Skip to content

Commit

Permalink
update ui on placement of firewall
Browse files Browse the repository at this point in the history
  • Loading branch information
@yahanda
yahanda committed Oct 25, 2023
1 parent db688fc commit 7e62f44
Show file tree
Hide file tree
Showing 4 changed files with 51 additions and 51 deletions.
18 changes: 9 additions & 9 deletions workload/arm/deploy-baseline.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -312,7 +312,7 @@
"description": "Does the hub contains a virtual network gateway. (Default: false)"
}
},
"deployAvdFirewall": {
"deployFirewall": {
"type": "bool",
"defaultValue": false,
"metadata": {
Expand Down Expand Up @@ -8037,8 +8037,8 @@
},
"tags": "[if(parameters('createResourceTags'), createObject('value', union(variables('varCustomResourceTags'), variables('varAvdDefaultTags'))), createObject('value', variables('varAvdDefaultTags')))]",
"alaWorkspaceResourceId": "[if(parameters('avdDeployMonitoring'), if(parameters('deployAlaWorkspace'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Monitoring-{0}', parameters('time'))), '2022-09-01').outputs.avdAlaWorkspaceResourceId.value), createObject('value', parameters('alaExistingWorkspaceResourceId'))), createObject('value', ''))]",
"deployAvdFirewall": {
"value": "[parameters('deployAvdFirewall')]"
"deployFirewall": {
"value": "[parameters('deployFirewall')]"
},
"firewallName": {
"value": "[variables('varFiwewallName')]"
Expand Down Expand Up @@ -8179,7 +8179,7 @@
"description": "Create virtual network peering to hub."
}
},
"deployAvdFirewall": {
"deployFirewall": {
"type": "bool",
"metadata": {
"description": "Create firewall and firewall policy to hub virtual network."
Expand Down Expand Up @@ -12585,7 +12585,7 @@
]
},
{
"condition": "[parameters('deployAvdFirewall')]",
"condition": "[parameters('deployFirewall')]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "[format('Fw-Policy-{0}', parameters('time'))]",
Expand Down Expand Up @@ -13027,7 +13027,7 @@
}
},
{
"condition": "[parameters('deployAvdFirewall')]",
"condition": "[parameters('deployFirewall')]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "[format('Fw-Policy-Rcg-{0}', parameters('time'))]",
Expand Down Expand Up @@ -13337,7 +13337,7 @@
]
},
{
"condition": "[parameters('deployAvdFirewall')]",
"condition": "[parameters('deployFirewall')]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "[format('Fw-Policy-Rcg-Optional-{0}', parameters('time'))]",
Expand Down Expand Up @@ -13657,7 +13657,7 @@
]
},
{
"condition": "[parameters('deployAvdFirewall')]",
"condition": "[parameters('deployFirewall')]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "[format('Fw-Subnet-{0}', parameters('time'))]",
Expand Down Expand Up @@ -14063,7 +14063,7 @@
}
},
{
"condition": "[parameters('deployAvdFirewall')]",
"condition": "[parameters('deployFirewall')]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "[format('Fw-{0}', parameters('time'))]",
Expand Down
4 changes: 2 additions & 2 deletions workload/bicep/deploy-baseline.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,7 @@ param avdVnetPrivateDnsZoneKeyvaultId string = ''
param vNetworkGatewayOnHub bool = false

@sys.description('Create Azure Firewall and Azure Firewall Policy. (Default: false)')
param deployAvdFirewall bool = false
param deployFirewall bool = false

@sys.description('AzureFirewallSubnet prefixes. (Default: 10.0.2.0/24)')
param firewallSubnetAddressPrefix string = '10.0.2.0/24'
Expand Down Expand Up @@ -938,7 +938,7 @@ module networking './modules/networking/deploy.bicep' = if (createAvdVnet || cre
dnsServers: varDnsServers
tags: createResourceTags ? union(varCustomResourceTags, varAvdDefaultTags) : varAvdDefaultTags
alaWorkspaceResourceId: avdDeployMonitoring ? (deployAlaWorkspace ? monitoringDiagnosticSettings.outputs.avdAlaWorkspaceResourceId : alaExistingWorkspaceResourceId) : ''
deployAvdFirewall: deployAvdFirewall
deployFirewall: deployFirewall
firewallName: varFiwewallName
firewallPolicyName: varFiwewallPolicyName
firewallPolicyRuleCollectionGroupName: varFiwewallPolicyRuleCollectionGroupName
Expand Down
12 changes: 6 additions & 6 deletions workload/bicep/modules/networking/deploy.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ param remoteVnetPeeringName string
param createVnetPeering bool

@sys.description('Create firewall and firewall policy to hub virtual network.')
param deployAvdFirewall bool
param deployFirewall bool

@sys.description('Firewall name')
param firewallName string
Expand Down Expand Up @@ -437,7 +437,7 @@ module privateDnsZoneKeyVaultGov '.bicep/privateDnsZones.bicep' = if (createPriv
}

// Firewall policy
module firewallPolicy '../../../../carml/1.3.0/Microsoft.Network/firewallPolicies/deploy.bicep' = if (deployAvdFirewall) {
module firewallPolicy '../../../../carml/1.3.0/Microsoft.Network/firewallPolicies/deploy.bicep' = if (deployFirewall) {
scope: resourceGroup('${varExistingHubSubId}', '${varExistingHubSubRgName}')
name: 'Fw-Policy-${time}'
params: {
Expand All @@ -447,7 +447,7 @@ module firewallPolicy '../../../../carml/1.3.0/Microsoft.Network/firewallPolicie
}

// Firewall policy rule collection group
module firewallPolicyRuleCollectionGroup '../../../../carml/1.3.0/Microsoft.Network/firewallPolicies/ruleCollectionGroups/deploy.bicep' = if (deployAvdFirewall) {
module firewallPolicyRuleCollectionGroup '../../../../carml/1.3.0/Microsoft.Network/firewallPolicies/ruleCollectionGroups/deploy.bicep' = if (deployFirewall) {
scope: resourceGroup('${varExistingHubSubId}', '${varExistingHubSubRgName}')
name: 'Fw-Policy-Rcg-${time}'
params: {
Expand Down Expand Up @@ -648,7 +648,7 @@ module firewallPolicyRuleCollectionGroup '../../../../carml/1.3.0/Microsoft.Netw
}

// Firewall policy optional rule collection group
module firewallPolicyOptionalRuleCollectionGroup '../../../../carml/1.3.0/Microsoft.Network/firewallPolicies/ruleCollectionGroups/deploy.bicep' = if (deployAvdFirewall) {
module firewallPolicyOptionalRuleCollectionGroup '../../../../carml/1.3.0/Microsoft.Network/firewallPolicies/ruleCollectionGroups/deploy.bicep' = if (deployFirewall) {
scope: resourceGroup('${varExistingHubSubId}', '${varExistingHubSubRgName}')
name: 'Fw-Policy-Rcg-Optional-${time}'
params: {
Expand Down Expand Up @@ -859,7 +859,7 @@ module firewallPolicyOptionalRuleCollectionGroup '../../../../carml/1.3.0/Micros
}

// Azure Firewall subnet
module hubVirtualNetworkAzureFirewallSubnet '../../../../carml/1.3.0/Microsoft.Network/virtualNetworks/subnets/deploy.bicep' = if (deployAvdFirewall) {
module hubVirtualNetworkAzureFirewallSubnet '../../../../carml/1.3.0/Microsoft.Network/virtualNetworks/subnets/deploy.bicep' = if (deployFirewall) {
scope: resourceGroup('${varExistingHubSubId}', '${varExistingHubSubRgName}')
name: 'Fw-Subnet-${time}'
params: {
Expand All @@ -870,7 +870,7 @@ module hubVirtualNetworkAzureFirewallSubnet '../../../../carml/1.3.0/Microsoft.N
}

// Azure Firewall
module azureFirewall '../../../../carml/1.3.0/Microsoft.Network/azureFirewalls/deploy.bicep' = if (deployAvdFirewall) {
module azureFirewall '../../../../carml/1.3.0/Microsoft.Network/azureFirewalls/deploy.bicep' = if (deployFirewall) {
scope: resourceGroup('${varExistingHubSubId}', '${varExistingHubSubRgName}')
name: 'Fw-${time}'
params: {
Expand Down
68 changes: 34 additions & 34 deletions workload/portal-ui/portal-ui-baseline.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1441,42 +1441,51 @@
"label": "Firewall options for AVD deployments",
"elements": [
{
"name": "deployAvdFirewall",
"name": "deployFirewall",
"type": "Microsoft.Common.CheckBox",
"label": "Deploy Azure Firewall",
"defaultValue": false,
"toolTip": "Create Azure Firewall and Azure Firewall Policy for protection of AVD deployments."
},

{
"name": "avdFirewallSubs",
"name": "firewallVirtualNetworkInfoBox",
"type": "Microsoft.Common.InfoBox",
"visible": "[steps('network').firewallOptions.deployFirewall]",
"options": {
"text": "vNet peering will be created to firewall vNet with access to host pool",
"uri": "https://learn.microsoft.com/azure/firewall/protect-azure-virtual-desktop",
"style": "info"
}
},
{
"name": "firewallVirtualNetworkSubs",
"type": "Microsoft.Solutions.ArmApiControl",
"request": {
"method": "GET",
"path": "subscriptions?api-version=2020-01-01"
}
},
{
"name": "avdFirewallSub",
"name": "firewallVirtualNetworkSub",
"type": "Microsoft.Common.DropDown",
"visible": "[steps('network').firewallOptions.deployAvdFirewall]",
"label": "Firewall Subscription",
"visible": "[steps('network').firewallOptions.deployFirewall]",
"label": "Firewall vNet Subscription",
"toolTip": "",
"multiselect": false,
"selectAll": false,
"filter": true,
"filterPlaceholder": "Filter items ...",
"multiLine": true,
"constraints": {
"allowedValues": "[map(steps('network').firewallOptions.avdFirewallSubs.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]",
"allowedValues": "[map(steps('network').firewallOptions.firewallVirtualNetworkSubs.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]",
"required": true
}
},
{
"name": "createAvdFirewallVirtualNetwork",
"name": "createFirewallVirtualNetwork",
"type": "Microsoft.Common.OptionsGroup",
"visible": "[steps('network').firewallOptions.deployAvdFirewall]",
"label": "Firewall Virtual network",
"visible": "[steps('network').firewallOptions.deployFirewall]",
"label": "Firewall vNet",
"defaultValue": "New",
"toolTip": "",
"constraints": {
Expand All @@ -1494,9 +1503,9 @@
}
},
{
"name": "avdFirewallVirtualNetworkSize",
"name": "firewallVirtualNetworkSize",
"type": "Microsoft.Common.TextBox",
"visible": "[and(steps('network').firewallOptions.deployAvdFirewall, steps('network').firewallOptions.createAvdFirewallVirtualNetwork)]",
"visible": "[and(steps('network').firewallOptions.deployFirewall, steps('network').firewallOptions.createFirewallVirtualNetwork)]",
"label": "Firewall vNet address range",
"toolTip": "Virtual network CIDR for Azure Firewall",
"placeholder": "Example: 10.0.2.0/23",
Expand All @@ -1507,27 +1516,17 @@
}
},
{
"name": "existingAvdFirewallVirtualNetworkInfoBox",
"type": "Microsoft.Common.InfoBox",
"visible": "[and(steps('network').firewallOptions.deployAvdFirewall, not(steps('network').firewallOptions.createAvdFirewallVirtualNetwork))]",
"options": {
"text": "Existing network must has connectivity to xxxxxxxxxxxxx.",
"uri": "https://docs.microsoft.com/azure/architecture/example-scenario/wvd/windows-virtual-desktop?context=/azure/virtual-desktop/context/context",
"style": "info"
}
},
{
"name": "existingAvdFirewallVirtualNetworks",
"name": "existingFirewallVirtualNetworks",
"type": "Microsoft.Solutions.ArmApiControl",
"request": {
"method": "GET",
"path": "[concat('subscriptions/', steps('network').firewallOptions.avdFirewallSub, '/providers/Microsoft.Network/virtualNetworks?api-version=2021-08-01')]"
"path": "[concat('subscriptions/', steps('network').firewallOptions.firewallVirtualNetworkSub, '/providers/Microsoft.Network/virtualNetworks?api-version=2021-08-01')]"
}
},
{
"name": "existingAvdFirewallbVirtualNetwork",
"name": "existingFirewallVirtualNetwork",
"type": "Microsoft.Common.DropDown",
"visible": "[and(steps('network').firewallOptions.deployAvdFirewall, not(steps('network').firewallOptions.createAvdFirewallVirtualNetwork))]",
"visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.createFirewallVirtualNetwork))]",
"label": "Firewall virtual network",
"toolTip": "",
"multiselect": false,
Expand All @@ -1536,16 +1535,17 @@
"filterPlaceholder": "Filter items ...",
"multiLine": true,
"constraints": {
"allowedValues": "[map(steps('network').firewallOptions.existingAvdFirewallVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', toLower(vnet.id), '\"}')) )]",
"allowedValues": "[map(steps('network').firewallOptions.existingFirewallVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', toLower(vnet.id), '\"}')) )]",
"required": true
}
},
{
"name": "avdFirewallVirtualNetworkAvdSubnetSize",
"name": "firewallVirtualNetworkSubnetSize",
"type": "Microsoft.Common.TextBox",
"visible": "[steps('network').firewallOptions.deployAvdFirewall]",
"visible": "[steps('network').firewallOptions.deployFirewall]",
"label": "Firewall subnet address prefix",
"toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)",
"uri": "https://learn.microsoft.com/azure/firewall/tutorial-firewall-deploy-portal#create-a-vnet",
"placeholder": "Example: 10.0.2.0/24",
"constraints": {
"required": true,
Expand All @@ -1554,11 +1554,11 @@
}
},
{
"name": "firewallInfoBox",
"name": "firewallVirtualNetworkInfoBox2",
"type": "Microsoft.Common.InfoBox",
"visible": "[steps('network').firewallOptions.deployAvdFirewall]",
"visible": "[steps('network').firewallOptions.deployFirewall]",
"options": {
"text": "Azure Firewall, Azure Firewall Policy, and Azure Firewall subnet will be created in the existing vNet hub for protection of AVD deployments.",
"text": "Azure Firewall, Azure Firewall Policy, and Azure Firewall subnet will be created in the vNet for protection of AVD deployments.",
"uri": "https://learn.microsoft.com/azure/firewall/protect-azure-virtual-desktop",
"style": "info"
}
Expand Down Expand Up @@ -2449,8 +2449,8 @@
"vNetworkGatewayOnHub": "[if(equals(steps('network').createAvdVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.hubVirtualNetworkGateway, false)]",
"existingVnetAvdSubnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').virtualNetworkAvdSubnetSelectorName, 'no')]",
"existingVnetPrivateEndpointSubnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').virtualNetworkPrivateEndpointSubnetSelectorName, 'no')]",
"deployAvdFirewall": "[steps('network').firewallOptions.deployAvdFirewall]",
"firewallSubnetAddressPrefix": "[if(equals(steps('network').firewallOptions.deployAvdFirewall, true), steps('network').firewallOptions.avdFirewallVirtualNetworkAvdSubnetSize, '10.0.2.0/24')]",
"deployFirewall": "[steps('network').firewallOptions.deployFirewall]",
"firewallSubnetAddressPrefix": "[if(equals(steps('network').firewallOptions.deployFirewall, true), steps('network').firewallOptions.firewallVirtualNetworkSubnetSize, '10.0.2.0/24')]",
"avdDeploySessionHosts": "[steps('sessionHosts').deploySessionHosts]",
"avdStartVmOnConnect": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal'), steps('managementPlane').managementPlaneHostPoolScaling.startVmOnConnect, false)]",
"avdDeployScalingPlan": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled'), steps('managementPlane').managementPlaneHostPoolScaling.scalingPlan, false)]",
Expand Down

0 comments on commit 7e62f44

Please sign in to comment.