diff --git a/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/4f9f8765-911a-4a6d-af60-4bc0473268c0_generic-subscription_canadacentral.json b/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/4f9f8765-911a-4a6d-af60-4bc0473268c0_generic-subscription_canadacentral.json index 66b0d06a..066fd3ca 100644 --- a/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/4f9f8765-911a-4a6d-af60-4bc0473268c0_generic-subscription_canadacentral.json +++ b/config/subscriptions/CanadaESLZ-main/pubsec/LandingZones/DevTest/4f9f8765-911a-4a6d-af60-4bc0473268c0_generic-subscription_canadacentral.json @@ -105,10 +105,10 @@ "addressPrefixes": [ "10.2.0.0/16" ], - "subnets": { - "oz": { + "subnets": [ + { "comments": "App Management Zone (OZ)", - "name": "oz", + "name": "appManagement", "addressPrefix": "10.2.1.0/25", "nsg": { "enabled": true @@ -117,9 +117,9 @@ "enabled": true } }, - "paz": { + { "comments": "Presentation Zone (PAZ)", - "name": "paz", + "name": "web", "addressPrefix": "10.2.2.0/25", "nsg": { "enabled": true @@ -128,9 +128,9 @@ "enabled": true } }, - "rz": { + { "comments": "Application Zone (RZ)", - "name": "rz", + "name": "app", "addressPrefix": "10.2.3.0/25", "nsg": { "enabled": true @@ -139,9 +139,9 @@ "enabled": true } }, - "hrz": { + { "comments": "Data Zone (HRZ)", - "name": "hrz", + "name": "data", "addressPrefix": "10.2.4.0/25", "nsg": { "enabled": true @@ -150,23 +150,21 @@ "enabled": true } }, - "optional": [ - { - "comments": "App Service", - "name": "appservice", - "addressPrefix": "10.2.5.0/25", - "nsg": { - "enabled": false - }, - "udr": { - "enabled": false - }, - "delegations": { - "serviceName": "Microsoft.Web/serverFarms" - } + { + "comments": "App Service", + "name": "appservice", + "addressPrefix": "10.2.5.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.Web/serverFarms" } - ] - } + } + ] } } } diff --git a/config/subscriptions/devopsincanada-main/pubsec/LandingZones/DevTest/248e2ceb-23b4-41e7-bd3f-3d28594ca842_generic-subscription_canadacentral.json b/config/subscriptions/devopsincanada-main/pubsec/LandingZones/DevTest/248e2ceb-23b4-41e7-bd3f-3d28594ca842_generic-subscription_canadacentral.json index a5e7455a..0f921b47 100644 --- a/config/subscriptions/devopsincanada-main/pubsec/LandingZones/DevTest/248e2ceb-23b4-41e7-bd3f-3d28594ca842_generic-subscription_canadacentral.json +++ b/config/subscriptions/devopsincanada-main/pubsec/LandingZones/DevTest/248e2ceb-23b4-41e7-bd3f-3d28594ca842_generic-subscription_canadacentral.json @@ -5,13 +5,34 @@ "serviceHealthAlerts": { "value": { "resourceGroupName": "pubsec-service-health", - "incidentTypes": [ "Incident", "Security" ], - "regions": [ "Global", "Canada East", "Canada Central" ], + "incidentTypes": [ + "Incident", + "Security" + ], + "regions": [ + "Global", + "Canada East", + "Canada Central" + ], "receivers": { - "app": [ "skeeler@m365incanada.onmicrosoft.com" ], - "email": [ "skeeler@m365incanada.onmicrosoft.com" ], - "sms": [ { "countryCode": "1", "phoneNumber": "5555555555" } ], - "voice": [ { "countryCode": "1", "phoneNumber": "5555555555" } ] + "app": [ + "skeeler@m365incanada.onmicrosoft.com" + ], + "email": [ + "skeeler@m365incanada.onmicrosoft.com" + ], + "sms": [ + { + "countryCode": "1", + "phoneNumber": "5555555555" + } + ], + "voice": [ + { + "countryCode": "1", + "phoneNumber": "5555555555" + } + ] }, "actionGroupName": "Sub2 ALZ action group", "actionGroupShortName": "sub2-alert", @@ -68,7 +89,7 @@ "automation": "rgAutomation", "networking": "rgVnet", "networkWatcher": "NetworkWatcherRG", - "backupRecoveryVault":"rgRecoveryVault" + "backupRecoveryVault": "rgRecoveryVault" } }, "automation": { @@ -76,10 +97,10 @@ "name": "automation" } }, - "backupRecoveryVault":{ + "backupRecoveryVault": { "value": { - "enabled":true, - "name":"bkupvault" + "enabled": true, + "name": "bkupvault" } }, "hubNetwork": { @@ -102,8 +123,8 @@ "addressPrefixes": [ "10.11.0.0/16" ], - "subnets": { - "oz": { + "subnets": [ + { "comments": "App Management Zone (OZ)", "name": "oz", "addressPrefix": "10.11.1.0/25", @@ -114,7 +135,7 @@ "enabled": true } }, - "paz": { + { "comments": "Presentation Zone (PAZ)", "name": "paz", "addressPrefix": "10.11.2.0/25", @@ -125,7 +146,7 @@ "enabled": true } }, - "rz": { + { "comments": "Application Zone (RZ)", "name": "rz", "addressPrefix": "10.11.3.0/25", @@ -136,7 +157,7 @@ "enabled": true } }, - "hrz": { + { "comments": "Data Zone (HRZ)", "name": "hrz", "addressPrefix": "10.11.4.0/25", @@ -147,23 +168,21 @@ "enabled": true } }, - "optional": [ - { - "comments": "App Service", - "name": "appservice", - "addressPrefix": "10.11.5.0/25", - "nsg": { - "enabled": false - }, - "udr": { - "enabled": false - }, - "delegations": { - "serviceName": "Microsoft.Web/serverFarms" - } + { + "comments": "App Service", + "name": "appservice", + "addressPrefix": "10.11.5.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.Web/serverFarms" } - ] - } + } + ] } } } diff --git a/config/subscriptions/devopsincanada-main/pubsec/LandingZones/DevTest/802e608f-f31b-4a10-86da-7fbb8f660a10_generic-subscription_canadacentral.json b/config/subscriptions/devopsincanada-main/pubsec/LandingZones/DevTest/802e608f-f31b-4a10-86da-7fbb8f660a10_generic-subscription_canadacentral.json index 5591e3a1..a0c9659b 100644 --- a/config/subscriptions/devopsincanada-main/pubsec/LandingZones/DevTest/802e608f-f31b-4a10-86da-7fbb8f660a10_generic-subscription_canadacentral.json +++ b/config/subscriptions/devopsincanada-main/pubsec/LandingZones/DevTest/802e608f-f31b-4a10-86da-7fbb8f660a10_generic-subscription_canadacentral.json @@ -5,13 +5,34 @@ "serviceHealthAlerts": { "value": { "resourceGroupName": "pubsec-service-health", - "incidentTypes": [ "Incident", "Security" ], - "regions": [ "Global", "Canada East", "Canada Central" ], + "incidentTypes": [ + "Incident", + "Security" + ], + "regions": [ + "Global", + "Canada East", + "Canada Central" + ], "receivers": { - "app": [ "skeeler@m365incanada.onmicrosoft.com" ], - "email": [ "skeeler@m365incanada.onmicrosoft.com" ], - "sms": [ { "countryCode": "1", "phoneNumber": "5555555555" } ], - "voice": [ { "countryCode": "1", "phoneNumber": "5555555555" } ] + "app": [ + "skeeler@m365incanada.onmicrosoft.com" + ], + "email": [ + "skeeler@m365incanada.onmicrosoft.com" + ], + "sms": [ + { + "countryCode": "1", + "phoneNumber": "5555555555" + } + ], + "voice": [ + { + "countryCode": "1", + "phoneNumber": "5555555555" + } + ] }, "actionGroupName": "Sub1 ALZ action group", "actionGroupShortName": "sub1-alert", @@ -68,7 +89,7 @@ "automation": "rgAutomation", "networking": "rgVnet", "networkWatcher": "NetworkWatcherRG", - "backupRecoveryVault":"rgRecoveryVault" + "backupRecoveryVault": "rgRecoveryVault" } }, "automation": { @@ -76,13 +97,12 @@ "name": "automation" } }, - "backupRecoveryVault":{ + "backupRecoveryVault": { "value": { - "enabled":true, - "name":"bkupvault" + "enabled": true, + "name": "bkupvault" } }, - "hubNetwork": { "value": { "virtualNetworkId": "/subscriptions/1a7025c7-f492-4eb9-9cf6-12c7889e4dfd/resourceGroups/pubsec-hub-networking-rg/providers/Microsoft.Network/virtualNetworks/hub-vnet", @@ -103,8 +123,8 @@ "addressPrefixes": [ "10.10.0.0/16" ], - "subnets": { - "oz": { + "subnets": [ + { "comments": "App Management Zone (OZ)", "name": "oz", "addressPrefix": "10.10.1.0/25", @@ -115,7 +135,7 @@ "enabled": true } }, - "paz": { + { "comments": "Presentation Zone (PAZ)", "name": "paz", "addressPrefix": "10.10.2.0/25", @@ -126,7 +146,7 @@ "enabled": true } }, - "rz": { + { "comments": "Application Zone (RZ)", "name": "rz", "addressPrefix": "10.10.3.0/25", @@ -137,7 +157,7 @@ "enabled": true } }, - "hrz": { + { "comments": "Data Zone (HRZ)", "name": "hrz", "addressPrefix": "10.10.4.0/25", @@ -148,23 +168,21 @@ "enabled": true } }, - "optional": [ - { - "comments": "App Service", - "name": "appservice", - "addressPrefix": "10.10.5.0/25", - "nsg": { - "enabled": false - }, - "udr": { - "enabled": false - }, - "delegations": { - "serviceName": "Microsoft.Web/serverFarms" - } + { + "comments": "App Service", + "name": "appservice", + "addressPrefix": "10.10.5.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.Web/serverFarms" } - ] - } + } + ] } } } diff --git a/docs/archetypes/generic-subscription.md b/docs/archetypes/generic-subscription.md index 1bbd7272..6e0a18e2 100644 --- a/docs/archetypes/generic-subscription.md +++ b/docs/archetypes/generic-subscription.md @@ -108,8 +108,7 @@ As an administrator, you can lock a subscription, resource group, or resource to | Deployment without subscription budget | [tests/schemas/lz-generic-subscription/BudgetIsFalse.json](../../tests/schemas/lz-generic-subscription/BudgetIsFalse.json) | `parameters.subscriptionBudget.value.createBudget` is set to `false` and budget information removed. | | Deployment without resource tags | [tests/schemas/lz-generic-subscription/EmptyResourceTags.json](../../tests/schemas/lz-generic-subscription/EmptyResourceTags.json) | `parameters.resourceTags.value` is an empty object. | | Deployment without subscription tags | [tests/schemas/lz-generic-subscription/EmptySubscriptionTags.json](../../tests/schemas/lz-generic-subscription/EmptySubscriptionTags.json) | `parameters.subscriptionTags.value` is an empty object. | -| Deployment with optional subnets | [tests/schemas/lz-generic-subscription/WithOptionalSubnets.json](../../tests/schemas/lz-generic-subscription/WithOptionalSubnets.json) | `parameters.network.value.subnets.optional` array has one subnet. Many others can be added following the same syntax. | -| Deployment without optional subnets | [tests/schemas/lz-generic-subscription/WithoutOptionalSubnets.json](../../tests/schemas/lz-generic-subscription/WithoutOptionalSubnets.json) | `parameters.network.value.subnets.optional` array is empty. | +| Deployment without subnets | [tests/schemas/lz-generic-subscription/WithoutSubnets.json](../../tests/schemas/lz-generic-subscription/WithoutSubnets.json) | `parameters.network.value.subnets` array is empty. | | Deployment without custom DNS | [tests/schemas/lz-generic-subscription/WithoutCustomDNS.json](../../tests/schemas/lz-generic-subscription/WithoutCustomDNS.json) | `parameters.network.value.dnsServers` array is empty. Defaults to Azure managed DNS when array is empty. | | Deployment with Backup Recovery Vault | [tests/schemas/lz-generic-subscription/BackupRecoveryVaultIsTrue.json](../../tests/schemas/lz-generic-subscription/BackupRecoveryVaultIsTrue.json) | `parameters.backupRecoveryVault.value.enabled` is set to `true and vault name is filled in. | | Deployment without Backup Recovery Vault | [tests/schemas/lz-generic-subscription/BackupRecoveryVaultIsFalse.json](../../tests/schemas/lz-generic-subscription/BackupRecoveryVaultIsFalse.json) | `parameters.backupRecoveryVault.value.enabled` is set to `false` and vault name is removed. | @@ -127,8 +126,7 @@ This example configures: 7. Log Analytics Workspace integration through Azure Defender for Cloud 8. Automation Account 9. Backup Recovery Vault -10. Spoke Virtual Network with Hub-managed DNS, Virtual Network Peering, 4 required subnets (zones) and 1 additional subnet `web`. - +10. Spoke Virtual Network with Hub-managed DNS, Virtual Network Peering and 5 subnets. ```json { @@ -138,37 +136,19 @@ This example configures: "location": { "value": "canadacentral" }, + "logAnalyticsWorkspaceResourceId": { + "value": "/subscriptions/bc0a4f9f-07fa-4284-b1bd-fbad38578d3a/resourcegroups/pubsec-central-logging-rg/providers/microsoft.operationalinsights/workspaces/log-analytics-workspace" + }, "serviceHealthAlerts": { "value": { "resourceGroupName": "pubsec-service-health", - "incidentTypes": [ - "Incident", - "Security" - ], - "regions": [ - "Global", - "Canada East", - "Canada Central" - ], + "incidentTypes": [ "Incident", "Security" ], + "regions": [ "Global", "Canada East", "Canada Central" ], "receivers": { - "app": [ - "alzcanadapubsec@microsoft.com" - ], - "email": [ - "alzcanadapubsec@microsoft.com" - ], - "sms": [ - { - "countryCode": "1", - "phoneNumber": "5555555555" - } - ], - "voice": [ - { - "countryCode": "1", - "phoneNumber": "5555555555" - } - ] + "app": [ "alzcanadapubsec@microsoft.com" ], + "email": [ "alzcanadapubsec@microsoft.com" ], + "sms": [ { "countryCode": "1", "phoneNumber": "5555555555" } ], + "voice": [ { "countryCode": "1", "phoneNumber": "5555555555" } ] }, "actionGroupName": "Sub1 ALZ action group", "actionGroupShortName": "sub1-alert", @@ -202,13 +182,7 @@ This example configures: }, "subscriptionBudget": { "value": { - "createBudget": true, - "name": "MonthlySubscriptionBudget", - "amount": 1000, - "timeGrain": "Monthly", - "contactEmails": [ - "alzcanadapubsec@microsoft.com" - ] + "createBudget": false } }, "subscriptionTags": { @@ -226,15 +200,12 @@ This example configures: "TechnicalContact": "technical-contact-tag" } }, - "logAnalyticsWorkspaceResourceId": { - "value": "/subscriptions/bc0a4f9f-07fa-4284-b1bd-fbad38578d3a/resourcegroups/pubsec-central-logging-rg/providers/microsoft.operationalinsights/workspaces/log-analytics-workspace" - }, "resourceGroups": { "value": { - "automation": "rgAutomation", - "networking": "rgVnet", + "automation": "rgAutomation2022Q1", + "networking": "rgVnet2022Q1", "networkWatcher": "NetworkWatcherRG", - "backupRecoveryVault":"rgRecoveryVault" + "backupRecoveryVault":"rgRecoveryVault2022Q1" } }, "automation": { @@ -244,7 +215,7 @@ This example configures: }, "backupRecoveryVault":{ "value": { - "enableBackUpRecoveryVault":true, + "enabled":true, "name":"bkupvault" } }, @@ -268,10 +239,10 @@ This example configures: "addressPrefixes": [ "10.2.0.0/16" ], - "subnets": { - "oz": { + "subnets": [ + { "comments": "App Management Zone (OZ)", - "name": "oz", + "name": "appManagement", "addressPrefix": "10.2.1.0/25", "nsg": { "enabled": true @@ -280,9 +251,9 @@ This example configures: "enabled": true } }, - "paz": { + { "comments": "Presentation Zone (PAZ)", - "name": "paz", + "name": "web", "addressPrefix": "10.2.2.0/25", "nsg": { "enabled": true @@ -291,9 +262,9 @@ This example configures: "enabled": true } }, - "rz": { + { "comments": "Application Zone (RZ)", - "name": "rz", + "name": "app", "addressPrefix": "10.2.3.0/25", "nsg": { "enabled": true @@ -302,9 +273,9 @@ This example configures: "enabled": true } }, - "hrz": { + { "comments": "Data Zone (HRZ)", - "name": "hrz", + "name": "data", "addressPrefix": "10.2.4.0/25", "nsg": { "enabled": true @@ -313,23 +284,21 @@ This example configures: "enabled": true } }, - "optional": [ - { - "comments": "App Service", - "name": "appservice", - "addressPrefix": "10.2.5.0/25", - "nsg": { - "enabled": false - }, - "udr": { - "enabled": false - }, - "delegations": { - "serviceName": "Microsoft.Web/serverFarms" - } + { + "comments": "App Service", + "name": "appservice", + "addressPrefix": "10.2.5.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.Web/serverFarms" } - ] - } + } + ] } } } diff --git a/landingzones/lz-generic-subscription/networking.bicep b/landingzones/lz-generic-subscription/networking.bicep index 5908ac37..3ebc1b72 100644 --- a/landingzones/lz-generic-subscription/networking.bicep +++ b/landingzones/lz-generic-subscription/networking.bicep @@ -38,21 +38,19 @@ param hubNetwork object // "network": { // "value": { // "deployVnet": true, -// // "peerToHubVirtualNetwork": true, // "useRemoteGateway": false, -// // "name": "vnet", // "dnsServers": [ -// "10.18.1.4" +// "10.18.1.4" // ], // "addressPrefixes": [ // "10.2.0.0/16" // ], -// "subnets": { -// "oz": { +// "subnets": [ +// { // "comments": "App Management Zone (OZ)", -// "name": "oz", +// "name": "appManagement", // "addressPrefix": "10.2.1.0/25", // "nsg": { // "enabled": true @@ -61,9 +59,9 @@ param hubNetwork object // "enabled": true // } // }, -// "paz": { +// { // "comments": "Presentation Zone (PAZ)", -// "name": "paz", +// "name": "web", // "addressPrefix": "10.2.2.0/25", // "nsg": { // "enabled": true @@ -72,9 +70,9 @@ param hubNetwork object // "enabled": true // } // }, -// "rz": { +// { // "comments": "Application Zone (RZ)", -// "name": "rz", +// "name": "app", // "addressPrefix": "10.2.3.0/25", // "nsg": { // "enabled": true @@ -83,9 +81,9 @@ param hubNetwork object // "enabled": true // } // }, -// "hrz": { +// { // "comments": "Data Zone (HRZ)", -// "name": "hrz", +// "name": "data", // "addressPrefix": "10.2.4.0/25", // "nsg": { // "enabled": true @@ -94,24 +92,23 @@ param hubNetwork object // "enabled": true // } // }, -// "optional": [ -// { -// "comments": "App Service", -// "name": "appservice", -// "addressPrefix": "10.2.5.0/25", -// "nsg": { -// "enabled": false -// }, -// "udr": { -// "enabled": false -// }, -// "delegations": { -// "serviceName": "Microsoft.Web/serverFarms" -// } +// { +// "comments": "App Service", +// "name": "appservice", +// "addressPrefix": "10.2.5.0/25", +// "nsg": { +// "enabled": false +// }, +// "udr": { +// "enabled": false +// }, +// "delegations": { +// "serviceName": "Microsoft.Web/serverFarms" // } -// ] -// } -// } +// } +// ] +// } +// } // } // Example (Bicep) @@ -129,10 +126,10 @@ param hubNetwork object // addressPrefixes: [ // '10.2.0.0/16' // ] -// subnets: { -// oz: { +// subnets: [ +// { // comments: 'App Management Zone (OZ)' -// name: 'oz' +// name: 'appManagement' // addressPrefix: '10.2.1.0/25' // nsg: { // enabled: true @@ -141,9 +138,9 @@ param hubNetwork object // enabled: true // } // } -// paz: { +// { // comments: 'Presentation Zone (PAZ)' -// name: 'paz' +// name: 'web' // addressPrefix: '10.2.2.0/25' // nsg: { // enabled: true @@ -152,9 +149,9 @@ param hubNetwork object // enabled: true // } // } -// rz: { +// { // comments: 'Application Zone (RZ)' -// name: 'rz' +// name: 'app' // addressPrefix: '10.2.3.0/25' // nsg: { // enabled: true @@ -163,9 +160,9 @@ param hubNetwork object // enabled: true // } // } -// hrz: { +// { // comments: 'Data Zone (HRZ)' -// name: 'hrz' +// name: 'data' // addressPrefix: '10.2.4.0/25' // nsg: { // enabled: true @@ -174,22 +171,20 @@ param hubNetwork object // enabled: true // } // } -// optional: [ -// { -// comments: 'App Service' -// name: 'appservice' -// addressPrefix: '10.2.5.0/25' -// nsg: { -// enabled: false -// } -// udr: { -// enabled: false -// } -// delegations: { -// 'serviceName: 'Microsoft.Web/serverFarms' -// } +// { +// comments: 'App Service' +// name: 'appservice' +// addressPrefix: '10.2.5.0/25' +// nsg: { +// enabled: false // } -// ] +// udr: { +// enabled: false +// } +// delegations: { +// 'serviceName: 'Microsoft.Web/serverFarms' +// } +// } // } // } @description('Network configuration for the spoke virtual network. It includes name, dnsServers, address spaces, vnet peering and subnets.') @@ -200,7 +195,7 @@ var hubVnetIdSplit = split(hubNetwork.virtualNetworkId, '/') var routesToHub = [ // Force Routes to Hub IPs (RFC1918 range) via FW despite knowing that route via peering { - name: 'PrdSpokesUdrHubRFC1918FWRoute' + name: 'SpokeUdrHubRFC1918FWRoute' properties: { addressPrefix: hubNetwork.rfc1918IPRange nextHopType: 'VirtualAppliance' @@ -209,7 +204,7 @@ var routesToHub = [ } // Force Routes to Hub IPs (CGNAT range) via FW despite knowing that route via peering { - name: 'PrdSpokesUdrHubRFC6598FWRoute' + name: 'SpokeUdrHubRFC6598FWRoute' properties: { addressPrefix: hubNetwork.rfc6598IPRange nextHopType: 'VirtualAppliance' @@ -226,18 +221,8 @@ var routesToHub = [ } ] -// Merge the required and optional subnets into a single array and use this array to create the resources -var requiredSubnets = [ - network.subnets.oz - network.subnets.paz - network.subnets.rz - network.subnets.hrz -] - -var allSubnets = union(requiredSubnets, network.subnets.optional) - // Network Security Groups -resource nsg 'Microsoft.Network/networkSecurityGroups@2021-02-01' = [for subnet in allSubnets: if (subnet.nsg.enabled) { +resource nsg 'Microsoft.Network/networkSecurityGroups@2021-02-01' = [for subnet in network.subnets: if (subnet.nsg.enabled) { name: '${subnet.name}Nsg' location: location properties: { @@ -246,13 +231,13 @@ resource nsg 'Microsoft.Network/networkSecurityGroups@2021-02-01' = [for subnet }] // Route Tables -resource udr 'Microsoft.Network/routeTables@2021-02-01' = [for subnet in allSubnets: if (subnet.udr.enabled) { - name: '${subnet.name}Udr' +resource udr 'Microsoft.Network/routeTables@2021-02-01' = { + name: 'RouteTable' location: location properties: { routes: network.peerToHubVirtualNetwork ? routesToHub : null } -}] +} // Virtual Network resource vnet 'Microsoft.Network/virtualNetworks@2021-02-01' = { @@ -265,7 +250,7 @@ resource vnet 'Microsoft.Network/virtualNetworks@2021-02-01' = { addressSpace: { addressPrefixes: network.addressPrefixes } - subnets: [for (subnet, i) in allSubnets: { + subnets: [for (subnet, i) in network.subnets: { name: subnet.name properties: { addressPrefix: subnet.addressPrefix @@ -273,7 +258,7 @@ resource vnet 'Microsoft.Network/virtualNetworks@2021-02-01' = { id: nsg[i].id } : null routeTable: (subnet.udr.enabled) ? { - id: udr[i].id + id: udr.id } : null delegations: contains(subnet, 'delegations') ? [ { @@ -323,11 +308,6 @@ output vnetId string = vnet.id output vnetName string = vnet.name output vnetPeered bool = network.peerToHubVirtualNetwork -output ozSubnetId string = '${vnet.id}/subnets/${network.subnets.oz.name}' -output pazSubnetId string = '${vnet.id}/subnets/${network.subnets.paz.name}' -output rzSubnetId string = '${vnet.id}/subnets/${network.subnets.rz.name}' -output hrzSubnetId string = '${vnet.id}/subnets/${network.subnets.hrz.name}' - -output optionalSubnets array = [for subnet in network.subnets.optional: { +output subnets array = [for subnet in network.subnets: { 'id': '${vnet.id}/subnets/${subnet.name}' }] diff --git a/schemas/latest/landingzones/lz-generic-subscription.json b/schemas/latest/landingzones/lz-generic-subscription.json index 1745371d..f69ecfa1 100644 --- a/schemas/latest/landingzones/lz-generic-subscription.json +++ b/schemas/latest/landingzones/lz-generic-subscription.json @@ -184,35 +184,10 @@ "title": "NetworkValue" }, "Subnets": { - "type": "object", - "additionalProperties": false, - "properties": { - "oz": { - "$ref": "#/definitions/Subnet" - }, - "paz": { - "$ref": "#/definitions/Subnet" - }, - "rz": { - "$ref": "#/definitions/Subnet" - }, - "hrz": { - "$ref": "#/definitions/Subnet" - }, - "optional": { - "type": "array", - "items": { - "$ref": "#/definitions/Subnet" - } - } + "type": "array", + "items": { + "$ref": "#/definitions/Subnet" }, - "required": [ - "oz", - "paz", - "rz", - "hrz", - "optional" - ], "title": "Subnets" }, "Delegations": { diff --git a/schemas/latest/readme.md b/schemas/latest/readme.md index 6e2f08f4..cf5ec364 100644 --- a/schemas/latest/readme.md +++ b/schemas/latest/readme.md @@ -4,10 +4,12 @@ ### April 20, 2022 -Schema definition for Hub Networking archetypes (Azure Firewall & NVA). See documentation: +* Schema definition update for Generic Subscription. Spoke network's subnet configuration is now defined as an array. The array can have 0 to many subnet definitions. -* [Hub Networking with Azure Firewall](../../docs/archetypes/hubnetwork-azfw.md) -* [Hub Networking with Fortigate Firewalls](../../docs/archetypes/hubnetwork-nva-fortigate.md) +* Schema definition for Hub Networking archetypes (Azure Firewall & NVA). See documentation: + + * [Hub Networking with Azure Firewall](../../docs/archetypes/hubnetwork-azfw.md) + * [Hub Networking with Network Virtual Appliance (e.g. Fortigate Firewalls)](../../docs/archetypes/hubnetwork-nva-fortigate.md) ### April 18, 2022 diff --git a/tests/schemas/lz-generic-subscription/BackupRecoveryVaultIsFalse.json b/tests/schemas/lz-generic-subscription/BackupRecoveryVaultIsFalse.json index a775d2cc..38ca3901 100644 --- a/tests/schemas/lz-generic-subscription/BackupRecoveryVaultIsFalse.json +++ b/tests/schemas/lz-generic-subscription/BackupRecoveryVaultIsFalse.json @@ -89,7 +89,7 @@ "automation": "rgAutomation", "networking": "rgVnet", "networkWatcher": "NetworkWatcherRG", - "backupRecoveryVault":"rgRecoveryVault" + "backupRecoveryVault": "rgRecoveryVault" } }, "automation": { @@ -97,10 +97,9 @@ "name": "automation" } }, - "backupRecoveryVault":{ + "backupRecoveryVault": { "value": { - "enabled":false - + "enabled": false } }, "hubNetwork": { @@ -123,8 +122,8 @@ "addressPrefixes": [ "10.2.0.0/16" ], - "subnets": { - "oz": { + "subnets": [ + { "comments": "App Management Zone (OZ)", "name": "oz", "addressPrefix": "10.2.1.0/25", @@ -135,7 +134,7 @@ "enabled": true } }, - "paz": { + { "comments": "Presentation Zone (PAZ)", "name": "paz", "addressPrefix": "10.2.2.0/25", @@ -146,7 +145,7 @@ "enabled": true } }, - "rz": { + { "comments": "Application Zone (RZ)", "name": "rz", "addressPrefix": "10.2.3.0/25", @@ -157,7 +156,7 @@ "enabled": true } }, - "hrz": { + { "comments": "Data Zone (HRZ)", "name": "hrz", "addressPrefix": "10.2.4.0/25", @@ -168,23 +167,21 @@ "enabled": true } }, - "optional": [ - { - "comments": "App Service", - "name": "appservice", - "addressPrefix": "10.2.5.0/25", - "nsg": { - "enabled": false - }, - "udr": { - "enabled": false - }, - "delegations": { - "serviceName": "Microsoft.Web/serverFarms" - } + { + "comments": "App Service", + "name": "appservice", + "addressPrefix": "10.2.5.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.Web/serverFarms" } - ] - } + } + ] } } } diff --git a/tests/schemas/lz-generic-subscription/BackupRecoveryVaultIsTrue.json b/tests/schemas/lz-generic-subscription/BackupRecoveryVaultIsTrue.json index 4a9ae475..196f108f 100644 --- a/tests/schemas/lz-generic-subscription/BackupRecoveryVaultIsTrue.json +++ b/tests/schemas/lz-generic-subscription/BackupRecoveryVaultIsTrue.json @@ -89,7 +89,7 @@ "automation": "rgAutomation", "networking": "rgVnet", "networkWatcher": "NetworkWatcherRG", - "backupRecoveryVault":"rgRecoveryVault" + "backupRecoveryVault": "rgRecoveryVault" } }, "automation": { @@ -97,10 +97,10 @@ "name": "automation" } }, - "backupRecoveryVault":{ + "backupRecoveryVault": { "value": { - "enabled":true, - "name":"bkupvault" + "enabled": true, + "name": "bkupvault" } }, "hubNetwork": { @@ -123,8 +123,8 @@ "addressPrefixes": [ "10.2.0.0/16" ], - "subnets": { - "oz": { + "subnets": [ + { "comments": "App Management Zone (OZ)", "name": "oz", "addressPrefix": "10.2.1.0/25", @@ -135,7 +135,7 @@ "enabled": true } }, - "paz": { + { "comments": "Presentation Zone (PAZ)", "name": "paz", "addressPrefix": "10.2.2.0/25", @@ -146,7 +146,7 @@ "enabled": true } }, - "rz": { + { "comments": "Application Zone (RZ)", "name": "rz", "addressPrefix": "10.2.3.0/25", @@ -157,7 +157,7 @@ "enabled": true } }, - "hrz": { + { "comments": "Data Zone (HRZ)", "name": "hrz", "addressPrefix": "10.2.4.0/25", @@ -168,23 +168,21 @@ "enabled": true } }, - "optional": [ - { - "comments": "App Service", - "name": "appservice", - "addressPrefix": "10.2.5.0/25", - "nsg": { - "enabled": false - }, - "udr": { - "enabled": false - }, - "delegations": { - "serviceName": "Microsoft.Web/serverFarms" - } + { + "comments": "App Service", + "name": "appservice", + "addressPrefix": "10.2.5.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.Web/serverFarms" } - ] - } + } + ] } } } diff --git a/tests/schemas/lz-generic-subscription/BudgetIsFalse.json b/tests/schemas/lz-generic-subscription/BudgetIsFalse.json index 4a9ae475..196f108f 100644 --- a/tests/schemas/lz-generic-subscription/BudgetIsFalse.json +++ b/tests/schemas/lz-generic-subscription/BudgetIsFalse.json @@ -89,7 +89,7 @@ "automation": "rgAutomation", "networking": "rgVnet", "networkWatcher": "NetworkWatcherRG", - "backupRecoveryVault":"rgRecoveryVault" + "backupRecoveryVault": "rgRecoveryVault" } }, "automation": { @@ -97,10 +97,10 @@ "name": "automation" } }, - "backupRecoveryVault":{ + "backupRecoveryVault": { "value": { - "enabled":true, - "name":"bkupvault" + "enabled": true, + "name": "bkupvault" } }, "hubNetwork": { @@ -123,8 +123,8 @@ "addressPrefixes": [ "10.2.0.0/16" ], - "subnets": { - "oz": { + "subnets": [ + { "comments": "App Management Zone (OZ)", "name": "oz", "addressPrefix": "10.2.1.0/25", @@ -135,7 +135,7 @@ "enabled": true } }, - "paz": { + { "comments": "Presentation Zone (PAZ)", "name": "paz", "addressPrefix": "10.2.2.0/25", @@ -146,7 +146,7 @@ "enabled": true } }, - "rz": { + { "comments": "Application Zone (RZ)", "name": "rz", "addressPrefix": "10.2.3.0/25", @@ -157,7 +157,7 @@ "enabled": true } }, - "hrz": { + { "comments": "Data Zone (HRZ)", "name": "hrz", "addressPrefix": "10.2.4.0/25", @@ -168,23 +168,21 @@ "enabled": true } }, - "optional": [ - { - "comments": "App Service", - "name": "appservice", - "addressPrefix": "10.2.5.0/25", - "nsg": { - "enabled": false - }, - "udr": { - "enabled": false - }, - "delegations": { - "serviceName": "Microsoft.Web/serverFarms" - } + { + "comments": "App Service", + "name": "appservice", + "addressPrefix": "10.2.5.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.Web/serverFarms" } - ] - } + } + ] } } } diff --git a/tests/schemas/lz-generic-subscription/BudgetIsTrue.json b/tests/schemas/lz-generic-subscription/BudgetIsTrue.json index dcdbfb1e..7eeeaa4f 100644 --- a/tests/schemas/lz-generic-subscription/BudgetIsTrue.json +++ b/tests/schemas/lz-generic-subscription/BudgetIsTrue.json @@ -95,7 +95,7 @@ "automation": "rgAutomation", "networking": "rgVnet", "networkWatcher": "NetworkWatcherRG", - "backupRecoveryVault":"rgRecoveryVault" + "backupRecoveryVault": "rgRecoveryVault" } }, "automation": { @@ -103,10 +103,10 @@ "name": "automation" } }, - "backupRecoveryVault":{ + "backupRecoveryVault": { "value": { - "enabled":true, - "name":"bkupvault" + "enabled": true, + "name": "bkupvault" } }, "hubNetwork": { @@ -127,8 +127,8 @@ "addressPrefixes": [ "10.2.0.0/16" ], - "subnets": { - "oz": { + "subnets": [ + { "comments": "App Management Zone (OZ)", "name": "oz", "addressPrefix": "10.2.1.0/25", @@ -139,7 +139,7 @@ "enabled": true } }, - "paz": { + { "comments": "Presentation Zone (PAZ)", "name": "paz", "addressPrefix": "10.2.2.0/25", @@ -150,7 +150,7 @@ "enabled": true } }, - "rz": { + { "comments": "Application Zone (RZ)", "name": "rz", "addressPrefix": "10.2.3.0/25", @@ -161,7 +161,7 @@ "enabled": true } }, - "hrz": { + { "comments": "Data Zone (HRZ)", "name": "hrz", "addressPrefix": "10.2.4.0/25", @@ -172,23 +172,21 @@ "enabled": true } }, - "optional": [ - { - "comments": "App Service", - "name": "appservice", - "addressPrefix": "10.2.5.0/25", - "nsg": { - "enabled": false - }, - "udr": { - "enabled": false - }, - "delegations": { - "serviceName": "Microsoft.Web/serverFarms" - } + { + "comments": "App Service", + "name": "appservice", + "addressPrefix": "10.2.5.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.Web/serverFarms" } - ] - } + } + ] } } } diff --git a/tests/schemas/lz-generic-subscription/EmptyResourceTags.json b/tests/schemas/lz-generic-subscription/EmptyResourceTags.json index ed685f13..c9fefb3b 100644 --- a/tests/schemas/lz-generic-subscription/EmptyResourceTags.json +++ b/tests/schemas/lz-generic-subscription/EmptyResourceTags.json @@ -82,7 +82,7 @@ "automation": "rgAutomation", "networking": "rgVnet", "networkWatcher": "NetworkWatcherRG", - "backupRecoveryVault":"rgRecoveryVault" + "backupRecoveryVault": "rgRecoveryVault" } }, "automation": { @@ -90,10 +90,10 @@ "name": "automation" } }, - "backupRecoveryVault":{ + "backupRecoveryVault": { "value": { - "enabled":true, - "name":"bkupvault" + "enabled": true, + "name": "bkupvault" } }, "hubNetwork": { @@ -116,8 +116,8 @@ "addressPrefixes": [ "10.2.0.0/16" ], - "subnets": { - "oz": { + "subnets": [ + { "comments": "App Management Zone (OZ)", "name": "oz", "addressPrefix": "10.2.1.0/25", @@ -128,7 +128,7 @@ "enabled": true } }, - "paz": { + { "comments": "Presentation Zone (PAZ)", "name": "paz", "addressPrefix": "10.2.2.0/25", @@ -139,7 +139,7 @@ "enabled": true } }, - "rz": { + { "comments": "Application Zone (RZ)", "name": "rz", "addressPrefix": "10.2.3.0/25", @@ -150,7 +150,7 @@ "enabled": true } }, - "hrz": { + { "comments": "Data Zone (HRZ)", "name": "hrz", "addressPrefix": "10.2.4.0/25", @@ -161,23 +161,21 @@ "enabled": true } }, - "optional": [ - { - "comments": "App Service", - "name": "appservice", - "addressPrefix": "10.2.5.0/25", - "nsg": { - "enabled": false - }, - "udr": { - "enabled": false - }, - "delegations": { - "serviceName": "Microsoft.Web/serverFarms" - } + { + "comments": "App Service", + "name": "appservice", + "addressPrefix": "10.2.5.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.Web/serverFarms" } - ] - } + } + ] } } } diff --git a/tests/schemas/lz-generic-subscription/EmptySubscriptionTags.json b/tests/schemas/lz-generic-subscription/EmptySubscriptionTags.json index 3101f224..957fd62b 100644 --- a/tests/schemas/lz-generic-subscription/EmptySubscriptionTags.json +++ b/tests/schemas/lz-generic-subscription/EmptySubscriptionTags.json @@ -93,7 +93,7 @@ "automation": "rgAutomation", "networking": "rgVnet", "networkWatcher": "NetworkWatcherRG", - "backupRecoveryVault":"rgRecoveryVault" + "backupRecoveryVault": "rgRecoveryVault" } }, "automation": { @@ -101,10 +101,10 @@ "name": "automation" } }, - "backupRecoveryVault":{ + "backupRecoveryVault": { "value": { - "enabled":true, - "name":"bkupvault" + "enabled": true, + "name": "bkupvault" } }, "hubNetwork": { @@ -125,8 +125,8 @@ "addressPrefixes": [ "10.2.0.0/16" ], - "subnets": { - "oz": { + "subnets": [ + { "comments": "App Management Zone (OZ)", "name": "oz", "addressPrefix": "10.2.1.0/25", @@ -137,7 +137,7 @@ "enabled": true } }, - "paz": { + { "comments": "Presentation Zone (PAZ)", "name": "paz", "addressPrefix": "10.2.2.0/25", @@ -148,7 +148,7 @@ "enabled": true } }, - "rz": { + { "comments": "Application Zone (RZ)", "name": "rz", "addressPrefix": "10.2.3.0/25", @@ -159,7 +159,7 @@ "enabled": true } }, - "hrz": { + { "comments": "Data Zone (HRZ)", "name": "hrz", "addressPrefix": "10.2.4.0/25", @@ -170,23 +170,21 @@ "enabled": true } }, - "optional": [ - { - "comments": "App Service", - "name": "appservice", - "addressPrefix": "10.2.5.0/25", - "nsg": { - "enabled": false - }, - "udr": { - "enabled": false - }, - "delegations": { - "serviceName": "Microsoft.Web/serverFarms" - } + { + "comments": "App Service", + "name": "appservice", + "addressPrefix": "10.2.5.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.Web/serverFarms" } - ] - } + } + ] } } } diff --git a/tests/schemas/lz-generic-subscription/FullDeployment-With-Hub.json b/tests/schemas/lz-generic-subscription/FullDeployment-With-Hub.json index a3feface..21035a7f 100644 --- a/tests/schemas/lz-generic-subscription/FullDeployment-With-Hub.json +++ b/tests/schemas/lz-generic-subscription/FullDeployment-With-Hub.json @@ -98,7 +98,7 @@ "automation": "rgAutomation092021W3", "networking": "rgVnet092021W3", "networkWatcher": "NetworkWatcherRG", - "backupRecoveryVault":"rgRecoveryVault" + "backupRecoveryVault": "rgRecoveryVault" } }, "automation": { @@ -106,10 +106,10 @@ "name": "automation" } }, - "backupRecoveryVault":{ + "backupRecoveryVault": { "value": { - "enabled":true, - "name":"bkupvault" + "enabled": true, + "name": "bkupvault" } }, "hubNetwork": { @@ -132,8 +132,8 @@ "addressPrefixes": [ "10.2.0.0/16" ], - "subnets": { - "oz": { + "subnets": [ + { "comments": "App Management Zone (OZ)", "name": "oz", "addressPrefix": "10.2.1.0/25", @@ -144,7 +144,7 @@ "enabled": true } }, - "paz": { + { "comments": "Presentation Zone (PAZ)", "name": "paz", "addressPrefix": "10.2.2.0/25", @@ -155,7 +155,7 @@ "enabled": true } }, - "rz": { + { "comments": "Application Zone (RZ)", "name": "rz", "addressPrefix": "10.2.3.0/25", @@ -166,7 +166,7 @@ "enabled": true } }, - "hrz": { + { "comments": "Data Zone (HRZ)", "name": "hrz", "addressPrefix": "10.2.4.0/25", @@ -177,23 +177,21 @@ "enabled": true } }, - "optional": [ - { - "comments": "App Service", - "name": "appservice", - "addressPrefix": "10.2.5.0/25", - "nsg": { - "enabled": false - }, - "udr": { - "enabled": false - }, - "delegations": { - "serviceName": "Microsoft.Web/serverFarms" - } + { + "comments": "App Service", + "name": "appservice", + "addressPrefix": "10.2.5.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.Web/serverFarms" } - ] - } + } + ] } } } diff --git a/tests/schemas/lz-generic-subscription/FullDeployment-With-Location.json b/tests/schemas/lz-generic-subscription/FullDeployment-With-Location.json index 75a9cc6f..6b0eb3c8 100644 --- a/tests/schemas/lz-generic-subscription/FullDeployment-With-Location.json +++ b/tests/schemas/lz-generic-subscription/FullDeployment-With-Location.json @@ -101,7 +101,7 @@ "automation": "rgAutomation092021W3", "networking": "rgVnet092021W3", "networkWatcher": "NetworkWatcherRG", - "backupRecoveryVault":"rgRecoveryVault" + "backupRecoveryVault": "rgRecoveryVault" } }, "automation": { @@ -109,10 +109,10 @@ "name": "automation" } }, - "backupRecoveryVault":{ + "backupRecoveryVault": { "value": { - "enabled":true, - "name":"bkupvault" + "enabled": true, + "name": "bkupvault" } }, "hubNetwork": { @@ -135,8 +135,8 @@ "addressPrefixes": [ "10.2.0.0/16" ], - "subnets": { - "oz": { + "subnets": [ + { "comments": "App Management Zone (OZ)", "name": "oz", "addressPrefix": "10.2.1.0/25", @@ -147,7 +147,7 @@ "enabled": true } }, - "paz": { + { "comments": "Presentation Zone (PAZ)", "name": "paz", "addressPrefix": "10.2.2.0/25", @@ -158,7 +158,7 @@ "enabled": true } }, - "rz": { + { "comments": "Application Zone (RZ)", "name": "rz", "addressPrefix": "10.2.3.0/25", @@ -169,7 +169,7 @@ "enabled": true } }, - "hrz": { + { "comments": "Data Zone (HRZ)", "name": "hrz", "addressPrefix": "10.2.4.0/25", @@ -180,23 +180,21 @@ "enabled": true } }, - "optional": [ - { - "comments": "App Service", - "name": "appservice", - "addressPrefix": "10.2.5.0/25", - "nsg": { - "enabled": false - }, - "udr": { - "enabled": false - }, - "delegations": { - "serviceName": "Microsoft.Web/serverFarms" - } + { + "comments": "App Service", + "name": "appservice", + "addressPrefix": "10.2.5.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.Web/serverFarms" } - ] - } + } + ] } } } diff --git a/tests/schemas/lz-generic-subscription/FullDeployment-Without-Hub.json b/tests/schemas/lz-generic-subscription/FullDeployment-Without-Hub.json index 97b18c64..81b89acc 100644 --- a/tests/schemas/lz-generic-subscription/FullDeployment-Without-Hub.json +++ b/tests/schemas/lz-generic-subscription/FullDeployment-Without-Hub.json @@ -98,7 +98,7 @@ "automation": "rgAutomation", "networking": "rgVnet", "networkWatcher": "NetworkWatcherRG", - "backupRecoveryVault":"rgRecoveryVault" + "backupRecoveryVault": "rgRecoveryVault" } }, "automation": { @@ -106,10 +106,10 @@ "name": "automation" } }, - "backupRecoveryVault":{ + "backupRecoveryVault": { "value": { - "enabled":true, - "name":"bkupvault" + "enabled": true, + "name": "bkupvault" } }, "hubNetwork": { @@ -130,8 +130,8 @@ "addressPrefixes": [ "10.2.0.0/16" ], - "subnets": { - "oz": { + "subnets": [ + { "comments": "App Management Zone (OZ)", "name": "oz", "addressPrefix": "10.2.1.0/25", @@ -142,7 +142,7 @@ "enabled": true } }, - "paz": { + { "comments": "Presentation Zone (PAZ)", "name": "paz", "addressPrefix": "10.2.2.0/25", @@ -153,7 +153,7 @@ "enabled": true } }, - "rz": { + { "comments": "Application Zone (RZ)", "name": "rz", "addressPrefix": "10.2.3.0/25", @@ -164,7 +164,7 @@ "enabled": true } }, - "hrz": { + { "comments": "Data Zone (HRZ)", "name": "hrz", "addressPrefix": "10.2.4.0/25", @@ -175,23 +175,21 @@ "enabled": true } }, - "optional": [ - { - "comments": "App Service", - "name": "appservice", - "addressPrefix": "10.2.5.0/25", - "nsg": { - "enabled": false - }, - "udr": { - "enabled": false - }, - "delegations": { - "serviceName": "Microsoft.Web/serverFarms" - } + { + "comments": "App Service", + "name": "appservice", + "addressPrefix": "10.2.5.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.Web/serverFarms" } - ] - } + } + ] } } } diff --git a/tests/schemas/lz-generic-subscription/WithOptionalSubnets.json b/tests/schemas/lz-generic-subscription/WithOptionalSubnets.json deleted file mode 100644 index 4a9ae475..00000000 --- a/tests/schemas/lz-generic-subscription/WithOptionalSubnets.json +++ /dev/null @@ -1,191 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "serviceHealthAlerts": { - "value": { - "resourceGroupName": "pubsec-service-health", - "incidentTypes": [ - "Incident", - "Security" - ], - "regions": [ - "Global", - "Canada East", - "Canada Central" - ], - "receivers": { - "app": [ - "alzcanadapubsec@microsoft.com" - ], - "email": [ - "alzcanadapubsec@microsoft.com" - ], - "sms": [ - { - "countryCode": "1", - "phoneNumber": "5555555555" - } - ], - "voice": [ - { - "countryCode": "1", - "phoneNumber": "5555555555" - } - ] - }, - "actionGroupName": "Sub1 ALZ action group", - "actionGroupShortName": "sub1-alert", - "alertRuleName": "Sub1 ALZ alert rule", - "alertRuleDescription": "Alert rule for Azure Landing Zone" - } - }, - "securityCenter": { - "value": { - "email": "alzcanadapubsec@microsoft.com", - "phone": "5555555555" - } - }, - "subscriptionRoleAssignments": { - "value": [ - { - "comments": "Built-in Role: Contributor", - "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", - "securityGroupObjectIds": [ - "38f33f7e-a471-4630-8ce9-c6653495a2ee" - ] - }, - { - "comments": "Custom Role: Landing Zone Application Owner", - "roleDefinitionId": "b4c87314-c1a1-5320-9c43-779585186bcc", - "securityGroupObjectIds": [ - "38f33f7e-a471-4630-8ce9-c6653495a2ee" - ] - } - ] - }, - "subscriptionBudget": { - "value": { - "createBudget": false - } - }, - "subscriptionTags": { - "value": { - "ISSO": "isso-tag" - } - }, - "resourceTags": { - "value": { - "ClientOrganization": "client-organization-tag", - "CostCenter": "cost-center-tag", - "DataSensitivity": "data-sensitivity-tag", - "ProjectContact": "project-contact-tag", - "ProjectName": "project-name-tag", - "TechnicalContact": "technical-contact-tag" - } - }, - "resourceGroups": { - "value": { - "automation": "rgAutomation", - "networking": "rgVnet", - "networkWatcher": "NetworkWatcherRG", - "backupRecoveryVault":"rgRecoveryVault" - } - }, - "automation": { - "value": { - "name": "automation" - } - }, - "backupRecoveryVault":{ - "value": { - "enabled":true, - "name":"bkupvault" - } - }, - "hubNetwork": { - "value": { - "virtualNetworkId": "/subscriptions/ed7f4eed-9010-4227-b115-2a5e37728f27/resourceGroups/pubsec-hub-networking-rg/providers/Microsoft.Network/virtualNetworks/hub-vnet", - "rfc1918IPRange": "10.18.0.0/22", - "rfc6598IPRange": "100.60.0.0/16", - "egressVirtualApplianceIp": "10.18.1.4" - } - }, - "network": { - "value": { - "deployVnet": true, - "peerToHubVirtualNetwork": true, - "useRemoteGateway": false, - "name": "vnet", - "dnsServers": [ - "10.18.1.4" - ], - "addressPrefixes": [ - "10.2.0.0/16" - ], - "subnets": { - "oz": { - "comments": "App Management Zone (OZ)", - "name": "oz", - "addressPrefix": "10.2.1.0/25", - "nsg": { - "enabled": true - }, - "udr": { - "enabled": true - } - }, - "paz": { - "comments": "Presentation Zone (PAZ)", - "name": "paz", - "addressPrefix": "10.2.2.0/25", - "nsg": { - "enabled": true - }, - "udr": { - "enabled": true - } - }, - "rz": { - "comments": "Application Zone (RZ)", - "name": "rz", - "addressPrefix": "10.2.3.0/25", - "nsg": { - "enabled": true - }, - "udr": { - "enabled": true - } - }, - "hrz": { - "comments": "Data Zone (HRZ)", - "name": "hrz", - "addressPrefix": "10.2.4.0/25", - "nsg": { - "enabled": true - }, - "udr": { - "enabled": true - } - }, - "optional": [ - { - "comments": "App Service", - "name": "appservice", - "addressPrefix": "10.2.5.0/25", - "nsg": { - "enabled": false - }, - "udr": { - "enabled": false - }, - "delegations": { - "serviceName": "Microsoft.Web/serverFarms" - } - } - ] - } - } - } - } -} \ No newline at end of file diff --git a/tests/schemas/lz-generic-subscription/WithoutCustomDNS.json b/tests/schemas/lz-generic-subscription/WithoutCustomDNS.json index bba02621..8d8246b5 100644 --- a/tests/schemas/lz-generic-subscription/WithoutCustomDNS.json +++ b/tests/schemas/lz-generic-subscription/WithoutCustomDNS.json @@ -89,7 +89,7 @@ "automation": "rgAutomation", "networking": "rgVnet", "networkWatcher": "NetworkWatcherRG", - "backupRecoveryVault":"rgRecoveryVault" + "backupRecoveryVault": "rgRecoveryVault" } }, "automation": { @@ -97,10 +97,10 @@ "name": "automation" } }, - "backupRecoveryVault":{ + "backupRecoveryVault": { "value": { - "enabled":true, - "name":"bkupvault" + "enabled": true, + "name": "bkupvault" } }, "hubNetwork": { @@ -121,8 +121,8 @@ "addressPrefixes": [ "10.2.0.0/16" ], - "subnets": { - "oz": { + "subnets": [ + { "comments": "App Management Zone (OZ)", "name": "oz", "addressPrefix": "10.2.1.0/25", @@ -133,7 +133,7 @@ "enabled": true } }, - "paz": { + { "comments": "Presentation Zone (PAZ)", "name": "paz", "addressPrefix": "10.2.2.0/25", @@ -144,7 +144,7 @@ "enabled": true } }, - "rz": { + { "comments": "Application Zone (RZ)", "name": "rz", "addressPrefix": "10.2.3.0/25", @@ -155,7 +155,7 @@ "enabled": true } }, - "hrz": { + { "comments": "Data Zone (HRZ)", "name": "hrz", "addressPrefix": "10.2.4.0/25", @@ -166,23 +166,21 @@ "enabled": true } }, - "optional": [ - { - "comments": "App Service", - "name": "appservice", - "addressPrefix": "10.2.5.0/25", - "nsg": { - "enabled": false - }, - "udr": { - "enabled": false - }, - "delegations": { - "serviceName": "Microsoft.Web/serverFarms" - } + { + "comments": "App Service", + "name": "appservice", + "addressPrefix": "10.2.5.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.Web/serverFarms" } - ] - } + } + ] } } } diff --git a/tests/schemas/lz-generic-subscription/WithoutOptionalSubnets.json b/tests/schemas/lz-generic-subscription/WithoutSubnets.json similarity index 69% rename from tests/schemas/lz-generic-subscription/WithoutOptionalSubnets.json rename to tests/schemas/lz-generic-subscription/WithoutSubnets.json index 65edee74..c52dfd26 100644 --- a/tests/schemas/lz-generic-subscription/WithoutOptionalSubnets.json +++ b/tests/schemas/lz-generic-subscription/WithoutSubnets.json @@ -89,7 +89,7 @@ "automation": "rgAutomation", "networking": "rgVnet", "networkWatcher": "NetworkWatcherRG", - "backupRecoveryVault":"rgRecoveryVault" + "backupRecoveryVault": "rgRecoveryVault" } }, "automation": { @@ -97,10 +97,10 @@ "name": "automation" } }, - "backupRecoveryVault":{ + "backupRecoveryVault": { "value": { - "enabled":true, - "name":"bkupvault" + "enabled": true, + "name": "bkupvault" } }, "hubNetwork": { @@ -123,53 +123,7 @@ "addressPrefixes": [ "10.2.0.0/16" ], - "subnets": { - "oz": { - "comments": "App Management Zone (OZ)", - "name": "oz", - "addressPrefix": "10.2.1.0/25", - "nsg": { - "enabled": true - }, - "udr": { - "enabled": true - } - }, - "paz": { - "comments": "Presentation Zone (PAZ)", - "name": "paz", - "addressPrefix": "10.2.2.0/25", - "nsg": { - "enabled": true - }, - "udr": { - "enabled": true - } - }, - "rz": { - "comments": "Application Zone (RZ)", - "name": "rz", - "addressPrefix": "10.2.3.0/25", - "nsg": { - "enabled": true - }, - "udr": { - "enabled": true - } - }, - "hrz": { - "comments": "Data Zone (HRZ)", - "name": "hrz", - "addressPrefix": "10.2.4.0/25", - "nsg": { - "enabled": true - }, - "udr": { - "enabled": true - } - }, - "optional": [] - } + "subnets": [] } } }