From c4c069e790b68b7a97f39e8e22079bc50b210b62 Mon Sep 17 00:00:00 2001 From: Miles Cameron <78753426+MilesCameron-DMs@users.noreply.github.com> Date: Thu, 5 Oct 2023 16:16:06 +0100 Subject: [PATCH 1/9] Update main.bicep.parameters.md --- main.bicep.parameters.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/main.bicep.parameters.md b/main.bicep.parameters.md index 833dcb9e..e877bdad 100644 --- a/main.bicep.parameters.md +++ b/main.bicep.parameters.md @@ -40,6 +40,7 @@ virtualNetworkVwanEnableInternetSecurity | No | Enables the ability for th virtualNetworkVwanAssociatedRouteTableResourceId | No | The resource ID of the virtual hub route table to associate to the virtual hub connection (this virtual network). If left blank/empty the `defaultRouteTable` will be associated. - Type: String - Default value: `''` *(empty string)* = Which means if the parameter `virtualNetworkPeeringEnabled` is `true` and also the parameter `hubNetworkResourceId` is not empty then the `defaultRouteTable` will be associated of the provided Virtual Hub in the parameter `hubNetworkResourceId`. - e.g. `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxxxxxxxx/providers/Microsoft.Network/virtualHubs/xxxxxxxxx/hubRouteTables/defaultRouteTable` virtualNetworkVwanPropagatedRouteTablesResourceIds | No | An array of of objects of virtual hub route table resource IDs to propagate routes to. If left blank/empty the `defaultRouteTable` will be propagated to only. Each object must contain the following `key`: - `id` = The Resource ID of the Virtual WAN Virtual Hub Route Table IDs you wish to propagate too > See below [example in parameter file](#parameter-file) > **IMPORTANT:** If you provide any Route Tables in this array of objects you must ensure you include also the `defaultRouteTable` Resource ID as an object in the array as it is not added by default when a value is provided for this parameter. - Type: `[]` Array - Default value: `[]` *(empty array)* virtualNetworkVwanPropagatedLabels | No | An array of virtual hub route table labels to propagate routes to. If left blank/empty the default label will be propagated to only. - Type: `[]` Array - Default value: `[]` *(empty array)* +vHubRoutingIntentEnabled | No | Indicates wherther routing intent is enabled on the Virtual HUB withijn the virtual WAN. - Type: Boolean roleAssignmentEnabled | No | Whether to create role assignments or not. If true, supply the array of role assignment objects in the parameter called `roleAssignments`. - Type: Boolean roleAssignments | No | Supply an array of objects containing the details of the role assignments to create. Each object must contain the following `keys`: - `principalId` = The Object ID of the User, Group, SPN, Managed Identity to assign the RBAC role too. - `definition` = The Name of built-In RBAC Roles or a Resource ID of a Built-in or custom RBAC Role Definition. - `relativeScope` = 2 options can be provided for input value: 1. `''` *(empty string)* = Make RBAC Role Assignment to Subscription scope 2. `'/resourceGroups/'` = Make RBAC Role Assignment to specified Resource Group > See below [example in parameter file](#parameter-file) of various combinations - Type: `[]` Array - Default value: `[]` *(empty array)* disableTelemetry | No | Disable telemetry collection by this module. For more information on the telemetry collected by this module, that is controlled by this parameter, see this page in the wiki: [Telemetry Tracking Using Customer Usage Attribution (PID)](https://github.com/Azure/bicep-lz-vending/wiki/Telemetry) @@ -436,6 +437,19 @@ An array of virtual hub route table labels to propagate routes to. If left blank - Type: `[]` Array - Default value: `[]` *(empty array)* +### vHubRoutingIntentEnabled + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +Indicates whether routing intent is enabled in the virtual hub. If it is enabled and this is not set the deployment will fail. + +- Type: Boolean + +**Default value** + +```text +False +``` ### roleAssignmentEnabled From 2e27f4597aab1de76dd2e883935fb7e9c1d38938 Mon Sep 17 00:00:00 2001 From: Miles Cameron <78753426+MilesCameron-DMs@users.noreply.github.com> Date: Thu, 5 Oct 2023 16:20:03 +0100 Subject: [PATCH 2/9] Update main.bicep.parameters.md Fixed typo --- main.bicep.parameters.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.bicep.parameters.md b/main.bicep.parameters.md index e877bdad..f934e616 100644 --- a/main.bicep.parameters.md +++ b/main.bicep.parameters.md @@ -40,7 +40,7 @@ virtualNetworkVwanEnableInternetSecurity | No | Enables the ability for th virtualNetworkVwanAssociatedRouteTableResourceId | No | The resource ID of the virtual hub route table to associate to the virtual hub connection (this virtual network). If left blank/empty the `defaultRouteTable` will be associated. - Type: String - Default value: `''` *(empty string)* = Which means if the parameter `virtualNetworkPeeringEnabled` is `true` and also the parameter `hubNetworkResourceId` is not empty then the `defaultRouteTable` will be associated of the provided Virtual Hub in the parameter `hubNetworkResourceId`. - e.g. `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxxxxxxxx/providers/Microsoft.Network/virtualHubs/xxxxxxxxx/hubRouteTables/defaultRouteTable` virtualNetworkVwanPropagatedRouteTablesResourceIds | No | An array of of objects of virtual hub route table resource IDs to propagate routes to. If left blank/empty the `defaultRouteTable` will be propagated to only. Each object must contain the following `key`: - `id` = The Resource ID of the Virtual WAN Virtual Hub Route Table IDs you wish to propagate too > See below [example in parameter file](#parameter-file) > **IMPORTANT:** If you provide any Route Tables in this array of objects you must ensure you include also the `defaultRouteTable` Resource ID as an object in the array as it is not added by default when a value is provided for this parameter. - Type: `[]` Array - Default value: `[]` *(empty array)* virtualNetworkVwanPropagatedLabels | No | An array of virtual hub route table labels to propagate routes to. If left blank/empty the default label will be propagated to only. - Type: `[]` Array - Default value: `[]` *(empty array)* -vHubRoutingIntentEnabled | No | Indicates wherther routing intent is enabled on the Virtual HUB withijn the virtual WAN. - Type: Boolean +vHubRoutingIntentEnabled | No | Indicates wherther routing intent is enabled on the Virtual HUB within the virtual WAN. - Type: Boolean roleAssignmentEnabled | No | Whether to create role assignments or not. If true, supply the array of role assignment objects in the parameter called `roleAssignments`. - Type: Boolean roleAssignments | No | Supply an array of objects containing the details of the role assignments to create. Each object must contain the following `keys`: - `principalId` = The Object ID of the User, Group, SPN, Managed Identity to assign the RBAC role too. - `definition` = The Name of built-In RBAC Roles or a Resource ID of a Built-in or custom RBAC Role Definition. - `relativeScope` = 2 options can be provided for input value: 1. `''` *(empty string)* = Make RBAC Role Assignment to Subscription scope 2. `'/resourceGroups/'` = Make RBAC Role Assignment to specified Resource Group > See below [example in parameter file](#parameter-file) of various combinations - Type: `[]` Array - Default value: `[]` *(empty array)* disableTelemetry | No | Disable telemetry collection by this module. For more information on the telemetry collected by this module, that is controlled by this parameter, see this page in the wiki: [Telemetry Tracking Using Customer Usage Attribution (PID)](https://github.com/Azure/bicep-lz-vending/wiki/Telemetry) From 024f963691f16e785a7583ea7f9aff28b96b196d Mon Sep 17 00:00:00 2001 From: Miles Cameron <78753426+MilesCameron-DMs@users.noreply.github.com> Date: Thu, 5 Oct 2023 16:23:21 +0100 Subject: [PATCH 3/9] Update main.bicep.parameters.md --- main.bicep.parameters.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.bicep.parameters.md b/main.bicep.parameters.md index f934e616..1ca5aa7d 100644 --- a/main.bicep.parameters.md +++ b/main.bicep.parameters.md @@ -40,7 +40,7 @@ virtualNetworkVwanEnableInternetSecurity | No | Enables the ability for th virtualNetworkVwanAssociatedRouteTableResourceId | No | The resource ID of the virtual hub route table to associate to the virtual hub connection (this virtual network). If left blank/empty the `defaultRouteTable` will be associated. - Type: String - Default value: `''` *(empty string)* = Which means if the parameter `virtualNetworkPeeringEnabled` is `true` and also the parameter `hubNetworkResourceId` is not empty then the `defaultRouteTable` will be associated of the provided Virtual Hub in the parameter `hubNetworkResourceId`. - e.g. `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxxxxxxxx/providers/Microsoft.Network/virtualHubs/xxxxxxxxx/hubRouteTables/defaultRouteTable` virtualNetworkVwanPropagatedRouteTablesResourceIds | No | An array of of objects of virtual hub route table resource IDs to propagate routes to. If left blank/empty the `defaultRouteTable` will be propagated to only. Each object must contain the following `key`: - `id` = The Resource ID of the Virtual WAN Virtual Hub Route Table IDs you wish to propagate too > See below [example in parameter file](#parameter-file) > **IMPORTANT:** If you provide any Route Tables in this array of objects you must ensure you include also the `defaultRouteTable` Resource ID as an object in the array as it is not added by default when a value is provided for this parameter. - Type: `[]` Array - Default value: `[]` *(empty array)* virtualNetworkVwanPropagatedLabels | No | An array of virtual hub route table labels to propagate routes to. If left blank/empty the default label will be propagated to only. - Type: `[]` Array - Default value: `[]` *(empty array)* -vHubRoutingIntentEnabled | No | Indicates wherther routing intent is enabled on the Virtual HUB within the virtual WAN. - Type: Boolean +vHubRoutingIntentEnabled | No | Indicates whether routing intent is enabled on the Virtual HUB within the virtual WAN. - Type: Boolean roleAssignmentEnabled | No | Whether to create role assignments or not. If true, supply the array of role assignment objects in the parameter called `roleAssignments`. - Type: Boolean roleAssignments | No | Supply an array of objects containing the details of the role assignments to create. Each object must contain the following `keys`: - `principalId` = The Object ID of the User, Group, SPN, Managed Identity to assign the RBAC role too. - `definition` = The Name of built-In RBAC Roles or a Resource ID of a Built-in or custom RBAC Role Definition. - `relativeScope` = 2 options can be provided for input value: 1. `''` *(empty string)* = Make RBAC Role Assignment to Subscription scope 2. `'/resourceGroups/'` = Make RBAC Role Assignment to specified Resource Group > See below [example in parameter file](#parameter-file) of various combinations - Type: `[]` Array - Default value: `[]` *(empty array)* disableTelemetry | No | Disable telemetry collection by this module. For more information on the telemetry collected by this module, that is controlled by this parameter, see this page in the wiki: [Telemetry Tracking Using Customer Usage Attribution (PID)](https://github.com/Azure/bicep-lz-vending/wiki/Telemetry) From a68be993872ee968c1598fae9178b0f702e46ee9 Mon Sep 17 00:00:00 2001 From: Miles Cameron <78753426+MilesCameron-DMs@users.noreply.github.com> Date: Thu, 5 Oct 2023 16:24:40 +0100 Subject: [PATCH 4/9] Update main.bicep Added vHubRoutingIntentEnabled parameter --- main.bicep | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/main.bicep b/main.bicep index 56f00602..5c3687d0 100644 --- a/main.bicep +++ b/main.bicep @@ -383,6 +383,15 @@ param virtualNetworkVwanPropagatedRouteTablesResourceIds array = [] ''') param virtualNetworkVwanPropagatedLabels array = [] +@metadata({ + example: false +}) +@sys.description('''Indicates whether routing intent is enabled on the Virtual HUB within the virtual WAN. + +- Type: Boolean +''') +param vHubRoutingIntentEnabled bool = false + @metadata({ example: true }) @@ -505,6 +514,7 @@ module createSubscriptionResources 'src/self/subResourceWrapper/deploy.bicep' = virtualNetworkVwanAssociatedRouteTableResourceId: virtualNetworkVwanAssociatedRouteTableResourceId virtualNetworkVwanPropagatedRouteTablesResourceIds: virtualNetworkVwanPropagatedRouteTablesResourceIds virtualNetworkVwanPropagatedLabels: virtualNetworkVwanPropagatedLabels + vHubRoutingIntentEnabled: vHubRoutingIntentEnabled roleAssignmentEnabled: roleAssignmentEnabled roleAssignments: roleAssignments disableTelemetry: disableTelemetry From da5644d43a3716393b6e9da62de66f8fde067515 Mon Sep 17 00:00:00 2001 From: Miles Cameron <78753426+MilesCameron-DMs@users.noreply.github.com> Date: Thu, 5 Oct 2023 16:28:16 +0100 Subject: [PATCH 5/9] Update deploy.bicep --- src/self/subResourceWrapper/deploy.bicep | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/self/subResourceWrapper/deploy.bicep b/src/self/subResourceWrapper/deploy.bicep index 8d2f64f6..99dd6250 100644 --- a/src/self/subResourceWrapper/deploy.bicep +++ b/src/self/subResourceWrapper/deploy.bicep @@ -79,6 +79,9 @@ param virtualNetworkVwanPropagatedRouteTablesResourceIds array = [] @sys.description('An array of virtual hub route table labels to propogate routes to. If left blank/empty default label will be propogated to only.') param virtualNetworkVwanPropagatedLabels array = [] +@sys.description('Indicates whether routing intent is enabled on the Virtual HUB within the virtual WAN.') +param vHubRoutingIntentEnabled bool = false + @sys.description('Whether to create role assignments or not. If true, supply the array of role assignment objects in the parameter called `roleAssignments`.') param roleAssignmentEnabled bool = false @@ -220,15 +223,16 @@ module createLzVirtualWanConnection '../../carml/v0.6.0/Microsoft.Network/virtua virtualHubName: virtualWanHubName remoteVirtualNetworkId: '/subscriptions/${subscriptionId}/resourceGroups/${virtualNetworkResourceGroupName}/providers/Microsoft.Network/virtualNetworks/${virtualNetworkName}' enableInternetSecurity: virtualNetworkVwanEnableInternetSecurity - routingConfiguration: { + routingConfiguration: !vHubRoutingIntentEnabled ? { associatedRouteTable: { id: virtualWanHubConnectionAssociatedRouteTable } propagatedRouteTables: { ids: virtualWanHubConnectionPropogatedRouteTables labels: virtualWanHubConnectionPropogatedLabels - } - } + } + + } : {} enableDefaultTelemetry: enableTelemetryForCarml } } From 180663c0f47bd3d85693efcd8c71e51e1b95445e Mon Sep 17 00:00:00 2001 From: Jack Tracey <41163455+jtracey93@users.noreply.github.com> Date: Tue, 10 Oct 2023 19:34:08 +0100 Subject: [PATCH 6/9] Update main.bicep --- main.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.bicep b/main.bicep index 5c3687d0..756213ef 100644 --- a/main.bicep +++ b/main.bicep @@ -386,7 +386,7 @@ param virtualNetworkVwanPropagatedLabels array = [] @metadata({ example: false }) -@sys.description('''Indicates whether routing intent is enabled on the Virtual HUB within the virtual WAN. +@sys.description('''Indicates whether routing intent is enabled on the Virtual Hub within the Virtual WAN. - Type: Boolean ''') From 4cabce21052d386ffc4ea185e103aefbb5328128 Mon Sep 17 00:00:00 2001 From: Jack Tracey <41163455+jtracey93@users.noreply.github.com> Date: Tue, 10 Oct 2023 19:34:15 +0100 Subject: [PATCH 7/9] Update main.bicep.parameters.md --- main.bicep.parameters.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.bicep.parameters.md b/main.bicep.parameters.md index 1ca5aa7d..7442c4f1 100644 --- a/main.bicep.parameters.md +++ b/main.bicep.parameters.md @@ -40,7 +40,7 @@ virtualNetworkVwanEnableInternetSecurity | No | Enables the ability for th virtualNetworkVwanAssociatedRouteTableResourceId | No | The resource ID of the virtual hub route table to associate to the virtual hub connection (this virtual network). If left blank/empty the `defaultRouteTable` will be associated. - Type: String - Default value: `''` *(empty string)* = Which means if the parameter `virtualNetworkPeeringEnabled` is `true` and also the parameter `hubNetworkResourceId` is not empty then the `defaultRouteTable` will be associated of the provided Virtual Hub in the parameter `hubNetworkResourceId`. - e.g. `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxxxxxxxx/providers/Microsoft.Network/virtualHubs/xxxxxxxxx/hubRouteTables/defaultRouteTable` virtualNetworkVwanPropagatedRouteTablesResourceIds | No | An array of of objects of virtual hub route table resource IDs to propagate routes to. If left blank/empty the `defaultRouteTable` will be propagated to only. Each object must contain the following `key`: - `id` = The Resource ID of the Virtual WAN Virtual Hub Route Table IDs you wish to propagate too > See below [example in parameter file](#parameter-file) > **IMPORTANT:** If you provide any Route Tables in this array of objects you must ensure you include also the `defaultRouteTable` Resource ID as an object in the array as it is not added by default when a value is provided for this parameter. - Type: `[]` Array - Default value: `[]` *(empty array)* virtualNetworkVwanPropagatedLabels | No | An array of virtual hub route table labels to propagate routes to. If left blank/empty the default label will be propagated to only. - Type: `[]` Array - Default value: `[]` *(empty array)* -vHubRoutingIntentEnabled | No | Indicates whether routing intent is enabled on the Virtual HUB within the virtual WAN. - Type: Boolean +vHubRoutingIntentEnabled | No | Indicates whether routing intent is enabled on the Virtual Hub within the Virtual WAN. - Type: Boolean roleAssignmentEnabled | No | Whether to create role assignments or not. If true, supply the array of role assignment objects in the parameter called `roleAssignments`. - Type: Boolean roleAssignments | No | Supply an array of objects containing the details of the role assignments to create. Each object must contain the following `keys`: - `principalId` = The Object ID of the User, Group, SPN, Managed Identity to assign the RBAC role too. - `definition` = The Name of built-In RBAC Roles or a Resource ID of a Built-in or custom RBAC Role Definition. - `relativeScope` = 2 options can be provided for input value: 1. `''` *(empty string)* = Make RBAC Role Assignment to Subscription scope 2. `'/resourceGroups/'` = Make RBAC Role Assignment to specified Resource Group > See below [example in parameter file](#parameter-file) of various combinations - Type: `[]` Array - Default value: `[]` *(empty array)* disableTelemetry | No | Disable telemetry collection by this module. For more information on the telemetry collected by this module, that is controlled by this parameter, see this page in the wiki: [Telemetry Tracking Using Customer Usage Attribution (PID)](https://github.com/Azure/bicep-lz-vending/wiki/Telemetry) From d610d90ef1089381054c35f0505c1b78d5976969 Mon Sep 17 00:00:00 2001 From: Jack Tracey <41163455+jtracey93@users.noreply.github.com> Date: Wed, 11 Oct 2023 11:00:28 +0100 Subject: [PATCH 8/9] Update deploy.bicep --- src/self/subResourceWrapper/deploy.bicep | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/self/subResourceWrapper/deploy.bicep b/src/self/subResourceWrapper/deploy.bicep index 99dd6250..710c06ef 100644 --- a/src/self/subResourceWrapper/deploy.bicep +++ b/src/self/subResourceWrapper/deploy.bicep @@ -223,7 +223,7 @@ module createLzVirtualWanConnection '../../carml/v0.6.0/Microsoft.Network/virtua virtualHubName: virtualWanHubName remoteVirtualNetworkId: '/subscriptions/${subscriptionId}/resourceGroups/${virtualNetworkResourceGroupName}/providers/Microsoft.Network/virtualNetworks/${virtualNetworkName}' enableInternetSecurity: virtualNetworkVwanEnableInternetSecurity - routingConfiguration: !vHubRoutingIntentEnabled ? { + routingConfiguration: !vHubRoutingIntentEnabled ? { associatedRouteTable: { id: virtualWanHubConnectionAssociatedRouteTable } @@ -231,7 +231,6 @@ module createLzVirtualWanConnection '../../carml/v0.6.0/Microsoft.Network/virtua ids: virtualWanHubConnectionPropogatedRouteTables labels: virtualWanHubConnectionPropogatedLabels } - } : {} enableDefaultTelemetry: enableTelemetryForCarml } From 9f7e06c27431934be06b9ae9eebc027875d01eb9 Mon Sep 17 00:00:00 2001 From: Jack Tracey <41163455+jtracey93@users.noreply.github.com> Date: Wed, 11 Oct 2023 11:05:40 +0100 Subject: [PATCH 9/9] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 96a5ec97..df39f5f7 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,7 @@ This is currently split logically into the following capabilities: - Networking - deploy a Virtual Network with, optional: - Hub & spoke connectivity (peering to a hub Virtual Network) - Virtual WAN connectivity (peering to a Virtual Hub via a Virtual Hub Connection) + - Including support for connections to Virtual WAN Hubs with Routing Intent configured - Link to existing DDoS Network Protection Plan - Specify Custom DNS Servers - Role assignments