From a6c86f2a3b765d0bcb2aab4c43d2ba74acbdba82 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Wed, 6 Dec 2023 23:30:22 -0600 Subject: [PATCH 01/11] Added deployment toggle for feature parity with vwan --- .../generateddocs/hubNetworking.bicep.md | 6 ++++-- .../modules/hubNetworking/hubNetworking.bicep | 20 +++++++++---------- .../hubNetworking.parameters.all.json | 12 ++++++++--- .../hubNetworking.parameters.az.all.json | 6 ++++++ .../hubNetworking.parameters.min.json | 6 ++++++ .../mc-hubNetworking.parameters.all.json | 6 ++++++ .../mc-hubNetworking.parameters.min.json | 6 ++++++ 7 files changed, 47 insertions(+), 15 deletions(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md index bab8c10d1..cd3b277e7 100644 --- a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md +++ b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md @@ -39,8 +39,10 @@ parPrivateDnsZonesResourceGroup | No | Resource Group Name for Private DNS parPrivateDnsZones | No | Array of DNS Zones to provision in Hub Virtual Network. Default: All known Azure Private DNS Zones parPrivateDnsZoneAutoMergeAzureBackupZone | No | Set Parameter to false to skip the addition of a Private DNS Zone for Azure Backup. parVirtualNetworkIdToLinkFailover | No | Resource ID of Failover VNet for Private DNS Zone VNet Failover Links -parVpnGatewayConfig | No | Configuration for VPN virtual network gateway to be deployed. If a VPN virtual network gateway is not desired an empty object should be used as the input parameter in the parameter file, i.e. "parVpnGatewayConfig": { "value": {} } -parExpressRouteGatewayConfig | No | Configuration for ExpressRoute virtual network gateway to be deployed. If a ExpressRoute virtual network gateway is not desired an empty object should be used as the input parameter in the parameter file, i.e. "parExpressRouteGatewayConfig": { "value": {} } +parVpnGatewayEnabled | No | Switch to enable/disable VPN virtual network gateway deployment. +parVpnGatewayConfig | No | Configuration for VPN virtual network gateway to be deployed. +parExpressRouteGatewayEnabled | No | Switch to enable/disable VPN virtual network gateway deployment. +parExpressRouteGatewayConfig | No | Configuration for ExpressRoute virtual network gateway to be deployed. parTags | No | Tags you would like to be applied to all resources in this module. parTelemetryOptOut | No | Set Parameter to true to Opt-out of deployment telemetry. parBastionOutboundSshRdpPorts | No | Define outbound destination ports or ranges for SSH or RDP that you want to access from Azure Bastion. diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index a45108da8..3b3253290 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -243,11 +243,11 @@ param parPrivateDnsZoneAutoMergeAzureBackupZone bool = true @sys.description('Resource ID of Failover VNet for Private DNS Zone VNet Failover Links') param parVirtualNetworkIdToLinkFailover string = '' +@sys.description('Switch to enable/disable VPN virtual network gateway deployment.') +param parVpnGatewayEnabled bool = true + //ASN must be 65515 if deploying VPN & ER for co-existence to work: https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resource-manager#limits-and-limitations -@sys.description('''Configuration for VPN virtual network gateway to be deployed. If a VPN virtual network gateway is not desired an empty object should be used as the input parameter in the parameter file, i.e. -"parVpnGatewayConfig": { - "value": {} -}''') +@sys.description('Configuration for VPN virtual network gateway to be deployed.') param parVpnGatewayConfig object = { name: '${parCompanyPrefix}-Vpn-Gateway' gatewayType: 'Vpn' @@ -267,10 +267,10 @@ param parVpnGatewayConfig object = { vpnClientConfiguration: {} } -@sys.description('''Configuration for ExpressRoute virtual network gateway to be deployed. If a ExpressRoute virtual network gateway is not desired an empty object should be used as the input parameter in the parameter file, i.e. -"parExpressRouteGatewayConfig": { - "value": {} -}''') +@sys.description('Switch to enable/disable VPN virtual network gateway deployment.') +param parExpressRouteGatewayEnabled bool = true + +@sys.description('Configuration for ExpressRoute virtual network gateway to be deployed.') param parExpressRouteGatewayConfig object = { name: '${parCompanyPrefix}-ExpressRoute-Gateway' gatewayType: 'ExpressRoute' @@ -584,7 +584,7 @@ resource resGatewaySubnetRef 'Microsoft.Network/virtualNetworks/subnets@2023-02- name: 'GatewaySubnet' } -module modGatewayPublicIp '../publicIp/publicIp.bicep' = [for (gateway, i) in varGwConfig: if ((gateway.name != 'noconfigVpn') && (gateway.name != 'noconfigEr')) { +module modGatewayPublicIp '../publicIp/publicIp.bicep' = [for (gateway, i) in varGwConfig: if (((gateway.name != 'noconfigVpn' && parVpnGatewayEnabled) || (gateway.name != 'noconfigEr' && parExpressRouteGatewayEnabled))) { name: 'deploy-Gateway-Public-IP-${i}' params: { parLocation: parLocation @@ -603,7 +603,7 @@ module modGatewayPublicIp '../publicIp/publicIp.bicep' = [for (gateway, i) in va }] //Minumum subnet size is /27 supporting documentation https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub -resource resGateway 'Microsoft.Network/virtualNetworkGateways@2023-02-01' = [for (gateway, i) in varGwConfig: if ((gateway.name != 'noconfigVpn') && (gateway.name != 'noconfigEr')) { +resource resGateway 'Microsoft.Network/virtualNetworkGateways@2023-02-01' = [for (gateway, i) in varGwConfig: if ((gateway.name != 'noconfigVpn' && parVpnGatewayEnabled) && (gateway.name != 'noconfigEr' && parExpressRouteGatewayEnabled)) { name: gateway.name location: parLocation tags: parTags diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json index 2bad6852f..b79996b48 100644 --- a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json +++ b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json @@ -55,7 +55,7 @@ "value": "-PublicIP" }, "parAzBastionEnabled": { - "value": true + "value": false }, "parAzBastionName": { "value": "alz-bastion" @@ -70,13 +70,13 @@ "value": "nsg-AzureBastionSubnet" }, "parDdosEnabled": { - "value": true + "value": false }, "parDdosPlanName": { "value": "alz-ddos-plan" }, "parAzFirewallEnabled": { - "value": true + "value": false }, "parAzFirewallName": { "value": "alz-azfw-eastus" @@ -189,6 +189,9 @@ "parPrivateDnsZoneAutoMergeAzureBackupZone": { "value": true }, + "parVpnGatewayEnabled": { + "value": true + }, "parVpnGatewayConfig": { "value": { "name": "alz-Vpn-Gateway", @@ -209,6 +212,9 @@ "vpnClientConfiguration": {} } }, + "parExpressRouteGatewayEnabled": { + "value": false + }, "parExpressRouteGatewayConfig": { "value": { "name": "alz-ExpressRoute-Gateway", diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.az.all.json b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.az.all.json index 83df4b65b..5f35c792c 100644 --- a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.az.all.json +++ b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.az.all.json @@ -201,6 +201,9 @@ "parPrivateDnsZoneAutoMergeAzureBackupZone": { "value": true }, + "parVpnGatewayEnabled": { + "value": true + }, "parVpnGatewayConfig": { "value": { "name": "alz-Vpn-Gateway", @@ -221,6 +224,9 @@ "vpnClientConfiguration": {} } }, + "parExpressRouteGatewayEnabled": { + "value": true + }, "parExpressRouteGatewayConfig": { "value": { "name": "alz-ExpressRoute-Gateway", diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.min.json b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.min.json index fcf545007..c59fbe5df 100644 --- a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.min.json +++ b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.min.json @@ -75,6 +75,9 @@ "parPrivateDnsZonesEnabled": { "value": true }, + "parVpnGatewayEnabled": { + "value": true + }, "parVpnGatewayConfig": { "value": { "name": "alz-Vpn-Gateway", @@ -94,6 +97,9 @@ } } }, + "parExpressRouteGatewayEnabled": { + "value": true + }, "parExpressRouteGatewayConfig": { "value": { "name": "alz-ExpressRoute-Gateway", diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json b/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json index 0d0bd5957..9794a1dda 100644 --- a/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json +++ b/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json @@ -150,6 +150,9 @@ "parPrivateDnsZoneAutoMergeAzureBackupZone": { "value": true }, + "parVpnGatewayEnabled": { + "value": true + }, "parVpnGatewayConfig": { "value": { "name": "alz-Vpn-Gateway", @@ -170,6 +173,9 @@ "vpnClientConfiguration": {} } }, + "parExpressRouteGatewayEnabled": { + "value": true + }, "parExpressRouteGatewayConfig": { "value": { "name": "alz-ExpressRoute-Gateway", diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.min.json b/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.min.json index fe76ea4a1..463ae0dcc 100644 --- a/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.min.json +++ b/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.min.json @@ -111,6 +111,9 @@ "privatelink.redis.cache.chinacloudapi.cn" ] }, + "parVpnGatewayEnabled": { + "value": true + }, "parVpnGatewayConfig": { "value": { "name": "alz-Vpn-Gateway", @@ -130,6 +133,9 @@ } } }, + "parExpressRouteGatewayEnabled": { + "value": true + }, "parExpressRouteGatewayConfig": { "value": { "name": "alz-ExpressRoute-Gateway", From 4dc284a08765b5ea5ef0d9c6135aad32259a08d0 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Thu, 7 Dec 2023 00:06:01 -0600 Subject: [PATCH 02/11] Fix and simplify conditions for deployment --- .../bicep/modules/hubNetworking/hubNetworking.bicep | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index 3b3253290..f96e086cd 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -332,9 +332,9 @@ var varSubnetProperties = [for subnet in varSubnetMap: { } }] -var varVpnGwConfig = ((!empty(parVpnGatewayConfig)) ? parVpnGatewayConfig : json('{"name": "noconfigVpn"}')) +var varVpnGwConfig = ((!empty(parVpnGatewayConfig) && parVpnGatewayEnabled) ? parVpnGatewayConfig : json('{"name": "noconfigVpn"}')) -var varErGwConfig = ((!empty(parExpressRouteGatewayConfig)) ? parExpressRouteGatewayConfig : json('{"name": "noconfigEr"}')) +var varErGwConfig = ((!empty(parExpressRouteGatewayConfig) && parExpressRouteGatewayEnabled) ? parExpressRouteGatewayConfig : json('{"name": "noconfigEr"}')) var varGwConfig = [ varVpnGwConfig @@ -584,7 +584,7 @@ resource resGatewaySubnetRef 'Microsoft.Network/virtualNetworks/subnets@2023-02- name: 'GatewaySubnet' } -module modGatewayPublicIp '../publicIp/publicIp.bicep' = [for (gateway, i) in varGwConfig: if (((gateway.name != 'noconfigVpn' && parVpnGatewayEnabled) || (gateway.name != 'noconfigEr' && parExpressRouteGatewayEnabled))) { +module modGatewayPublicIp '../publicIp/publicIp.bicep' = [for (gateway, i) in varGwConfig: if (((gateway.name != 'noconfigVpn') || (gateway.name != 'noconfigEr'))) { name: 'deploy-Gateway-Public-IP-${i}' params: { parLocation: parLocation @@ -603,7 +603,7 @@ module modGatewayPublicIp '../publicIp/publicIp.bicep' = [for (gateway, i) in va }] //Minumum subnet size is /27 supporting documentation https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub -resource resGateway 'Microsoft.Network/virtualNetworkGateways@2023-02-01' = [for (gateway, i) in varGwConfig: if ((gateway.name != 'noconfigVpn' && parVpnGatewayEnabled) && (gateway.name != 'noconfigEr' && parExpressRouteGatewayEnabled)) { +resource resGateway 'Microsoft.Network/virtualNetworkGateways@2023-02-01' = [for (gateway, i) in varGwConfig: if (((gateway.name != 'noconfigVpn') || (gateway.name != 'noconfigEr'))) { name: gateway.name location: parLocation tags: parTags @@ -637,7 +637,7 @@ resource resGateway 'Microsoft.Network/virtualNetworkGateways@2023-02-01' = [for name: 'vnetGatewayConfig' properties: { publicIPAddress: { - id: (((gateway.name != 'noconfigVpn') && (gateway.name != 'noconfigEr')) ? modGatewayPublicIp[i].outputs.outPublicIpId : 'na') + id: (((gateway.name != 'noconfigVpn' || (gateway.name != 'noconfigEr')) ? modGatewayPublicIp[i].outputs.outPublicIpId : 'na') } subnet: { id: resGatewaySubnetRef.id From 3f37bae4c8c1791fe65f788248626e2125037ce6 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Thu, 7 Dec 2023 00:14:59 -0600 Subject: [PATCH 03/11] Add missing paranthesis --- infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index f96e086cd..4de79275d 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -637,7 +637,7 @@ resource resGateway 'Microsoft.Network/virtualNetworkGateways@2023-02-01' = [for name: 'vnetGatewayConfig' properties: { publicIPAddress: { - id: (((gateway.name != 'noconfigVpn' || (gateway.name != 'noconfigEr')) ? modGatewayPublicIp[i].outputs.outPublicIpId : 'na') + id: (((gateway.name != 'noconfigVpn') || (gateway.name != 'noconfigEr')) ? modGatewayPublicIp[i].outputs.outPublicIpId : 'na') } subnet: { id: resGatewaySubnetRef.id From 799f31e71168925011f1ede06dfc3bc5d7a74b7e Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Thu, 7 Dec 2023 00:33:30 -0600 Subject: [PATCH 04/11] Update condition logic and params --- .../bicep/modules/hubNetworking/hubNetworking.bicep | 6 +++--- .../parameters/hubNetworking.parameters.all.json | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index 4de79275d..6abb041f2 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -584,7 +584,7 @@ resource resGatewaySubnetRef 'Microsoft.Network/virtualNetworks/subnets@2023-02- name: 'GatewaySubnet' } -module modGatewayPublicIp '../publicIp/publicIp.bicep' = [for (gateway, i) in varGwConfig: if (((gateway.name != 'noconfigVpn') || (gateway.name != 'noconfigEr'))) { +module modGatewayPublicIp '../publicIp/publicIp.bicep' = [for (gateway, i) in varGwConfig: if (((gateway.name != 'noconfigVpn') && (gateway.name != 'noconfigEr'))) { name: 'deploy-Gateway-Public-IP-${i}' params: { parLocation: parLocation @@ -603,7 +603,7 @@ module modGatewayPublicIp '../publicIp/publicIp.bicep' = [for (gateway, i) in va }] //Minumum subnet size is /27 supporting documentation https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub -resource resGateway 'Microsoft.Network/virtualNetworkGateways@2023-02-01' = [for (gateway, i) in varGwConfig: if (((gateway.name != 'noconfigVpn') || (gateway.name != 'noconfigEr'))) { +resource resGateway 'Microsoft.Network/virtualNetworkGateways@2023-02-01' = [for (gateway, i) in varGwConfig: if (((gateway.name != 'noconfigVpn') && (gateway.name != 'noconfigEr'))) { name: gateway.name location: parLocation tags: parTags @@ -637,7 +637,7 @@ resource resGateway 'Microsoft.Network/virtualNetworkGateways@2023-02-01' = [for name: 'vnetGatewayConfig' properties: { publicIPAddress: { - id: (((gateway.name != 'noconfigVpn') || (gateway.name != 'noconfigEr')) ? modGatewayPublicIp[i].outputs.outPublicIpId : 'na') + id: (((gateway.name != 'noconfigVpn') && (gateway.name != 'noconfigEr')) ? modGatewayPublicIp[i].outputs.outPublicIpId : 'na') } subnet: { id: resGatewaySubnetRef.id diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json index b79996b48..2ce8eb305 100644 --- a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json +++ b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json @@ -55,7 +55,7 @@ "value": "-PublicIP" }, "parAzBastionEnabled": { - "value": false + "value": true }, "parAzBastionName": { "value": "alz-bastion" @@ -70,13 +70,13 @@ "value": "nsg-AzureBastionSubnet" }, "parDdosEnabled": { - "value": false + "value": true }, "parDdosPlanName": { "value": "alz-ddos-plan" }, "parAzFirewallEnabled": { - "value": false + "value": true }, "parAzFirewallName": { "value": "alz-azfw-eastus" @@ -213,7 +213,7 @@ } }, "parExpressRouteGatewayEnabled": { - "value": false + "value": true }, "parExpressRouteGatewayConfig": { "value": { From a5b8299a0000f81f515b9bb8805bf3e62e1ee2f5 Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 7 Dec 2023 06:40:09 +0000 Subject: [PATCH 05/11] Generate Parameter Markdowns [oZakari/dad46f42] --- .../generateddocs/hubNetworking.bicep.md | 32 ++++++++++++++----- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md index cd3b277e7..805926b0b 100644 --- a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md +++ b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md @@ -311,25 +311,35 @@ Set Parameter to false to skip the addition of a Private DNS Zone for Azure Back Resource ID of Failover VNet for Private DNS Zone VNet Failover Links +### parVpnGatewayEnabled + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +Switch to enable/disable VPN virtual network gateway deployment. + +- Default value: `True` + ### parVpnGatewayConfig ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -Configuration for VPN virtual network gateway to be deployed. If a VPN virtual network gateway is not desired an empty object should be used as the input parameter in the parameter file, i.e. -"parVpnGatewayConfig": { - "value": {} -} +Configuration for VPN virtual network gateway to be deployed. - Default value: `@{name=[format('{0}-Vpn-Gateway', parameters('parCompanyPrefix'))]; gatewayType=Vpn; sku=VpnGw1; vpnType=RouteBased; generation=Generation1; enableBgp=False; activeActive=False; enableBgpRouteTranslationForNat=False; enableDnsForwarding=False; bgpPeeringAddress=; bgpsettings=; vpnClientConfiguration=}` +### parExpressRouteGatewayEnabled + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +Switch to enable/disable VPN virtual network gateway deployment. + +- Default value: `True` + ### parExpressRouteGatewayConfig ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -Configuration for ExpressRoute virtual network gateway to be deployed. If a ExpressRoute virtual network gateway is not desired an empty object should be used as the input parameter in the parameter file, i.e. -"parExpressRouteGatewayConfig": { - "value": {} -} +Configuration for ExpressRoute virtual network gateway to be deployed. - Default value: `@{name=[format('{0}-ExpressRoute-Gateway', parameters('parCompanyPrefix'))]; gatewayType=ExpressRoute; sku=ErGw1AZ; vpnType=RouteBased; vpnGatewayGeneration=None; enableBgp=False; activeActive=False; enableBgpRouteTranslationForNat=False; enableDnsForwarding=False; bgpPeeringAddress=; bgpsettings=}` @@ -571,6 +581,9 @@ outHubVirtualNetworkId | string | "parVirtualNetworkIdToLinkFailover": { "value": "" }, + "parVpnGatewayEnabled": { + "value": true + }, "parVpnGatewayConfig": { "value": { "name": "[format('{0}-Vpn-Gateway', parameters('parCompanyPrefix'))]", @@ -591,6 +604,9 @@ outHubVirtualNetworkId | string | "vpnClientConfiguration": {} } }, + "parExpressRouteGatewayEnabled": { + "value": true + }, "parExpressRouteGatewayConfig": { "value": { "name": "[format('{0}-ExpressRoute-Gateway', parameters('parCompanyPrefix'))]", From 6f718877268a9daa8baaf4007ce3e815a44931cb Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Thu, 7 Dec 2023 00:58:08 -0600 Subject: [PATCH 06/11] Removed extra paranthesis --- infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index 6abb041f2..67c5cdd82 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -584,7 +584,7 @@ resource resGatewaySubnetRef 'Microsoft.Network/virtualNetworks/subnets@2023-02- name: 'GatewaySubnet' } -module modGatewayPublicIp '../publicIp/publicIp.bicep' = [for (gateway, i) in varGwConfig: if (((gateway.name != 'noconfigVpn') && (gateway.name != 'noconfigEr'))) { +module modGatewayPublicIp '../publicIp/publicIp.bicep' = [for (gateway, i) in varGwConfig: if ((gateway.name != 'noconfigVpn') && (gateway.name != 'noconfigEr')) { name: 'deploy-Gateway-Public-IP-${i}' params: { parLocation: parLocation @@ -603,7 +603,7 @@ module modGatewayPublicIp '../publicIp/publicIp.bicep' = [for (gateway, i) in va }] //Minumum subnet size is /27 supporting documentation https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub -resource resGateway 'Microsoft.Network/virtualNetworkGateways@2023-02-01' = [for (gateway, i) in varGwConfig: if (((gateway.name != 'noconfigVpn') && (gateway.name != 'noconfigEr'))) { +resource resGateway 'Microsoft.Network/virtualNetworkGateways@2023-02-01' = [for (gateway, i) in varGwConfig: if ((gateway.name != 'noconfigVpn') && (gateway.name != 'noconfigEr')) { name: gateway.name location: parLocation tags: parTags From b41c87d1f1b907a35b13f01aed2eb3b8af4fba81 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Thu, 7 Dec 2023 16:06:30 -0600 Subject: [PATCH 07/11] Fixed express route gateway param descriptions --- .../hubNetworking/generateddocs/hubNetworking.bicep.md | 10 +--------- .../bicep/modules/hubNetworking/hubNetworking.bicep | 2 +- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md index 805926b0b..e838ebb2e 100644 --- a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md +++ b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md @@ -41,7 +41,7 @@ parPrivateDnsZoneAutoMergeAzureBackupZone | No | Set Parameter to false to parVirtualNetworkIdToLinkFailover | No | Resource ID of Failover VNet for Private DNS Zone VNet Failover Links parVpnGatewayEnabled | No | Switch to enable/disable VPN virtual network gateway deployment. parVpnGatewayConfig | No | Configuration for VPN virtual network gateway to be deployed. -parExpressRouteGatewayEnabled | No | Switch to enable/disable VPN virtual network gateway deployment. +parExpressRouteGatewayEnabled | No | Switch to enable/disable ExpressRoute virtual network gateway deployment. parExpressRouteGatewayConfig | No | Configuration for ExpressRoute virtual network gateway to be deployed. parTags | No | Tags you would like to be applied to all resources in this module. parTelemetryOptOut | No | Set Parameter to true to Opt-out of deployment telemetry. @@ -327,14 +327,6 @@ Configuration for VPN virtual network gateway to be deployed. - Default value: `@{name=[format('{0}-Vpn-Gateway', parameters('parCompanyPrefix'))]; gatewayType=Vpn; sku=VpnGw1; vpnType=RouteBased; generation=Generation1; enableBgp=False; activeActive=False; enableBgpRouteTranslationForNat=False; enableDnsForwarding=False; bgpPeeringAddress=; bgpsettings=; vpnClientConfiguration=}` -### parExpressRouteGatewayEnabled - -![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) - -Switch to enable/disable VPN virtual network gateway deployment. - -- Default value: `True` - ### parExpressRouteGatewayConfig ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index 583110ed0..e926d27c8 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -267,7 +267,7 @@ param parVpnGatewayConfig object = { vpnClientConfiguration: {} } -@sys.description('Switch to enable/disable VPN virtual network gateway deployment.') +@sys.description('Switch to enable/disable ExpressRoute virtual network gateway deployment.') param parExpressRouteGatewayEnabled bool = true @sys.description('Configuration for ExpressRoute virtual network gateway to be deployed.') From bb8aae816712bffb507e813dbdd9bc0c5652ba65 Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 7 Dec 2023 22:10:32 +0000 Subject: [PATCH 08/11] Generate Parameter Markdowns [oZakari/17edce48] --- .../hubNetworking/generateddocs/hubNetworking.bicep.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md index e838ebb2e..3519be20e 100644 --- a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md +++ b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md @@ -327,6 +327,14 @@ Configuration for VPN virtual network gateway to be deployed. - Default value: `@{name=[format('{0}-Vpn-Gateway', parameters('parCompanyPrefix'))]; gatewayType=Vpn; sku=VpnGw1; vpnType=RouteBased; generation=Generation1; enableBgp=False; activeActive=False; enableBgpRouteTranslationForNat=False; enableDnsForwarding=False; bgpPeeringAddress=; bgpsettings=; vpnClientConfiguration=}` +### parExpressRouteGatewayEnabled + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +Switch to enable/disable ExpressRoute virtual network gateway deployment. + +- Default value: `True` + ### parExpressRouteGatewayConfig ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) From 22e73869ac4bf2d62a3722a984c05005b7115ae1 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Thu, 7 Dec 2023 22:02:13 -0600 Subject: [PATCH 09/11] Remove check to see if config params are empty --- infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index e926d27c8..09213ff96 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -332,9 +332,9 @@ var varSubnetProperties = [for subnet in varSubnetMap: { } }] -var varVpnGwConfig = ((!empty(parVpnGatewayConfig) && parVpnGatewayEnabled) ? parVpnGatewayConfig : json('{"name": "noconfigVpn"}')) +var varVpnGwConfig = ((parVpnGatewayEnabled) ? parVpnGatewayConfig : json('{"name": "noconfigVpn"}')) -var varErGwConfig = ((!empty(parExpressRouteGatewayConfig) && parExpressRouteGatewayEnabled) ? parExpressRouteGatewayConfig : json('{"name": "noconfigEr"}')) +var varErGwConfig = ((parExpressRouteGatewayEnabled) ? parExpressRouteGatewayConfig : json('{"name": "noconfigEr"}')) var varGwConfig = [ varVpnGwConfig From a7c0f2adcfc48fa85ade4f02c828ed161b519c7f Mon Sep 17 00:00:00 2001 From: Zach Trocinski <30884663+oZakari@users.noreply.github.com> Date: Tue, 9 Jan 2024 21:49:05 -0600 Subject: [PATCH 10/11] Update infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com> --- infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index 09213ff96..7e2fe520d 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -332,7 +332,7 @@ var varSubnetProperties = [for subnet in varSubnetMap: { } }] -var varVpnGwConfig = ((parVpnGatewayEnabled) ? parVpnGatewayConfig : json('{"name": "noconfigVpn"}')) +var varVpnGwConfig = ((parVpnGatewayEnabled) &&(!empty(parVpnGatewayConfig)) ? parVpnGatewayConfig : json('{"name": "noconfigVpn"}')) var varErGwConfig = ((parExpressRouteGatewayEnabled) ? parExpressRouteGatewayConfig : json('{"name": "noconfigEr"}')) From 00a7787ec5c2fe8b00e2e4ea5490d28ee29a3189 Mon Sep 17 00:00:00 2001 From: Zach Trocinski <30884663+oZakari@users.noreply.github.com> Date: Tue, 9 Jan 2024 21:49:12 -0600 Subject: [PATCH 11/11] Update infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com> --- infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index 7e2fe520d..7d0efb12f 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -334,7 +334,7 @@ var varSubnetProperties = [for subnet in varSubnetMap: { var varVpnGwConfig = ((parVpnGatewayEnabled) &&(!empty(parVpnGatewayConfig)) ? parVpnGatewayConfig : json('{"name": "noconfigVpn"}')) -var varErGwConfig = ((parExpressRouteGatewayEnabled) ? parExpressRouteGatewayConfig : json('{"name": "noconfigEr"}')) +var varErGwConfig = ((parExpressRouteGatewayEnabled) && !empty(parExpressRouteGatewayConfig) ? parExpressRouteGatewayConfig : json('{"name": "noconfigEr"}')) var varGwConfig = [ varVpnGwConfig