Option for subnet delegations

infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md

@@ -10,7 +10,7 @@ parLocation    | No       | The Azure Region to deploy the resources into.
 parCompanyPrefix | No       | Prefix value which will be prepended to all resource names.
 parHubNetworkName | No       | Prefix Used for Hub Network.
 parHubNetworkAddressPrefix | No       | The IP address range for all virtual networks to use.
-parSubnets     | No       | The name, IP address range, network security group and route table for each subnet in the virtual networks.
+parSubnets     | No       | The name, IP address range, network security group, route table and delegation serviceName for each subnet in the virtual networks.
 parDnsServerIps | No       | Array of DNS Server IP addresses for VNet.
 parPublicIpSku | No       | Public IP Address SKU.
 parPublicIpPrefix | No       | Optional Prefix for Public IPs. Include a succedent dash if required. Example: prefix-
@@ -76,9 +76,9 @@ The IP address range for all virtual networks to use.
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
 
-The name, IP address range, network security group and route table for each subnet in the virtual networks.
+The name, IP address range, network security group, route table and delegation serviceName for each subnet in the virtual networks.
 
-- Default value: `   `
+- Default value: `     `
 
 ### parDnsServerIps
 
@@ -369,6 +369,20 @@ outHubVirtualNetworkId | string |
                     "ipAddressRange": "10.10.253.0/24",
                     "networkSecurityGroupId": "",
                     "routeTableId": ""
+                },
+                {
+                    "name": "snet-privatednsresolver-inbound",
+                    "ipAddressRange": "10.10.252.0/24",
+                    "networkSecurityGroupId": "",
+                    "routeTableId": "",
+                    "delegation": "Microsoft.Network/dnsResolvers"
+                },
+                {
+                    "name": "snet-privatednsresolver-outbound",
+                    "ipAddressRange": "10.10.251.0/24",
+                    "networkSecurityGroupId": "",
+                    "routeTableId": "",
+                    "delegation": "Microsoft.Network/dnsResolvers"
                 }
             ]
         },

infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep

@@ -13,7 +13,7 @@ param parHubNetworkName string = '${parCompanyPrefix}-hub-${parLocation}'
 @sys.description('The IP address range for all virtual networks to use.')
 param parHubNetworkAddressPrefix string = '10.10.0.0/16'
 
-@sys.description('The name, IP address range, network security group and route table for each subnet in the virtual networks.')
+@sys.description('The name, IP address range, network security group, route table and delegation serviceName for each subnet in the virtual networks.')
 param parSubnets array = [
   {
     name: 'AzureBastionSubnet'
@@ -39,6 +39,20 @@ param parSubnets array = [
     networkSecurityGroupId: ''
     routeTableId: ''
   }
+  {
+    name: 'snet-privatednsresolver-inbound'
+    ipAddressRange: '10.10.252.0/24'
+    networkSecurityGroupId: ''
+    routeTableId: ''
+    delegation: 'Microsoft.Network/dnsResolvers'
+  }
+  {
+    name: 'snet-privatednsresolver-outbound'
+    ipAddressRange: '10.10.251.0/24'
+    networkSecurityGroupId: ''
+    routeTableId: ''
+    delegation: 'Microsoft.Network/dnsResolvers'
+  }
 ]
 
 @sys.description('Array of DNS Server IP addresses for VNet.')
@@ -260,18 +274,28 @@ var varSubnetMap = map(range(0, length(parSubnets)), i => {
     ipAddressRange: parSubnets[i].ipAddressRange
     networkSecurityGroupId: contains(parSubnets[i], 'networkSecurityGroupId') ? parSubnets[i].networkSecurityGroupId : ''
     routeTableId: contains(parSubnets[i], 'routeTableId') ? parSubnets[i].routeTableId : ''
+    delegation: contains(parSubnets[i], 'delegation') ? parSubnets[i].delegation : ''
   })
 
 var varSubnetProperties = [for subnet in varSubnetMap: {
   name: subnet.name
   properties: {
     addressPrefix: subnet.ipAddressRange
+
+    delegations: (empty(subnet.delegation)) ? null : [
+      {
+        name: subnet.delegation
+        properties: {
+          serviceName: subnet.delegation
+        }
+      }
+    ]
 
     networkSecurityGroup: (subnet.name == 'AzureBastionSubnet') ? {
       id: '${resourceGroup().id}/providers/Microsoft.Network/networkSecurityGroups/${parAzBastionNsgName}'
-    } : (!empty(subnet.networkSecurityGroupId)) ? {
+    } : (empty(subnet.networkSecurityGroupId)) ? null : {
       id: subnet.networkSecurityGroupId
-    } : null
+    }
 
     routeTable: (empty(subnet.routeTableId)) ? null : {
       id: subnet.routeTableId

infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json

@@ -39,6 +39,20 @@
           "ipAddressRange": "10.10.253.0/24",
           "networkSecurityGroupId": "",
           "routeTableId": ""
+        },
+        {
+          "name": "snet-privatednsresolver-inbound",
+          "ipAddressRange": "10.10.252.0/24",
+          "networkSecurityGroupId": "",
+          "routeTableId": "",
+          "delegation": "Microsoft.Network/dnsResolvers"
+        },
+        {
+          "name": "snet-privatednsresolver-outbound",
+          "ipAddressRange": "10.10.251.0/24",
+          "networkSecurityGroupId": "",
+          "routeTableId": "",
+          "delegation": "Microsoft.Network/dnsResolvers"
         }
       ]
     },

infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.min.json

@@ -30,6 +30,20 @@
           "ipAddressRange": "10.10.253.0/24",
           "networkSecurityGroupId": "",
           "routeTableId": ""
+        },
+        {
+          "name": "snet-privatednsresolver-inbound",
+          "ipAddressRange": "10.20.252.0/24",
+          "networkSecurityGroupId": "",
+          "routeTableId": "",
+          "delegation": "Microsoft.Network/dnsResolvers"
+        },
+        {
+          "name": "snet-privatednsresolver-outbound",
+          "ipAddressRange": "10.20.251.0/24",
+          "networkSecurityGroupId": "",
+          "routeTableId": "",
+          "delegation": "Microsoft.Network/dnsResolvers"
         }
       ]
     },

infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json

@@ -39,6 +39,20 @@
           "ipAddressRange": "10.10.253.0/24",
           "networkSecurityGroupId": "",
           "routeTableId": ""
+        },
+        {
+          "name": "snet-privatednsresolver-inbound",
+          "ipAddressRange": "10.20.252.0/24",
+          "networkSecurityGroupId": "",
+          "routeTableId": "",
+          "delegation": "Microsoft.Network/dnsResolvers"
+        },
+        {
+          "name": "snet-privatednsresolver-outbound",
+          "ipAddressRange": "10.20.251.0/24",
+          "networkSecurityGroupId": "",
+          "routeTableId": "",
+          "delegation": "Microsoft.Network/dnsResolvers"
         }
       ]
     },

infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.min.json

@@ -33,6 +33,20 @@
           "ipAddressRange": "10.10.253.0/24",
           "networkSecurityGroupId": "",
           "routeTableId": ""
+        },
+        {
+          "name": "snet-privatednsresolver-inbound",
+          "ipAddressRange": "10.20.252.0/24",
+          "networkSecurityGroupId": "",
+          "routeTableId": "",
+          "delegation": "Microsoft.Network/dnsResolvers"
+        },
+        {
+          "name": "snet-privatednsresolver-outbound",
+          "ipAddressRange": "10.20.251.0/24",
+          "networkSecurityGroupId": "",
+          "routeTableId": "",
+          "delegation": "Microsoft.Network/dnsResolvers"
         }
       ]
     },