diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index e6aaab8ba..7f7f8e907 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1435,24 +1435,83 @@ ] }, { - "name": "hubVirtualNetworkFirewall", + "name": "firewallOptions", "type": "Microsoft.Common.Section", - "visible": "[not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork))]", + "visible": true, "label": "Firewall options for AVD deployments", "elements": [ { "name": "deployAvdFirewall", "type": "Microsoft.Common.CheckBox", - "label": "Deploy Azure Firewall in Hub vNet", + "label": "Deploy Azure Firewall", "defaultValue": false, - "toolTip": "Create Azure Firewall and Azure Firewall Policy." + "toolTip": "Create Azure Firewall and Azure Firewall Policy for protection of AVD deployments." + }, + + { + "name": "avdFirewallSubs", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "subscriptions?api-version=2020-01-01" + } + }, + { + "name": "avdFirewallSub", + "type": "Microsoft.Common.DropDown", + "visible": "[steps('network').firewallOptions.deployAvdFirewall]", + "label": "Firewall Subscription", + "toolTip": "", + "multiselect": false, + "selectAll": false, + "filter": true, + "filterPlaceholder": "Filter items ...", + "multiLine": true, + "constraints": { + "allowedValues": "[map(steps('network').firewallOptions.avdFirewallSubs.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]", + "required": true + } + }, + { + "name": "createAvdFirewallVirtualNetwork", + "type": "Microsoft.Common.OptionsGroup", + "visible": "[steps('network').firewallOptions.deployAvdFirewall]", + "label": "Firewall Virtual network", + "defaultValue": "New", + "toolTip": "", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "New", + "value": true + }, + { + "label": "Existing", + "value": false + } + ] + } + }, + { + "name": "avdFirewallVirtualNetworkSize", + "type": "Microsoft.Common.TextBox", + "visible": "[steps('network').firewallOptions.createAvdFirewallVirtualNetwork]", + "label": "vNet address range", + "toolTip": "Virtual network CIDR for Azure Firewall", + "placeholder": "Example: 10.0.2.0/23", + "constraints": { + "required": true, + "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-4]))$", + "validationMessage": "Invalid CIDR range. The address prefix must be in the range 10 to 24." + } }, { - "name": "firewallSubnetSize", + "name": "avdFirewallVirtualNetworkAvdSubnetSize", "type": "Microsoft.Common.TextBox", - "visible": "[steps('network').hubVirtualNetworkFirewall.deployAvdFirewall]", - "label": "AzureFirewallSubnet address prefix", - "toolTip": "AzureFirewallSubnet CIDR", + "visible": "[steps('network').firewallOptions.createAvdFirewallVirtualNetwork]", + "label": "Azure Firewall subnet address prefix", + "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", "placeholder": "Example: 10.0.2.0/24", "constraints": { "required": true, @@ -1460,10 +1519,69 @@ "validationMessage": "Invalid CIDR range. The address prefix must be smaller than or equal to 26." } }, + { + "name": "existingAvdFirewallVirtualNetworkInfoBox", + "type": "Microsoft.Common.InfoBox", + "visible": "[not(steps('network').firewallOptions.createAvdFirewallVirtualNetwork)]", + "options": { + "text": "Existing network must has connectivity to xxxxxxxxxxxxx.", + "uri": "https://docs.microsoft.com/azure/architecture/example-scenario/wvd/windows-virtual-desktop?context=/azure/virtual-desktop/context/context", + "style": "info" + } + }, + { + "name": "existingAvdFirewallVirtualNetworks", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat('subscriptions/', steps('network').firewallOptions.avdFirewallSub, '/providers/Microsoft.Network/virtualNetworks?api-version=2021-08-01')]" + } + }, + { + "name": "existingAvdFirewallbVirtualNetwork", + "type": "Microsoft.Common.DropDown", + "visible": "[not(steps('network').firewallOptions.createAvdFirewallVirtualNetwork)]", + "label": "Azure Firewall virtual network", + "toolTip": "", + "multiselect": false, + "selectAll": true, + "filter": true, + "filterPlaceholder": "Filter items ...", + "multiLine": true, + "constraints": { + "allowedValues": "[map(steps('network').firewallOptions.avdFirewallSub.existingAvdFirewallVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', toLower(vnet.id), '\"}')) )]", + "required": true + } + }, + { + "name": "avdFirewallSubnetApi", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat(steps('network').firewallOptions.existingAvdFirewallbVirtualNetwork.id, '/subnets?api-version=2021-03-01')]" + } + }, + { + "name": "virtualNetworkAvdFirewallSubnetSelectorName", + "label": "Azure Firewall subnet", + "type": "Microsoft.Common.DropDown", + "visible": "[not(steps('network').firewallOptions.createAvdFirewallVirtualNetwork)]", + "defaultValue": "", + "toolTip": "Select the subnet.", + "multiselect": false, + "selectAll": false, + "filter": true, + "filterPlaceholder": "Filter items ...", + "multiLine": true, + "constraints": { + "allowedValues": "[map(steps('network').firewallOptions.avdFirewallSubnetApi.value,(item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.id, '\",\"description\":\"', 'Resource Group: ', last(take(split(item.id, '/'), 5)), '\"}')))]", + "required": true + } + }, { "name": "firewallInfoBox", "type": "Microsoft.Common.InfoBox", - "visible": "[steps('network').hubVirtualNetworkFirewall.deployAvdFirewall]", + "visible": "[steps('network').firewallOptions.deployAvdFirewall]", "options": { "text": "Azure Firewall, Azure Firewall Policy, and Azure Firewall subnet will be created in the existing vNet hub for protection of AVD deployments.", "uri": "https://learn.microsoft.com/azure/firewall/protect-azure-virtual-desktop",