fix: module avm/res/network/virtual-netwok-gateway (#1722)

## Description Basic IP configuration is only allowed in the Basic SKU of VPN Gateway Fixes #1685 Fixes #1685 Closes #1685 Closes #1685 ## Pipeline Reference [![avm.res.network.virtual-network-gateway](https://github.com/fabmas/bicep-registry-modules/actions/workflows/avm.res.network.virtual-network-gateway.yml/badge.svg?branch=fix1685)](https://github.com/fabmas/bicep-registry-modules/actions/workflows/avm.res.network.virtual-network-gateway.yml) ## Type of Change - [ ] Update to CI Environment or utlities (Non-module effecting changes) - [x] Azure Verified Module updates: - [x] Bugfix containing backwards compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `version.json`: - [x] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description. - [ ] The bug was found by the module author, and no one has opened an issue to report it yet. - [ ] Feature update backwards compatible feature updates, and I have bumped the MINOR version in `version.json`. - [ ] Breaking changes and I have bumped the MAJOR version in `version.json`. - [x] Update to documentation ## Checklist - [x] I'm sure there are no other open Pull Requests for the same update/change - [x] I have run `Set-AVMModule` locally to generate the supporting module files. - [x] My corresponding pipelines / checks run clean and green without any errors or warnings
Azure · Apr 28, 2024 · 9abd2fa · 9abd2fa
1 parent c03725b
commit 9abd2fa
Show file tree

Hide file tree

Showing 11 changed files with 252 additions and 89 deletions.
diff --git a/avm/res/network/virtual-network-gateway/README.md b/avm/res/network/virtual-network-gateway/README.md
@@ -34,8 +34,9 @@ The following section provides usage examples for the module, which were used to
 - [Using only defaults](#example-2-using-only-defaults)
 - [ExpressRoute](#example-3-expressroute)
 - [Using large parameter set](#example-4-using-large-parameter-set)
-- [VPN](#example-5-vpn)
-- [WAF-aligned](#example-6-waf-aligned)
+- [Using SKU without Availability Zones](#example-5-using-sku-without-availability-zones)
+- [VPN](#example-6-vpn)
+- [WAF-aligned](#example-7-waf-aligned)
 
 ### Example 1: _AAD-VPN_
 
@@ -62,9 +63,9 @@ module virtualNetworkGateway 'br/public:avm/res/network/virtual-network-gateway:
     ]
     location: '<location>'
     publicIpZones: [
-      '1'
-      '2'
-      '3'
+      1
+      2
+      3
     ]
     vpnClientAadConfiguration: {
       aadAudience: '41b23e61-6c1e-4545-b367-cd054e0ed4b4'
@@ -121,9 +122,9 @@ module virtualNetworkGateway 'br/public:avm/res/network/virtual-network-gateway:
     },
     "publicIpZones": {
       "value": [
-        "1",
-        "2",
-        "3"
+        1,
+        2,
+        3
       ]
     },
     "vpnClientAadConfiguration": {
@@ -170,9 +171,9 @@ module virtualNetworkGateway 'br/public:avm/res/network/virtual-network-gateway:
     // Non-required parameters
     location: '<location>'
     publicIpZones: [
-      '1'
-      '2'
-      '3'
+      1
+      2
+      3
     ]
   }
 }
@@ -209,9 +210,9 @@ module virtualNetworkGateway 'br/public:avm/res/network/virtual-network-gateway:
     },
     "publicIpZones": {
       "value": [
-        "1",
-        "2",
-        "3"
+        1,
+        2,
+        3
       ]
     }
   }
@@ -246,9 +247,9 @@ module virtualNetworkGateway 'br/public:avm/res/network/virtual-network-gateway:
     gatewayPipName: 'pip-nvger'
     location: '<location>'
     publicIpZones: [
-      '1'
-      '2'
-      '3'
+      1
+      2
+      3
     ]
   }
 }
@@ -293,9 +294,9 @@ module virtualNetworkGateway 'br/public:avm/res/network/virtual-network-gateway:
     },
     "publicIpZones": {
       "value": [
-        "1",
-        "2",
-        "3"
+        1,
+        2,
+        3
       ]
     }
   }
@@ -387,9 +388,9 @@ module virtualNetworkGateway 'br/public:avm/res/network/virtual-network-gateway:
       }
     ]
     publicIpZones: [
-      '1'
-      '2'
-      '3'
+      1
+      2
+      3
     ]
     roleAssignments: [
       {
@@ -531,9 +532,9 @@ module virtualNetworkGateway 'br/public:avm/res/network/virtual-network-gateway:
     },
     "publicIpZones": {
       "value": [
-        "1",
-        "2",
-        "3"
+        1,
+        2,
+        3
       ]
     },
     "roleAssignments": {
@@ -575,7 +576,67 @@ module virtualNetworkGateway 'br/public:avm/res/network/virtual-network-gateway:
 </details>
 <p>
 
-### Example 5: _VPN_
+### Example 5: _Using SKU without Availability Zones_
+
+This instance deploys the module with a SKU that does not support Availability Zones.
+
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module virtualNetworkGateway 'br/public:avm/res/network/virtual-network-gateway:<version>' = {
+  name: 'virtualNetworkGatewayDeployment'
+  params: {
+    // Required parameters
+    gatewayType: 'Vpn'
+    name: 'nvgnaz001'
+    skuName: 'VpnGw1'
+    vNetResourceId: '<vNetResourceId>'
+    // Non-required parameters
+    location: '<location>'
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "gatewayType": {
+      "value": "Vpn"
+    },
+    "name": {
+      "value": "nvgnaz001"
+    },
+    "skuName": {
+      "value": "VpnGw1"
+    },
+    "vNetResourceId": {
+      "value": "<vNetResourceId>"
+    },
+    // Non-required parameters
+    "location": {
+      "value": "<location>"
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+### Example 6: _VPN_
 
 This instance deploys the module with the VPN set of required parameters.
 
@@ -605,9 +666,9 @@ module virtualNetworkGateway 'br/public:avm/res/network/virtual-network-gateway:
     gatewayDefaultSiteLocalNetworkGatewayId: '<gatewayDefaultSiteLocalNetworkGatewayId>'
     location: '<location>'
     publicIpZones: [
-      '1'
-      '2'
-      '3'
+      1
+      2
+      3
     ]
     vpnGatewayGeneration: 'Generation2'
     vpnType: 'RouteBased'
@@ -669,9 +730,9 @@ module virtualNetworkGateway 'br/public:avm/res/network/virtual-network-gateway:
     },
     "publicIpZones": {
       "value": [
-        "1",
-        "2",
-        "3"
+        1,
+        2,
+        3
       ]
     },
     "vpnGatewayGeneration": {
@@ -687,7 +748,7 @@ module virtualNetworkGateway 'br/public:avm/res/network/virtual-network-gateway:
 </details>
 <p>
 
-### Example 6: _WAF-aligned_
+### Example 7: _WAF-aligned_
 
 This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.
 
@@ -769,9 +830,9 @@ module virtualNetworkGateway 'br/public:avm/res/network/virtual-network-gateway:
       }
     ]
     publicIpZones: [
-      '1'
-      '2'
-      '3'
+      1
+      2
+      3
     ]
     tags: {
       Environment: 'Non-Prod'
@@ -896,9 +957,9 @@ module virtualNetworkGateway 'br/public:avm/res/network/virtual-network-gateway:
     },
     "publicIpZones": {
       "value": [
-        "1",
-        "2",
-        "3"
+        1,
+        2,
+        3
       ]
     },
     "tags": {

diff --git a/avm/res/network/virtual-network-gateway/main.bicep b/avm/res/network/virtual-network-gateway/main.bicep
@@ -138,17 +138,9 @@ param vpnClientAadConfiguration object = {}
 // ================//
 
 // Other Variables
-var zoneRedundantSkus = [
-  'VpnGw1AZ'
-  'VpnGw2AZ'
-  'VpnGw3AZ'
-  'VpnGw4AZ'
-  'VpnGw5AZ'
-  'ErGw1AZ'
-  'ErGw2AZ'
-  'ErGw3AZ'
-]
-var gatewayPipAllocationMethod = contains(zoneRedundantSkus, skuName) ? 'Static' : 'Dynamic'
+var zones = [for zone in publicIpZones: string(zone)]
+
+var gatewayPipAllocationMethod = skuName == 'Basic' ? 'Dynamic' : 'Static'
 
 var isActiveActiveValid = gatewayType != 'ExpressRoute' ? activeActive : false
 var virtualGatewayPipNameVar = isActiveActiveValid
@@ -271,6 +263,7 @@ var builtInRoleNames = {
   )
 }
 
+
 // ================//
 // Deployments     //
 // ================//
@@ -310,8 +303,8 @@ module publicIPAddress 'br/public:avm/res/network/public-ip-address:0.2.0' = [
       publicIPAllocationMethod: gatewayPipAllocationMethod
       publicIpPrefixResourceId: !empty(publicIPPrefixResourceId) ? publicIPPrefixResourceId : ''
       tags: tags
-      skuName: 'Standard'
-      zones: contains(zoneRedundantSkus, skuName) ? publicIpZones : []
+      skuName: skuName == 'Basic' ? 'Basic' : 'Standard'
+      zones: skuName != 'Basic' ? zones : []
       dnsSettings: {
         domainNameLabel: length(virtualGatewayPipNameVar) == length(domainNameLabel)
           ? domainNameLabel[index]

diff --git a/avm/res/network/virtual-network-gateway/main.json b/avm/res/network/virtual-network-gateway/main.json
@@ -5,8 +5,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.26.54.24096",
-      "templateHash": "8751695014346545616"
+      "version": "0.26.170.59819",
+      "templateHash": "13137403460939656531"
     },
     "name": "Virtual Network Gateways",
     "description": "This module deploys a Virtual Network Gateway.",
@@ -483,17 +483,14 @@
     }
   },
   "variables": {
-    "zoneRedundantSkus": [
-      "VpnGw1AZ",
-      "VpnGw2AZ",
-      "VpnGw3AZ",
-      "VpnGw4AZ",
-      "VpnGw5AZ",
-      "ErGw1AZ",
-      "ErGw2AZ",
-      "ErGw3AZ"
+    "copy": [
+      {
+        "name": "zones",
+        "count": "[length(parameters('publicIpZones'))]",
+        "input": "[string(parameters('publicIpZones')[copyIndex('zones')])]"
+      }
     ],
-    "gatewayPipAllocationMethod": "[if(contains(variables('zoneRedundantSkus'), parameters('skuName')), 'Static', 'Dynamic')]",
+    "gatewayPipAllocationMethod": "[if(equals(parameters('skuName'), 'Basic'), 'Dynamic', 'Static')]",
     "isActiveActiveValid": "[if(not(equals(parameters('gatewayType'), 'ExpressRoute')), parameters('activeActive'), false())]",
     "virtualGatewayPipNameVar": "[if(variables('isActiveActiveValid'), createArray(parameters('gatewayPipName'), parameters('activeGatewayPipName')), createArray(parameters('gatewayPipName')))]",
     "vpnTypeVar": "[if(not(equals(parameters('gatewayType'), 'ExpressRoute')), parameters('vpnType'), 'PolicyBased')]",
@@ -676,10 +673,8 @@
           "tags": {
             "value": "[parameters('tags')]"
           },
-          "skuName": {
-            "value": "Standard"
-          },
-          "zones": "[if(contains(variables('zoneRedundantSkus'), parameters('skuName')), createObject('value', parameters('publicIpZones')), createObject('value', createArray()))]",
+          "skuName": "[if(equals(parameters('skuName'), 'Basic'), createObject('value', 'Basic'), createObject('value', 'Standard'))]",
+          "zones": "[if(not(equals(parameters('skuName'), 'Basic')), createObject('value', variables('zones')), createObject('value', createArray()))]",
           "dnsSettings": {
             "value": {
               "domainNameLabel": "[if(equals(length(variables('virtualGatewayPipNameVar')), length(parameters('domainNameLabel'))), parameters('domainNameLabel')[copyIndex()], variables('virtualGatewayPipNameVar')[copyIndex()])]",
@@ -1277,8 +1272,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.26.54.24096",
-              "templateHash": "3348839995550946472"
+              "version": "0.26.170.59819",
+              "templateHash": "17230380050930057698"
             },
             "name": "VPN Gateway NAT Rules",
             "description": "This module deploys a Virtual Network Gateway NAT Rule.",

diff --git a/avm/res/network/virtual-network-gateway/tests/e2e/aadvpn/main.test.bicep b/avm/res/network/virtual-network-gateway/tests/e2e/aadvpn/main.test.bicep
@@ -60,9 +60,9 @@ module testDeployment '../../../main.bicep' = [
         '${namePrefix}-dm-${serviceShort}'
       ]
       publicIpZones: [
-        '1'
-        '2'
-        '3'
+        1
+        2
+        3
       ]
       vpnClientAadConfiguration: {
         // The Application ID of the "Azure VPN" Azure AD Enterprise App for Azure Public

diff --git a/avm/res/network/virtual-network-gateway/tests/e2e/defaults/main.test.bicep b/avm/res/network/virtual-network-gateway/tests/e2e/defaults/main.test.bicep
@@ -58,9 +58,9 @@ module testDeployment '../../../main.bicep' = [
       gatewayType: 'Vpn'
       vNetResourceId: nestedDependencies.outputs.vnetResourceId
       publicIpZones: [
-        '1'
-        '2'
-        '3'
+        1
+        2
+        3
       ]
     }
     dependsOn: [

diff --git a/avm/res/network/virtual-network-gateway/tests/e2e/expressRoute/main.test.bicep b/avm/res/network/virtual-network-gateway/tests/e2e/expressRoute/main.test.bicep
@@ -60,9 +60,9 @@ module testDeployment '../../../main.bicep' = [
       ]
       gatewayPipName: '${namePrefix}-pip-${serviceShort}'
       publicIpZones: [
-        '1'
-        '2'
-        '3'
+        1
+        2
+        3
       ]
     }
     dependsOn: [

diff --git a/avm/res/network/virtual-network-gateway/tests/e2e/max/main.test.bicep b/avm/res/network/virtual-network-gateway/tests/e2e/max/main.test.bicep
@@ -95,9 +95,9 @@ module testDeployment '../../../main.bicep' = [
         name: 'myCustomLockName'
       }
       publicIpZones: [
-        '1'
-        '2'
-        '3'
+        1
+        2
+        3
       ]
       roleAssignments: [
         {
-Original file line number
+Diff line change
@@ Expand Up / @@ -60,9 +60,9 @@ module testDeployment '../../../main.bicep' = [ @@
           ]
           gatewayPipName: '${namePrefix}-pip-${serviceShort}'
           publicIpZones: [
-            '1'
-            '2'
-            '3'
           ]
         }
         dependsOn: [
@@ Expand Down @@