Added several user defined types, ability for custom resources names …

…in vwanConnectivity and mgDiagSettings (#656)

* Added type virtualWanOptionsType, introduceded parUseCustomNamingScheme for custom names

* Check if parUseCustomNamingScheme is present in object

* Fixed parameter casing in baseline

* Generate Parameter Markdowns [johnlokerse/40134377]

* Added parameters for resource names

* Added subnetOptionsType

* Generate Parameter Markdowns [johnlokerse/40134377]

* Added descriptions

* Added nonComplianceMessageType

* Added changes to parameter files, added diagnostic settings name to orchestration

* Generate Parameter Markdowns [johnlokerse/40134377]

* Fix error for "List Azure Resources Types" because of usage of type

* Reduced complexity by using coalesce and safe-dereference operator

* Removed default value on description

* Generate Parameter Markdowns [johnlokerse/4e1ac12d]

* Improve clarity for user defined type properties for the custom resource names

* Generate Parameter Markdowns [oZakari/ef8a90cc]

---------

Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Zach Trocinski <[email protected]>
Co-authored-by: Zach Trocinski <[email protected]>

.github/workflows/bicep-build-to-validate.yml

@@ -73,20 +73,34 @@ jobs:
       - name: List Azure Resource Types
         shell: pwsh
         run: |
-          $resourceTypesFullList = @{}
-
-          Get-ChildItem -Path '.\infra-as-code\bicep\modules' -Recurse -Filter '*.json' -Exclude 'callModuleFromACR.example.json', 'orchHubSpoke.json', '*parameters*.json', 'bicepconfig.json', '*policy_*.json' | ForEach-Object {
-            Write-Information "==> Reading Built ARM Template JSON File: $_" -InformationAction Continue
-            $armTemplate = Get-Content $_.FullName | ConvertFrom-Json -Depth 100
-            $armResourceTypes = $armTemplate.Resources
-            $armResourceTypes | ForEach-Object {
-              if (!$resourceTypesFullList.ContainsKey($_.Type)) {
-                $resourceTypesFullList.Add($_.Type, 1)
+          function Add-ToResourceTypesList {
+              param (
+                  [Parameter(Mandatory = $true)]
+                  [string] $Type
+              )
+              if (!$resourceTypesFullList.ContainsKey($Type)) {
+                  $resourceTypesFullList.Add($Type, 1)
               }
               else {
-                $resourceTypesFullList[$_.Type] += 1
+                  $resourceTypesFullList[$Type] += 1
+              }
+          }
+
+          $resourceTypesFullList = @{}
+          Get-ChildItem -Path '.\infra-as-code\bicep\modules' -Recurse -Filter '*.json' -Exclude 'callModuleFromACR.example.json', 'orchHubSpoke.json', '*parameters*.json', 'bicepconfig.json', '*policy_*.json' | ForEach-Object {
+              Write-Information "==> Reading Built ARM Template JSON File: $_" -InformationAction Continue
+              $armTemplate = Get-Content $_.FullName | ConvertFrom-Json -Depth 100
+              $armResourceTypes = $armTemplate.Resources
+              $armResourceTypes | ForEach-Object {
+                  if ($null -eq $_.Type) {
+                      $_.PSObject.Properties | ForEach-Object {
+                          Add-ToResourceTypesList -Type $_.Value.Type
+                      }
+                  }
+                  else {
+                      Add-ToResourceTypesList -Type $_.Type
+                  }
               }
-            }
           }
 
           Write-Information "==> Remove nested deployments resource type" -InformationAction Continue

infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep

@@ -1,6 +1,23 @@
 metadata name = 'ALZ Bicep - Hub Networking Module'
 metadata description = 'ALZ Bicep Module used to set up Hub Networking'
 
+type subnetOptionsType = ({
+  @description('Name of subnet.')
+  name: string
+
+  @description('IP-address range for subnet.')
+  ipAddressRange: string
+
+  @description('Id of Network Security Group to associate with subnet.')
+  networkSecurityGroupId: string?
+
+  @description('Id of Route Table to associate with subnet.')
+  routeTableId: string?
+
+  @description('Name of the delegation to create for the subnet.')
+  delegation: string?
+})[]
+
 @sys.description('The Azure Region to deploy the resources into.')
 param parLocation string = resourceGroup().location
 
@@ -14,7 +31,7 @@ param parHubNetworkName string = '${parCompanyPrefix}-hub-${parLocation}'
 param parHubNetworkAddressPrefix string = '10.10.0.0/16'
 
 @sys.description('The name, IP address range, network security group, route table and delegation serviceName for each subnet in the virtual networks.')
-param parSubnets array = [
+param parSubnets subnetOptionsType = [
   {
     name: 'AzureBastionSubnet'
     ipAddressRange: '10.10.15.0/24'

infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md

@@ -21,6 +21,7 @@ parTags        | No       | Tags you would like to be applied to all resources i
 parAutomationAccountTags | No       | Tags you would like to be applied to Automation Account.
 parLogAnalyticsWorkspaceTags | No       | Tags you would like to be applied to Log Analytics Workspace.
 parUseSentinelClassicPricingTiers | No       | Set Parameter to true to use Sentinel Classic Pricing Tiers, following changes introduced in July 2023 as documented here: https://learn.microsoft.com/azure/sentinel/enroll-simplified-pricing-tier.
+parLogAnalyticsLinkedServiceAutomationAccountName | No       | Log Analytics LinkedService name for Automation Account.
 parTelemetryOptOut | No       | Set Parameter to true to Opt-out of deployment telemetry
 
 ### parLogAnalyticsWorkspaceName
@@ -147,6 +148,14 @@ Set Parameter to true to use Sentinel Classic Pricing Tiers, following changes i
 
 - Default value: `False`
 
+### parLogAnalyticsLinkedServiceAutomationAccountName
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Log Analytics LinkedService name for Automation Account.
+
+- Default value: `Automation`
+
 ### parTelemetryOptOut
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
@@ -234,6 +243,9 @@ outAutomationAccountId | string |
         "parUseSentinelClassicPricingTiers": {
             "value": false
         },
+        "parLogAnalyticsLinkedServiceAutomationAccountName": {
+            "value": "Automation"
+        },
         "parTelemetryOptOut": {
             "value": false
         }

infra-as-code/bicep/modules/logging/logging.bicep

@@ -92,6 +92,9 @@ param parLogAnalyticsWorkspaceTags object = parTags
 @sys.description('Set Parameter to true to use Sentinel Classic Pricing Tiers, following changes introduced in July 2023 as documented here: https://learn.microsoft.com/azure/sentinel/enroll-simplified-pricing-tier.')
 param parUseSentinelClassicPricingTiers bool = false
 
+@sys.description('Log Analytics LinkedService name for Automation Account.')
+param parLogAnalyticsLinkedServiceAutomationAccountName string = 'Automation'
+
 @sys.description('Set Parameter to true to Opt-out of deployment telemetry')
 param parTelemetryOptOut bool = false
 
@@ -151,7 +154,7 @@ resource resLogAnalyticsWorkspaceSolutions 'Microsoft.OperationsManagement/solut
 
 resource resLogAnalyticsLinkedServiceForAutomationAccount 'Microsoft.OperationalInsights/workspaces/linkedServices@2020-08-01' = if (parLogAnalyticsWorkspaceLinkAutomationAccount) {
   parent: resLogAnalyticsWorkspace
-  name: 'Automation'
+  name: parLogAnalyticsLinkedServiceAutomationAccountName
   properties: {
     resourceId: resAutomationAccount.id
   }

infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json

@@ -54,6 +54,9 @@
     "parUseSentinelClassicPricingTiers": {
       "value": false
     },
+    "parLogAnalyticsLinkedServiceAutomationAccountName": {
+      "value": "Automation"
+    },
     "parTelemetryOptOut": {
       "value": false
     }

infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json

@@ -48,6 +48,9 @@
         "Environment": "Live"
       }
     },
+    "parLogAnalyticsLinkedServiceAutomationAccountName": {
+      "value": "Automation"
+    },
     "parTelemetryOptOut": {
       "value": false
     }

infra-as-code/bicep/modules/mgDiagSettings/generateddocs/mgDiagSettings.bicep.md

@@ -7,6 +7,7 @@ Module used to set up Diagnostic Settings for Management Groups
 Parameter name | Required | Description
 -------------- | -------- | -----------
 parLogAnalyticsWorkspaceResourceId | Yes      | Log Analytics Workspace Resource ID.
+parDiagnosticSettingsName | No       | Diagnostic Settings Name.
 parTelemetryOptOut | No       | Set Parameter to true to Opt-out of deployment telemetry
 
 ### parLogAnalyticsWorkspaceResourceId
@@ -15,6 +16,14 @@ parTelemetryOptOut | No       | Set Parameter to true to Opt-out of deployment t
 
 Log Analytics Workspace Resource ID.
 
+### parDiagnosticSettingsName
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Diagnostic Settings Name.
+
+- Default value: `toLa`
+
 ### parTelemetryOptOut
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
@@ -38,6 +47,9 @@ Set Parameter to true to Opt-out of deployment telemetry
         "parLogAnalyticsWorkspaceResourceId": {
             "value": ""
         },
+        "parDiagnosticSettingsName": {
+            "value": "toLa"
+        },
         "parTelemetryOptOut": {
             "value": false
         }

infra-as-code/bicep/modules/mgDiagSettings/mgDiagSettings.bicep

@@ -6,14 +6,17 @@ metadata description = 'Module used to set up Diagnostic Settings for Management
 @sys.description('Log Analytics Workspace Resource ID.')
 param parLogAnalyticsWorkspaceResourceId string
 
+@sys.description('Diagnostic Settings Name.')
+param parDiagnosticSettingsName string = 'toLa'
+
 @sys.description('Set Parameter to true to Opt-out of deployment telemetry')
 param parTelemetryOptOut bool = false
 
 // Customer Usage Attribution Id
 var varCuaid = '5d17f1c2-f17b-4426-9712-0cd2652c4435'
 
 resource mgDiagSet 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
-  name: 'toLa'
+  name: parDiagnosticSettingsName
   properties: {
     workspaceId: parLogAnalyticsWorkspaceResourceId
     logs: [

infra-as-code/bicep/modules/mgDiagSettings/parameters/mgDiagSettings.parameters.all.json

@@ -5,6 +5,9 @@
     "parLogAnalyticsWorkspaceResourceId": {
       "value": ""
     },
+    "parDiagnosticSettingsName": {
+      "value": "toLa"
+    },
     "parTelemetryOptOut": {
       "value": false
     }

infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep

@@ -3,6 +3,14 @@ targetScope = 'managementGroup'
 metadata name = 'ALZ Bicep - Management Group Policy Assignments'
 metadata description = 'Module used to assign policy definitions to management groups'
 
+type nonComplianceMessageType = {
+  @description('The message to display when the policy is non-compliant.')
+  message: string
+
+  @description('The reference ID of the policy definition.')
+  policyDefinitionReferenceId: string
+}[]
+
 @minLength(1)
 @maxLength(24)
 @sys.description('The name of the policy assignment. e.g. "Deny-Public-IP"')
@@ -24,7 +32,7 @@ param parPolicyAssignmentParameters object = {}
 param parPolicyAssignmentParameterOverrides object = {}
 
 @sys.description('An array containing object/s for the non-compliance messages for the policy to be assigned. See https://docs.microsoft.com/en-us/azure/governance/policy/concepts/assignment-structure#non-compliance-messages for more details on use.')
-param parPolicyAssignmentNonComplianceMessages array = []
+param parPolicyAssignmentNonComplianceMessages nonComplianceMessageType = []
 
 @sys.description('An array containing a list of scope Resource IDs to be excluded for the policy assignment. e.g. [\'/providers/Microsoft.Management/managementgroups/alz\', \'/providers/Microsoft.Management/managementgroups/alz-sandbox\' ].')
 param parPolicyAssignmentNotScopes array = []

infra-as-code/bicep/modules/vwanConnectivity/README.md

@@ -17,6 +17,7 @@ Module deploys the following resources which can be configured by parameters:
 
 - [Parameters for Azure Commercial Cloud](generateddocs/vwanConnectivity.bicep.md)
 
+> **NOTE:** Within the `parVirtualWanHubs` parameter, the following keys (parVpnGatewayCustomName, parExpressRouteGatewayCustomName, parAzFirewallCustomName, and parVirtualWanHubCustomName) can be added to create custom names for the associated resources.
 > **NOTE:** Although there are generated parameter markdowns for Azure Commercial Cloud, this same module can still be used in Azure China. Example parameter are in the [parameters](./parameters/) folder.
 
 <!-- markdownlint-disable -->

infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md

@@ -9,15 +9,15 @@ Parameter name | Required | Description
 parLocation    | No       | Region in which the resource group was created.
 parCompanyPrefix | No       | Prefix value which will be prepended to all resource names.
 parAzFirewallTier | No       | Azure Firewall Tier associated with the Firewall to deploy.
-parAzFirewallIntelMode | No       | The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert.
+parAzFirewallIntelMode | No       | The Azure Firewall Threat Intelligence Mode.
 parVirtualHubEnabled | No       | Switch to enable/disable Virtual Hub deployment.
 parAzFirewallDnsProxyEnabled | No       | Switch to enable/disable Azure Firewall DNS Proxy.
-parAzFirewallDnsServers | No       | Array of custom DNS servers used by Azure Firewall
+parAzFirewallDnsServers | No       | Array of custom DNS servers used by Azure Firewall.
 parVirtualWanName | No       | Prefix Used for Virtual WAN.
 parVirtualWanHubName | No       | Prefix Used for Virtual WAN Hub.
 parVirtualWanHubs | No       | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required.  - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`.  
-parVpnGatewayName | No       | Prefix Used for VPN Gateway.
-parExpressRouteGatewayName | No       | Prefix Used for ExpressRoute Gateway.
+parVpnGatewayName | No       | VPN Gateway Name.
+parExpressRouteGatewayName | No       | ExpressRoute Gateway Name.
 parAzFirewallName | No       | Azure Firewall Name.
 parAzFirewallAvailabilityZones | No       | Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty.
 parAzFirewallPoliciesName | No       | Azure Firewall Policies Name.
@@ -64,7 +64,7 @@ Azure Firewall Tier associated with the Firewall to deploy.
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
 
-The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert.
+The Azure Firewall Threat Intelligence Mode.
 
 - Default value: `Alert`
 
@@ -90,7 +90,7 @@ Switch to enable/disable Azure Firewall DNS Proxy.
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
 
-Array of custom DNS servers used by Azure Firewall
+Array of custom DNS servers used by Azure Firewall.
 
 ### parVirtualWanName
 
@@ -129,15 +129,15 @@ Array Used for multiple Virtual WAN Hubs deployment. Each object in the array re
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
 
-Prefix Used for VPN Gateway.
+VPN Gateway Name.
 
 - Default value: `[format('{0}-vpngw', parameters('parCompanyPrefix'))]`
 
 ### parExpressRouteGatewayName
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
 
-Prefix Used for ExpressRoute Gateway.
+ExpressRoute Gateway Name.
 
 - Default value: `[format('{0}-ergw', parameters('parCompanyPrefix'))]`
 

infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep

@@ -29,8 +29,8 @@ module minimum_vwan_conn '../vwanConnectivity.bicep' = {
         parAzFirewallEnabled: true
         parVirtualHubAddressPrefix: '10.100.0.0/23'
         parHubLocation: 'centralus'
-        parhubRoutingPreference: 'ExpressRoute' //allowed values are 'ASN','VpnGateway','ExpressRoute'
-        parvirtualRouterAutoScaleConfiguration: 2 //minimum capacity should be between 2 to 50
+        parHubRoutingPreference: 'ExpressRoute' //allowed values are 'ASN','VpnGateway','ExpressRoute'
+        parVirtualRouterAutoScaleConfiguration: 2 //minimum capacity should be between 2 to 50
         parVirtualHubRoutingIntentDestinations: []
       } ]
     parAzFirewallDnsProxyEnabled: true