Feature: Added new deployment toggles to hub-spoke

infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md

@@ -39,8 +39,10 @@ parPrivateDnsZonesResourceGroup | No       | Resource Group Name for Private DNS
 parPrivateDnsZones | No       | Array of DNS Zones to provision in Hub Virtual Network. Default: All known Azure Private DNS Zones
 parPrivateDnsZoneAutoMergeAzureBackupZone | No       | Set Parameter to false to skip the addition of a Private DNS Zone for Azure Backup.
 parVirtualNetworkIdToLinkFailover | No       | Resource ID of Failover VNet for Private DNS Zone VNet Failover Links
-parVpnGatewayConfig | No       | Configuration for VPN virtual network gateway to be deployed. If a VPN virtual network gateway is not desired an empty object should be used as the input parameter in the parameter file, i.e. "parVpnGatewayConfig": {   "value": {} }
-parExpressRouteGatewayConfig | No       | Configuration for ExpressRoute virtual network gateway to be deployed. If a ExpressRoute virtual network gateway is not desired an empty object should be used as the input parameter in the parameter file, i.e. "parExpressRouteGatewayConfig": {   "value": {} }
+parVpnGatewayEnabled | No       | Switch to enable/disable VPN virtual network gateway deployment.
+parVpnGatewayConfig | No       | Configuration for VPN virtual network gateway to be deployed.
+parExpressRouteGatewayEnabled | No       | Switch to enable/disable ExpressRoute virtual network gateway deployment.
+parExpressRouteGatewayConfig | No       | Configuration for ExpressRoute virtual network gateway to be deployed.
 parTags        | No       | Tags you would like to be applied to all resources in this module.
 parTelemetryOptOut | No       | Set Parameter to true to Opt-out of deployment telemetry.
 parBastionOutboundSshRdpPorts | No       | Define outbound destination ports or ranges for SSH or RDP that you want to access from Azure Bastion.
@@ -309,25 +311,35 @@ Set Parameter to false to skip the addition of a Private DNS Zone for Azure Back
 
 Resource ID of Failover VNet for Private DNS Zone VNet Failover Links
 
+### parVpnGatewayEnabled
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Switch to enable/disable VPN virtual network gateway deployment.
+
+- Default value: `True`
+
 ### parVpnGatewayConfig
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
 
-Configuration for VPN virtual network gateway to be deployed. If a VPN virtual network gateway is not desired an empty object should be used as the input parameter in the parameter file, i.e.
-"parVpnGatewayConfig": {
-  "value": {}
-}
+Configuration for VPN virtual network gateway to be deployed.
 
 - Default value: `@{name=[format('{0}-Vpn-Gateway', parameters('parCompanyPrefix'))]; gatewayType=Vpn; sku=VpnGw1; vpnType=RouteBased; generation=Generation1; enableBgp=False; activeActive=False; enableBgpRouteTranslationForNat=False; enableDnsForwarding=False; bgpPeeringAddress=; bgpsettings=; vpnClientConfiguration=}`
 
+### parExpressRouteGatewayEnabled
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Switch to enable/disable ExpressRoute virtual network gateway deployment.
+
+- Default value: `True`
+
 ### parExpressRouteGatewayConfig
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
 
-Configuration for ExpressRoute virtual network gateway to be deployed. If a ExpressRoute virtual network gateway is not desired an empty object should be used as the input parameter in the parameter file, i.e.
-"parExpressRouteGatewayConfig": {
-  "value": {}
-}
+Configuration for ExpressRoute virtual network gateway to be deployed.
 
 - Default value: `@{name=[format('{0}-ExpressRoute-Gateway', parameters('parCompanyPrefix'))]; gatewayType=ExpressRoute; sku=ErGw1AZ; vpnType=RouteBased; vpnGatewayGeneration=None; enableBgp=False; activeActive=False; enableBgpRouteTranslationForNat=False; enableDnsForwarding=False; bgpPeeringAddress=; bgpsettings=}`
 
@@ -569,6 +581,9 @@ outHubVirtualNetworkId | string |
         "parVirtualNetworkIdToLinkFailover": {
             "value": ""
         },
+        "parVpnGatewayEnabled": {
+            "value": true
+        },
         "parVpnGatewayConfig": {
             "value": {
                 "name": "[format('{0}-Vpn-Gateway', parameters('parCompanyPrefix'))]",
@@ -589,6 +604,9 @@ outHubVirtualNetworkId | string |
                 "vpnClientConfiguration": {}
             }
         },
+        "parExpressRouteGatewayEnabled": {
+            "value": true
+        },
         "parExpressRouteGatewayConfig": {
             "value": {
                 "name": "[format('{0}-ExpressRoute-Gateway', parameters('parCompanyPrefix'))]",

infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep

@@ -243,11 +243,11 @@ param parPrivateDnsZoneAutoMergeAzureBackupZone bool = true
 @sys.description('Resource ID of Failover VNet for Private DNS Zone VNet Failover Links')
 param parVirtualNetworkIdToLinkFailover string = ''
 
+@sys.description('Switch to enable/disable VPN virtual network gateway deployment.')
+param parVpnGatewayEnabled bool = true
+
 //ASN must be 65515 if deploying VPN & ER for co-existence to work: https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resource-manager#limits-and-limitations
-@sys.description('''Configuration for VPN virtual network gateway to be deployed. If a VPN virtual network gateway is not desired an empty object should be used as the input parameter in the parameter file, i.e.
-"parVpnGatewayConfig": {
-  "value": {}
-}''')
+@sys.description('Configuration for VPN virtual network gateway to be deployed.')
 param parVpnGatewayConfig object = {
   name: '${parCompanyPrefix}-Vpn-Gateway'
   gatewayType: 'Vpn'
@@ -267,10 +267,10 @@ param parVpnGatewayConfig object = {
   vpnClientConfiguration: {}
 }
 
-@sys.description('''Configuration for ExpressRoute virtual network gateway to be deployed. If a ExpressRoute virtual network gateway is not desired an empty object should be used as the input parameter in the parameter file, i.e.
-"parExpressRouteGatewayConfig": {
-  "value": {}
-}''')
+@sys.description('Switch to enable/disable ExpressRoute virtual network gateway deployment.')
+param parExpressRouteGatewayEnabled bool = true
+
+@sys.description('Configuration for ExpressRoute virtual network gateway to be deployed.')
 param parExpressRouteGatewayConfig object = {
   name: '${parCompanyPrefix}-ExpressRoute-Gateway'
   gatewayType: 'ExpressRoute'
@@ -332,9 +332,9 @@ var varSubnetProperties = [for subnet in varSubnetMap: {
   }
 }]
 
-var varVpnGwConfig = ((!empty(parVpnGatewayConfig)) ? parVpnGatewayConfig : json('{"name": "noconfigVpn"}'))
+var varVpnGwConfig = ((parVpnGatewayEnabled) ? parVpnGatewayConfig : json('{"name": "noconfigVpn"}'))
 
-var varErGwConfig = ((!empty(parExpressRouteGatewayConfig)) ? parExpressRouteGatewayConfig : json('{"name": "noconfigEr"}'))
+var varErGwConfig = ((parExpressRouteGatewayEnabled) ? parExpressRouteGatewayConfig : json('{"name": "noconfigEr"}'))
 
 var varGwConfig = [
   varVpnGwConfig

infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json

@@ -189,6 +189,9 @@
     "parPrivateDnsZoneAutoMergeAzureBackupZone": {
       "value": true
     },
+    "parVpnGatewayEnabled": {
+      "value": true
+    },
     "parVpnGatewayConfig": {
       "value": {
         "name": "alz-Vpn-Gateway",
@@ -209,6 +212,9 @@
         "vpnClientConfiguration": {}
       }
     },
+    "parExpressRouteGatewayEnabled": {
+      "value": true
+    },
     "parExpressRouteGatewayConfig": {
       "value": {
         "name": "alz-ExpressRoute-Gateway",

infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.az.all.json

@@ -201,6 +201,9 @@
     "parPrivateDnsZoneAutoMergeAzureBackupZone": {
       "value": true
     },
+    "parVpnGatewayEnabled": {
+      "value": true
+    },
     "parVpnGatewayConfig": {
       "value": {
         "name": "alz-Vpn-Gateway",
@@ -221,6 +224,9 @@
         "vpnClientConfiguration": {}
       }
     },
+    "parExpressRouteGatewayEnabled": {
+      "value": true
+    },
     "parExpressRouteGatewayConfig": {
       "value": {
         "name": "alz-ExpressRoute-Gateway",

infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.min.json

@@ -75,6 +75,9 @@
     "parPrivateDnsZonesEnabled": {
       "value": true
     },
+    "parVpnGatewayEnabled": {
+      "value": true
+    },
     "parVpnGatewayConfig": {
       "value": {
         "name": "alz-Vpn-Gateway",
@@ -94,6 +97,9 @@
         }
       }
     },
+    "parExpressRouteGatewayEnabled": {
+      "value": true
+    },
     "parExpressRouteGatewayConfig": {
       "value": {
         "name": "alz-ExpressRoute-Gateway",

infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json

@@ -150,6 +150,9 @@
     "parPrivateDnsZoneAutoMergeAzureBackupZone": {
       "value": true
     },
+    "parVpnGatewayEnabled": {
+      "value": true
+    },
     "parVpnGatewayConfig": {
       "value": {
         "name": "alz-Vpn-Gateway",
@@ -170,6 +173,9 @@
         "vpnClientConfiguration": {}
       }
     },
+    "parExpressRouteGatewayEnabled": {
+      "value": true
+    },
     "parExpressRouteGatewayConfig": {
       "value": {
         "name": "alz-ExpressRoute-Gateway",

infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.min.json

@@ -111,6 +111,9 @@
         "privatelink.redis.cache.chinacloudapi.cn"
       ]
     },
+    "parVpnGatewayEnabled": {
+      "value": true
+    },
     "parVpnGatewayConfig": {
       "value": {
         "name": "alz-Vpn-Gateway",
@@ -130,6 +133,9 @@
         }
       }
     },
+    "parExpressRouteGatewayEnabled": {
+      "value": true
+    },
     "parExpressRouteGatewayConfig": {
       "value": {
         "name": "alz-ExpressRoute-Gateway",