Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: updates to fix Region name now being appended to azFw policy name #914 #915

Merged
merged 4 commits into from
Nov 27, 2024

Conversation

jtracey93
Copy link
Contributor

@jtracey93 jtracey93 commented Nov 27, 2024

This pull request introduces several changes to the infra-as-code/bicep/modules/vwanConnectivity module, primarily focusing on the addition of new parameters and the restructuring of resource definitions to support different deployment styles for Azure Firewall policies. The most important changes include the introduction of the parAzFirewallPolicyDeploymentStyle parameter, the addition of custom names for Azure Firewall policies via parAzFirewallPolicyCustomName, and the refactoring of resource definitions to support both shared global and per-region deployment styles.

Why

This was needed to fix #914, but it also posed the question of how customers should deploy the Azure Firewall Policy in a multi region configuration, today the module would create a policy per region, but that may not be desired. Hence the module now supports, via this PR, the ability to chose between a PerRegion or SharedGlobal firewall policy deployment approach.

New Parameters and Types:

  • Added parAzFirewallPolicyDeploymentStyle parameter to specify the deployment style of Azure Firewall policies (SharedGlobal or PerRegion). [1] [2] [3] [4]
  • Introduced azFirewallPolicyDeploymentStyleType type to define the possible values for parAzFirewallPolicyDeploymentStyle.

Custom Names for Policies:

  • Added parAzFirewallPolicyCustomName parameter to allow specifying custom names for Azure Firewall policies.

Resource Definitions Refactoring:

  • Refactored resource definitions to support both shared global and per-region deployment styles for Azure Firewall policies. This includes the creation of new resources and locks based on the deployment style. [1] [2]
  • Updated the resVhub, resVhubLock, resVhubRouteTable, resVhubRoutingIntent, resVpnGateway, resVpnGatewayLock, resErGateway, and resErGatewayLock resources to use a more consistent and readable array syntax. [1] [2] [3] [4] [5]

Output Adjustments:

  • Modified output definitions to use a more consistent and readable array syntax. [1] [2]

Testing Evidence

vwanConnectivity.bicep - defaults with VPN, DDOS & EX disabled (for speed)

image

vwanConnectivity.bicep - Multi Region Param with VPN, DDOS & EX disabled (for speed) - one hub with custom FW policy name

image

@jtracey93 jtracey93 requested a deployment to BicepUpdateDocumentation November 27, 2024 14:51 — with GitHub Actions Waiting
@jtracey93 jtracey93 requested a deployment to BicepUpdateDocumentation November 27, 2024 14:52 — with GitHub Actions Waiting
@jtracey93 jtracey93 requested a deployment to BicepUpdateDocumentation November 27, 2024 14:55 — with GitHub Actions Waiting
@jtracey93 jtracey93 requested a deployment to BicepUpdateDocumentation November 27, 2024 14:57 — with GitHub Actions Waiting
@jtracey93 jtracey93 requested a deployment to BicepUpdateDocumentation November 27, 2024 15:05 — with GitHub Actions Waiting
@jtracey93 jtracey93 requested a deployment to BicepUpdateDocumentation November 27, 2024 15:45 — with GitHub Actions Waiting
@jtracey93 jtracey93 marked this pull request as ready for review November 27, 2024 16:52
@jtracey93 jtracey93 requested a deployment to BicepUpdateDocumentation November 27, 2024 16:52 — with GitHub Actions Waiting
@jtracey93 jtracey93 temporarily deployed to BicepUpdateDocumentation November 27, 2024 17:24 — with GitHub Actions Inactive
@jtracey93 jtracey93 requested a review from oZakari November 27, 2024 17:24
@jtracey93 jtracey93 added Area: Networking 🌐 Issues / PR's related to Networking Type: Feature Request ➕ New feature or request labels Nov 27, 2024
Copy link
Contributor

@oZakari oZakari left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM thanks @jtracey93

@oZakari
Copy link
Contributor

oZakari commented Nov 27, 2024

/azp run validateazcloud

Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@oZakari oZakari merged commit 640a1db into main Nov 27, 2024
15 checks passed
@oZakari oZakari deleted the users/jtracey93/feat/azfw-policy-naming branch November 27, 2024 20:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Area: Networking 🌐 Issues / PR's related to Networking Type: Feature Request ➕ New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Region name now being appended to azFw policy name
2 participants