-
Notifications
You must be signed in to change notification settings - Fork 460
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
VPN Site: Created new module (#1088)
* Added VPN site module * Fixed pipeline name * Update to latest * Updated test & fixed issue * Updated param * Added lock + role assignment * Update arm/Microsoft.Network/vpnSites/.parameters/parameters.json Co-authored-by: Marius Storhaug <Marius.Storhaug@microsoft.com> * Update arm/Microsoft.Network/virtualHubs/deploy.bicep Co-authored-by: Marius Storhaug <Marius.Storhaug@microsoft.com> * Update arm/Microsoft.Network/vpnSites/.parameters/min.parameters.json Co-authored-by: Marius Storhaug <Marius.Storhaug@microsoft.com> Co-authored-by: Marius Storhaug <Marius.Storhaug@microsoft.com>
- Loading branch information
1 parent
93fbb3e
commit 80287c5
Showing
11 changed files
with
575 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
name: 'Network - VPN Sites' | ||
|
||
parameters: | ||
- name: removeDeployment | ||
displayName: Remove deployed module | ||
type: boolean | ||
default: true | ||
- name: prerelease | ||
displayName: Publish prerelease module | ||
type: boolean | ||
default: false | ||
|
||
trigger: | ||
batch: true | ||
branches: | ||
include: | ||
- main | ||
paths: | ||
include: | ||
- '/.azuredevops/modulePipelines/ms.network.vpnsites.yml' | ||
- '/.azuredevops/pipelineTemplates/module.*.yml' | ||
- '/arm/Microsoft.Network/vpnSites/*' | ||
exclude: | ||
- '/**/*.md' | ||
|
||
variables: | ||
- template: '/.azuredevops/pipelineVariables/global.variables.yml' | ||
- group: 'PLATFORM_VARIABLES' | ||
- name: modulePath | ||
value: '/arm/Microsoft.Network/vpnSites' | ||
|
||
stages: | ||
- stage: Validation | ||
displayName: Pester tests | ||
jobs: | ||
- template: /.azuredevops/pipelineTemplates/jobs.validateModulePester.yml | ||
|
||
- stage: Deployment | ||
displayName: Deployment tests | ||
jobs: | ||
- template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml | ||
parameters: | ||
removeDeployment: '${{ parameters.removeDeployment }}' | ||
deploymentBlocks: | ||
- path: $(modulePath)/.parameters/min.parameters.json | ||
- path: $(modulePath)/.parameters/parameters.json | ||
|
||
- stage: Publishing | ||
displayName: Publish module | ||
condition: and(succeeded(), or(eq(variables['Build.SourceBranch'], 'refs/heads/main'), eq(variables['Build.SourceBranch'], 'refs/heads/master'), eq('${{ parameters.prerelease }}', 'true'))) | ||
jobs: | ||
- template: /.azuredevops/pipelineTemplates/jobs.publishModule.yml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,135 @@ | ||
name: 'Network: VPN Sites' | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
removeDeployment: | ||
type: boolean | ||
description: 'Remove deployed module' | ||
required: false | ||
default: 'true' | ||
prerelease: | ||
type: boolean | ||
description: 'Publish prerelease module' | ||
required: false | ||
default: 'false' | ||
push: | ||
branches: | ||
- main | ||
paths: | ||
- '.github/actions/templates/**' | ||
- '.github/workflows/ms.network.vpnsites.yml' | ||
- 'arm/Microsoft.Network/vpnSites/**' | ||
- '!*/**/readme.md' | ||
- 'utilities/pipelines/**' | ||
- '!utilities/pipelines/dependencies/**' | ||
|
||
env: | ||
modulePath: 'arm/Microsoft.Network/vpnSites' | ||
workflowPath: '.github/workflows/ms.network.vpnsites.yml' | ||
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} | ||
ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' | ||
ARM_MGMTGROUP_ID: '${{ secrets.ARM_MGMTGROUP_ID }}' | ||
ARM_TENANT_ID: '${{ secrets.ARM_TENANT_ID }}' | ||
DEPLOYMENT_SP_ID: '${{ secrets.DEPLOYMENT_SP_ID }}' | ||
|
||
jobs: | ||
############################ | ||
# SET INPUT PARAMETERS # | ||
############################ | ||
job_set_workflow_param: | ||
runs-on: ubuntu-20.04 | ||
name: 'Set input parameters to output variables' | ||
steps: | ||
- name: 'Checkout' | ||
uses: actions/checkout@v2 | ||
with: | ||
fetch-depth: 0 | ||
- name: 'Set input parameters' | ||
id: get-workflow-param | ||
uses: ./.github/actions/templates/getWorkflowInput | ||
with: | ||
workflowPath: '${{ env.workflowPath}}' | ||
outputs: | ||
removeDeployment: ${{ steps.get-workflow-param.outputs.removeDeployment }} | ||
|
||
#################### | ||
# Pester Tests # | ||
#################### | ||
job_module_pester_validation: | ||
runs-on: ubuntu-20.04 | ||
name: 'Pester tests' | ||
steps: | ||
- name: 'Checkout' | ||
uses: actions/checkout@v2 | ||
with: | ||
fetch-depth: 0 | ||
- name: 'Run tests' | ||
uses: ./.github/actions/templates/validateModulePester | ||
with: | ||
modulePath: '${{ env.modulePath }}' | ||
|
||
#################### | ||
# Deployment tests # | ||
#################### | ||
job_module_deploy_validation: | ||
runs-on: ubuntu-20.04 | ||
name: 'Deployment tests' | ||
needs: | ||
- job_set_workflow_param | ||
- job_module_pester_validation | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
parameterFilePaths: ['min.parameters.json', 'parameters.json'] | ||
steps: | ||
- name: 'Checkout' | ||
uses: actions/checkout@v2 | ||
with: | ||
fetch-depth: 0 | ||
- name: Set environment variables | ||
uses: deep-mm/set-variables@v1.0 | ||
with: | ||
variableFileName: 'global.variables' | ||
- name: 'Using parameter file [${{ matrix.parameterFilePaths }}]' | ||
uses: ./.github/actions/templates/validateModuleDeployment | ||
with: | ||
templateFilePath: '${{ env.modulePath }}/deploy.bicep' | ||
parameterFilePath: '${{ env.modulePath }}/.parameters/${{ matrix.parameterFilePaths }}' | ||
location: '${{ env.defaultLocation }}' | ||
resourceGroupName: '${{ env.resourceGroupName }}' | ||
subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' | ||
managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' | ||
removeDeployment: '${{ needs.job_set_workflow_param.outputs.removeDeployment }}' | ||
|
||
############### | ||
# PUBLISH # | ||
############### | ||
job_publish_module: | ||
name: 'Publish module' | ||
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' | ||
runs-on: ubuntu-20.04 | ||
needs: | ||
- job_set_workflow_param | ||
- job_module_deploy_validation | ||
steps: | ||
- name: 'Checkout' | ||
uses: actions/checkout@v2 | ||
with: | ||
fetch-depth: 0 | ||
- name: Set environment variables | ||
uses: deep-mm/set-variables@v1.0 | ||
with: | ||
variableFileName: 'global.variables' | ||
- name: 'Publish module' | ||
uses: ./.github/actions/templates/publishModule | ||
with: | ||
templateFilePath: '${{ env.modulePath }}/deploy.bicep' | ||
templateSpecsRGName: '${{ env.templateSpecsRGName }}' | ||
templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' | ||
templateSpecsDescription: '${{ env.templateSpecsDescription }}' | ||
templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' | ||
bicepRegistryName: '${{ env.bicepRegistryName }}' | ||
bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' | ||
bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' | ||
bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
param principalIds array | ||
param roleDefinitionIdOrName string | ||
param resourceId string | ||
|
||
var builtInRoleNames = { | ||
'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') | ||
'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') | ||
'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') | ||
'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') | ||
'Domain Services Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2') | ||
'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') | ||
'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') | ||
'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') | ||
'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') | ||
'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') | ||
'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') | ||
'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') | ||
'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') | ||
'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') | ||
'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') | ||
'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') | ||
} | ||
|
||
resource vpnSite 'Microsoft.Network/vpnSites@2021-05-01' existing = { | ||
name: last(split(resourceId, '/')) | ||
} | ||
|
||
resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { | ||
name: guid(vpnSite.name, principalId, roleDefinitionIdOrName) | ||
properties: { | ||
roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName | ||
principalId: principalId | ||
} | ||
scope: vpnSite | ||
}] |
20 changes: 20 additions & 0 deletions
20
arm/Microsoft.Network/vpnSites/.parameters/min.parameters.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
{ | ||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", | ||
"contentVersion": "1.0.0.0", | ||
"parameters": { | ||
"name": { | ||
"value": "<<namePrefix>>-az-vSite-min-001" | ||
}, | ||
"addressPrefixes": { | ||
"value": [ | ||
"10.0.0.0/16" | ||
] | ||
}, | ||
"ipAddress": { | ||
"value": "1.2.3.4" | ||
}, | ||
"virtualWanId": { | ||
"value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/apd-<<namePrefix>>-az-vw-x-001" | ||
} | ||
} | ||
} |
74 changes: 74 additions & 0 deletions
74
arm/Microsoft.Network/vpnSites/.parameters/parameters.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
{ | ||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", | ||
"contentVersion": "1.0.0.0", | ||
"parameters": { | ||
"name": { | ||
"value": "<<namePrefix>>-az-vSite-x-001" | ||
}, | ||
"tags": { | ||
"value": { | ||
"tagA": "valueA", | ||
"tagB": "valueB" | ||
} | ||
}, | ||
"deviceProperties": { | ||
"value": { | ||
"linkSpeedInMbps": 0 | ||
} | ||
}, | ||
"virtualWanId": { | ||
"value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/apd-<<namePrefix>>-az-vw-x-001" | ||
}, | ||
"vpnSiteLinks": { | ||
"value": [ | ||
{ | ||
"name": "<<namePrefix>>-az-vSite-x-001", | ||
"properties": { | ||
"bgpProperties": { | ||
"asn": 65010, | ||
"bgpPeeringAddress": "1.1.1.1" | ||
}, | ||
"ipAddress": "1.2.3.4", | ||
"linkProperties": { | ||
"linkProviderName": "contoso", | ||
"linkSpeedInMbps": 5 | ||
} | ||
} | ||
}, | ||
{ | ||
"name": "Link1", | ||
"properties": { | ||
"bgpProperties": { | ||
"asn": 65020, | ||
"bgpPeeringAddress": "192.168.1.0" | ||
}, | ||
"ipAddress": "2.2.2.2", | ||
"linkProperties": { | ||
"linkProviderName": "contoso", | ||
"linkSpeedInMbps": 5 | ||
} | ||
} | ||
} | ||
] | ||
}, | ||
"o365Policy": { | ||
"value": { | ||
"breakOutCategories": { | ||
"optimize": true, | ||
"allow": true, | ||
"default": true | ||
} | ||
} | ||
}, | ||
"roleAssignments": { | ||
"value": [ | ||
{ | ||
"roleDefinitionIdOrName": "Reader", | ||
"principalIds": [ | ||
"<<deploymentSpId>>" | ||
] | ||
} | ||
] | ||
} | ||
} | ||
} |
Oops, something went wrong.