Adding deny all rule to Azure Bastion nsg

[sid2305]

Overview/Summary

AB#26315

Added deny all rule to both inbound and outbound rules with the lowest priority i.e. 4096 for the Azure Bastion nsg and added parameters for destination ports of security rules.

This PR fixes/adds/changes/removes

1. adds deny all rule for inbound and outbound rules.
2. adds parameters with default values to hub networking parameter and bicep file for destination ports of inbound/outbound rules

Breaking Changes

Testing Evidence

Replace this with any testing evidence to show that your Pull Request works/fixes as described and planned (include screenshots, if appropriate).

As part of this Pull Request I have

• Read the Contribution Guide and ensured this PR is compliant with the guide
• Ensured the resource API versions in .bicep file/s I am adding/editing are using the latest API version possible
• Checked for duplicate Pull Requests
• Associated it with relevant GitHub Issues
• (ALZ Bicep Core Team Only) Associated it with relevant ADO Items
• Ensured my code/branch is up-to-date with the latest changes in the main branch
• Performed testing and provided evidence.
• Updated one or more of the following tests (if required)
  • Unit
  • Linting
  • E2E (End-To-End)
  • ValidateAzCloud (Base validation in Azure Cloud)
  • ValidateMcCloud (Base validation in Azure China Cloud)
• Updated relevant and associated documentation (e.g. Contribution Guide, Module READMEs, Wiki Docs etc.)
• If relevant, created or updated Code Tours here

[jtracey93]

Hey @sid2305,

Looking good. Can you make sure your fork allows pushes from maintainers as currently the docs arent updating on your PR as seen here: https://github.com/Azure/ALZ-Bicep/actions/runs/4235275012/jobs/7358691021#step:11:160

https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork

Thanks

Jack

[sid2305]

Hi @jtracey93,
Turned on the option to allow pushes to this fork.

[jtracey93]

@sid2305 still getting permission denied? https://github.com/Azure/ALZ-Bicep/actions/runs/4251789429/jobs/7394567020

You can manually generate the docs by following https://github.com/Azure/ALZ-Bicep/wiki/Contributing#manually-generating-the-parameter-markdown-files on your branch and committing them up, might be easier 💪👊

[jtracey93]

Thanks for updating the docs @sid2305 via the script.

Can you please review the comments and remove the unnecessary parameters to keep it simple for customers. They only need to be able to customize the RDP/SSH ports and thats it i think as all other ports are requirements for bastion to work and these cant be changed on the bastion service, so no need to expose.

[sid2305]

Thanks for the review @jtracey93. It totally makes sense to only parameterize the SSH/RDP port only and not others. I have updated the PR and docs for it.

[jtracey93]

/azp run validateazcloud

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[jtracey93]

/azp run validateazcloud

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[jtracey93]

/azp run validateazcloud

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[jtracey93]

Looking good, thanks for making the changes.