GithubHelp home page GithubHelp logo

zilberd-forks / agw-pep-custom-names Goto Github PK

View Code? Open in Web Editor NEW

This project forked from azure/agw-pep-custom-names

0.0 0.0 0.0 206 KB

Azure Application Gateway: Private Endpoint Custom Name Solution Reference Architecture and Tests

License: MIT License

Shell 0.10% C# 10.64% HCL 88.52% Dockerfile 0.75%

agw-pep-custom-names's Introduction

build

Azure Application Gateway: Private Endpoint Custom Name Solution Reference Architecture and Tests

Goals

  • Provide an enviroment to test Application Gateway features and test custom name solution for Azure services.

Architecture

Solution Architecture

Tests

Azure Application Gateway

All backend pools are configured with the service FQDN.

Application Gateway Implicit Tests

If Terraform deployment is successful, then the following features are working:

Service Feature
Azure Key Vault Reference a certificate in a Private Endpoint Protected Key Vault.
Application Gateway No Public IP.
Application Gateway Subnet: No need to define specific inbound rules in NSGs.
Application Gateway Subnet: route 0.0.0.0 traffic to a Firewall.

Application Gateway Explicit Tests

Test developed using .NET 6.0.

Service Enabled Protocol Result Test Description Notes
Cosmos DB SQL API [x] https Pass Create a database Uses endpoint & key. Requires the client to disable endpoint rediscovery.
Storage Account (Blob) [x] https Pass Create a container Uses DefaultAzureCredential (AAD).
Key Vault [x] https Pass Read a secret Uses DefaultAzureCredential (AAD).
Azure Functions [x] https Pass Returns a 200 response
Azure Functions KUDU [ ] https TODO
Event Hubs AmqpWebSockets [x] https Pass Send messages Uses DefaultAzureCredential (AAD).
Event Hubs AmqpTcp [x] tls Pass Send messages Uses DefaultAzureCredential (AAD).
PostegreSQL Single Server User Password [x] tcp Pass Open connection
PostegreSQL Single Server AAD [ ] tcp Pass Open connection Uses DefaultAzureCredential (AAD) and TrustServerCertificate=true or SSL Mode=VerifyCA.
SQL Server User Password [x] tcp Pass Open connection Uses TrustServerCertificate=true.
SQL Server AAD [ ] tcp Fail Open connection If a token is used to authenticate then the User ID with the server name cannot be set in the connection string. Attempting to use the token as password also fails.

The following features are also tested:

Service Feature
Application Gateway Resolves private endpoints using custom DNS.
Application Gateway TLS / TCP Proxy.

Running the Tests

Deploy the Solution

By running the following command, you will deploy the solution to your Azure subscription.

terraform init
terraform apply

Checking Tests Results

Once the solution is deployed, you can download the tests results (TestResults.trx) with the following commands:

PowerShell:

$resultsShareKey=$(terraform output -raw results_share_key)
$resultsShareName=$(terraform output -raw results_share_name)
$resultsAccountName=$(terraform output -raw results_account_name)
$resultsFile=$(terraform output -raw results_file)
$aciStorageContext = New-AzStorageContext -StorageAccountName $resultsAccountName -StorageAccountKey $resultsShareKey
Get-AzStorageFileContent -ShareName $resultsShareName -Path $resultsFile -Context $aciStorageContext -Destination ".\report.trx" -Force

Azure CLI:

$resultsShareKey=$(terraform output -raw results_share_key)
$resultsShareName=$(terraform output -raw results_share_name)
$resultsAccountName=$(terraform output -raw results_account_name)
$resultsFile=$(terraform output -raw results_file)
az storage file download --account-key $resultsShareKey --account-name $resultsAccountName --share-name $resultsShareName --path $resultsFile

Checking Container Logs

PowerShell:

$resourceGroup=$(terraform output -raw resource_group)
$containerGroup=$(terraform output -raw contaner_group_name)
$containerName=$(terraform output -raw container_name)
Get-AzContainerInstanceLog -ResourceGroupName $resourceGroup -ContainerGroupName $containerGroup -ContainerName $containerName

Azure CLI:

$resourceGroup=$(terraform output -raw resource_group)
$containerGroup=$(terraform output -raw contaner_group_name)
$containerName=$(terraform output -raw container_name)
az container logs --resource-group $resourceGroup --name $containerGroup --container-name $containerName

FAQ

Where are the services deployed?

Poperty Default Value Terraform Variable Required
Resource Group rg-agw-pep resource_group [ ]
Region westeurope -------------- [ ]

Where are the Terraform modules documented?

Please refer to the Terraform Modules for more information.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.

agw-pep-custom-names's People

Contributors

microsoftopensource avatar cmendible avatar dependabot[bot] avatar microsoft-github-operations[bot] avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.