Skip to content

Commit

Permalink
Portal Network Validation Improvement (#767)
Browse files Browse the repository at this point in the history 
* Improved Network Range Validation in Portal

* added note to whats new

* update whats new

* added validation to landing zone config
  • Loading branch information
@marvinbuss
marvinbuss authored Aug 27, 2021
1 parent c787cd8 commit 12c2d7a
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 4 deletions.
1 change: 1 addition & 0 deletions docs/wiki/Whats-new.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ Here's what's changed in Enterprise Scale:
- [Do-It-Yourself deployment instructions for Enterprise-Scale using Azure PowerShell released](https://github.com/Azure/Enterprise-Scale/tree/main/eslzArm)
- Update subscription filter in reference implementation UI experience. Subscriptions with state != "Enabled" will be excluded from the list of available subscriptions.
- Removed old codebase for the different reference implementations, and converged to a single [ARM codebase](https://github.com/Azure/Enterprise-Scale/tree/main/eslzArm)
- Improved Network CIDR Range Validation within the Azure Portal experience (https://github.com/Azure/Enterprise-Scale/pull/767).

#### Policy

Expand Down
40 changes: 36 additions & 4 deletions eslzArm/eslz-portal.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -842,7 +842,12 @@
"visible": "[and(not(equals(steps('esConnectivityGoalState').esHub, 'No')), not(equals(steps('esConnectivityGoalState').esHub, 'nva')), not(equals(steps('esConnectivityGoalState').esHub, 'vhub')))]",
"constraints": {
"required": true,
"validationMessage": "The vWAN hub network address space, specified as one address prefix in CIDR notation (e.g. 10.100.0.0/23)"
"validations": [
{
"regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:$|/(1[0-9]|2[0-4]))$",
"message": "Invalid CIDR range. The address prefix must be in the range [10,24]."
}
]
}
},
{
Expand All @@ -854,7 +859,12 @@
"visible": "[and(not(equals(steps('esConnectivityGoalState').esHub, 'No')), not(equals(steps('esConnectivityGoalState').esHub, 'vwan')))]",
"constraints": {
"required": true,
"validationMessage": "The hub virtual network address space, specified as one address prefix in CIDR notation (e.g. 10.100.0.0/16)"
"validations": [
{
"regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:$|/(1[0-9]|2[0-4]))$",
"message": "Invalid CIDR range. The address prefix must be in the range [10,24]."
}
]
}
},
{
Expand Down Expand Up @@ -1468,7 +1478,28 @@
"visible": "[and(equals(steps('esConnectivityGoalState').esAzFw, 'Yes'), not(equals(steps('esConnectivityGoalState').esHub, 'vwan')))]",
"constraints": {
"required": true,
"validationMessage": "The subnet for Azure Firewall inside the hub virtual network address space, specified as one address prefixes in CIDR notation (e.g. 10.100.0.0/24)"
"validations": [
{
"regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:$|/(2[0-8]))$",
"message": "Invalid CIDR range. The address prefix must be in the range [20,28]."
},
{
"isValid": "[if(greaterOrEquals(last(split(steps('esConnectivityGoalState').esAddressHubHS, '/')), 8), equals(last(take(split(first(split(steps('esConnectivityGoalState').esAddressHubHS, '/')), '.'), 1)), last(take(split(first(split(steps('esConnectivityGoalState').esAddressFw, '/')), '.'), 1))), true)]",
"message": "CIDR range not within virtual network CIDR range (first octet)."
},
{
"isValid": "[if(greaterOrEquals(last(split(steps('esConnectivityGoalState').esAddressHubHS, '/')), 16), equals(last(take(split(first(split(steps('esConnectivityGoalState').esAddressHubHS, '/')), '.'), 2)), last(take(split(first(split(steps('esConnectivityGoalState').esAddressFw, '/')), '.'), 2))), true)]",
"message": "CIDR range not within virtual network CIDR range (second octet)."
},
{
"isValid": "[if(greaterOrEquals(last(split(steps('esConnectivityGoalState').esAddressHubHS, '/')), 24), equals(last(take(split(first(split(steps('esConnectivityGoalState').esAddressHubHS, '/')), '.'), 3)), last(take(split(first(split(steps('esConnectivityGoalState').esAddressFw, '/')), '.'), 3))), true)]",
"message": "CIDR range not within virtual network CIDR range (third octet)."
},
{
"isValid": "[lessOrEquals(last(split(steps('esConnectivityGoalState').esAddressHubHS, '/')), last(split(steps('esConnectivityGoalState').esAddressFw, '/')))]",
"message": "CIDR range not within virtual network CIDR range (subnet mask)."
}
]
}
}
]
Expand Down Expand Up @@ -1783,7 +1814,8 @@
"required": true,
"validations": [
{
"message": "Only CIDR notation is allowed, and address space must be unique."
"regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:$|/(1[0-9]|2[0-4]))$",
"message": "Invalid CIDR range. The address prefix must be in the range [10,24]."
}
]
}
Expand Down

0 comments on commit 12c2d7a

Please sign in to comment.