complete solution

.github/workflows/main.yaml

@@ -0,0 +1,66 @@
+name: build 
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  tfsec:
+    name: Run TFsec
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Terraform security scan
+        uses: triat/[email protected]
+        with:
+          tfsec_exclude: azure-keyvault-no-purge,azure-storage-queue-services-logging-enabled,azure-storage-allow-microsoft-service-bypass,azure-network-no-public-egress,azure-network-no-public-ingress,azure-network-disable-rdp-from-internet,azure-network-ssh-blocked-from-internet,azure-database-postgres-configuration-log-connections,azure-database-postgres-configuration-connection-throttling,azure-database-no-public-access,azure-database-postgres-configuration-log-checkpoints,azure-database-secure-tls-policy,azure-database-enable-audit
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  docs:
+    name: Run Terraform-docs
+    runs-on: ubuntu-latest
+    needs: tfsec
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        ref: ${{ github.event.pull_request.head.ref }}
+    - name: Render terraform docs inside the TERRAFORM.md
+      uses: terraform-docs/[email protected]
+      with:
+        working-dir: .
+        output-file: TERRAFORM.md
+        output-method: inject
+        recursive: "true"
+        recursive-path: "modules"
+        git-push: "true"
+  artifacts:
+    name: Create artifacts
+    runs-on: ubuntu-latest
+    needs: docs
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+    - name: Setup .NET Core
+      uses: actions/setup-dotnet@v3
+      with:
+        dotnet-version: 6.0.x
+    - name: Setup MinVer
+      run: |
+        dotnet tool install --global minver-cli --version 4.2.0
+    - name: Calculate Version
+      run: |
+        echo "MINVERVERSIONOVERRIDE=$($HOME/.dotnet/tools/minver -t v. -m 1.0 -d preview)" >> $GITHUB_ENV
+    - name: Upload Artifacts
+      uses: actions/upload-artifact@v3
+      with:
+        name: agw-tests-${{ env.MINVERVERSIONOVERRIDE }}
+        path: |
+          ./modules/
+          ./*.tf
+          ./*.md

.gitignore

@@ -1,3 +1,33 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
 ## Ignore Visual Studio temporary files, build results, and
 ## files generated by popular Visual Studio add-ons.
 ##

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "dotnet.defaultSolution": "tests\\tests.sln"
+}

CODEOWNERS

@@ -0,0 +1,2 @@
+# These owners are the maintainers and approvers of this repo
+*	@cmendible

README.md

@@ -1,14 +1,125 @@
-# Project
+[![build](https://github.com/azure/agw-pep-custom-names/actions/workflows/main.yaml/badge.svg)](https://github.com/azure/agw-pep-custom-names/actions/workflows/main.yaml)
 
-> This repo has been populated by an initial template to help get you started. Please
-> make sure to update the content to build a great experience for community-building.
+# Azure Application Gateway: Private Endpoint Custom Name Solution Reference Architecture and Tests
 
-As the maintainer of this project, please make a few updates:
+## Goals
 
-- Improving this README.MD file to provide a great experience
-- Updating SUPPORT.MD with content about this project's support experience
-- Understanding the security reporting process in SECURITY.MD
-- Remove this section from the README
+* Provide an enviroment to test Application Gateway features and test custom name solution for Azure services.
+
+## Architecture
+
+![Solution Architecture](./docs/assets/architecture.drawio.png)
+
+## Tests
+
+## Azure Application Gateway
+
+> All backend pools are configured with the service FQDN.
+
+### Application Gateway Implicit Tests
+
+If Terraform deployment is successful, then the following features are working:
+
+Service             | Feature
+------------------- | -----------
+Azure Key Vault     | Reference a certificate in a Private Endpoint Protected Key Vault.
+Application Gateway | No Public IP.
+Application Gateway | Subnet: No need to define specific inbound rules in NSGs.
+Application Gateway | Subnet: route 0.0.0.0 traffic to a Firewall.
+
+### Application Gateway Explicit Tests
+
+> Test developed using .NET 6.0.
+
+Service                                 | Enabled | Protocol | Result | Test Description        | Notes
+--------------------------------------- | ------- | -------- | ------ | ------------------------| -----
+Cosmos DB SQL API                       | [x]     | https    | Pass   | Create a database       | Uses endpoint & key. Requires the client to **disable endpoint rediscovery**.
+Storage Account (Blob)                  | [x]     | https    | Pass   | Create a container      | Uses DefaultAzureCredential (AAD).
+Key Vault                               | [x]     | https    | Pass   | Read a secret           | Uses DefaultAzureCredential (AAD).
+Azure Functions                         | [x]     | https    | Pass   | Returns a 200 response  | 
+Azure Functions KUDU                    | [ ]     | https    |        | TODO                    |
+Event Hubs **AmqpWebSockets**           | [x]     | https    | Pass   | Send messages           | Uses DefaultAzureCredential (AAD).
+Event Hubs **AmqpTcp**                  | [x]     | tls      | Pass   | Send messages           | Uses DefaultAzureCredential (AAD).
+PostegreSQL Single Server User Password | [x]     | tcp      | Pass   | Open connection         | 
+PostegreSQL Single Server AAD           | [ ]     | tcp      | Pass   | Open connection         | Uses DefaultAzureCredential (AAD) and **TrustServerCertificate=true** or **SSL Mode=VerifyCA**.
+SQL Server User Password                | [x]     | tcp      | Pass   | Open connection         | Uses **TrustServerCertificate=true**.
+SQL Server AAD                          | [ ]     | tcp      |**Fail**| Open connection         | If a token is used to authenticate then the `User ID` with the server name cannot be set in the connection string. Attempting to use the token as password also fails. 
+
+The following features are also tested:
+
+Service             | Feature
+------------------- | -----------
+Application Gateway | Resolves private endpoints using custom DNS.
+Application Gateway | TLS / TCP Proxy.
+
+## Running the Tests
+
+## Deploy the Solution
+
+By running the following command, you will deploy the solution to your Azure subscription.
+
+```	powershell
+terraform init
+terraform apply
+```
+
+## Checking Tests Results
+
+Once the solution is deployed, you can download the tests results (**TestResults.trx**) with the following commands:
+
+### PowerShell:
+
+```	powershell
+$resultsShareKey=$(terraform output -raw results_share_key)
+$resultsShareName=$(terraform output -raw results_share_name)
+$resultsAccountName=$(terraform output -raw results_account_name)
+$resultsFile=$(terraform output -raw results_file)
+$aciStorageContext = New-AzStorageContext -StorageAccountName $resultsAccountName -StorageAccountKey $resultsShareKey
+Get-AzStorageFileContent -ShareName $resultsShareName -Path $resultsFile -Context $aciStorageContext -Destination ".\report.trx" -Force
+```
+
+### Azure CLI:
+
+```	powershell
+$resultsShareKey=$(terraform output -raw results_share_key)
+$resultsShareName=$(terraform output -raw results_share_name)
+$resultsAccountName=$(terraform output -raw results_account_name)
+$resultsFile=$(terraform output -raw results_file)
+az storage file download --account-key $resultsShareKey --account-name $resultsAccountName --share-name $resultsShareName --path $resultsFile
+```
+
+## Checking Container Logs
+
+### PowerShell:
+
+```	powershell
+$resourceGroup=$(terraform output -raw resource_group)
+$containerGroup=$(terraform output -raw contaner_group_name)
+$containerName=$(terraform output -raw container_name)
+Get-AzContainerInstanceLog -ResourceGroupName $resourceGroup -ContainerGroupName $containerGroup -ContainerName $containerName
+```
+
+### Azure CLI:
+
+```	powershell
+$resourceGroup=$(terraform output -raw resource_group)
+$containerGroup=$(terraform output -raw contaner_group_name)
+$containerName=$(terraform output -raw container_name)
+az container logs --resource-group $resourceGroup --name $containerGroup --container-name $containerName
+```
+
+## FAQ
+
+### Where are the services deployed?
+
+Poperty        | Default Value  | Terraform Variable | Required  |
+-------------- | -------------- | ------------------ | --------- |
+Resource Group | rg-agw-pep     | resource_group     |    [ ]    |
+Region         | westeurope     | --------------     |    [ ]    |
+
+### Where are the Terraform modules documented?
+
+Please refer to the [Terraform Modules](TERRAFORM.md) for more information.
 
 ## Contributing