Yaml Variables Example

YAML variables example #

Intro #

One of the main benefit with YAML variable definition is the condensed way of representing configuration data compared to JSON. YAML also has a support for aliases, which is not supported in JSON. We will be presenting an example of a networking configuration containing aliases for NSG rules.

Use case example with YAML aliases #

Below are presented two NSG rules which we will be using later in a subnet definition. Aliases are particularly suitable for NSG rule definitions, because they can be reused in different NSGs (follows the DRY principle). Aliases are defined with the “&” symbol. A “*” is used to reference the alias.

The example NSG rules allow cifs and RDP traffic based on different source criteria.

allow-cifs-inbound: &allow-cifs-inbound
  name: allow-cifs-inbound
  properties:
    access: Allow
    description: Allow File Share traffic inbound
    destinationAddressPrefix: 'VirtualNetwork'
    destinationPortRanges: 
    - 445
    direction: 'Inbound'
    priority: 1400
    protocol: Tcp 
    #sourceAddressPrefix: 'VirtualNetwork'    
    sourceAddressPrefixes: 
    - *addr-prefix-snet-feature-workstations-prod-001
    - *addr-prefix-snet-feature-robot-testing-prod-001
    sourcePortRange: '*'

allow-rdp-inbound: &allow-rdp-inbound
  name: allow-rdp-inbound
  properties:
    access: Allow
    description: Allow traffic RDP inbound
    destinationAddressPrefix: 'VirtualNetwork'
    destinationPortRanges: 
    - 3389
    direction: 'Inbound'
    priority: 1200
    protocol: Tcp 
    sourceAddressPrefix: 'VirtualNetwork'    
    sourcePortRange: '*'

Subnet definition is using the defined NSG rules. Subnet address prefixes are not shown. Extract of subnet array using the NSG rule aliases.

- name: snet-feature-sql-server-prod-001
    addressPrefix: *addr-prefix-snet-feature-sql-server-prod-001
    nsgName: nsg-feature-sql-server-prod-001
    nsgSecurityRules: 
    - *allow-rdp-inbound
    - *allow-cifs-inbound
    serviceEndpoints:
    - service: Microsoft.Storage
    routeTableName: rt-feature-lz-prod-001

Summary of benefits #

Using YAML aliases in bicep variable definitions results in a more condensed, readable and easier to maintain configuration files. Reusing the NSG rule definitions in different subnets makes the future maintenance easier. This is only one of the possible use cases for YAML aliases. There are many others such as resource IDs, which tend to be quite long.