AVDManagementFramework

1.0.85

functions/Network/Invoke-AVDMFNetwork.ps1

                                function Invoke-AVDMFNetwork {

    [CmdletBinding()]

    param (

        [ValidateSet('All', 'DeployNetwork', 'RemotePeering')]

        [string[]] $Action = 'All'

    )

    if($script:Offline){

        throw "Cannot deploy when working offline. Please reload configuration without the offline switch."

    }

    if ($Action -contains 'All' -or $Action -contains 'DeployNetwork') {

        Write-PSFMessage -Level Verbose -Message "Starting Action: DeployNetwork"

        # TODO: Handle multiple peerings scenario

        #Initialize Variables

        $bicepVirtualNetwork = "$($moduleRoot)\internal\Bicep\Network\Network.bicep"

        foreach ($rg in $script:ResourceGroups.Keys) {

            if ($script:ResourceGroups[$rg].ResourceCategory -eq 'Network') {

                $templateParams = Initialize-AVDMFNetwork -ResourceGroupName $rg

                try {

                    Write-PSFMessage -Level Verbose -Message "Checking if resource group exists: {0}" -StringValues $rg

                    $null = Get-AzResourceGroup -Name $rg -ErrorAction Stop

                }

                catch {

                    Write-PSFMessage -Level Verbose -Message "Creating resource group {0} in Location {1}" -StringValues $rg, $script:Location #TODO: This is a repeated message and should use the power of PSFramework

                    New-AzResourceGroup -Name $rg -Location $script:Location

                }

                Write-PSFMessage -Level Verbose -Message "Deploying network resources in {0}" -StringValues $rg

                New-AzResourceGroupDeployment -ResourceGroupName $rg -Mode Complete -TemplateFile $bicepVirtualNetwork @templateParams -ErrorAction Stop -Confirm:$false -Force

            }

        }

    }

    if ($Action -contains 'All' -or $Action -contains 'RemotePeering') {

        # Create remote peerings

        if ($script:RemotePeerings.count) {

            Write-PSFMessage -Level Verbose -Message "Starting Action: RemotePeering"

            $templateParams = Initialize-AVDMFRemotePeering

            $currentSubscription = (Get-AzContext).Subscription.Id

            $targetSubscription = $templateParams.RemotePeerings.SubscriptionId

            Write-PSFMessage -Level Verbose -Message "Switching to remote network subscription context ({0})" -StringValues $targetSubscription

            $null = Set-AzContext -SubscriptionId $templateParams.RemotePeerings.SubscriptionId

            # We are not using Azure Deployment for remote peering so we limit the needed permissions on the hub network

            # WE only need network contributor permissions on the hyb vNet using this approach.

            $remoteVNet = Get-AzVirtualNetwork -Name $templateParams.RemotePeerings.RemoteVNetNAme -ResourceGroupName $templateParams.RemotePeerings.ResourceGRoupName

            try{

                Add-AzVirtualNetworkPeering -Name $templateParams.RemotePeerings.Name -VirtualNetwork $remoteVNet -RemoteVirtualNetworkId $templateParams.RemotePeerings.LocalVNetResourceId -ErrorAction Stop

            }

            catch{

                if($_.Exception.Message -eq 'Peering with the specified name already exists'){

                    Write-PSFMessage -Level Warning -Message "Peering with the specified name already exists."

                }

                else{

                    $peeringError = $_

                }

            }

            finally{

                Write-PSFMessage -Level Verbose -Message "Switching back to local subscription context ({0})" -StringValues $targetSubscription

                $null = Set-AzContext -SubscriptionId $currentSubscription

                if($peeringError) {throw $peeringError}

            }

        }

    }

}