Feature: Added new deployment toggles to hub-spoke (#699)

* Added deployment toggle for feature parity with vwan * Fix and simplify conditions for deployment * Add missing paranthesis * Update condition logic and params * Generate Parameter Markdowns [oZakari/dad46f42] * Removed extra paranthesis * Fixed express route gateway param descriptions * Generate Parameter Markdowns [oZakari/17edce48] * Remove check to see if config params are empty * Update infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com> * Update infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com> --------- Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>
Azure · Jan 10, 2024 · f019dff · f019dff
1 parent bf31ea3
commit f019dff
Show file tree

Hide file tree

Showing 7 changed files with 68 additions and 20 deletions.
diff --git a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md
@@ -39,8 +39,10 @@ parPrivateDnsZonesResourceGroup | No       | Resource Group Name for Private DNS
 parPrivateDnsZones | No       | Array of DNS Zones to provision in Hub Virtual Network. Default: All known Azure Private DNS Zones
 parPrivateDnsZoneAutoMergeAzureBackupZone | No       | Set Parameter to false to skip the addition of a Private DNS Zone for Azure Backup.
 parVirtualNetworkIdToLinkFailover | No       | Resource ID of Failover VNet for Private DNS Zone VNet Failover Links
-parVpnGatewayConfig | No       | Configuration for VPN virtual network gateway to be deployed. If a VPN virtual network gateway is not desired an empty object should be used as the input parameter in the parameter file, i.e. "parVpnGatewayConfig": {   "value": {} }
-parExpressRouteGatewayConfig | No       | Configuration for ExpressRoute virtual network gateway to be deployed. If a ExpressRoute virtual network gateway is not desired an empty object should be used as the input parameter in the parameter file, i.e. "parExpressRouteGatewayConfig": {   "value": {} }
+parVpnGatewayEnabled | No       | Switch to enable/disable VPN virtual network gateway deployment.
+parVpnGatewayConfig | No       | Configuration for VPN virtual network gateway to be deployed.
+parExpressRouteGatewayEnabled | No       | Switch to enable/disable ExpressRoute virtual network gateway deployment.
+parExpressRouteGatewayConfig | No       | Configuration for ExpressRoute virtual network gateway to be deployed.
 parTags        | No       | Tags you would like to be applied to all resources in this module.
 parTelemetryOptOut | No       | Set Parameter to true to Opt-out of deployment telemetry.
 parBastionOutboundSshRdpPorts | No       | Define outbound destination ports or ranges for SSH or RDP that you want to access from Azure Bastion.
@@ -309,25 +311,35 @@ Set Parameter to false to skip the addition of a Private DNS Zone for Azure Back
 
 Resource ID of Failover VNet for Private DNS Zone VNet Failover Links
 
+### parVpnGatewayEnabled
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Switch to enable/disable VPN virtual network gateway deployment.
+
+- Default value: `True`
+
 ### parVpnGatewayConfig
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
 
-Configuration for VPN virtual network gateway to be deployed. If a VPN virtual network gateway is not desired an empty object should be used as the input parameter in the parameter file, i.e.
-"parVpnGatewayConfig": {
-  "value": {}
-}
+Configuration for VPN virtual network gateway to be deployed.
 
 - Default value: `@{name=[format('{0}-Vpn-Gateway', parameters('parCompanyPrefix'))]; gatewayType=Vpn; sku=VpnGw1; vpnType=RouteBased; generation=Generation1; enableBgp=False; activeActive=False; enableBgpRouteTranslationForNat=False; enableDnsForwarding=False; bgpPeeringAddress=; bgpsettings=; vpnClientConfiguration=}`
 
+### parExpressRouteGatewayEnabled
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Switch to enable/disable ExpressRoute virtual network gateway deployment.
+
+- Default value: `True`
+
 ### parExpressRouteGatewayConfig
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
 
-Configuration for ExpressRoute virtual network gateway to be deployed. If a ExpressRoute virtual network gateway is not desired an empty object should be used as the input parameter in the parameter file, i.e.
-"parExpressRouteGatewayConfig": {
-  "value": {}
-}
+Configuration for ExpressRoute virtual network gateway to be deployed.
 
 - Default value: `@{name=[format('{0}-ExpressRoute-Gateway', parameters('parCompanyPrefix'))]; gatewayType=ExpressRoute; sku=ErGw1AZ; vpnType=RouteBased; vpnGatewayGeneration=None; enableBgp=False; activeActive=False; enableBgpRouteTranslationForNat=False; enableDnsForwarding=False; bgpPeeringAddress=; bgpsettings=}`
 
@@ -569,6 +581,9 @@ outHubVirtualNetworkId | string |
         "parVirtualNetworkIdToLinkFailover": {
             "value": ""
         },
+        "parVpnGatewayEnabled": {
+            "value": true
+        },
         "parVpnGatewayConfig": {
             "value": {
                 "name": "[format('{0}-Vpn-Gateway', parameters('parCompanyPrefix'))]",
@@ -589,6 +604,9 @@ outHubVirtualNetworkId | string |
                 "vpnClientConfiguration": {}
             }
         },
+        "parExpressRouteGatewayEnabled": {
+            "value": true
+        },
         "parExpressRouteGatewayConfig": {
             "value": {
                 "name": "[format('{0}-ExpressRoute-Gateway', parameters('parCompanyPrefix'))]",

diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep
@@ -243,11 +243,11 @@ param parPrivateDnsZoneAutoMergeAzureBackupZone bool = true
 @sys.description('Resource ID of Failover VNet for Private DNS Zone VNet Failover Links')
 param parVirtualNetworkIdToLinkFailover string = ''
 
+@sys.description('Switch to enable/disable VPN virtual network gateway deployment.')
+param parVpnGatewayEnabled bool = true
+
 //ASN must be 65515 if deploying VPN & ER for co-existence to work: https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resource-manager#limits-and-limitations
-@sys.description('''Configuration for VPN virtual network gateway to be deployed. If a VPN virtual network gateway is not desired an empty object should be used as the input parameter in the parameter file, i.e.
-"parVpnGatewayConfig": {
-  "value": {}
-}''')
+@sys.description('Configuration for VPN virtual network gateway to be deployed.')
 param parVpnGatewayConfig object = {
   name: '${parCompanyPrefix}-Vpn-Gateway'
   gatewayType: 'Vpn'
@@ -267,10 +267,10 @@ param parVpnGatewayConfig object = {
   vpnClientConfiguration: {}
 }
 
-@sys.description('''Configuration for ExpressRoute virtual network gateway to be deployed. If a ExpressRoute virtual network gateway is not desired an empty object should be used as the input parameter in the parameter file, i.e.
-"parExpressRouteGatewayConfig": {
-  "value": {}
-}''')
+@sys.description('Switch to enable/disable ExpressRoute virtual network gateway deployment.')
+param parExpressRouteGatewayEnabled bool = true
+
+@sys.description('Configuration for ExpressRoute virtual network gateway to be deployed.')
 param parExpressRouteGatewayConfig object = {
   name: '${parCompanyPrefix}-ExpressRoute-Gateway'
   gatewayType: 'ExpressRoute'
@@ -332,9 +332,9 @@ var varSubnetProperties = [for subnet in varSubnetMap: {
   }
 }]
 
-var varVpnGwConfig = ((!empty(parVpnGatewayConfig)) ? parVpnGatewayConfig : json('{"name": "noconfigVpn"}'))
+var varVpnGwConfig = ((parVpnGatewayEnabled) &&(!empty(parVpnGatewayConfig)) ? parVpnGatewayConfig : json('{"name": "noconfigVpn"}'))
 
-var varErGwConfig = ((!empty(parExpressRouteGatewayConfig)) ? parExpressRouteGatewayConfig : json('{"name": "noconfigEr"}'))
+var varErGwConfig = ((parExpressRouteGatewayEnabled) && !empty(parExpressRouteGatewayConfig) ? parExpressRouteGatewayConfig : json('{"name": "noconfigEr"}'))
 
 var varGwConfig = [
   varVpnGwConfig

diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json
@@ -189,6 +189,9 @@
     "parPrivateDnsZoneAutoMergeAzureBackupZone": {
       "value": true
     },
+    "parVpnGatewayEnabled": {
+      "value": true
+    },
     "parVpnGatewayConfig": {
       "value": {
         "name": "alz-Vpn-Gateway",
@@ -209,6 +212,9 @@
         "vpnClientConfiguration": {}
       }
     },
+    "parExpressRouteGatewayEnabled": {
+      "value": true
+    },
     "parExpressRouteGatewayConfig": {
       "value": {
         "name": "alz-ExpressRoute-Gateway",

diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.az.all.json b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.az.all.json
@@ -201,6 +201,9 @@
     "parPrivateDnsZoneAutoMergeAzureBackupZone": {
       "value": true
     },
+    "parVpnGatewayEnabled": {
+      "value": true
+    },
     "parVpnGatewayConfig": {
       "value": {
         "name": "alz-Vpn-Gateway",
@@ -221,6 +224,9 @@
         "vpnClientConfiguration": {}
       }
     },
+    "parExpressRouteGatewayEnabled": {
+      "value": true
+    },
     "parExpressRouteGatewayConfig": {
       "value": {
         "name": "alz-ExpressRoute-Gateway",

diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.min.json b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.min.json
@@ -75,6 +75,9 @@
     "parPrivateDnsZonesEnabled": {
       "value": true
     },
+    "parVpnGatewayEnabled": {
+      "value": true
+    },
     "parVpnGatewayConfig": {
       "value": {
         "name": "alz-Vpn-Gateway",
@@ -94,6 +97,9 @@
         }
       }
     },
+    "parExpressRouteGatewayEnabled": {
+      "value": true
+    },
     "parExpressRouteGatewayConfig": {
       "value": {
         "name": "alz-ExpressRoute-Gateway",

diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json b/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json
@@ -150,6 +150,9 @@
     "parPrivateDnsZoneAutoMergeAzureBackupZone": {
       "value": true
     },
+    "parVpnGatewayEnabled": {
+      "value": true
+    },
     "parVpnGatewayConfig": {
       "value": {
         "name": "alz-Vpn-Gateway",
@@ -170,6 +173,9 @@
         "vpnClientConfiguration": {}
       }
     },
+    "parExpressRouteGatewayEnabled": {
+      "value": true
+    },
     "parExpressRouteGatewayConfig": {
       "value": {
         "name": "alz-ExpressRoute-Gateway",

diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.min.json b/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.min.json
@@ -111,6 +111,9 @@
         "privatelink.redis.cache.chinacloudapi.cn"
       ]
     },
+    "parVpnGatewayEnabled": {
+      "value": true
+    },
     "parVpnGatewayConfig": {
       "value": {
         "name": "alz-Vpn-Gateway",
@@ -130,6 +133,9 @@
         }
       }
     },
+    "parExpressRouteGatewayEnabled": {
+      "value": true
+    },
     "parExpressRouteGatewayConfig": {
       "value": {
         "name": "alz-ExpressRoute-Gateway",