WAF - sln name update, networking param types

Author: Seth

infra/main.bicepparam

@@ -1,4 +1,4 @@
 using './main.bicep'
 
-param environmentName = readEnvironmentVariable('AZURE_ENV_NAME')
+param solutionName = readEnvironmentVariable('AZURE_ENV_NAME')
 param location = readEnvironmentVariable('AZURE_LOCATION')

infra/modules/network.bicep

@@ -81,37 +81,38 @@ module network 'network/main.bicep' =  {
         privateLinkServiceNetworkPolicies: 'Disabled'
       }
     ]
-    enableBastionHost: true // Set to true to enable Azure Bastion Host creation.
-    bastionSubnet: {
-      addressPrefixes: ['10.0.10.0/23'] // /23 (10.0.10.0 - 10.0.11.255), 512 addresses
-      networkSecurityGroup: null // Azure Bastion subnet must NOT have an NSG
+    bastionConfiguration: {
+      name: 'bastion-${resourcesName}'
+      subnetAddressPrefixes: ['10.0.10.0/23']
     }
-    jumpboxVM: true // Set to true to enable Jumpbox VM creation.
-    jumpboxVmSize: 'Standard_D2s_v3'
-    jumpboxAdminUser: 'JumpboxAdminUser'
-    jumpboxAdminPassword: 'JumpboxAdminP@ssw0rd1234!'
-    jumpboxSubnet: {
-      name: 'jumpbox'
-      addressPrefixes: ['10.0.12.0/23'] // /23 (10.0.12.0 - 10.0.13.255), 512 addresses
-      networkSecurityGroup: {
-        name: 'jumpbox-nsg'
-        securityRules: [
-          {
-            name: 'AllowJumpboxInbound'
-            properties: {
-              access: 'Allow'
-              direction: 'Inbound'
-              priority: 100
-              protocol: 'Tcp'
-              sourcePortRange: '*'
-              destinationPortRange: '22'
-              sourceAddressPrefixes: [
-                '10.0.7.0/24' // Azure Bastion subnet as an example here. You can adjust this as needed by adding more
-              ]
-              destinationAddressPrefixes: ['10.0.12.0/23']
+    jumpboxConfiguration: {
+      name: 'vm-jumpbox-${resourcesName}'
+      size: 'Standard_D2s_v3'
+      username: 'JumpboxAdminUser'
+      password: 'JumpboxAdminP@ssw0rd1234!'
+      subnet:  {
+        name: 'jumpbox'
+        addressPrefixes: ['10.0.12.0/23'] // /23 (10.0.12.0 - 10.0.13.255), 512 addresses
+        networkSecurityGroup: {
+          name: 'jumpbox-nsg'
+          securityRules: [
+            {
+              name: 'AllowJumpboxInbound'
+              properties: {
+                access: 'Allow'
+                direction: 'Inbound'
+                priority: 100
+                protocol: 'Tcp'
+                sourcePortRange: '*'
+                destinationPortRange: '22'
+                sourceAddressPrefixes: [
+                  '10.0.7.0/24' // Azure Bastion subnet as an example here. You can adjust this as needed by adding more
+                ]
+                destinationAddressPrefixes: ['10.0.12.0/23']
+              }
             }
-          }
-        ]
+          ]
+        }
       }
     }
   }
@@ -130,5 +131,5 @@ output bastionHostName string = network.outputs.bastionHostName
 
 output jumpboxSubnetName string = network.outputs.jumpboxSubnetName
 output jumpboxSubnetId string = network.outputs.jumpboxSubnetId
-output jumpboxVmName string = network.outputs.jumpboxVmName
-output jumpboxVmId string = network.outputs.jumpboxVmId
+output jumpboxName string = network.outputs.jumpboxName
+output jumpboxResourceId string = network.outputs.jumpboxResourceId

infra/modules/network/bastionHost.bicep

@@ -2,30 +2,43 @@
 // Create Azure Bastion Subnet and Azure Bastion Host
 // /****************************************************************************************************************************/
 
-param subnet object = {}
+@description('Name of the Azure Bastion Host resource.')
+param name string
+
+@description('Azure region to deploy resources.')
 param location string = resourceGroup().location
-param vnetName string 
-param vnetId string // Resource ID of the Virtual Network
-param name string = 'AzureBastionHost' // Default name for Azure Bastion Host
+
+@description('Conditional. List of address prefixes for the subnet. Leave empty to skip subnet creation.')
+param subnetAddressPrefixes string[]?
+
+@description('Resource ID of the Virtual Network where the Azure Bastion Host will be deployed.')
+param vnetId string
+
+@description('Name of the Virtual Network where the Azure Bastion Host will be deployed.')
+param vnetName string
+
+@description('Resource ID of the Log Analytics Workspace for monitoring and diagnostics.')
 param logAnalyticsWorkspaceId string
+
+@description('Optional. Tags to apply to the resources.')
 param tags object = {}
 
 // 1. Create Azure Bastion Host using AVM Subnet Module with special config for Azure Bastion Subnet
 // https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/network/virtual-network/subnet
-module bastionSubnet 'br/public:avm/res/network/virtual-network/subnet:0.1.2' = if (!empty(subnet)) {
+module bastionSubnet 'br/public:avm/res/network/virtual-network/subnet:0.1.2' = if (!empty(subnetAddressPrefixes)) {
   name: take('bastionSubnet-${vnetName}', 64)
   params: {
     virtualNetworkName: vnetName
     name: 'AzureBastionSubnet' 
-    addressPrefixes: subnet.addressPrefixes
+    addressPrefixes: subnetAddressPrefixes
   }
 }
 
 // 2. Create Azure Bastion Host in AzureBastionsubnetSubnet using AVM Bastion Host module
 // https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/network/bastion-host
 
-module bastionHost 'br/public:avm/res/network/bastion-host:0.6.1' = if (!empty(subnet)) {
-  name: name
+module bastionHost 'br/public:avm/res/network/bastion-host:0.6.1' = {
+  name: take('bastionHost-${vnetName}-${name}', 64)
   params: {
     name: name
     skuName: 'Standard'
@@ -51,3 +64,13 @@ output resourceId string = bastionHost.outputs.resourceId
 output name string = bastionHost.outputs.name
 output subnetId string = bastionSubnet.outputs.resourceId
 output subnetName string = bastionSubnet.outputs.name
+
+@export()
+@description('Custom type definition for establishing Bastion Host for remote connection.')
+type bastionHostConfigurationType = {
+  @description('The name of the Bastion Host resource.')
+  name: string
+
+  @description('Optional. List of address prefixes for the subnet.')
+  subnetAddressPrefixes: string[]?
+}

infra/modules/network/jumpbox.bicep

@@ -1,57 +1,75 @@
 // /****************************************************************************************************************************/
 // Create Jumpbox NSG and Jumpbox Subnet, then create Jumpbox VM
 // /****************************************************************************************************************************/
-param vmName string = 'jumpboxVM' // Default name for Jumpbox VM
+
+@description('Name of the Jumpbox Virtual Machine.')
+param name string
+
+@description('Azure region to deploy resources.')
 param location string = resourceGroup().location
+
+@description('Name of the Virtual Network where the Jumpbox VM will be deployed.')
 param vnetName string 
-param jumpboxVmSize string = 'Standard_D2s_v3' // Default VM size for Jumpbox, can be overridden
 
-param jumpboxSubnet object = {} // This was defined in the .param file as a complex object 
-param jumpboxAdminUser string = 'JumpboxAdminUser' // Default admin username for Jumpbox VM
+@description('Size of the Jumpbox Virtual Machine.')
+param size string
+
+import { subnetType } from 'virtualNetwork.bicep'
+@description('Optional. Subnet configuration for the Jumpbox VM.')
+param subnet subnetType?  
+
+@description('Username to access the Jumpbox VM.')
+param username string
+
 @secure()
-param jumpboxAdminPassword string 
+@description('Password to access the Jumpbox VM.')
+param password string 
 
+@description('Optional. Tags to apply to the resources.')
 param tags object = {}
+
+@description('Log Analytics Workspace Resource ID for VM diagnostics.')
 param logAnalyticsWorkspaceId string
 
 // 1. Create Jumpbox NSG 
 // using AVM Network Security Group module
 // https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/network/network-security-group
-module jbNsg 'br/public:avm/res/network/network-security-group:0.5.1' = if (!empty(jumpboxSubnet)) {
-  name: '${vnetName}-${jumpboxSubnet.networkSecurityGroup.name}'
+module nsg 'br/public:avm/res/network/network-security-group:0.5.1' = if (!empty(subnet)) {
+  name: '${vnetName}-${subnet.?networkSecurityGroup.name}'
   params: {
-    name: '${vnetName}-${jumpboxSubnet.networkSecurityGroup.name}'
+    name: '${vnetName}-${subnet.?networkSecurityGroup.name}'
     location: location
-    securityRules: jumpboxSubnet.networkSecurityGroup.securityRules
+    securityRules: subnet.?networkSecurityGroup.securityRules
     tags: tags
   }
 }
 
 // 2. Create Jumpbox subnet as part of the existing VNet 
 // using AVM Virtual Network Subnet module
 // https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/network/virtual-network/subnet
-module jbSubnet 'br/public:avm/res/network/virtual-network/subnet:0.1.2' = if (!empty(jumpboxSubnet)) {
-  name: jumpboxSubnet.name
+module subnetResource 'br/public:avm/res/network/virtual-network/subnet:0.1.2' = if (!empty(subnet)) {
+  name: subnet.?name ?? '${vnetName}-jumpbox-subnet'
   params: {
     virtualNetworkName: vnetName
-    name: jumpboxSubnet.name
-    addressPrefixes: jumpboxSubnet.addressPrefixes
-    networkSecurityGroupResourceId: jbNsg.outputs.resourceId
+    name: subnet.?name ?? ''
+    addressPrefixes: subnet.?addressPrefixes
+    networkSecurityGroupResourceId: nsg.outputs.resourceId
   }
 }
 
 // 3. Create Jumpbox VM 
 // using AVM Virtual Machine module 
 // https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/compute/virtual-machine
-var limitedVmName = take(vmName, 15) // Shorten VM name to 15 characters to avoid Azure limits
-module jbVm 'br/public:avm/res/compute/virtual-machine:0.15.0' = {
-  name: vmName
+var vmName = take(name, 15) // Shorten VM name to 15 characters to avoid Azure limits
+
+module vm 'br/public:avm/res/compute/virtual-machine:0.15.0' = {
+  name: take('${vmName}-jumpbox', 64)
   params: {
-    name: limitedVmName
-    vmSize: jumpboxVmSize
+    name: vmName
+    vmSize: size
     location: location
-    adminUsername: jumpboxAdminUser
-    adminPassword: jumpboxAdminPassword
+    adminUsername: username
+    adminPassword: password
     tags: tags
     zone: 2
     imageReference: {
@@ -69,14 +87,14 @@ module jbVm 'br/public:avm/res/compute/virtual-machine:0.15.0' = {
     encryptionAtHost: false // Some Azure subscriptions do not support encryption at host
     nicConfigurations: [
       {
-        name: '${limitedVmName}-nic'
+        name: '${vmName}-nic'
         ipConfigurations: [
           {
             name: 'ipconfig1'
-            subnetResourceId: jbSubnet.outputs.resourceId
+            subnetResourceId: subnetResource.outputs.resourceId
           }
         ]
-        networkSecurityGroupResourceId: jbNsg.outputs.resourceId
+        networkSecurityGroupResourceId: nsg.outputs.resourceId
         diagnosticSettings: [
           {
             name: 'jumpboxDiagnostics'
@@ -100,16 +118,14 @@ module jbVm 'br/public:avm/res/compute/virtual-machine:0.15.0' = {
   }
 }
 
-output vmId string = jbVm.outputs.resourceId
-output vmName string = jbVm.outputs.name
-output vMLocation string = jbVm.outputs.location
+output resourceId string = vm.outputs.resourceId
+output name string = vm.outputs.name
+output location string = vm.outputs.location
 
-output subnetId string = jbSubnet.outputs.resourceId
-output subnetName string = jbSubnet.outputs.name
-output nsgId string = jbNsg.outputs.resourceId
-output nsgName string = jbNsg.outputs.name
-
-import { subnetType } from 'virtualNetwork.bicep'
+output subnetId string = subnetResource.outputs.resourceId
+output subnetName string = subnetResource.outputs.name
+output nsgId string = nsg.outputs.resourceId
+output nsgName string = nsg.outputs.name
 
 @export()
 @description('Custom type definition for establishing Jumpbox Virtual Machine and its associated resources.')
@@ -118,7 +134,7 @@ type jumpBoxConfigurationType = {
   name: string
 
   @description('The size of the VM.')
-  size: string
+  size: string?
 
   @description('Username to access VM.')
   username: string