зеркало из https://github.com/Azure/ALZ-Bicep.git
Fixed parDdosEnabled/parDdosPlanName camel casing (#196)
* Fixed parDdosEnabled/parDdosPlanName camel casing * DDoS -> Ddos camel case updates including docs and output * Ensure that all instances of alz-DDos-Plan -> alz-ddos-plan in code, example, doc and validate.yaml * alz-ddos-Plan -> alz-ddos-plan * found one last parDDoSPlanName in orch-hubSpoke.bicep - fixed now Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>
This commit is contained in:
Christian Bezençon
GitHub
Родитель
4748322c43
Коммит
eb9cbf5bdd
|
|
@ -25,7 +25,7 @@ The module requires the following inputs:
|
|||
| parPrivateDNSZonesEnabled | bool | true | Switch to enable deployment of Azure Private DNS Zones | None | true |
|
||||
| parPrivateDnsZones | array | See example parameters file [`hubNetworking.parameters.json`](hubNetworking.parameters.example.json) | Array of DNS Zones to provision in Hub Virtual Network. Default: All known Azure Private DNS Zones except for: `privatelink.batch.azure.com`, `privatelink.azmk8s.io` and `privatelink.siterecovery.windowsazure.com` as these are region specific, which you can add to the parameters file with the required region in the zone name that you wish to deploy for. For more details on private DNS Zones please refer to the above link. | None | See Default |
|
||||
| parCompanyPrefix | string | alz | Prefix value which will be pre-appended to all resource names | 1-10 char | alz |
|
||||
| parDdosPlanName | string | ${parCompanyPrefix}-DDos-Plan | Name which will be associated with distributed denial of service protection plan | 1-80 char | alz-DDos-Plan |
|
||||
| parDdosPlanName | string | ${parCompanyPrefix}-ddos-plan | Name which will be associated with distributed denial of service protection plan | 1-80 char | alz-ddos-plan |
|
||||
| parBastionName | string | ${parCompanyPrefix}-bastion | Name which will be associated with Bastion Service. | 1-80 char | alz-bastion |
|
||||
| parBastionSku | string | Standard | SKU or Tier of Bastion Service to deploy | Standard or Basic | Standard |
|
||||
| parPublicIPSku | string | Standard | SKU or Tier of Public IP to deploy | Standard or Basic | Standard |
|
||||
|
|
@ -51,7 +51,7 @@ The module will generate the following outputs:
|
|||
| ------------------------- | ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| outAzureFirewallPrivateIP | string | 192.168.100.1 |
|
||||
| outAzureFirewallName | string | MyAzureFirewall |
|
||||
| outDdosPlanResourceId | string | /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/HUB_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-Ddos-Plan |
|
||||
| outDdosPlanResourceId | string | /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/HUB_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-ddos-plan |
|
||||
| outPrivateDnsZones | array | `["name": "privatelink.azurecr.io", "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/net-lz-spk-eastus-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io"]` |
|
||||
|
||||
## Deployment
|
||||
|
|
|
|||
|
|
@ -60,10 +60,10 @@ param parBastionName string = '${parCompanyPrefix}-bastion'
|
|||
param parBastionSku string = 'Standard'
|
||||
|
||||
@description('Switch which allows DDOS deployment to be disabled. Default: true')
|
||||
param parDDoSEnabled bool = true
|
||||
param parDdosEnabled bool = true
|
||||
|
||||
@description('DDOS Plan Name. Default: {parCompanyPrefix}-DDos-Plan')
|
||||
param parDDoSPlanName string = '${parCompanyPrefix}-DDoS-Plan'
|
||||
@description('DDOS Plan Name. Default: {parCompanyPrefix}-ddos-plan')
|
||||
param parDdosPlanName string = '${parCompanyPrefix}-ddos-plan'
|
||||
|
||||
@description('Switch which allows Azure Firewall deployment to be disabled. Default: true')
|
||||
param parAzureFirewallEnabled bool = true
|
||||
|
|
@ -208,13 +208,13 @@ var varGwConfig = [
|
|||
// Customer Usage Attribution Id
|
||||
var varCuaid = '2686e846-5fdc-4d4f-b533-16dcb09d6e6c'
|
||||
|
||||
resource resDDoSProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2021-02-01' = if (parDDoSEnabled) {
|
||||
name: parDDoSPlanName
|
||||
resource resDdosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2021-02-01' = if (parDdosEnabled) {
|
||||
name: parDdosPlanName
|
||||
location: parLocation
|
||||
tags: parTags
|
||||
}
|
||||
|
||||
//DDos Protection plan will only be enabled if parDDoSEnabled is true.
|
||||
//DDos Protection plan will only be enabled if parDdosEnabled is true.
|
||||
resource resHubVirtualNetwork 'Microsoft.Network/virtualNetworks@2021-02-01' = {
|
||||
name: parHubNetworkName
|
||||
location: parLocation
|
||||
|
|
@ -229,9 +229,9 @@ resource resHubVirtualNetwork 'Microsoft.Network/virtualNetworks@2021-02-01' = {
|
|||
dnsServers: parDNSServerIPArray
|
||||
}
|
||||
subnets: varSubnetProperties
|
||||
enableDdosProtection: parDDoSEnabled
|
||||
ddosProtectionPlan: (parDDoSEnabled) ? {
|
||||
id: resDDoSProtectionPlan.id
|
||||
enableDdosProtection: parDdosEnabled
|
||||
ddosProtectionPlan: (parDdosEnabled) ? {
|
||||
id: resDdosProtectionPlan.id
|
||||
} : null
|
||||
}
|
||||
}
|
||||
|
|
@ -482,6 +482,6 @@ output outPrivateDnsZones array = [for i in range(0, length(parPrivateDnsZones))
|
|||
id: resPrivateDnsZones[i].id
|
||||
}]
|
||||
|
||||
output outDDoSPlanResourceID string = resDDoSProtectionPlan.id
|
||||
output outDdosPlanResourceID string = resDdosProtectionPlan.id
|
||||
output outHubVirtualNetworkName string = resHubVirtualNetwork.name
|
||||
output outHubVirtualNetworkID string = resHubVirtualNetwork.id
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@
|
|||
"value": true
|
||||
},
|
||||
"parDdosPlanName": {
|
||||
"value": "alz-ddos-Plan"
|
||||
"value": "alz-ddos-plan"
|
||||
},
|
||||
"parAzureFirewallEnabled": {
|
||||
"value": true
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@
|
|||
"value": false
|
||||
},
|
||||
"parDdosPlanName": {
|
||||
"value": "alz-ddos-Plan"
|
||||
"value": "alz-ddos-plan"
|
||||
},
|
||||
"parAzureFirewallEnabled": {
|
||||
"value": true
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ The module requires the following inputs:
|
|||
| parLogAnalyticsWorkspaceLogRetentionInDays | Number of days of log retention for Log Analytics Workspace | Yes | `365` | `365` |
|
||||
| parAutomationAccountName | Automation Account name | Yes | `alz-automation-account` | `alz-automation-account` |
|
||||
| parMSDFCEmailSecurityContact | An e-mail address that you want Microsoft Defender for Cloud alerts to be sent to. | Yes | `security_contact@replace_me.com` | `security_contact@replace_me.com` |
|
||||
| parDdosProtectionPlanId | ID of the DDoS Protection Plan which will be applied to the Virtual Networks. If left empty, the policy Enable-DDoS-VNET will not be assigned at connectivity or landing zone Management Groups to avoid VNET deployment issues. | Yes | `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/Hub_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-Ddos-Plan` | (empty string) |
|
||||
| parDdosProtectionPlanId | ID of the DDoS Protection Plan which will be applied to the Virtual Networks. If left empty, the policy Enable-DDoS-VNET will not be assigned at connectivity or landing zone Management Groups to avoid VNET deployment issues. | Yes | `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/Hub_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-ddos-plan` | (empty string) |
|
||||
| parTelemetryOptOut | Set Parameter to true to Opt-out of deployment telemetry | Yes | `false` | `false` |
|
||||
|
||||
## Outputs
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@
|
|||
"value": "security_contact@replace_me.com"
|
||||
},
|
||||
"parDdosProtectionPlanId": {
|
||||
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/Hub_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-Ddos-Plan"
|
||||
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/Hub_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-ddos-plan"
|
||||
},
|
||||
"parTelemetryOptOut": {
|
||||
"value": false
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ The module requires the following inputs:
|
|||
| parLocation | string | `resourceGroup().location` | The Azure Region to deploy the resources into | None | `eastus` |
|
||||
| parBGPRoutePropagation | bool | false | Switch to enable BGP Route Propagation on VNet Route Table | None | false |
|
||||
| parTags | object | Empty object `{}` | Array of Tags to be applied to all resources in the Spoke Network | None | `{"key": "value"}` |
|
||||
| parDdosProtectionPlanId | string | Empty string `''` | Existing DDoS Protection plan to utilize | None | `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/Hub_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-Ddos-Plan` |
|
||||
| parDdosProtectionPlanId | string | Empty string `''` | Existing DDoS Protection plan to utilize | None | `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/Hub_Networking_POC/providers/Microsoft.Network/ddosProtectionPlans/alz-ddos-plan` |
|
||||
| parSpokeNetworkAddressPrefix | string | '10.11.0.0/16' | CIDR for Spoke Network | None | '10.11.0.0/16' |
|
||||
| parSpokeNetworkName | string | 'vnet-spoke' | The Name of the Spoke Virtual Network. | None | 'vnet-spoke' |
|
||||
| parDNSServerIPArray | array | Empty array `[]` | Array IP DNS Servers to use for VNet DNS Resolution | None | `['10.10.1.4', '10.20.1.5']` |
|
||||
|
|
|
|||
|
|
@ -106,10 +106,10 @@ param parAutomationAccountName string = 'alz-automation-account'
|
|||
param parBastionEnabled bool = true
|
||||
|
||||
@description('Switch which allows DDOS deployment to be disabled. Default: true')
|
||||
param parDDoSEnabled bool = true
|
||||
param parDdosEnabled bool = true
|
||||
|
||||
@description('DDOS Plan Name. Default: {parTopLevelManagementGroupPrefix}-DDos-Plan')
|
||||
param parDDoSPlanName string = '${parTopLevelManagementGroupPrefix}-DDoS-Plan'
|
||||
@description('DDOS Plan Name. Default: {parTopLevelManagementGroupPrefix}-ddos-plan')
|
||||
param parDdosPlanName string = '${parTopLevelManagementGroupPrefix}-ddos-plan'
|
||||
|
||||
@description('Switch which allows Azure Firewall deployment to be disabled. Default: true')
|
||||
param parAzureFirewallEnabled bool = true
|
||||
|
|
@ -887,7 +887,7 @@ module modPolicyAssignmentConnEnableDDoSVNET '../../policy/assignments/policyAss
|
|||
parPolicyAssignmentParameters: varPolicyAssignmentEnableDDoSVNET.libDefinition.properties.parameters
|
||||
parPolicyAssignmentParameterOverrides: {
|
||||
ddosPlan: {
|
||||
value: modHubNetworking.outputs.outDDoSPlanResourceID
|
||||
value: modHubNetworking.outputs.outDdosPlanResourceID
|
||||
}
|
||||
}
|
||||
parPolicyAssignmentIdentityType: varPolicyAssignmentEnableDDoSVNET.libDefinition.identity.type
|
||||
|
|
|
|||
|
|
@ -169,7 +169,7 @@ jobs:
|
|||
azureSubscription: 'azserviceconnection'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: '.github/scripts/Set-AlzDefaultPolicyAssignment.ps1'
|
||||
ScriptArguments: '-ManagementGroupId "$(ManagementGroupPrefix)-platform" -parLocation $(Location) -templateFile ./infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep -parameterFile .\infra-as-code\bicep\modules\policy\assignments\alzDefaults\alzDefaultPolicyAssignments.parameters.example.json -parTopLevelManagementGroupPrefix $(ManagementGroupPrefix) -parLogAnalyticsWorkSpaceAndAutomationAccountLocation $(Location) -parLogAnalyticsWorkspaceResourceID "/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.OperationalInsights/workspaces/alz-log-analytics" -parDdosProtectionPlanId "/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.Network/ddosProtectionPlans/alz-Ddos-Plan"'
|
||||
ScriptArguments: '-ManagementGroupId "$(ManagementGroupPrefix)-platform" -parLocation $(Location) -templateFile ./infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep -parameterFile .\infra-as-code\bicep\modules\policy\assignments\alzDefaults\alzDefaultPolicyAssignments.parameters.example.json -parTopLevelManagementGroupPrefix $(ManagementGroupPrefix) -parLogAnalyticsWorkSpaceAndAutomationAccountLocation $(Location) -parLogAnalyticsWorkspaceResourceID "/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.OperationalInsights/workspaces/alz-log-analytics" -parDdosProtectionPlanId "/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.Network/ddosProtectionPlans/alz-ddos-plan"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
pwsh: true
|
||||
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче