bicep/modules/publicIp/publicIp.bicep +++ b/infra-as-code/bicep/modules/publicIp/publicIp.bicep @@ -27,7 +27,7 @@ param parTelemetryOptOut bool = false // Customer Usage Attribution Id var varCuaid = '3f85b84c-6bad-4c42-86bf-11c233241c22' -resource resPublicIp 'Microsoft.Network/publicIPAddresses@2021-05-01' ={ +resource resPublicIp 'Microsoft.Network/publicIPAddresses@2021-08-01' ={ name: parPublicIpName tags: parTags location: parLocation diff --git a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep index 19abfd7e6..6bfa483b8 100644 --- a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep +++ b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep @@ -22,7 +22,7 @@ param parTelemetryOptOut bool = false // Customer Usage Attribution Id var varCuaid = '59c2ac61-cd36-413b-b999-86a3e0d958fb' -resource resRoleAssignment 'Microsoft.Authorization/roleAssignments@2020-08-01-preview' = { +resource resRoleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = { name: parRoleAssignmentNameGuid properties: { roleDefinitionId: tenantResourceId('Microsoft.Authorization/roleDefinitions', parRoleDefinitionId) diff --git a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscription.bicep b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscription.bicep index e8f759705..c27bdab09 100644 --- a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscription.bicep +++ b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscription.bicep @@ -22,7 +22,7 @@ param parTelemetryOptOut bool = false // Customer Usage Attribution Id var varCuaid = '59c2ac61-cd36-413b-b999-86a3e0d958fb' -resource resRoleAssignment 'Microsoft.Authorization/roleAssignments@2020-08-01-preview' = { +resource resRoleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = { name: parRoleAssignmentNameGuid properties: { roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', parRoleDefinitionId) diff --git a/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep b/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep index 85c277af4..52bed6781 100644 --- a/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep +++ b/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep @@ -33,7 +33,7 @@ var varCuaid = '0c428583-f2a1-4448-975c-2d6262fd193a' //If Ddos parameter is true Ddos will be Enabled on the Virtual Network //If Azure Firewall is enabled and Network DNS Proxy is enabled DNS will be configured to point to AzureFirewall -resource resSpokeVirtualNetwork 'Microsoft.Network/virtualNetworks@2021-02-01' = { +resource resSpokeVirtualNetwork 'Microsoft.Network/virtualNetworks@2021-08-01' = { name: parSpokeNetworkName location: parLocation tags: parTags @@ -53,7 +53,7 @@ resource resSpokeVirtualNetwork 'Microsoft.Network/virtualNetworks@2021-02-01' = } } -resource resSpokeToHubRouteTable 'Microsoft.Network/routeTables@2021-02-01' = if (!empty(parNextHopIpAddress)) { +resource resSpokeToHubRouteTable 'Microsoft.Network/routeTables@2021-08-01' = if (!empty(parNextHopIpAddress)) { name: parSpokeToHubRouteTableName location: parLocation tags: parTags diff --git a/infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep b/infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep index f54e47c59..aca6df7d2 100644 --- a/infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep +++ b/infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep @@ -25,7 +25,7 @@ param parTelemetryOptOut bool = false // Customer Usage Attribution Id var varCuaId = 'ab8e3b12-b0fa-40aa-8630-e3f7699e2142' -resource resVirtualNetworkPeer 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2020-11-01' = { +resource resVirtualNetworkPeer 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2021-08-01' = { name: '${parSourceVirtualNetworkName}/peer-to-${parDestinationVirtualNetworkName}' properties: { allowVirtualNetworkAccess: parAllowVirtualNetworkAccess diff --git a/infra-as-code/bicep/modules/vnetPeeringVwan/hubVirtualNetworkConnection.bicep b/infra-as-code/bicep/modules/vnetPeeringVwan/hubVirtualNetworkConnection.bicep index 1e64bb7fb..7a6d01c0b 100644 --- a/infra-as-code/bicep/modules/vnetPeeringVwan/hubVirtualNetworkConnection.bicep +++ b/infra-as-code/bicep/modules/vnetPeeringVwan/hubVirtualNetworkConnection.bicep @@ -10,7 +10,7 @@ var varSpokeVnetName = split(parRemoteVirtualNetworkResourceId, '/')[8] var varVnetPeeringVwanName = '${varVwanHubName}/${varSpokeVnetName}-vhc' -resource resVnetPeeringVwan 'Microsoft.Network/virtualHubs/hubVirtualNetworkConnections@2021-05-01' = if (!empty(parVirtualWanHubResourceId) && !empty(parRemoteVirtualNetworkResourceId)) { +resource resVnetPeeringVwan 'Microsoft.Network/virtualHubs/hubVirtualNetworkConnections@2021-08-01' = if (!empty(parVirtualWanHubResourceId) && !empty(parRemoteVirtualNetworkResourceId)) { name: varVnetPeeringVwanName properties: { remoteVirtualNetwork: { diff --git a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep index e8f1ea0f1..e38bf5f92 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep +++ b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep @@ -142,7 +142,7 @@ param parTelemetryOptOut bool = false var varCuaid = '7f94f23b-7a59-4a5c-9a8d-2a253a566f61' // Virtual WAN resource -resource resVwan 'Microsoft.Network/virtualWans@2021-05-01' = { +resource resVwan 'Microsoft.Network/virtualWans@2021-08-01' = { name: parVirtualWanName location: parLocation tags: parTags @@ -154,7 +154,7 @@ resource resVwan 'Microsoft.Network/virtualWans@2021-05-01' = { } } -resource resVhub 'Microsoft.Network/virtualHubs@2021-05-01' = if (parVirtualHubEnabled && !empty(parVirtualHubAddressPrefix)) { +resource resVhub 'Microsoft.Network/virtualHubs@2021-08-01' = if (parVirtualHubEnabled && !empty(parVirtualHubAddressPrefix)) { name: parVirtualWanHubName location: parLocation tags: parTags @@ -167,7 +167,7 @@ resource resVhub 'Microsoft.Network/virtualHubs@2021-05-01' = if (parVirtualHubE } } -resource resVhubRouteTable 'Microsoft.Network/virtualHubs/hubRouteTables@2021-05-01' = if (parVirtualHubEnabled && parAzFirewallEnabled) { +resource resVhubRouteTable 'Microsoft.Network/virtualHubs/hubRouteTables@2021-08-01' = if (parVirtualHubEnabled && parAzFirewallEnabled) { parent: resVhub name: 'defaultRouteTable' properties: { @@ -221,7 +221,7 @@ resource resErGateway 'Microsoft.Network/expressRouteGateways@2021-05-01' = if ( } } -resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2021-05-01' = if (parVirtualHubEnabled && parAzFirewallEnabled) { +resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2021-08-01' = if (parVirtualHubEnabled && parAzFirewallEnabled) { name: parAzFirewallPoliciesName location: parLocation tags: parTags @@ -263,7 +263,7 @@ resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2021-02-01' = if (pa } // DDoS plan is deployed even though not supported to attach to Virtual WAN today as per https://docs.microsoft.com/azure/firewall-manager/overview#known-issues - However, it can still be linked via policy to spoke VNets etc. -resource resDdosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2021-02-01' = if (parDdosEnabled) { +resource resDdosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2021-08-01' = if (parDdosEnabled) { name: parDdosPlanName location: parLocation tags: parTags From 10eea94a3153c61fc2b96b2f050fb6e4038eec85 Mon Sep 17 00:00:00 2001 From: Jack Tracey <41163455+jtracey93@users.noreply.github.com> Date: Mon, 25 Jul 2022 08:57:12 +0100 Subject: [PATCH 2/5] fix eastus hardcoded to location var --- tests/pipelines/base-unit-validate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/pipelines/base-unit-validate.yml b/tests/pipelines/base-unit-validate.yml index 5484327a8..5077fb48c 100644 --- a/tests/pipelines/base-unit-validate.yml +++ b/tests/pipelines/base-unit-validate.yml @@ -143,7 +143,7 @@ jobs: inputs: targetType: 'inline' script: | - az deployment group validate --resource-group $(ResourceGroupName) --template-file infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep --parameters parDestinationVirtualNetworkId="/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.Network/virtualNetworks/alz-hub-eastus" parSourceVirtualNetworkName="vnet-spoke" parDestinationVirtualNetworkName="alz-hub-eastus" --name $(ManagementGroupPrefix) + az deployment group validate --resource-group $(ResourceGroupName) --template-file infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep --parameters parDestinationVirtualNetworkId="/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.Network/virtualNetworks/alz-hub-$(Location)" parSourceVirtualNetworkName="vnet-spoke" parDestinationVirtualNetworkName="alz-hub-$(Location)" --name $(ManagementGroupPrefix) - task: Bash@3 displayName: Az CLI Validate Private DNS Zones @@ -199,7 +199,7 @@ jobs: inputs: targetType: 'inline' script: | - az deployment mg validate --template-file infra-as-code/bicep/orchestration/hubPeeredSpoke/hubPeeredSpoke.bicep --parameters @infra-as-code/bicep/orchestration/hubPeeredSpoke/parameters/hubPeeredSpoke.parameters.all.json parPeeredVnetSubscriptionId="$(subscriptionId)" parHubVirtualNetworkId="/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.Network/virtualNetworks/alz-hub-eastus" parTopLevelManagementGroupPrefix="$(ManagementGroupPrefix)" --location $(Location) --management-group-id $(ManagementGroupPrefix) --name $(ManagementGroupPrefix) + az deployment mg validate --template-file infra-as-code/bicep/orchestration/hubPeeredSpoke/hubPeeredSpoke.bicep --parameters @infra-as-code/bicep/orchestration/hubPeeredSpoke/parameters/hubPeeredSpoke.parameters.all.json parPeeredVnetSubscriptionId="$(subscriptionId)" parHubVirtualNetworkId="/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.Network/virtualNetworks/alz-hub-$(Location)" parTopLevelManagementGroupPrefix="$(ManagementGroupPrefix)" --location $(Location) --management-group-id $(ManagementGroupPrefix) --name $(ManagementGroupPrefix) - job: bicep_cleanup dependsOn: bicep_validate From 98c08b7533a87851f69524b6b166287dfe27e2f3 Mon Sep 17 00:00:00 2001 From: Jack Tracey <41163455+jtracey93@users.noreply.github.com> Date: Mon, 25 Jul 2022 09:09:10 +0100 Subject: [PATCH 3/5] fix location + dns zones in vwan + reorder spoke vnet --- tests/pipelines/bicep-build-to-validate.yml | 26 ++++++++++----------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/tests/pipelines/bicep-build-to-validate.yml b/tests/pipelines/bicep-build-to-validate.yml index f409baa88..bab71b194 100644 --- a/tests/pipelines/bicep-build-to-validate.yml +++ b/tests/pipelines/bicep-build-to-validate.yml @@ -201,22 +201,22 @@ jobs: az deployment group create --resource-group $(ResourceGroupName) --template-file infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep --parameters @infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.min.json - task: Bash@3 - displayName: Az CLI Deploy vWan Networking for PR - name: create_vwan_network - condition: and(or(ne(variables['gitVwanOUTPUT'], ''), ne(variables['gitVwanNwcOUTPUT'], '')), ne(variables['subscriptionId'], '')) - inputs: - targetType: 'inline' - script: | - az deployment group create --resource-group $(ResourceGroupName) --template-file infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep --parameters @infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json - - - task: Bash@3 displayName: Az CLI Deploy Spoke Networking for PR name: create_spoke_network - condition: and(or(ne(variables['gitSpokeOUTPUT'], ''), ne(variables['gitVwanNwcOUTPUT'], ''), ne(variables['gitVnetPeerOUTPUT'], '')), ne(variables['subscriptionId'], '')) + condition: and(or(ne(variables['gitSpokeOUTPUT'], ''), ne(variables['gitVwanNwcOUTPUT'], ''), ne(variables['gitVwanOUTPUT'], ''), ne(variables['gitVnetPeerOUTPUT'], '')), ne(variables['subscriptionId'], '')) inputs: targetType: 'inline' script: | az deployment group create --resource-group $(ResourceGroupName) --template-file infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep --parameters @infra-as-code/bicep/modules/spokeNetworking/parameters/spokeNetworking.parameters.min.json + + - task: Bash@3 + displayName: Az CLI Deploy vWan Networking for PR + name: create_vwan_network + condition: and(or(ne(variables['gitVwanOUTPUT'], ''), ne(variables['gitVwanNwcOUTPUT'], '')), ne(variables['subscriptionId'], '')) + inputs: + targetType: 'inline' + script: | + az deployment group create --resource-group $(ResourceGroupName) --template-file infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep --parameters @infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json parVirtualNetworkIdToLink="/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.Network/virtualNetworks/vnet-spoke" - task: Bash@3 displayName: Az CLI Deploy vWan Network connection for PR @@ -225,7 +225,7 @@ jobs: inputs: targetType: 'inline' script: | - az deployment sub create --location $(Location) --template-file infra-as-code/bicep/modules/vnetPeeringVwan/vnetPeeringVwan.bicep --parameters @infra-as-code/bicep/modules/vnetPeeringVwan/parameters/vnetPeeringVwan.parameters.min.json parVirtualWanHubResourceId="/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.Network/virtualHubs/alz-vhub-$(Location)" parRemoteVirtualNetworkResourceId="/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.Network/virtualNetworks/vnet-spoke" + az deployment sub create --location $(Location) --template-file infra-as-code/bicep/modules/vnetPeeringVwan/vnetPeeringVwan.bicep --parameters @infra-as-code/bicep/modules/vnetPeeringVwan/parameters/vnetPeeringVwan.parameters.min.json parVirtualWanHubResourceId="/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.Network/virtualHubs/alz-vhub-$(Location)" parRemoteVirtualNetworkResourceId="/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.Network/virtualNetworks/vnet-spoke" - task: Bash@3 displayName: Az CLI Deploy vNet Peer for PR spoke to hub @@ -234,7 +234,7 @@ jobs: inputs: targetType: 'inline' script: | - az deployment group create --resource-group $(ResourceGroupName) --template-file infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep --parameters @infra-as-code/bicep/modules/vnetPeering/parameters/vnetPeering.parameters.min.json parDestinationVirtualNetworkId="/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.Network/virtualNetworks/alz-hub-eastus" + az deployment group create --resource-group $(ResourceGroupName) --template-file infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep --parameters @infra-as-code/bicep/modules/vnetPeering/parameters/vnetPeering.parameters.min.json parDestinationVirtualNetworkId="/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.Network/virtualNetworks/alz-hub-$(Location)" - task: Bash@3 displayName: Az CLI Deploy vNet Peer for PR hub to spoke @@ -243,7 +243,7 @@ jobs: inputs: targetType: 'inline' script: | - az deployment group create --resource-group $(ResourceGroupName) --template-file infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep --parameters @infra-as-code/bicep/modules/vnetPeering/parameters/vnetPeering.parameters.min.json parDestinationVirtualNetworkId="/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.Network/virtualNetworks/vnet-spoke" parSourceVirtualNetworkName="alz-hub-eastus" parDestinationVirtualNetworkName="vnet-spoke" + az deployment group create --resource-group $(ResourceGroupName) --template-file infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep --parameters @infra-as-code/bicep/modules/vnetPeering/parameters/vnetPeering.parameters.min.json parDestinationVirtualNetworkId="/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.Network/virtualNetworks/vnet-spoke" parSourceVirtualNetworkName="alz-hub-$(Location)" parDestinationVirtualNetworkName="vnet-spoke" # Verify that WhatIf does not find differences between code and environment thats just been deployed - task: Bash@3 From 49e451d1849b8e52b5a00419967a757f27fc45b8 Mon Sep 17 00:00:00 2001 From: Jack Tracey <41163455+jtracey93@users.noreply.github.com> Date: Mon, 25 Jul 2022 12:25:18 +0100 Subject: [PATCH 4/5] update vnet link name uniqueness --- .../bicep/modules/privateDnsZones/privateDnsZones.bicep | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep b/infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep index c12ceb51a..e77eb0ad5 100644 --- a/infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep +++ b/infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep @@ -127,6 +127,8 @@ var varAzBackupGeoCodes = { // If region entered in parLocation and matches a lookup to varAzBackupGeoCodes then insert Azure Backup Private DNS Zone with appropriate geo code inserted alongside zones in parPrivateDnsZones. If not just return parPrivateDnsZones var varPrivateDnsZonesMerge = contains(varAzBackupGeoCodes, parLocation) ? union(parPrivateDnsZones, ['privatelink.${varAzBackupGeoCodes[toLower(parLocation)]}.backup.windowsazure.com']) : parPrivateDnsZones +var varVirtualNetworkToLinkName = split(parVirtualNetworkIdToLink, '/')[8] + // Customer Usage Attribution Id var varCuaid = '981733dd-3195-4fda-a4ee-605ab959edb6' @@ -137,7 +139,7 @@ resource resPrivateDnsZones 'Microsoft.Network/privateDnsZones@2020-06-01' = [fo }] resource resVirtualNetworkLink 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = [for privateDnsZoneName in varPrivateDnsZonesMerge: if (!empty(parVirtualNetworkIdToLink)) { - name: '${privateDnsZoneName}/${privateDnsZoneName}' + name: '${privateDnsZoneName}/${take('${privateDnsZoneName}-${varVirtualNetworkToLinkName}', 80)}' location: 'global' properties: { registrationEnabled: false From 48090e100f9871ecf018718e93f502251c2e9daa Mon Sep 17 00:00:00 2001 From: Jack Tracey <41163455+jtracey93@users.noreply.github.com> Date: Mon, 25 Jul 2022 14:05:17 +0100 Subject: [PATCH 5/5] change link uniqueness --- .../bicep/modules/privateDnsZones/privateDnsZones.bicep | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep b/infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep index e77eb0ad5..edaed9d1f 100644 --- a/infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep +++ b/infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep @@ -127,8 +127,6 @@ var varAzBackupGeoCodes = { // If region entered in parLocation and matches a lookup to varAzBackupGeoCodes then insert Azure Backup Private DNS Zone with appropriate geo code inserted alongside zones in parPrivateDnsZones. If not just return parPrivateDnsZones var varPrivateDnsZonesMerge = contains(varAzBackupGeoCodes, parLocation) ? union(parPrivateDnsZones, ['privatelink.${varAzBackupGeoCodes[toLower(parLocation)]}.backup.windowsazure.com']) : parPrivateDnsZones -var varVirtualNetworkToLinkName = split(parVirtualNetworkIdToLink, '/')[8] - // Customer Usage Attribution Id var varCuaid = '981733dd-3195-4fda-a4ee-605ab959edb6' @@ -139,7 +137,7 @@ resource resPrivateDnsZones 'Microsoft.Network/privateDnsZones@2020-06-01' = [fo }] resource resVirtualNetworkLink 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = [for privateDnsZoneName in varPrivateDnsZonesMerge: if (!empty(parVirtualNetworkIdToLink)) { - name: '${privateDnsZoneName}/${take('${privateDnsZoneName}-${varVirtualNetworkToLinkName}', 80)}' + name: '${privateDnsZoneName}/${take('link-${uniqueString(parVirtualNetworkIdToLink)}', 80)}' location: 'global' properties: { registrationEnabled: false